In simple terms, Docker is a software that helps in delivering of software packages in multiple isolated user spaces instances called containers. Before we jump into containers or docker in general, it is important to know what exactly is virtualization and how really it works.

Virtualization

We all have heard about how we can run VMs or virtual machines on our systems. These Virtual machines (VM) is basically a virtual environment that works like a computer within a computer. It runs on an isolated partition of its host computer with its own CPU power, memory, operating system (such as Windows, Linux, macOS), and other resources.

For clearer interpretation of virtualization, let us consider a diagram having levels of virtualization:

At the bottom, the physical machine is known as the host while the VMs running on it are called guests. We have our laptop on which we install a virtual box that gives us the environment and works as a hypervisor.

Hypervisors

These hypervisors run multiple VMI's over which VMs can run.It abstracts guest machines and the operating system they run on, from the actual hardware. It create a virtualization layer that separates CPU / Processors, RAM and other physical resources from the virtual machines you create.

There are two types of hypervisors:

1. Type 1 hypervisor: they don't need any underlying operating system to run.
2. Type 2 hypervisor: they can run on any laptop.

Then we have VMI (virtual machine images) over which the virtual machine runs which have their own separated OS and resources like memory from the main system.

Working of VM's:

We now know how the overall system of virtualization works, now lets go deeper into what all things makes sure that the whole system works.

A VM comprises of these elements:

Each VM has its own Operating system.The resources needed to build them up are acquired from the system itself according to the needs which are controlled by namespaces which we will talk about later..

• Some dependencies are also needed by the VMs to run which are known as libraries.
• On the top of Operating systems of VMs are binaries which are also needed for the functioning of them.

Now over this, there's another layer we should go to...

Container Layer

As you can see the "apps" which we discussed are now running together in a layer simultaneously. This layer is called a "container". These containers allows to encapsulate bins,libs and in running multiple apps on the same system. Therefore there is no need to create multiple operating systems for running multiple apps.

These containers have private space for processing, can execute commands as root, have a private network interface and IP address, allow custom routes and rules, can mount file systems.

Note that ,The one big difference between containers and VMs is that containers share the host system’s kernel with other containers.

With the help of containers, we can use and control namespaces and groups.

Namespace & Cgroups:

To know about what are namespaces and groups, we should take a closer look back in app layer and see how encapsulation of app, bin and lib exactly happens.

The encapsulation of all the components of a VM in which there are app,lib and bin are due to presems of namespaces.

Namespaces provide isolation of system resources, and cgroups allow for fine‑grained control and enforcement of limits for those resources. Docker uses namespaces to provide the isolated workspace i.e container. When you run a container, Docker creates a set of namespaces for that container which has many features as follows:

• Cgroups: This feature allows us to limit the memory in CPU which the VM takes to make its own OS,so that one container isn't utilizing all the available resources.

• User: This feature doesn't makes other users aware of the presence of other users working on other VMs.

• UTS: This feature usually controls the hostname and domain name.Using this, you can create your own hostnames and domain names for your particular application.

• IPC: It provides separation of IPC between the host and containers. If the host's IPC namespace is shared with the container, it would allow processes within the container to see all of the IPC on the host system.

• PID: A PID namespace is a set of unique numbers that identify processes. Linux provides tools to create multiple PID namespaces. Each namespace has a complete set of possible PIDs. This means that each PID namespace will contain its own PID 1, 2, 3, and so on.

• MNT: Mount namespaces provide isolation of the list of mounts seen by the processes in each namespace instance. Thus, the processes in each of the mount namespace instances will see distinct single- directory hierarchies.

All of these features are available for VM's and all these VM's run on a layer known as containers and that too on a same system using a single system's operating system.

And finally these containers are used to test,deliver software packages across many users by the software called docker!

=============================================================

References:

• youtube.com/watch?v=EUu1E_YKGTw&t=11197..

• freecodecamp.org/news/a-beginner-friendly-i..

Thank you for reading the blog.🙌🏻📃

🔰 Keep Learning !! Keep Sharing !! 🔰

🚀 Feel free to connect with me :

• LinkedIn : linkedin.com/in/abhinav-kumar-9639b4143
• GitHub : github.com/abhinav2712
• Twitter : twitter.com/Abhinav10465018

Keep Growing and don't forget to have fun :) 🍻