Linux
cgroups,
originally developed by Google, govern the isolation and usage of system
resources, such as CPU and memory, for a group of processes.
Linux
namespaces,
originally developed by IBM, wrap a set of system resources and present them to
a process to make it look like they are dedicated to that process.
The
original Linux container technology is Linux Containers, commonly known as LXC.
LXC is a Linux operating system level virtualization method for running
multiple isolated Linux systems on a single host. Namespaces and cgroups make
LXC possible.
Single
vs. multiprocess. Docker restricts containers to run as a single
process. If your application environment consists of X concurrent processes,
Docker wants you to run X containers, each with a distinct process. By
contrast, LXC containers have a conventional init process and can run
multiple processes.
Stateless
vs. stateful. Docker containers are designed to be stateless, more so
than LXC. First, Docker does not support persistent storage. Docker gets around
this by allowing you to mount host storage as a “Docker volume” from your
containers. Because the volumes are mounted, they are not really part of the
container environment.
Second,
Docker containers consist of read-only layers. This means that, once the
container image has been created, it does not change. During runtime, if the
process in a container makes changes to its internal state, a “diff” is made
between the internal state and the image from which the container was created.
If you run the docker commit command, the diff becomes part of a new
image—not the original image, but a new image, from which you can create new
containers. Otherwise, if you delete the container, the diff disappears.
No comments:
Post a Comment