Spread the loveDo you think that Container is a new technology ? Actually it’s not. Docker is the reason to
Do you think that Container is a new technology ? Actually it’s not.
Docker is the reason to made it popular, however they are present since quite long. Containers are Actually drived from the linux containers.
Linux containers has two key players (Cgroup & Namespaces)
When we talk about, certain software applications need to be restricted, in order to provide some security and isolation so that the bad code or bug would not be able to impact the complete machine.
Control Group: Originally developed by Google, is a kernal feature that limits and control the level of isolation majorly with CPU, Memory, Disk IO and Network usage of processes.
The primary design goal for cgroups was to provide a unified interface to manage processes or whole operating-system-level virtualization, including Linux Containers, The cgroups framework provides the following:
- Resource limiting: a group can be configured not to exceed a specified memory limit or use more than the desired amount of processors or be limited to specific intended devices.
- Prioritization: one or more groups may be configured to utilize fewer or more CPUs or disk I/O throughput.
- Accounting: a group’s resource usage is monitored and measured.
- Control: groups of processes can be frozen or stopped and restarted.
Namespaces : are also a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.
Means applications running under one namespace won’t be able to use resources assigned to another namespaces, they will consider their assigned resources to all they resources system has.
The feature works by having the same namespace for these resources in the various sets of processes, but those names referring to distinct resources. Examples of resource names that can exist in multiple spaces, so that the named resources are partitioned, are process IDs, hostnames, user IDs, file names, and some names associated with network access, and interprocess communication.