Docker Namespace Vs Cgroup

Namespace and Cgroup

  • Linux Containers that they run are powered by two underlying Linux Kernel technologies: cgroups and namespaces.
  • When you start a container, behind the scenes, Docker creates a set of namespaces and control groups for the container.

What is Namespace?

  • Namespaces provide a layer of isolation for containers.
  • Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
  • When you run a container, Docker creates a set of namespaces for that container.
  • Namespace makes processes running inside that namespace believe they have their own instance of that resource.
  • A namespace can limit visibility to certain process trees, network interfaces, user IDs, or filesystem mounts.

Docker Engine uses the following namespaces on Linux

  • PID — It is used to assign a set of PIDs to processes that are independent of the set of PIDs in other namespaces.
  • Network namespace is for managing network interfaces such as private routing tables, set of IP addresses, socket listings, firewalls, etc.
  • Interprocess communication (IPC) namespace has its own IPC resources, for example, POSIX message queues.
  • Mount namespace has an independent list of mount points for managing filesystem mount points.
  • UNIX Time-Sharing (UTS) namespace allows a single system to appear to have different host and domain names to different processes.

What is Cgroup?

  • A control group (cgroup) is a Linux kernel feature that limits an application to a specific set of resource usage (CPU, memory, disk I/O, network, and so on).
  • Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints.
  • For example, you can limit the memory available to a specific container.

Cgroups involve resource metering and limiting:

  • memory
  • CPU
  • block I/O
  • network

For example,

To run an instance of an Ubuntu container and set the memory limit to 1 GB and access to 1 CPU the command is:

sudo docker run -it --memory="1g" -cpus="1.0" ubuntu




DevOps Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Never buy cheap hosting

Mintalio NFT Platform Built on the Liquid Network — Now in Beta!

Auto Mounting EBS Volumes to an EC2 Instance

What is regression testing?

What is regression testing?

Lower the Tinkering Threshold

Chinchilla Squeaks — Kong, Koyeb, and Kuma

The One Software Every Engineer Shoud Learn

Matlab / Simulink software for power engineers

Defrost Finance launches airdrop to celebrate the partnership with Trader Joe

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


DevOps Engineer

More from Medium

Docker Network Drivers Overview | Networking in Docker #3

Using Aliyun-CLI with Docker Very Easily

Creating streamlined docker images

Jenkins Shared Library Configuration