Saturday, 26 October 2019

Docker


Docker








Namespaces
Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.
These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
Docker Engine uses namespaces such as the following on Linux:
  • The pid namespace: Process isolation (PID: Process ID).
  • The net namespace: Managing network interfaces (NET: Networking).
  • The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication).
  • The mnt namespace: Managing filesystem mount points (MNT: Mount).
  • The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System).

Control groups
Docker Engine on Linux also relies on another technology called control groups(cgroups). A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can limit the memory available to a specific container.
Union file systems
Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers. Docker Engine can use multiple UnionFS variants, including AUFS, btrfs, vfs, and DeviceMapper.
Container format
Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a container format. The default container format is libcontainer. In the future, Docker may support other container formats by integrating with technologies such as BSD Jails or Solaris Zones.

Docker Engine

Docker Engine has 3 functionalities 
Docker deamon which can be running in background and it manages docker objects like containers, networks, storage
REST API is an interface and which will talk to Deamon and provide an instruction 
Docker CLI can be in anywhere in a network

Docker uses Namspaces to provides isolate workspace between containers such as

When Linux system Boots up, we have main process as PID: 1 and which contains multiple sub processes.
Once system booted, we could see many process which are running in a machine using ps –ef command.
Process ID is unique and two process ID can’t have same process ID.
The same approach is followed in inside container (child system). But for Linux docker Host machine which consider Child System (container) as one individual process and this can be linked with Docker Host machine processes.
Hence each process in inside container can be sync with underlying host machine processes. 


This cgroups can be managed resources for containers. But eventhough, we can restrict the cpu and memory to containers as limitation.


Container Orchestration


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)