Docker Namespace Vs Cgroup

Namespace and Cgroup

  • Linux Containers that they run are powered by two underlying Linux Kernel technologies: cgroups and namespaces.
  • When you start a container, behind the scenes, Docker creates a set of namespaces and control groups for the container.

What is Namespace?

  • Namespaces provide a layer of isolation for containers.
  • Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
  • When you run a container, Docker creates a set of namespaces for that container.
  • Namespace makes processes running inside that namespace believe they have their own instance of that resource.
  • A namespace can limit visibility to certain process trees, network interfaces, user IDs, or filesystem mounts.

Docker Engine uses the following namespaces on Linux

  • PID — It is used to assign a set of PIDs to processes that are independent of the set of PIDs in other namespaces.
  • Network namespace is for managing network interfaces such as private routing tables, set of IP addresses, socket listings, firewalls, etc.
  • Interprocess communication (IPC) namespace has its own IPC resources, for example, POSIX message queues.
  • Mount namespace has an independent list of mount points for managing filesystem mount points.
  • UNIX Time-Sharing (UTS) namespace allows a single system to appear to have different host and domain names to different processes.

What is Cgroup?

  • A control group (cgroup) is a Linux kernel feature that limits an application to a specific set of resource usage (CPU, memory, disk I/O, network, and so on).
  • Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints.
  • For example, you can limit the memory available to a specific container.

Cgroups involve resource metering and limiting:

  • memory
  • CPU
  • block I/O
  • network

For example,

To run an instance of an Ubuntu container and set the memory limit to 1 GB and access to 1 CPU the command is:

sudo docker run -it --memory="1g" -cpus="1.0" ubuntu

--

--

--

DevOps Engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Never buy cheap hosting

Mintalio NFT Platform Built on the Liquid Network — Now in Beta!

Auto Mounting EBS Volumes to an EC2 Instance

What is regression testing?

What is regression testing?

Lower the Tinkering Threshold

Chinchilla Squeaks — Kong, Koyeb, and Kuma

The One Software Every Engineer Shoud Learn

Matlab / Simulink software for power engineers

Defrost Finance launches airdrop to celebrate the partnership with Trader Joe

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bikram

Bikram

DevOps Engineer

More from Medium

Docker Network Drivers Overview | Networking in Docker #3

Using Aliyun-CLI with Docker Very Easily

Creating streamlined docker images

Jenkins Shared Library Configuration