A Container is a lightweight, standalone package that encapsulates a complete runtime environment including an application and its dependencies (libraries, binaries, and any additional configuration files), increasing an application’s portability, scalability, security, and agility.
Containers are popular with both developers and operators because they offer a straightforward way to deploy and manage applications, regardless of the target environment. They facilitate DevOps and DevSecOps practices by improving handoffs between development and operations teams.
Containers consume resources efficiently, enabling high density and resource utilization. Although containers can be used with almost any application, they’re frequently associated with microservices, in which multiple containers run separate application components or services. The containers that make up an application are typically coordinated and managed using a container orchestration platform, such as Kubernetes.
Containers are created by packaging applications from multiple images from one or more repositories along with any libraries or other application dependencies, eliminating portability and compatibility issues.
Each virtual machine (VM) runs a full or partial instance of an operating system, whereas multiple containers share a single operating system instance. A container includes everything necessary to run an application, enabling multiple containerized applications to run independently on a single host system. Because multiple containers can be run inside a VM, the two technologies can be used together.
Using containers to build applications accelerates the delivery of new functionality and encourages an environment of continuous innovation. Benefits include:
Scalability and high availability. Using Kubernetes, container deployments can automatically be scaled up or down as workload requirement changes, increasing app availability.
Portability. Containers consume fewer resources and are lighter weight than VMs. Containerized applications are infrastructure-agnostic and operate the same regardless of where they are deployed.
Resiliency. A containerized application is isolated and abstracted from the OS and other containers; one container can fail without impacting other running containers.
Standards for container formatting and runtime environments are controlled by the Open Container Initiative (OCI), a project formed in 2015 for the express purpose of creating open industry standards. The OCI currently offers two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec).
Containers require changes to the way security policies are implemented and managed. Security should be built into the container lifecycle as much as possible, using a DevSecOps approach. Security teams, working with development and operations teams, adapt existing governance and compliance policies to accommodate new tools and changes to the application lifecycle.
Manual effort slows down development teams. Container automation enables developers to focus on code instead of packaging. Container images are built in layers. With an automated approach to container builds, whenever a layer changes, only that layer has to be updated. For example, if only system libraries need to be updated, only the layer containing the libraries must be rebuilt. Because other layers remain unchanged, the testing and validation burden is reduced, enabling updated containers to be pushed into production faster and more frequently.
Since its introduction in 2013, Docker has been almost synonymous with containers, and it continues to be used to build container images. The Docker environment includes a container runtime as well as container build and image management. Because Docker builds an OCI-standard container image, Docker images will run on any OCI-compliant container runtime.
Kubernetes is an open source container orchestrator that has become a de facto standard. Kubernetes automates deployment, load balancing, resource allocation, and security enforcement for containers via declarative configuration and automation. It keeps containerized applications running in their desired state, ensuring they are scalable and resilient. Container orchestration helps manage the complexity of the container lifecycle. This becomes especially important for distributed applications with large numbers of containers.
Kubernetes is shifting to the Container Runtime Interface (CRI), which supports a broader set of container runtimes with smooth interoperability between different runtimes. Deprecation of the Docker runtime for use with Kubernetes was announced in December, 2020.
Improve application portability across different platforms and configurations, so that code developed on one version of a language compiler or interpreter runs flawlessly on subsequent versions with no revisions required.
Free developers from having to develop, test, and deploy on the same infrastructure, so that developers who write code on their laptops can be confident that application will run as desired on any other infrastructure, whether on-premises server or a cloud-based VM.
Facilitate agile development processes such as CI/CD, speeding code acceptance and deployment.
Improve application security by isolation from other applications in a lightweight fashion.
Seamless migration of containerized applications across different OS versions, network topologies, or storage configurations, and cloud platforms.
Improve IT efficiency by enabling multiple application containers to run on a single OS instance. Since containers are often tens of megabytes in size where VMs are often ten or more gigabytes in size, a substantially larger number of containers can run on a single server instance.
Deliver extreme on-demand scalability, by spinning up additional container instances in milliseconds versus minutes to spin up VMs.