Containers are not
"lite" applications
Don’t need to limit any functions of your applications.
Slide 4
Slide 4 text
Containers are not
"not" hackable
Containers share the kernel, other components of the host operating system. If
there’s any vulnerability in the kernel, could affect your container.
Slide 5
Slide 5 text
Containers are not
flea market
"Single-process-per-container" is recommended design pattern for containerized
applications.
Slide 6
Slide 6 text
Containers are not
resource independent
Resource management is so important in container orchestration. Because more than
one container can be run on one host machine.
Slide 7
Slide 7 text
Containers are not
Docker
Docker is most popular containerisation platform, but there many other solutions out
there; RKT, ContainerD, LXC, etc…
Slide 8
Slide 8 text
Containers are not
virtual machines
Containers are virtualizing the underlying operating system while virtual machines are
virtualizing the underlying hardware (hardware-level-virtualization).
Slide 9
Slide 9 text
Containers are
"os-level-virtualization"
Kernel allows multiple isolated user-space instances for running processes.
Slide 10
Slide 10 text
Kernel Space
RAM
DISK
(1) Read a file (IO Operation)
(2) Memory allocation
User Space
Container
Process(1)
SYSTEM
CALLS(2)
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
WHATS
the
DIFF?
Share kernel
Takes seconds to provision one
Use host operation system
Resource sharing
Process-level isolation, less secure
Have own kernel
Takes minutes to provision one
Have own operating system
Resource allocation
Fully isolated, hence more secure
VIRTUAL MACHINES CONTAINERS
Slide 13
Slide 13 text
Can application be stateless?
Slide 14
Slide 14 text
All applications have state, but an
application component can be stateless if
it cleanly separates behaviors from data,
and can fetch data required to perform
any behavior.
Jim Bugwadia