Skip to content

Container creation process

The container creation process is the procedure by which a container engine (like Docker) initializes a isolated execution environment for an application. Fundamentally, a container is a special type of process constrained and modified by the Linux kernel to create a distinct boundary^[400-devops-06-kubernetes-k8s-paas-docker.md]。

Core Implementation Principles

The creation process relies on three key mechanisms to establish the container's boundary and execution context^[400-devops-06-kubernetes-k8s-paas-docker.md]:

  1. Enable Linux Namespace Configuration: The system uses [[Namespace]] technology to modify the process's view of the world. This acts as a "blind trick" (障眼法), isolating specific resources like process IDs (PID), network stacks, and file systems so the process perceives itself as being in a unique environment^[400-devops-06-kubernetes-k8s-paas-docker.md]。
  2. Set Cgroups Parameters: [[Cgroups]] (Control Groups) are applied to enforce resource constraints. These mechanisms limit, account for, and isolate resource usage (such as CPU, memory, and disk I/O) for the process group^[400-devops-06-kubernetes-k8s-paas-docker.md]。
  3. Switch Root (Chroot): The process performs a "Change Root" operation to switch its root directory. This mounts the Container Image (rootfs) to the container's root directory, providing the isolated file system environment necessary for execution^[400-devops-06-kubernetes-k8s-paas-docker.md]。

Role of the Container Engine

While the operating system kernel enforces the isolation, the container engine (e.g., Docker) acts as a management tool. It does not create the container entity itself but assists by configuring the necessary Namespace parameters and managing the application process as a standard process on the host OS^[400-devops-06-kubernetes-k8s-paas-docker.md]。

Sources

  • 400-devops-06-kubernetes-k8s-paas-docker.md