Problem it Solves: Environment Replication
“My code is working on my machine but not on yours.”
This is one of the most common concerns developers face when shipping code to production.
Reason: Environment replication. The dependencies, libraries, and their versions installed on a developer’s machine may not exist on another machine. It’s not practical to ask people every time to download and configure all the required components.
Here comes Docker — it wraps all the dependencies, libraries, and configurations needed to run the application inside a container.
Difference Between Virtualization and Containers
Containers: Think of them like VMs but without the overhead of a full operating system. They share the host OS kernel, which makes them lightweight and ideal for microservices.
Virtualization: Refers to logically dividing a physical server into multiple virtual machines, each running its own full operating system.
In simple words, you can understand as `containerization is a concept or technology` and `Docker Implements Containerization` just like a hypervisor helps in implementing virtualization.
Containers and virtual machines are both technologies used to isolate applications and their dependencies, but they have some key differences:
1. Resource Utilization: Containers share the host operating system kernel, making them lighter and faster than VMs. VMs have a full-fledged OS and hypervisor, making them more resource-intensive.
2. Portability: Containers are designed to be portable and can run on any system with a compatible host operating system. VMs are less portable as they need a compatible hypervisor to run.
3. Security: VMs provide a higher level of security as each VM has its own operating system and can be isolated from the host and other VMs. Containers provide less isolation, as they share the host operating system.
4. Management: Managing containers is typically easier than managing VMs, as containers are designed to be lightweight and fast-moving.
Why are containers light weight ?
Containers are lightweight because they use a technology called containerization, which allows them to share the host operating system's kernel and libraries, while still providing isolation for the application and its dependencies. This results in a smaller footprint compared to traditional virtual machines, as the containers do not need to include a full operating system. Additionally, Docker containers are designed to be minimal, only including what is necessary for the application to run, further reducing their size.
Let's try to understand this with an example:
Below is the screenshot of official ubuntu base image which you can use for your container. It's just ~ 22 MB, isn't it very small ? on a contrary if you look at official ubuntu VM image it will be close to ~ 2.3 GB. So the container base image is almost 100 times less than VM image.
To provide a better picture of files and folders that containers base images have and files and folders that containers use from host operating system (not 100 percent accurate -> varies from base image to base image). Refer below.
Files and Folders in containers base images
/bin: contains binary executable files, such as the ls, cp, and ps commands.
/sbin: contains system binary executable files, such as the init and shutdown commands.
/etc: contains configuration files for various system services.
/lib: contains library files that are used by the binary executables.
/usr: contains user-related files and utilities, such as applications, libraries, and documentation.
/var: contains variable data, such as log files, spool files, and temporary files.
/root: is the home directory of the root user.
Files and Folders that containers use from host operating system
The host's file system: Docker containers can access the host file system using bind mounts, which allow the container to read and write files in the host file system.
Networking stack: The host's networking stack is used to provide network connectivity to the container. Docker containers can be connected to the host's network directly or through a virtual network.
System calls: The host's kernel handles system calls from the container, which is how the container accesses the host's resources, such as CPU, memory, and I/O.
Namespaces: Docker containers use Linux namespaces to create isolated environments for the container's processes. Namespaces provide isolation for resources such as the file system, process ID, and network.
Control groups (cgroups): Docker containers use cgroups to limit and control the amount of resources, such as CPU, memory, and I/O, that a container can access.
It's important to note that while a container uses resources from the host operating system, it is still isolated from the host and other containers, so changes to the container do not affect the host or other containers.
Note: There are multiple ways to reduce your VM image size as well, but I am just talking about the default for easy comparision and understanding.
so, in a nutshell, container base images are typically smaller compared to VM images because they are designed to be minimalist and only contain the necessary components for running a specific application or service. VMs, on the other hand, emulate an entire operating system, including all its libraries, utilities, and system files, resulting in a much larger size.
I hope it is now very clear why containers are light weight in nature.
✍️ Author: Omkar Sharma
📬 Feel free to connect on LinkedIn or explore more on GitHub
Top comments (0)