<arch.design/>
Principles/Container Architecture
InfrastructureInfrastructureintermediate2013dockerociimagecgroups

Container Architecture

Package applications with all their dependencies into isolated, portable units that run consistently everywhere.

5/5
Operates at: Infrastructure level

Deployment platform — Kubernetes, Docker, cloud config

NetworkInfrastructureSystemServiceCode

How it works

Containers, popularised by Docker, package an application and its runtime dependencies into an immutable image. Unlike VMs, containers share the host OS kernel, making them lightweight and fast to start.

A container image is built from a Dockerfile defining OS layers, dependencies, and the application binary. Images are pushed to registries (Docker Hub, ECR, GCR) and pulled onto any host.

Key primitives: namespaces (isolate process trees, network, filesystem), cgroups (limit CPU and memory), and overlay filesystems (layer images efficiently).

Why it matters

Containers eliminate 'works on my machine'. They're the universal deployment unit for modern cloud-native applications and the foundation for Kubernetes orchestration.

When to use

  • Any modern web application or microservice
  • CI/CD pipelines requiring repeatable build environments
  • Applications that need to run across dev, staging, and prod identically

When NOT to use

  • Applications with strict OS/kernel version requirements
  • Legacy apps requiring GUI or Windows-specific dependencies (though Windows containers exist)

Trade-offs

+

Consistent environments from dev to production

Container image size can grow large without careful layering

+

Fast startup vs VMs — seconds not minutes

Shared kernel — less isolation than full VMs

+

Immutable deployments enable easy rollback

Stateful containers require careful volume management

In production

Google

Running billions of containers per week internally (Borg → Kubernetes)

Spotify

Entire infrastructure containerised on Google Kubernetes Engine

Industry adoption

5/5Ubiquitous — used at virtually every scale-focused company.

Related principles

Kubernetes Orchestration

Live

Automate the deployment, scaling, and self-healing of containerised applications across a cluster of nodes.

Infrastructure5/5

Service Mesh

Live

Offload cross-cutting network concerns (mTLS, retries, circuit breaking, observability) to a dedicated infrastructure layer via sidecar proxies.

Infrastructure3/5

Cloud-Native Architecture

Design applications specifically to exploit cloud capabilities: elasticity, managed services, and pay-per-use scaling.

Cloud5/5