The underlying technology of Docker containers is implemented through a variety of Linux technologies and kernel functions, and mainly includes the following key components:
Linux namespaces: This is the core of Docker container isolation. Linux namespaces allow different processes and resources to be isolated so that they run inside a container and are not affected by the host system or other containers. Namespaces include:
PID namespace: used to isolate processes.
Network namespace: used to isolate network interfaces and configurations.
Mount namespace: used to isolate file system mount points.
UTS namespace: Used to isolate hostnames and domain names.
IPC namespace: used to isolate inter-process communication.
Linux control groups (cgroups): Control groups are a function of the Linux kernel and are used to limit and manage the use of resources within the container, such as CPU, memory, disk I/O, etc. It allows you to allocate resources to containers and prevent containers from exhausting host resources.
Union File Systems: Docker uses Union file systems to create the writable and readable layers of the container. It allows containers to share the files of the base image and create an independent file system within the container. Commonly used Union file systems include OverlayFS, AUFS, btrfs, DeviceMapper, etc.
Container Runtime: The container runtime initially used by Docker is Docker's own runtime (Docker Engine). But later, Docker started supporting other container runtimes, such as Containerd and CRI-O. These container runtimes are responsible for managing the container lifecycle, including creating, starting, stopping, and destroying containers.
Docker Images: Docker images are the basis of containers. They contain the file system, applications, and configuration required to run the container. Images are layered, meaning they can share the same underlying layer, and new layers are only created when modified.
Container orchestration tools: In addition to Docker itself, there are also some container orchestration tools, such as Kubernetes, Docker Compose, Swarm, etc., used to coordinate and manage the deployment and scaling of applications among multiple containers.
In general, the underlying technology of the Docker container is implemented through the functions of the Linux kernel. The isolation and resource management of the container are realized through the Linux namespace and control group and the Union file system, so that the container can be in a relatively independent environment. running while sharing the same system kernel. The container runtime is responsible for managing and executing containers, and the Docker image provides the files and configuration required for the container to run. Container orchestration tools are used to coordinate and manage the deployment of multiple containers. Together, these technologies form the core of Docker containers.