and deploy them in an automated fashion into their
service. They started an internal project to explore the
use of some interesting UNIX technologies that were
initially developed in the 1970s to enable process
isolation at the kernel level. What would eventually
become Docker started as a project to use these
capabilities to grow the PaaS business. In 2013, the
world was introduced to Docker, which represented a
new paradigm in application packaging and deployment
that took off exponentially. While dotCloud eventually
went away, Docker has grown into the leading container
platform. Luckily for us, it was open source from the very
beginning, and the container runtime itself is hosted by
the Cloud Native Computing Foundation. While there
are other container runtimes, such as like Rocket and
Linux Containers, none of them are as popular or as
widely deployed as Docker.
UNDERSTANDING DOCKER
Docker containers use two capabilities in the Linux
kernel: namespaces, which provide isolation for running
processes, and cgroups, which make it possible to place
resource limits on what a process can access. These
features allow you to run a Linux system within another
Linux system but without needing to use virtualization
technologies to make it work. From the host operating
system’s perspective, you are just running another
application, but the application thinks it is the only
application that is running. Instead of needing to
virtualize hardware, you just share the kernel; you don’t
need to load a full operating system, drivers, and
memory management processes each time you want to
run an application.
Namespaces
Namespaces are essential for providing isolation for
containers. Six namespaces are used for this purpose: