It’s a runnable instance of a container image that is sandboxed on a machine (isolated from all other processes). It’s portable and can run locally, on virtual machines or deployed to the cloud.
Runs on top of the container engine, such as Docker.
A container emulates the user space of an OS.
Kernel namespaces and cgroups features of Linux are used for this.
Provides a way to run software in a controlled and isolated environment.
All containers share the host’s OS kernel and hardware, so it’s much more difficult to achieve the level of isolation and security that a VM can provide. But because of that, there are much less overhead and container can boot up in milliseconds.
