Compared to a virtual machine, a container is lightweight because a virtual machine “virtualizes” an entire operating system, while a container is just an isolated process.
When you have three VMS running on one host, you have three completely separate operating systems sharing the same host. Multiple containers will fully execute system calls from the same kernel running on the host, which is the only kernel that executes x86 instructions on the host operating system.
If you currently have six identical applications running on A virtual machine and A Docker container, you will find that both applications A and B have access to the same binaries and libraries on both the virtual machine and the container. It is taken for granted in virtual machines, but Docker adopts image layer. When the container is running, a new writable layer is created on top of the image layer, and each layer is saved only once. When the image based on the same base layer is created into two containers, they can read the same file. But if one container writes to a file, the other cannot see the file changes, and even if they share files, they are isolated from each other.
Although containers are much lighter than virtual machines, there are some limitations to the applications that run on them that will be discussed later.
