Skip to main content
HashnodeSynAckWithRajSynAckWithRaj

Command Palette

Search for a command to run...

Container Primer

Updated
4 min read
Container Primer
R
raja mani

✨🌟💫Threat Hunter 💫🌟✨

Part of seriesContainer

Why Container Technology

Containers reduce the friction between development and operations teams by packaging applications with their dependencies. They offer a consistent and repeatable environment across the entire lifecycle.

Core Problems Containers Solve

  1. Developer vs Operations Divide- Eliminates “works on my system” issues and dependency mismatches.

  2. Uniform Distribution and Deployment- Applications ship as portable artifacts that run the same everywhere.

  3. Better Management of Deployed Applications- Simplifies versioning, scaling, and performance tuning.

Advantages of Container Technology

Engineering and Delivery Benefits

  • Faster delivery cycles.

  • Shorter feedback loops and earlier inclusion in SDLC.

  • Scalable from tens to thousands of instances.

  • Audit friendly because all configuration is stored as code.

Operations and Security Benefits

  • Improved repeatability across environments.

  • Better resource utilization and cross-platform portability.

  • Supports DevSecOps maturity and automated security checks.

  • Helps align with GRC requirements in DevSecOps workflows.

Visual Overview

Example CI/CD Snippet for Containerized Deployment

stages:
  - build
  - test
  - deploy

build_image:
  stage: build
  script:
    - docker build -t app:v1 .
    - docker push registry/app:v1

test_container:
  stage: test
  script:
    - docker run --rm app:v1 pytest

deploy_prod:
  stage: deploy
  script:
    - kubectl apply -f deployment.yaml

Why Docker Matters

  • Provides a simple workflow to build, package, and run containerized applications.

  • Makes container technology accessible to developers, operations teams, and security engineers.

  • Standardizes distribution and execution of software across environments.

  • Includes both a Community Edition (CE) and an Enterprise Edition (EE) with added features.

Docker at a Glance

Basic Dockerfile Example

FROM python:3.11-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
CMD ["python", "app.py"]

Official Website

https://www.docker.com/

Docker Pros

Open Source and Scalable

Docker is an open source platform that can scale with your needs. It can run and manage thousands of containers efficiently.

Features and Security

Docker includes many built-in features to simplify containerization. It relies on Linux namespaces and cgroups to isolate and secure processes.

Simple, Easy and Fast

Docker is straightforward to use. Developers are familiar with it and adopt it quickly in their daily workflows.

Great Support

Most major cloud providers offer native support for Docker container creation and orchestration. This removes the need for deeper virtualization layers that require privileged access.

Kernel Features Used by Containers

Containers rely on three core Linux kernel features to provide isolation, control, and security.

Cgroups

Cgroups limit and account for resource usage. They control CPU, memory, I/O, and network resources so each container receives only what it is allowed to use.

Namespaces

Namespaces isolate system resources such as process IDs, network interfaces, mounts, hostname, and users. This makes each container appear as if it is running on its own separate system.

Capabilities

Capabilities break down root privileges into granular permissions. Containers can run processes with only the capabilities they actually need, reducing risk.

What Docker/Containers Are Not

Containers often look like virtual machines at first glance, but they are not the same thing.

Not a Virtual Machine

Containers do not run a full guest operating system. They share the host kernel and only package the application plus its dependencies.

No Guest OS

Because there is no separate kernel inside the container, it is lighter, faster, and starts almost instantly.

Not a Virtualization Technology

Docker should not be understood as hypervisor-based virtualization. It is an isolation mechanism that uses kernel features like namespaces, cgroups, and capabilities.

Not a Sandboxing Technology

Containers do not guarantee strong security isolation by default. They are not a replacement for sandboxing or hardened isolation layers.

Docker Cons

New Infrastructure Layer

Docker introduces an additional layer on top of your existing infrastructure. While it is easy to begin using, each layer must eventually be adapted to fully benefit from containerization.

Doesn’t Solve All Security Problems

Docker has secure defaults, but misconfigurations, privilege misuse, unsafe images, or weak isolation setups can still expose systems.

Performance and Deployment Woes

Docker is not truly cross-platform. On non-Linux systems it depends on a virtualized Linux environment, causing additional overhead and occasional deployment problems.

Log Management Is Not Robust

Because container ecosystems are newer, logging is less mature compared to traditional SIEM or centralized log management tools. Additional tooling is often needed.

#docker#containers
10 views

Container

Part 6 of 6
Start from the beginning

Manage Data in Docker

Docker containers come and go. Your data should not.we discuss three common ways Docker handles data: volumes, bind mounts, and tmpfs. Each has a purpose, and each can hurt you in a different way if you use it carelessly. 1) Docker Volumes Volumes a...

More from this blog

S

SynAckWithRaj

14 posts

This site documents my cybersecurity learning journey, covering Threat Hunting, Detection Engineering, Malware Analysis, Networks, OS, and Programming. Learn and collaborate with me on key topics!