May 22, 2021 Docker From entry to practice
Docker's underlying core technologies include Namespaces on Linux, Control Groups, Union File Systems, and Container Format.
We know that traditional virtual machines simulate the operating system that a complete set of hardware environments provide to virtual machines by running hypervisor in the host host. V irtual machine systems see environments that are limited and isolated from each other. T his direct approach enables the most complete encapsulation of resources, but often means a waste of system resources. For example, in the case of both host and virtual machine systems as Linux systems, applications running in virtual machines can actually take advantage of the operating environment in a host system.
We know that in the operating system, including the kernel, file system, network, PID, UID, IPC, memory, hard disk, CPU, and so on, all resources are shared directly by the application process. T o achieve virtualization, in addition to memory, CPU, network IO, hard disk IO, storage space, etc. , but also to achieve file systems, networks, PIDs, UID, IPC and so on to isolate each other. The former is relatively easy to implement, while the latter requires in-depth support from the host system.
With the linux system's refinement of the namespace functionality, programmers have been able to implement all of the above requirements, allowing certain processes to run in a namespace that is isolated from each other. A lthough everyone shares a kernel and some runtime environments (such as some system commands and system libraries), they don't see each other and think they exist only in the system. This mechanism is container, using namespaces for permission isolation control and cgroups for resource allocation.