Docker is an computer program that performs operating-system-level virtualization (Containerization)

Docker primarily developed for Linux, where it uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as OverlayFS and others to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting and maintaining Virtual Machine (VMs).

The Linux kernel's support for kernel namespaces mostly isolates an application's view of the Operating System environment, including process trees, network, user IDs and mounted File Systems, while the kernel's cgroups provide resource limiting for memory and CPU.

