Containers have existed within operating systems for quite a long time, A Container is a runtime intiative of container image. Linux containers are often isolated through the use of cgroups,SELinux,AppArmor.

Overview of security like cgroups,AppArmor in Debian.

Container Terminology:

- Registry Server: A container registry server is a tool which hosts and distributes container images. The container registry server can either be public or private.These container registries connect directly to container orchestration platforms like Docker and Kubernetes.

- Container image: A container image, which is a file, pulled from the registry server and used locally as a mount point when the containers are started.LXD pulls a single container image from the registry server,while docker uses OCI-based images which can be made of multiple layers.

- Container Engine: A container engine pulls the container image from the registry server,accepts user's requests via command line options and runs the container. There are many container engines like CRI-O, Docker, LXD.Most container engines do not run containers, they rely OCI compliant runtime like runc.

- Container Host: container host is the system that runs the containerized process(containers). For example a VM in a data center is a host, while containers can be run on them.

- Image,Tag: Images: Repositories are often reffered to as images or container images,but they are actually made up of one or more image layers.Image Layers are usually referenced by parent child relationship.

Tag: Defining versions for the container images with the help of tags.

- Container Orchestration: A container orchestrator does two things:

Dynamically schedules container workloads, within a cluster of computers. Provides a standardized application definition file (kube file, docker compose).


Docker is within a sandboxed environment, it allows users to package an application with all of its dependencies into a standardized unit for development.Provides a layer of isolation from the host,where the container uses the host’s system resources like storage,memory and CPU.

Architecture - Docker Engine - Docker Client - Docker Registry

Docker commands

- `docker pull`: pulls the image from the registry server
- `docker images`: displays all the images present locally
- `docker ps -a`: list of containers currently running and terminated
- `docker run`: creates a new container from the image provided
- `docker exec`: runs a new command within the container,example bash prompt
- `docker stop`: stop the existing docker container
- `docker rm`: delete the docker container without any traces on local
- `docker rmi`: delete the container image locally

Detailed explanation