What is a container?

A container is a lightweight, standalone, executable package that includes everything needed to run an application: code, runtime, system tools, libraries, and settings. Containers are instances of Docker images running as processes. Key characteristics: (1) Isolation: containers have their own filesystem, process space, network interfaces, and users — isolated from each other and the host, using Linux namespaces; (2) Lightweight: containers share the host OS kernel (unlike VMs which have their own OS kernel) — they start in seconds and use MB of memory instead of GB; (3) Portable: a container runs the same way on a developer's laptop, CI server, and production cloud; (4) Ephemeral: containers are designed to be stateless and disposable — stop, delete, and recreate without data loss (data lives in volumes); (5) Immutable: the container's filesystem (from the image) is read-only — any writes go to a writable layer. Containers vs. Virtual Machines: both provide isolation, but VMs virtualize hardware and run a full OS kernel (hundreds of MB to GB overhead, minutes to start); containers share the host kernel and are much more lightweight (MB, seconds to start).