container

When Docker came onto the scene, it did not invent containers from scratch. The real magic was already implemented inside the Linux kernel in the form of two core technologies: cgroups and namespaces. cgroups allow managing and profiling system resources on a per-process basis (CPU, memory, and I/O). namespaces, on the other hand, customize the system view of a process, giving each one a virtual and exclusive view of the file system, network, memory space, process space, and more....

TL;DR The Open Container Initiative (OCI) is launched in June 2015 by Docker, CoreOS, and other leaders in the container industry. The OCI currently contains two specifications: runtime-spec and image-spec RunC RunC is the runtime for running containers according to the OCI specification (implements OCI runtime-spec). Runc leverages technologies available in Linux Kernel (cgroups and namespaces) to create and run containers. containerd containerd is a daemon and it manages the complete lifecycle of a container on the host operating system....

TL;DR Microservices are about communicating through APIs! A service mesh defines the communication interface between microservices. In an orchestrated environment (Kubernetes), containers talk to each other on top of overlay networking. Service mesh is a central source of truth for controlling the information flow between microservices. Mesh enables both the scalability benefits of microservices as well as centralized advantages of monoliths. Service meshes come with built-in observability (logging, metrics, and tracing) for microservices communications....

TL;DR Knative is a cloud-native serverless framework for Kubernetes environments. It is created and open-sourced by Google with contributions from other companies (Pivotal, IBM, Lyft, etc.). Unlike current serverless frameworks (AWS Lambda, Azure Functions, …), Knative eliminates cloud vendor lock-in. Knative usese Kubernetes for container orchestration and Istio service mesh for routing, load balancing, etc. Knative has three components: Build, Serving, and Eventing. Build: builds containers from source code on Kubernetes (on-cluster container builds)....

TL;DR A container is a package format and a content addressable bundle of content addressable layers! namespaces and cgroups are two key features of Linux kernel enabling containerization. Containers running on a host share a single Linux kernel! (a singler scheduler, a single memory manager, and so on) The Linux kernel has so many known and unknown bugs! Sandboxes are a way of getting an extra layer of isolation for containers....