4. Underlying Technologies
cgroups, which are responsible for
managing resources used by a container (e.
g., CPU and memory usage). They are also
responsible for freezing and unfreezing
containers, as used in the docker pause
functionality.
namespaces are responsible for isolating
containers; making sure that a container’s
filesystem, hostname, users, networking,
and processes are separated from the rest
of the system.
5. Docker Engine
Docker Engine runs on Linux to create the operating environment
for your distributed applications.
6. Docker Remote API
v1.22 API
● List containers
● Create a container
● Inspect a container
● List processes running inside a container
● Get container logs
● Inspect changes on a container’s
filesystem
● Export a container
● Get container stats based on resource usage
● Resize a container TTY
● Start a container
● Stop a container
● Restart a container
● Kill a container
● Update a container
● Rename a container
● Pause a container
12. Docker security
Docker containers are, by default, quite secure; especially if you
take care of running your processes inside the containers as non-
privileged users (i.e., non-root).
● Kernel namespaces
● Control groups
13. Manage data in containers
● Volumes are initialized when a container is created.
● Data volumes can be shared and reused among containers.
● Changes to a data volume are made directly.
● Changes to a data volume will not be included when you update an image.
● Data volumes persist even if the container itself is deleted.
Data volumes
A data volume is a specially-designated directory within one or more
containers that bypasses the Union File System.