1 00:00:00,000 --> 00:00:09,520 In this video, you will learn about containers. 2 00:00:09,520 --> 00:00:14,080 A container is a way to run an application in full isolation. 3 00:00:14,080 --> 00:00:17,440 And the foundation of a container is a container image. 4 00:00:17,440 --> 00:00:22,260 This is a ready-to-run package that contains all the dependencies to run the application. 5 00:00:22,260 --> 00:00:26,000 So you just need the image and nothing else. 6 00:00:26,000 --> 00:00:31,200 Container images are typically obtained from a container registry, such as hub.docker.com 7 00:00:31,200 --> 00:00:36,599 or quay.io, or alternatively, even your private registry. 8 00:00:36,599 --> 00:00:39,080 Container images are highly standardized. 9 00:00:39,080 --> 00:00:42,400 Behind it is the OCI, the Open Container Initiative. 10 00:00:42,400 --> 00:00:46,520 And that means that images work with multiple container solutions, and it doesn't matter 11 00:00:46,520 --> 00:00:49,599 which one you are using. 12 00:00:49,599 --> 00:00:53,320 And the benefit of running containers, well, there are many. 13 00:00:53,320 --> 00:00:56,439 One is that you don't have to install the container. 14 00:00:56,439 --> 00:01:01,160 You just run it on any platform that has a required container runtime. 15 00:01:01,160 --> 00:01:05,839 The fun thing is that because these container images are so highly standardized, you can 16 00:01:05,839 --> 00:01:11,440 run the same container images on your local container stack, like Docker or Podman, or 17 00:01:11,440 --> 00:01:14,080 even in Kubernetes. 18 00:01:14,080 --> 00:01:17,239 Containers comfort of the Linux operating system. 19 00:01:17,239 --> 00:01:20,680 And behind containers are many Linux technologies. 20 00:01:20,680 --> 00:01:25,599 These include namespaces to provide isolation between users, processes, filesystem mounts, 21 00:01:25,599 --> 00:01:26,760 and more. 22 00:01:26,760 --> 00:01:31,800 And cgroups provide resource allocation to ensure that the container does not have access 23 00:01:31,800 --> 00:01:36,400 to all the resources provided on the host operating system. 24 00:01:36,400 --> 00:01:40,680 So you can limit the amount of memory that your containerized application has, and it 25 00:01:40,680 --> 00:01:43,519 can never consume all of the memory. 26 00:01:43,519 --> 00:01:49,800 And mandatory access control, like SCLinux, can be added to further secure the container. 27 00:01:49,800 --> 00:01:53,360 To run a container, you need a container runtime. 28 00:01:53,360 --> 00:01:58,400 And common container runtimes are available for all current operating system platforms. 29 00:01:58,400 --> 00:02:00,519 You'll learn more about them in the next video.