Docker Internals

Isolations on the linux machines are created using a linux kernel feature called Namespaces. for more info Click Here
Resource Limits are applied using kernel feature called as cgroups (Control groups). For more info Click Here

Preview

Working on namespaces & cgroups are difficult, but here comes the docker to the rescue.
Docker Engine makes it easy to create isolated areas & resource limits

Preview

you can skip code & look at images

To be very specific,
- pID namespace (Process Namespace) creates the isolated process tree inside container
note this is link to image from this article
- net namespace (Network Namespace) creates the isolated networking for each container with its own network interface.
note this is link to image from this article
- mount namespace creation allows each container to have a different view of entire systems mount point, this allows containers to have their own file system view which starts from root
note this is link to image from this [article]
- user namespace allows to create whole new set of user & groups for the containers
Fortunately even in windows world we have namespaces now. The purpose of the namespace is same but underlying implementation differs. Refer this article

cgroups is a linux kernel feature
Control groups is used to impose limits. We can impose limits of disk io, RAM & cpu’s using ControlGroups
Fortunately even in windows world we have control groups now. The purpose of the namespace is same but underlying implementation differs. Refer this article

This will be discussed in another article very soon.

The underlying components of docker as per the latest implementation is looking as shown Preview

The Specific Linux Implementation will be shown below Preview

The Specific Windows Implementation will be as shown below Preview

About continuous learner