What, then, is a container? Well, I come from a virtualization—hypervisor and virtual machine (VM)—background, and, in my mind, containers are both very much like and very much unlike VMs. I realize that this may not sound very helpful, but let me explain.
How is a container like a VM?
The main way in which a container is like a VM is that it’s a unit of execution. You bundle something up—an image—which you can then run on a suitably equipped host platform. Like a VM, it’s a workload on a host, and like a VM, it runs at the mercy of that host. Beyond providing workloads with the resources they need to do their job (CPU cycles, networking, storage access, etc.), the host has a couple of jobs that it needs to do:
- Protect workloads from each other, and make sure that a malicious, compromised, or poorly written workload cannot affect the operation of any others.
- Protect itself (the host) from workloads, and make sure that a malicious, compromised, or poorly written workload cannot affect the operation of the host.
Read more at OpenSource.com