Docker & the Operating System (OS) - Overview.
Scope:
- Intro,
- Docker Key Components,
- Namespaces & Types,
- Control Groups (cgroups),
- Union File System (UnionFS),
- How Docker Runs on Different Operating Systems (Linux, windows, MacOS),
- Docker Engine Components (runs as a client-server architecture),
- How a Container Is Created,
- Visual Architecture (Simplified).
Intro:
- Docker works by leveraging features of the host operating system (OS)... particularly the Linux kernel, to run applications in isolated environments called containers.
- Unlike virtual machines (VMs), which require a full OS for each instance, containers share the host OS kernel but isolate the application processes.
- Here's twtech overview of how Docker works on an OS:
1. Docker and the OS: Key Components
Docker relies on several OS-level
features to work:
a.
Namespaces
- Provide isolation for containers (e.g., process
IDs, network interfaces, mount points, user IDs).
- Each container sees its own isolated set of resources.
Types of namespaces used:
- pid:
process isolation
- net:
network isolation
- mnt:
filesystem mount points
- uts: hostname/domain
isolation
- ipc:
inter-process communication
b.
Control Groups (cgroups)
- Limit and prioritize resources (CPU, memory,
disk I/O(input/output)) that a container can use.
- Prevent a single container from consuming all system
resources.
c.
Union File System (UnionFS)
- Provides layered file systems (used in Docker
images).
- Enables image reuse and efficient storage.
2. How Docker Runs on Different Operating
Systems
On
Linux
- Docker runs natively using the Linux kernel
features (namespaces, cgroups).
- Containers are fast and efficient because they directly
use the host kernel.
On Windows & macOS
- These Operating Systems (Windows & macOS) don’t support Linux kernel features
natively.
- Docker also runs a Linux virtual machine (e.g., using
WSL2 on Windows or a lightweight VM on macOS).
- Containers still behave similarly, but with added
overhead due to the VM layer.
3. Docker Engine Components (Docker runs as a client-server architecture):
|
Component |
Role |
|
Docker Client. |
CLI (docker
commands) that communicates with the daemon |
|
Docker Daemon (dockerd). |
Background service managing
images, containers, etc. |
|
Docker Images. |
Read-only templates used to create
containers |
|
Docker Containers. |
Running instances of images,
isolated via kernel features |
|
Docker Registry. |
Stores and distributes images
(e.g., Docker Hub) |
4. How a Container Is Created
- User runs: docker
run nginx
- Docker client sends the command to the Docker daemon.
- Docker daemon:
- Pulls the image (if not cached).
- Creates a container using the image.
- Sets up namespaces and cgroups.
- Attaches filesystem layers.
- Starts the process in the container.
Visual Architecture (Simplified)
twtech-Summary (Docker works on an OS by):
- Using kernel features like namespaces and cgroups (control groups) for isolation and resource control respectively.
- Running directly on Linux (but through a VM) on
macOS and Windows.
- Managing containers via a client-server model (Docker CLI → Docker daemon).
No comments:
Post a Comment