they both provide the environment for running Linux containers (OCI standard). Docker is generally not used any more, people use containerd or one of the other engines nowadays (e.g. podman or cri-o etc.), depending on what they need. Those engines use two technologies of the Linux kernel: cgroups and namespaces. So cgroups are basically the technology to hierarchically organize the processes (e.g. while according to the microservices dogma there should be exactly one process per container you can definitely have much more, so all the processes of your container are together in a process group which will then be administered via the container engine).Docker engine & containerd do not use Linux containers.
What they do is unclear to me.
They call it container for only one application. But what are the technical detail of the implementation?
Can different docker applications talk to eachother through rpc,named-pipes,sockets. Or do they isolate & how.Beginners Track - Is Docker technology the same as traditional Linux containers?
collabnix DockerLab Docker - Beginners Trackdockerlabs.collabnix.com
Namespaces are, well, namespaces, and there are various sorts. Containers within the same network namespace can communicate via network. You can enable various types of communication (named-pipes, sockets) though in general you use network protocols. Containers are often spread out over many hosts and using technologies like vxlan they talk to each other transparently and do not realize that they are on other hosts.
Isolation can be quite fine-grained, you can isolate them so that no container can in any way access other containers on the same host. You can even use the virtualization technology of your cpu and use an absolute minimal kernel and actually have virtual machines that are handled like containers - this is used if you have security concerns. It is quite amazing since those extremely lightwight containers start within half a second, and on our hosts we can start > 500 of such VMs in less than 5 seconds.