### Namespaces
Docker利用命名域来提供隔离的集装箱.会提供很多命名域给集装箱.
* The pid namespace:
Used for process numbering (PID: Process ID)
* The net namespace:
Used for managing network interfaces (NET: Networking)
* The ipc namespace:
Used for managing access to IPC resources (IPC: InterProcess
Communication)
* The mnt namespace:
Used for managing mount-points (MNT: Mount)
* The uts namespace:
Used for isolating kernel / version identifiers. (UTS: Unix Timesharing
System)
### Control groups
简称 `cgroups`. 让应用孤立地运行需要包含文件系统和资源。Control
groups允许Docker在集装箱之间公平地分享硬件资源,如果需要,还可以设置限制等等。
### UnionFS
这是由每个layer构成的文件系统,这会使得每个层都非常的轻巧和快速。
### Containers
组合所有这些组件的形式,我们称之为`libcontainer`,docker 也支持传统的 Linux containers like LXC。
###集装箱如何工作
当集装箱运行的时候在read-only的image上套一层readwrite层,使用UnionFS技术,来运行内部的。
如果运行这条命令
`$ docker run -i -t ubuntu /bin/bash`
Docker begins with:
* Pulling the ubuntu image:
Docker checks for the presence of the ubuntu image and if it doesn‘t exist
locally on the host, then Docker downloads it from Docker.io
* Creates a new container:
Once Docker has the image it creates a container from it.
* Allocates a filesystem and mounts a read-write layer:
The container is created in the filesystem and a read-write layer is added to
the image.
* Allocates a network / bridge interface:
Creates a network interface that allows the Docker container to talk to the
local host.
* Sets up an IP address:
Intelligently finds and attaches an available IP address from a pool.
* Executes a process that you specify:
Runs your application, and;
* Captures and provides application output:
Connects and logs standard input, outputs and errors for you to see how your
application is running.
### 镜像如何工作
docker underlying_tech