-
Notifications
You must be signed in to change notification settings - Fork 1
Docker's Underlying Technologies
Docker abstracts underlying infrastructure and provides users with a standardised way to package and deploy their software. Docker uses runC as its container runtime for secure, efficient and fast containerisation on Linux and Windows.
Namespaces are a feature of the Linux kernel designed for abstracting system resources and making it appear to processes that they have their own isolated instances of the global resource.
Processes within the same namespace share changes to global resources, but these are invisible to other processes. This is a key feature required for containerisation.
Docker uses cgroups (Control Groups) to limit, isolate and account for the host's resource usage. cgroups give Docker's runC runtime fine-grained control over allocating, monitoring and managing hardware resources between containers.
Docker uses OverlayFS to manage the file system of its containers. As container images are immutable artifacts, Docker creates a new R/W layer for managing and isolating the container from the host and other containers.
This provides:
- Better security between host and containers
- Smaller image size since multiple containers can share the same base image.
- Easier to update images/containers, since the layers are separate.