Container

This is a self contained package that contains everything that your binary/application need to run.
Only 1 Application can run inside container and all its dependent libraries. Each container has its own: Network interface, IP address, file system, All containers share the kernel of the host.
Isolation(achieved using kernel namespace, cgroups) processes running on single host. Isolated from other processes 

|-----------------------|
| binary(*.exe),        |
| runtime(tokio-1.2),   |
| libraries(utc.so...), |
| other packages        |
|------Container--------|
trie
Container

Issues without containers?

1. Application-1 developed have dependency on a shared library(libcv1) that isn’t available on production OS or different version is available(libcv2)
2. Multiple applications on a 1 machine require all programs to share same versions of shared libraries on production system, which makes application tightly coupled

Container vs VM

Container VM
size smaller Bigger wrt container
capability smaller Bigger wrt container
What Pacakaged s/w Copy of OS

Advantages

1. lightweight Use less memory:* Simple web application running inside container takes 100MB space.
2. Secure: Reduces the chance that malicious code present in one container impacting other containers or invade the host system.
3. Portable: abstraction from the host operating system makes containerized applications portable ie able to run on any OS,VM.