Difficulty: intermediate
Estimated Time: 15 minutes

Docker relies on Linux Namespaces to isolate processes in containers.

With Docker you can install and execute multiple services in the same host but without visibility among them.

Linux Namespaces definition from the Linux Man Pages (RTFM):

NAMESPACES(7)             Linux Programmer's Manual            NAMESPACES(7)
  
  NAME
         namespaces - overview of Linux namespaces
  
  DESCRIPTION
         A namespace wraps a global system resource in an abstraction that
         makes it appear to the processes within the namespace that they have
         their own isolated instance of the global resource...
  

This isolation can be at the next levels:

  • User Namespace.
  • Unix Time-Sharing Namespace.
  • IPC Namespace.
  • Mount Namespace.
  • PID Namespace.
  • Network Namespace.

Now you know how docker use Linux Namespaces to isolate containers!

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Container Namespaces

Step 1 of 4

Environment Creation

Terminal T1 is a shell at the Host Machine that run the containers, T1 shell is mainly used to manage containers through the docker CLI

Terminals T2 and T3 give us access to two independent containers (t1 and t2) that we will run at the host.

Let's deploy the t1 and t2 containers in interactive mode (-ti):

  • docker run -ti --rm --name t2 alpine

  • docker run -ti --rm --name t3 alpine

The next CLI command gives us the list of running containers:

  • docker ps