--- tags: - openshift - k8s - cloud - guides - docker - podman --- # what are containers? Enterprise applications were historically deployed on a server or VM (virtual machine). But if I am a user of an app, I don't really care about the hardware my app runs on. I just care if it runs. Containers are how we can abstract away the stuff applications don't really need to care about in order to run. By packaging all the immediate dependancies of an app (and the app itself of course), we end up with a container that is much more flexible in where/how it runs than an entire VM. In short, it lets app developers focus on app stuff, and infrastructure teams focus on infra stuff. ![[1 - what is a container 2022-12-27 12.08.51.excalidraw.png]] # how do they work? A few key features of the Linux kernel are what allow containers to do their magic. These are not specific to containers and are in fact used in "traditional" VMs. ## namespaces A namespace is a logical seperation of different resources, such as for different teams or applications. By default, resources in a namespace are only visible to members of that namespace. Named resources are unique per namespace (you cannot have two resources with the same name in the same namespace.) ## cgroups A control group (cgroup) limits what resources a process can use. These groups allocate and limit how much compute (CPU, memory, etc) a namespace and its resources can use.