1: What is Namespace

  • A Namespace is a function of the Linux kernel that divides kernel resources. A Namespace works by setting the same Namespce for a group of resources and processes. This function can realize the isolation of resources such as process ID, host name, user ID, file name, network and interprocess communication in the same host system. Docker uses Namespace to realize resource isolation of each container, so as to ensure that each container can only access its own Namespace resources

2:Mount Namespace

  • Mount Namespace is the first Namespace implemented by the Linux kernel. It can be used to isolate the Mount points seen by different processes or process groups. In plain English, different processes can see different Mount directories

3:PID Namespace

  • PID Namespace is used to isolate processes. In different PID namespaces, processes can have the same PID number. With PID Namespace, the main process of each container can be no. 1 process, while the processes in the container have different Pids on the host. For example, if a process has a PID of 122 on the host, the PID Namespace in the container can have a PID of 1

4:UTS Namespace

  • UTSNamespace is primarily used to isolate host names and allows each UTSNamespace to have a separate host name

5:IPC Namespace

  • The IPC Namespace is primarily used to isolate interprocess communication

6:User Namespace

  • The User Namespace is used to isolate users and User groups. A typical scenario is when a process running on a host as a non-root User can be mapped to Root in a separate User namespace. Using the User Namespace allows the process to have Root privileges in the container while being a normal User on the host

7:Net Namespace

  • The Net Namespace is used to isolate network devices, IP addresses, and ports. The Net Namespace allows a container to have its own IP address, port, and nic information.

8: Why does Docker need Namespace

  • When Docker creates a new container, it creates these six namespaces, and then places the processes in the container into these namespaces, so that the processes in the Docker container can only see the resources of the current NameSpace. Because Docker uses these Namespace technologies of Linux, the isolation of Docker containers is realized. It can be said that there is no Docker container without Namespace