# Containers

- **What is a Container?**
    
    
    - Lightweight and portable.
    - OS-level virtualization (compared to VMs).
    - Runs applications and dependencies in an isolated environment.
- **Container Runtime:**
    
    
    - OCI standards for container image format.
    - Examples: `containerd`, `CRI-O`, `runc`, Docker.
    - How Kubernetes interacts with container runtimes through the Container Runtime Interface (CRI).
- **Container Images:**
    
    
    - Layers and image composition.
    - Building images using Dockerfile.
    - Storing and retrieving images from registries (Docker Hub, Artifact Registry, etc.).
- **Container Lifecycle:**
    
    
    - Creation, running, stopping containers.
    - Restart policies in Kubernetes (Always, OnFailure, Never).
- **Security:**
    
    
    - Image scanning and vulnerability management.
    - Running containers with least privilege (user ID and group).
    - Container isolation using namespaces and cgroups.
- **Networking:**
    
    
    - Container Network Interface (CNI) plugins.
    - Port mapping and exposing services.
    - Container-to-container and container-to-host communication.
- **Storage:**
    
    
    - Ephemeral storage (temporary storage for containers).
    - Persistent storage (using volumes in Kubernetes).
    - Mounting and sharing volumes between containers.