🐳Container

An isolated* environment to run (generally) one application.

The container is always started with an Imagewhich defines the application "playground" environment such as configuration files, entry point commands, etc.

If there is a need to run the same application (container) again, i.e. due to high demand, the same image can be used again to create another container alongside the other.

Relation between an image and a container

Container Lifecycle

A container runs through different stages during its lifecycle.

It starts with the creation using a specific image and ends with the deletion of the container.

The available states are:

• created

• running

• exited (either when a container/application finishes the task or crashes)

• paused

• deleted/killed

The visualization below shows all possible states of the lifecycle. The text on the solid arrows represents the CLI commands to change the container from one state to another.

Lifecycle of a container

Isolation

In a nutshell, a container is isolated in the following aspects:

• storage Inside the container, I/O operations such as files are isolated. They only exist within the container and not on the host system*. Due to this, a container isStateless by default. To overcome the stateless behavior, see Statefulcontainers.

• network A container has an isolated network. By default, the container cannot see other containers or networks, interfaces, etc. on the host system. This also means that localhost (127.0.0.1) points to the container and not the host system. For more details see the detailed section about the containerNetwork.

• process The container only sees its running processes.

• user/group Users and groups in the container are isolated* and therefore different from the host system. This has some security implications and the implementation depends on the container Runtime. This is a bigger topic, but for the general baseline, the just is that they are isolated*.

• There are some additional not-mentioned isolations, but these are out of scope for this explanation.

Container isolation

Stateless

By default all containers are stateless. The container will not remember the actions (i.e. file operations) that were performed during the lifecycle.

Once a container stops or reaches the end of its lifecycle, all the stored data and the container itself will be deleted.

Stateless container

To store data over the lifespan of a container we need a stateful container using volumes.

Stateful

Other than containers, volumes are not bound to the lifecycle of a container. They live outside of the container environment (generally directly on the host machine itself).

To persist any kind of data over the container lifecycle, a volume must be created beforehand and the volume must be mounted to the container.

There are different kinds of volume types, which will be explained in Volumes. For this example "named volumes" are used.

To be continued

🐳Volumes