What is a Container? Containers are not Virtual Machines!
So there is a common misconception that a container is nothing more than a lightweight virtual machine. But that’s not the case. While containers seem to have many of the features that are also present in a VM, but they are different in architechture. This difference is worth knowing about for developers. So let’s see what container actually is.
What is a container?
Container sounds simple. We know what the word means something that you use to hold stuff. A container is essentially something that we put stuff in, in our case the stuff is an application’s code as well as everything that code needs to run properly.
Simple enough, right?
Here is an example that I read somewhere which will explain the concept quite easily.
So you are a Software developer, you developed an application. You did your work on your machine and your environment has a specific configuration. Other developers in your team may have slightly different configurations. The application you’re developing relies on that configuration and assumes specific files are present.
Meanwhile, your business has test and production environments which are standardized and have their own configurations and their own sets of supporting files. You want to match those environments locally but without the work of recreating the server environments manually. So, how do you make your application work across these environments, pass QA, and get your application deployed without massive headaches?
Ummm… still thinking? The answer is a Container. A container which can store all the necessary files related to the application environment, so that you can move it from development, to testing and then to deployment without any hustle.
Containers vs VMs
VMs run on a hypervisor, and containers have a special runtime that allows them to consume host resources. That makes them the same, right? No. First of all, virtual machines have a full OS such as Windows or a Linux. Containers by contrast are more like processes rather than a full machine. With container you are more likely taking nuts and bolts that are absolutely necessary to make a piece of software run. This includes any runtimes or binaries, but not a full OS.
The key difference between a container and a VM is that the VM has a kernel that is separate from the host machine, while a container uses the kernel of the host machine.The kernel is responsible for intermediating between application executables running on the computer and the computer itself.
Having a distinct kernel versus using a host’s kernel is important because it allows the VM to run an operating system that is different from the host’s operating system. A Linux host system can support a VM that’s running another operating system, such as Windows, but containers running on a Linux host must run Linux. Also VMs will have their own file system while the containers have the file system of their hosting machine.
How can a container appear to be an isolated computing unit like a VM if it uses the host’s kernel and file system?
Containers use following basic isolation mechanisms that are part of the Linux operating system,
- Namespace
- Cgroup
A namespace is a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources
A cgroup is a Linux feature that puts constraints on the Linux resources. For example, you can make a cgroup that limits the percentage of a CPU a process can use.
Advantages and Disadvantages:
In short a VM is a complete software representation of a computer running on a physical host. You can have many VMs running on a single host. while on the other hand A container is an isolated unit that behaves similarly to a VM but uses the host’s kernel as well as other system resources of the host.
The key benefit of a container over a VM is that a container will load into memory very fast.
The overriding risk of containers is that they run on top of the host and have access to the host’s kernel. A container running with root privileges can harm the host machine. Virtual machine hypervisor technology does a good job of standing in the way. other benifits of using container are portability, less cost, high performance, memory efficient, isolation, less IT management resources etc.
Misunderstanding a relatively new concept is natural. It’s important to gain an understanding of these terms to effectively communicate to the teams that will need to take advantage of the infrastructure.