Containers - bobbae/gcp GitHub Wiki
What is a container?
A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.
An OS-level virtualization, different from Virtual Machines, is an operating system paradigm in which the kernel allows the existence of multiple isolated user space instances. Such instances, called containers (LXC, Solaris containers, Docker), Zones (Solaris containers), virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels (DragonFly BSD), or jails (FreeBSD jail or chroot jail), may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.
A container is attached to different namespaces.
Namespaces, along with other technologies like cgroups and more, form the foundation of containerization.
https://www.docker.com/resources/what-container
Container Images
A container image is a ready-to-run software package, containing everything needed to run an application: the code and any runtime it requires, application and system libraries, and default values for any essential settings.
By design, a container is immutable: you cannot change the code of a container that is already running. If you have a containerized application and want to make changes, you need to build a new image that includes the change, then recreate the container to start from the updated image.
Container images use Union Filesystems. In Linux, docker originally use AUFS but they use OverlayFS now. The details of union filesystem use in docker container images can be found at https://martinheinz.dev/blog/44.
Borg and Omega
Google infrastructure is containerized, using a cluster management system called Borg and Omega.
Container runtimes
The container runtime is the software that is responsible for running containers.
Kubernetes supports several container runtimes: Docker, containerd, CRI-O, and any implementation of the Kubernetes CRI (Container Runtime Interface).
Containers vs. VMs
Virtual machines and containers differ in several ways, but the primary difference is that containers provide a way to virtualize an OS so that multiple workloads can run on a single OS instance. With VMs, the hardware is being virtualized to run multiple OS instances. Containers’ speed, agility, and portability make them another tool to help streamline software development.
https://www.weave.works/blog/a-practical-guide-to-choosing-between-docker-containers-and-vms
Comparison of containerizing vs using VMs
https://www.youtube.com/watch?v=TvnZTi_gaNc
Different ways to run containers in GCP
https://www.youtube.com/watch?v=jh0fPT-AWwM
Docker image and layered filesystem
https://medium.com/@BeNitinAgarwal/docker-containers-filesystem-demystified-b6ed8112a04a
https://blogs.cisco.com/developer/container-image-layers-1
Container Analysis
https://cloud.google.com/container-analysis/docs
containerization fit analysis
https://medium.com/google-cloud/to-containerize-or-not-c3366c55f0b
Artifact management
https://cloud.google.com/artifact-management/docs/overview
Container Scanning
https://cloud.google.com/container-analysis/docs/container-scanning-overview