Containers

• In computing a container is an encapsulated process that includes the required runtime dependencies for the program to run.
• In a container application specific libraries are independent of the host operating system libraries.
  
• Libraries and functions that are not specific to the continuous application of provided by the operating system and kernel.
  
• The libraries decouple the container from the host operating system so that they can quickly execute and stop as needed.
  
• A container engine creates a union file system by merging container image layers.
  
• Because container image layers immutable a container engine adds are writable layer for one time file modifications.
  
• Containers are a ephermal by default which means that the container engine remove the writable layer when you remove the container.
  
• Containers use Linux Kernel features such as namespaces and Control Groups(cgroups).
  
• Containers use cgroups for Resource Management, such as CPU time allocation and system memory.
  
• Name spaces in particular provide the functionality to isolate processes within the containers from each other and from host system.
  
• When we use non Linux operating systems these Linux specific features are often virtualized by the container engine implementation.
  
• Containerization originated from chroot, a method to partially or fully isolate and environment, and evolved to the open container initiative (OCI) which is a governance organisation that define standards for creating and running containers.
• A container is an isolated runtime environment where applications are executed as isolated processes. 
• The isolation of the runtime environment ensures that they do not interrupt other containers or system processes.
• A container image contains a packaged version of your application, with all the dependencies necessary for the application to run. 
• Images can exist without containers, but containers are dependent of images because containers use container images to build a runtime environment to execute applications.

Images vs Instances

• Container can be of two types container images and container instances.
  
• Are container image contains effectively immutable data that define the application and its libraries.
  
• We use container images to create container instances which are executable versions of the image that include references to networking, disks and other one time necessities.
  
• A single container image can be used to create multiple container instances each having its distinct ID.
  
• OCI container images are defined by the image-spec specification, where as OCI container intenses are defined by the runtime-spec specification.

Virtual Machine versus Containers

• Containers and virtual machines both have an application with hiding in a self contained environment with virtualize networking and communication.
  
• Containers can start and stop faster as compared to virtual machine.
  
• That disc usage of container is measured in megabytes as compared to virtual machine which is measured in gigabytes.
  
• A container may run under a virtual machine.
  
• A virtual machine is useful when we require a full computing environment which requires dedicated hardware,networking etc. If we require a limited computing environment with certain Execution virtual machines such as Java Virtual Machine etc why should use containers.
  
• Virtual machine is also perforble when an application requires a non LINUX operating system or a different kernel from the host.
  
• Virtual machines and containers use different software for management and functionality.
  
• Virtual machines used hypervisors such as KVM, Xen, VMware and Hyper-V that provide virtualization functionality for virtual machines.
  
• The container equivalent of a hypervisor is a container engine, such as podman.
  
• Machine level functionality virtual machines used hypervisor where as containers use container engine.
  
• For management virtual machines used VM management interface and containers use container engine or orchestation software such as Red Hat open shift container platform and Kubernetes.
  
• Virtual machines have generally same hypervisor thus making them less portable as compared to containers which comply on any OCI complaint engine.
  

Development for Containers

• Testing and Workflows
  
• We can scale the containers easily. We can successfully develop the file locally and then deploy the finished application to the cloud server or to a dedicated cluster with minimal or no changes.
• This is specially useful when we are creating micro services which are small and a ephermal containers that are designed to spin up and down as needed.
  
• Additionally developers that use containers can take advantage of continuous integration / continuous development(CICD) pipelines to deploy containers to various environments.
• Stability
  
• Container images are stable. There maybe dependency issues between different versions of libraries which may be related to specific OS requirements. But since libraries are included in a container image with specified version the developer is confident that day will be no dependency issues during deployment.
  
• Single container image with same set of libraries with same version can be deployed many times thus the image does not have to be retested between development and production envirnoments.
• Multi container applications
  
• A multi container application is distributed across travel containers. We can run the same image for a high availability replica of a container.
  
• A developer can create an application that includes a database container that runs separately from the applications Web API container.
  
• An application can rely on the container management software to provide high availability replicas with multi container options, such as podman pods or the compose-spec specification.
  
• Many applications, such as web servers or databases, keep running indefinitely waiting for connections. The containers for these applications must run indefinitely. These applications must also be accessed externally through a network protocol.

Container Layers

• Container images are characterized as immutable and layered.
• Each image layer consists of a set of file system differences, or diffs.
• A diff signals a file system change from the previous layer, such as adding or modifying a file.
• On starting container, the container creates a new ephemeral layer over its base container image layers called container layer.
• This layer is the only read/write storage available for the container by default, and it is used for any runtime file system operations, such as creating working files, temporary files, and log files.
• Files that are created in the container layer are considered volatile, which means that the files are deleted when you delete the container. 
• The container layer is exclusive to the running container, so if we create another container from the same base image, then the new container creates another container layer. This ensures that each container's runtime data is isolated from other containers.
• Ephemeral container storage is not sufficient for applications that need to keep data beyond the life of the container, such as databases. We use persistent storage to support such applications.