Container

Rédigé par David Brulin, co-fondateur de Quai des Balises

Container is an isolated, lightweight software unit that bundles an application with its code, runtime, libraries and dependencies into a single package. It shares the host operating system kernel rather than virtualizing hardware, so the same container runs consistently across development, testing and production environments.

How a container works

A container packages everything an application needs to run, then isolates that package from the host system and from other containers using operating system features such as namespaces (isolation of processes, network and filesystem) and cgroups (resource limits on CPU and memory). Because all containers on a machine share the same OS kernel, they start in seconds and consume far less memory than a full virtual machine.

The defining benefit is portability: a container behaves the same on a developer laptop, a continuous integration server and a production cluster, which removes the classic "it works on my machine" problem. In a custom software or business platform project, this consistency makes deployments predictable and rollbacks fast.

Key elements of the container model:

Image: a read-only template defining the application and its dependencies.
Container: a running instance of an image, with its own isolated process space.
Registry: a store for distributing images (for example Docker Hub or a private registry).
Orchestrator: a system such as Kubernetes that schedules, scales and heals containers across many machines.

Container vs virtual machine

Containers and virtual machines (VMs) both isolate workloads, but at different layers. A VM virtualizes hardware and runs its own complete guest operating system on top of a hypervisor. A container virtualizes the operating system and shares the host kernel, packaging only the application layer. This makes containers lighter and faster to start, while VMs provide stronger isolation because each guest runs a separate kernel.

Criterion	Container	Virtual machine
Isolation level	OS-level, shares host kernel	Hardware-level, separate guest OS per VM
Includes a full OS	No, only the app and dependencies	Yes, a complete guest operating system
Startup time	Seconds	Minutes
Resource footprint	Lightweight	Heavier
Portability	High, runs identically across environments	Lower, tied to hypervisor and OS image
Isolation strength	Strong, but kernel is shared	Stronger, fully separated kernels

The two approaches are often combined: containers frequently run inside VMs in cloud environments, pairing the deployment speed of containers with the hardware isolation of virtual machines.

The role of Docker

Docker is the tool that popularized containers by making them simple to build, share and run. It introduced a standard image format and a developer-friendly workflow, so the term "container" is often used interchangeably with Docker, even though Docker is one implementation among several.

In practice, Docker covers the full lifecycle of a container:

Build: a Dockerfile describes, step by step, how to assemble an image.
Ship: images are pushed to a registry and pulled by any environment.
Run: the Docker engine launches containers from those images.

For larger systems, Docker is typically paired with an orchestrator such as Kubernetes to manage scaling, networking and resilience across a cluster. Other runtimes exist as well, notably containerd and Podman, all aligned with the Open Container Initiative (OCI) standards that keep images interoperable across tools.

Questions fréquentes

An image is a static, read-only template that defines an application and its dependencies. A container is a running instance created from that image, with its own isolated process space. You can launch many containers from a single image, and each runs independently.

Not inherently. Virtual machines provide stronger isolation because each one runs its own separate kernel, while containers share the host kernel. Containers can be hardened with namespaces, cgroups and restricted privileges, but for workloads requiring strict isolation, VMs or VMs running containers are often preferred.

No. Docker is the most widely used tool, but it is one implementation among several. Alternatives such as containerd and Podman also run containers, and the Open Container Initiative (OCI) standards ensure images built with one tool remain compatible with others.

Docker builds and runs individual containers, mainly on a single host. Kubernetes is an orchestrator that manages many containers across a cluster of machines, handling scaling, networking, load balancing and automatic recovery. They are complementary: Docker creates the containers, Kubernetes operates them at scale.

Building a custom software project? We design bespoke software aligned with your roadmap.

See our custom software expertise

Définitions liées

← Retour au glossaire