In this post I’ll talk about containers, how they are used, and talk a little about their implication with security.
First, what is a container? A container is a lightweight packaging of a piece of software, including everything needed to execute it: code, runtime, system tools, system libraries, settings, etc.. A container is isolated, it will run the same every time, anywhere it’s executed. When run in a single machine, they share its operating system kernel, start instantly, and use less computing power and RAM.
Isn’t that a virtual machine?
A virtual machine consists of the following:
- Abstraction of physical hardware.
- Each VM consists of a full copy of the Guest OS, some apps and necessary binaries and libraries.
- The hypervisor allows several VM’s to run on a single machine, turning one computer into many.
- Usually in the GBs.
While a container is:
- Abstraction of the application layer.
- Contains code and its dependencies.
- Multiple containers run on the same machine sharing the Host OS kernel with other containers.
- Usually in the MBs.
So yeah, it’s virtual-machine-esque but not quite. By using a container, things like environment variables, that may contain sensible data, are not exposed to the main machine, instead they are cozily packaged along with the software and running inside the container, you can couple this with a reverse proxy like NGINX, setup SSL, and you’re all set for a slightly more secure application.
A technology that’s currently leading the market is Docker, providing a hub on which to upload your own images for the world to see and download common images from which to extend your own.
– FROM fornesarturo/dude:latest