Docker Engine #

Layers #

There are three major layers to the Docker Engine, going from foundation on up:

1. Docker Deamon - background process handling Docker

2. REST API - the interface to the Deamon

3. Docker CLI - note: doesn’t necessarily have to be on the same host; it can be remote (specify remote path with docker -H=<remote path>:<port>; for instance: docker -H=<IP address>:<port> run <image>)

Containerization #

Namespaces isolate workspaces (network, mount, processes, etc.)

Namespace - Process ID (PID) #

The first one is PID:1, which kicks off other PIDs (.e.g, PID:2, PID:3, etc.)

PIDs are unique.

Different containers have their own set of PIDs.

Control Groups (cgroups) #

Multiple Docker containers can share the same CPU and memory from the same host.

Because of the sharing, it’s often a good idea to specify resource use limitations with cgroups:

docker run --cpus=<value from 0-1> <image>

docker run --memory=<integer value>m <image>