Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

difference between cgroups and namespaces

Tags:

linux

docker

cgroups

I recently started learning docker and it seems that most of the heavy lifting is done by the Linux kernel, using namespaces and cgroups.

A few things which I am finding confusing are:

  1. What is the difference between a namespace and a cgroup? What are the different use cases they address?

  2. What has docker implemented on top this these to gain popularity ?

  3. I would like to know the internals of these features and how they are implemented.

like image 732
InsatiableTraveller Avatar asked Jan 15 '16 21:01

InsatiableTraveller

People also ask

What are cgroups in Docker?

Control Groups (cgroups) are a feature of the Linux kernel that allow you to limit the access processes and containers have to system resources such as CPU, RAM, IOPS and network. In this lab you will use cgroups to limit the resources available to Docker containers.

How many namespaces are there in Docker?

There are 6 types of namespaces: 1.

What can cgroups do?

Cgroups allow you to allocate resources — such as CPU time, system memory, network bandwidth, or combinations of these resources — among user-defined groups of tasks (processes) running on a system.

Does Docker have namespace?

Docker uses namespaces of various kinds to provide the isolation that containers need in order to remain portable and refrain from affecting the remainder of the host system. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.

1 Answers

The proper links for those two notions have been fixed in PR 14307:

Under the hood, Docker is built on the following components:

The cgroups and namespaces capabilities of the Linux kernel

With:

  • cgroup: Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.
  • namespace: wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.

In short:

  • Cgroups = limits how much you can use;
  • namespaces = limits what you can see (and therefore use)

See more at "Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic" by Jérôme Petazzoni.

Cgroups involve resource metering and limiting:

  • memory
  • CPU
  • block I/O
  • network

Namespaces provide processes with their own view of the system

Multiple namespaces:

  • pid
  • net
  • mnt
  • uts
  • ipc
  • user: userns it is graduating from experimental in docker 1.10
    (per-daemon-instance remapping of container root to an unprivileged user is in progress: PR 12648: see its design)
like image 56
VonC Avatar answered Oct 05 '22 13:10

VonC
Sign in to Comment

Related questions

How to specify a editor to open crontab file? "export EDITOR=vi" does not work
Using colors with printf
What linux shell command returns a part of a string? [duplicate]
How find out which process is using a file in Linux?
How to scroll up and down in sliced "screen" terminal
Edit shell script while it's running
Which is the best Linux C/C++ debugger (or front-end to gdb) to help teaching programming? [closed]
Escape double quote in grep
Getting terminal width in C?
How to merge two "ar" static libraries into one?
How to change the default GCC compiler in Ubuntu?
How to disassemble a binary executable in Linux to get the assembly code?
git clone without project folder
Linux - Replacing spaces in the file names
How can I randomize the lines in a file using standard tools on Red Hat Linux?
C++: what regex library should I use? [closed]
How to list files in a directory in a C program?
Unix: How to delete files listed in a file
Is .NET/Mono or Java the better choice for cross-platform development? [closed]
Git and hard links

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!