Containers share same base OS but have different root filesystem, sets of libraries and utilities
same OS: lesser overhead but lesser isolation
Containers are basically sets of processes.
based on two mechanisms:
-
Namespaces:
a way to provide isolated view of a certain global resource to a set of processes. For example you can set the root of the processes to a certain folder using pivot root. Processes within their namespace only see their slice of the global resource. -
Cgroups:
Allows to set a resource limit on a group of processes
running ps -aux in namespace shows only the processes running in the current namespace.
LXC is general while docker is more specific
Frameworks: Docker Swarm and Kubernetes helps with managing multiple containers, lifecycle and autoscaling
Namespace: