=====Container Concepts=====

====Definitions====

A **container** is a running instance of a //container image//

A **container Image** is a single tarball file, loaded with metadata, that has all the files by the application

The **entry point** is the command used to start your container

====Technology that powers containerization====

[[:linux:classnotes:DO080:concepts:Kernel_namespace | Kernel Namespaces]]

[[:linux:classnotes:DO080:concepts:control_groups| Control Groups (cgroups)]]

[[:linux:classnotes:DO080:concepts:selinux| SELinux ]]

[[:linux:classnotes:DO080:concepts:seccompe | seccomp]]


====End state is to have3 Containers====

Creating container Images

  * buildah
  * podman
  * prebuilt from registry

Container Runtme

  * runC
  * cri-o
  * docker 

Container Management tools

  * podman
  * docker (client)
  * kubernetes


Differences between Containers and VMs

^  Virtual Machines  ^  Containers  ^
|  full OS  |  no OS  |
|  kernel inside  |  no kernel  |
|  lower level access to hardware  |  Limited access to hardware  |
|  more resources required  | light weight & can be root less  |

Containers can be run without root priviledges (root less)