Internally, containerisation technology runs on Namespaces and C-Groups technology.

Namespaces: 

Namespaces are a feature of the linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes see a different set of resources.

  • The key feature of namespaces is that they isolate processes from each other
  • In modern world, this "processes" are called as "containers" and process of name-spacing is termed as "containerisation"
  • Using containers during the development process gives the developers an isolated environment that looks and feels like a complete Virtual Machine (VM), but its not a VM.
  • Though - it is a process running on a server some where.
  • If developer starts two containers, there are 2 processes running on a single server somewhere, but they are isolated from each other.

C-Groups (Control Groups): 

C-Group is a linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, Memory Disk, I/O, Network) of a collection of processes.

C-Group provides the following features:

  • Resource Limits:
    • We can configure a cgroup to limit how much of particular resource (memory/CPU) a process can use.
  • Prioritization:
    • We can control how much of resource a process can use compared to processes in another cgroup when there is resource contention
  • Accounting:
    • Resource limits are monitored and reported at the cgroup level.
  • Control:
    • You can change the status (frozen, stopped / restarted) of all processes in a cgroup with a single command.

So, basically we use CGroups to control how much of a given key resource (CPU, Memory, Network, Disk and I/O) can be accessed or used by a process or set of processes.

Containers in Linux POV

Containers don't run on Docker!

We all must do some important corrections in our minds. Containers do not run on Docker. Containers are processes, and they run on the linux kernel. Importantly, containers are linux processes.

The dockerd (Docker Demon) is one of the many userspace tools / libraries that talks to the kernel to set up containers.

What is the difference between Processes and Containers?

Actually, there is no processes v/s containers in Linux. User space and kernel work together to bring us the feel of containerisation. 

  • There is only one process ID structure in the kernel.
  • There are multiple human and technical definitions for containers.
  • Container engines are one technical implementation which provides both a methodology and a definition for containers