Linux containers are technologies that allow you to package and isolate applications with their entire runtime environment—all of the files necessary to run. This makes it easy to move the contained application between environments (dev, test, production, etc.) while retaining full functionality. Containers are also an important part of IT security. By building security into the container pipeline and defending your infrastructure, you can make sure your containers are reliable, scalable, and trusted.
Linux containers help reduce conflicts between your development and operations teams by separating areas of responsibility. Developers can focus on their apps and operations can focus on the infrastructure. And, because Linux containers are based on open source technology, you get the latest and greatest advancement as soon as they’re available. Container technologies—including CRI-O, Kubernetes, and Docker—help your team simplify, speed up, and orchestrate application development and deployment.
In a way, containers behave like a virtual machine. To the outside world, they can look like their own complete system. But unlike a virtual machine, rather than creating a whole virtual operating system, containers don't need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application. They also operate much faster, as unlike traditional virtualization the process is essentially running natively on its host, just with an additional layer of protection around it.
And importantly, many of the technologies powering container technology are open source. This means that they have a wide community of contributors, helping to foster rapid development of a wide ecosystem of related projects fitting the needs of all sorts of different organizations, big and small.
Source: redhat.com, opensource.com
Advanced Security through 2 different IP / Networks in each Container.
Front end Containers accessible through public IP.
Back end Containers (workers) in a virtual private Network. Inaccessible from outside.