I just did a post about this on LinkedIn (gotta build that cred).
Containers aren't a new concept. But in today's world, we're usually talking about the intersection of three Linux features:
* namespaces bundle resources (processes, disk, I/O, etc.) together, isolating them from each other. They're a teacher with a class full of rowdy kids.
* cgroups (control groups) limit and audit how many resources a group of processes can use. They're traffic cops.
* Union File System sits on top of another file system. Anything in the underlying file system is visible, but writes and new files only appear in the UnionFS mount. This layer can be thrown away at the end of a session, leaving the base filesystem pristine. It's the tracing paper you used as a kid when you were learning to draw.
Processes in a container run on the same kernel as the other apps you run, but they're isolated, controlled, and kept from scribbling all over the disk. Add some tooling and standards and you have the foundations of modern #softwaredevelopment !
Containers aren't a new concept. But in today's world, we're usually talking about the intersection of three Linux features:
* namespaces bundle resources (processes, disk, I/O, etc.) together, isolating them from each other. They're a teacher with a class full of rowdy kids.
* cgroups (control groups) limit and audit how many resources a group of processes can use. They're traffic cops.
* Union File System sits on top of another file system. Anything in the underlying file system is visible, but writes and new files only appear in the UnionFS mount. This layer can be thrown away at the end of a session, leaving the base filesystem pristine. It's the tracing paper you used as a kid when you were learning to draw.
Processes in a container run on the same kernel as the other apps you run, but they're isolated, controlled, and kept from scribbling all over the disk. Add some tooling and standards and you have the foundations of modern #softwaredevelopment !