What is Docker?

Docker uses (Linux) kernel features and puts the known chroot concept on steroids. This way we can get a universal system to build and ship applications. Docker is the popular implementation, which has informed the OCI- specification and given rise to other runtimes such as Podman.

...

Cloud Native denotes a macro trend related to the standardization of Linux service management and Linux-based cloud computing. It’s when services are made for the cloud (including on-premises private cloudsas defined within NIST 800-145). Cloud Native services can be migrated between different kinds of cloud deployment scenarios, which may help with a defined onboarding, migration and exit strategy of the services in scope.

Docker under the hood

Unlike a virtual machine, a container does not need to boot the operating system kernel. Therefore containers can be created in less than a second.

The process isolation (which uses Linux namespaces, cgroups and other kernel features like capabilities happens within a libcontainer component called “runC”. Once a container gets instantiated, there is another runC instance.

cgroups

cgroups is a Linux kernel feature for resource compartmentalization.

Control Groups provide a mechanism for aggregating/partitioning sets of

tasks, and all their future children, into hierarchical groups with

specialized behaviour.

The manpage is man cgroups with an s.

...

Handy snippets

List dockerized processes

...