Understanding container technology and its relationship with virtualization is key to maximizing the use of Docker. This chapter explores the principles behind containers, how they work, and how they differ from virtual machines.

What is a Container?

A container is a software instance that encapsulates an application and all its dependencies in an isolated environment. Unlike virtual machines, containers share the host operating system, making them lighter and more efficient in terms of resources.

This image shows the structure of a container compared to a virtual machine

Advantages of Containers

Containers offer several benefits compared to other application deployment methods:

• Lightweight: By not including a full operating system, containers are much lighter than virtual machines.
• Speed: Containers start up quickly as they do not require an additional operating system.
• Portability: A container can run in any environment that supports Docker, without the need for additional configurations.

Containers vs. Virtual Machines

It is common to confuse containers with virtual machines, as both provide isolated environments for applications. However, there are key differences:

• Virtual Machines: Each virtual machine includes a complete operating system, which consumes more resources and space.
• Containers: Share the operating system kernel, allowing multiple lightweight containers on the same host.

plaintext

Shared Kernel and Namespaces

One of the fundamental features of containers is that they share the host operating system kernel, which allows them to be so lightweight. This is achieved through namespaces and cgroups, which provide an isolated environment for each container.

Namespaces

Namespaces are a Linux kernel feature that provides isolation at the process level. Each container has its own namespace, meaning that processes within a container cannot see or affect processes in other containers.

bash

Control Groups (cgroups)

Cgroups are a kernel feature that allows limiting and assigning resources (CPU, memory, I/O) to containers. This ensures that one container does not consume all system resources, keeping performance stable.

plaintext

Container Isolation

Isolation is a fundamental aspect of containers, allowing applications to run without interference. This isolation is achieved through namespaces, which provide process and network independence, and cgroups, which limit resource usage.

Network Isolation

Each container has its own virtual network, meaning containers can communicate with each other and the host through configured ports without interfering with other services on the system.

bash

File and Volume Isolation

Docker allows managing data storage within containers through volumes. Volumes allow data to persist even after the container is stopped or removed.

bash

Conclusion

Container technology has revolutionized virtualization by providing isolated and efficient environments. With an understanding of container principles and isolation, we are ready to move on to creating images in Docker in the next chapter.