Containers explained

A container is composed of two main things:

  1. Namespaces

Namespaces partition system resources and limits what a Docker project can see.

For example, a namespace can have a program think it's running as the root super user, with file system access, whereas it's really running as a specific user with limite privileges.

  1. Control groups

Control groups limit how much you can see. This is a Linux kernel feature that limits how much hardware each process can use. Docker user control groups to:

  • Monitor and limit CPU usage
  • Monitor and restrict network and disk bandwiddth
  • Monitor and restrict memory consumption

Control groups help Docker containers not use up too much system resources, like a VM would

Limitations/considerations

  • Because namespaces and control groups are Linux features, this means Docker only runs natively on Linux.
  • Container images are bound to their parent OS. Meaning an image made on Linux can only run on a Linux machine, same for Windows, Mac

Other containers

Containers have been around for a long time, as far back a 1979 with chroot(): (https://www.redhat.com/en/blog/set-linux-chroot-jails)[https://www.redhat.com/en/blog/set-linux-chroot-jails] and other things like BSD jails and Solaris zones, and most recently Linux containers: https://linuxcontainers.org/lxc/getting-started/

Docker advantages

  • Docker makes configuring and packaging apps and environments much easier.
  • Makes sharing images really easy with Docker hub
  • Docker CLI makes starting apps in containers simple