The Many Faces of Containers

Marc Brooker (@MarcJBrooker): "Containers" has come to be a deeply overloaded term, and I see it causing confusion nearly every day. There are at least four things here.

Marc Brooker (@MarcJBrooker): One: containers as an isolation mechanism. On Linux this is the set of cgroups, seccomp and friends that can be used to isolate processes or groups of processes.

Marc Brooker (@MarcJBrooker): Two: containers as a packaging mechanism. Mostly popularized by Docker, this is about taking some code and a closure of its dependencies, and packaging them all up together along with some metadata.

Marc Brooker (@MarcJBrooker): Three: containers as a design philosophy. This stems from the idea that if we can package and isolate software it becomes easy to run. The emphasis here is on software, rather than services, and standardized tooling trying to simplify operations.

Marc Brooker (@MarcJBrooker): Four: containers as an ecosystem. This is where all the Proper Nouns come in. These things are useful, but are one embodiment of a set of ideas, rather than an end to themselves.

Marc Brooker (@MarcJBrooker): I think people under appreciate how independent these are. We could replace containers-as-isolation with MicroVMs with no real change in operational properties. Containers-as-packaging could be replaced with static linking with no real change (except less convenience).

Marc Brooker (@MarcJBrooker): The design philosophy is as applicable to instances, and mostly to functions, as it is to containers.

Marc Brooker (@MarcJBrooker): I don't have alternative terminology to propose, but I think it would simplify a lot of conversations if people were more clear about which of these (or other things) they are talking about.