Skip to main content

Docker in Brief

Docker Hub Registry

Docker is a platform for developers and sysadmins to build, run, and share applications with containers. The use of containers to deploy applications is called containerization.

Containerization is increasingly popular because containers are:

  • Flexible: Even the most complex applications can be containerized.
  • Lightweight: Containers leverage and share the host kernel, making them much more efficient in terms of system resources than virtual machines.
  • Portable: You can build locally, deploy to the cloud, and run anywhere.
  • Loosely coupled: Containers are highly self sufficient and encapsulated, allowing you to replace or upgrade one without disrupting others.
  • Scalable: You can increase and automatically distribute container replicas across a datacenter.
  • Secure: Containers apply aggressive constraints and isolations to processes without any configuration required on the part of the user.

Images & Containers

  • Fundamentally, a container is nothing but a running process, with some added encapsulation features applied to it in order to keep it isolated from the host and from other containers. One of the most important aspects of container isolation is that each container interacts with its own private filesystem; this filesystem is provided by a Docker image.
  • An image includes everything needed to run an application - the code or binary, runtimes, dependencies, and any other filesystem objects required.

Containerization vs Virtualization

Containerization Virtualization
Containerization is a lightweight alternative of full virtual machine which includes application and its own operating environment. Virtualization is a copy of complete server basically, which has its own OS, drivers, kernel features and resources.
Runs on OS Runs on Hypervisor which creates different VMs on it.
Provides virual isolation of applications but doesn't provide strong default security boundries between containers.(can be configured separately) Complete isolation between VMs which supports strong security of hosted applications on separate VMs.
Real time provisioning and Scalability Compared to slow provisioning
Operating system level virtualization Hardware level virtualization

Docker Engine & Architecture

Docker Engine is a client-server application with these major components:

  • A server which is a type of long-running program called a daemon process (the dockerd command).
  • A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
  • A command line interface (CLI) client (the docker command).

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon.

The Docker daemon

The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

The Docker client

The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

Docker registries

A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. If you use Docker Datacenter (DDC), it includes Docker Trusted Registry (DTR).

When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry.

Docker Concepts

The underlying technology

  • Docker is written in Go and takes advantage of several features of the Linux kernel to deliver its functionality:
  • Namespaces
    • Provided isolated workspace which is known as container
    • Docker engine uses below namespaces
      • The pid namespace: Process isolation (PID: Process ID)
      • The net namespace: Managing network interfaces (NET: Networking)
      • The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication)
      • The mnt namespace: Managing filesystem mount points (MNT: Mount)
      • The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System)
  • Control Groups
    • Use to share, limit the usage hardware resources to containers
  • Union FS
    • Help to create layers for containers which are building block for containers
  • Container Format
    • Docker engine combines these all into wrapper called container format. Default container format is libcontainer

Docker Installation

Installation for all platform is described in this parent link - https://docs.docker.com/engine/install/

Docker Basic Commands

https://github.com/docker/labs/blob/master/beginner/chapters/setup.md

https://github.com/docker/labs/blob/master/beginner/chapters/alpine.md

Run a static website inside a containerhttps://github.com/docker/labs/blob/master/beginner/chapters/webapps.md

Create Docker Image

Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image.

Using docker build users can create an automated build that executes several command-line instructions in succession.

Dockerfile commands:

FROM – sets the base image

RUN – execute any command as a new layer on top of base image and commit results

EXPOSE – container will listen on this exposed port

ENV – sets environment variable

COPY – copy the files from docker host to docker container

CMD – provides executable command in order to run container

ENTRYPOINT - work same as CMD but provides option to add arguments while running the container

VOLUME – create the mount point in container to hold external mounted volumes from localhost or other type of volumes

USER – run the docker image by this username or userid

WORKDIR – sets the work directory for the commands RUN, COPY, CMD, ENTRYPOINT, ADD

Full reference of dockerfile command can be found at https://docs.docker.com/engine/reference/builder/

Ex. Create docker image and run the container https://github.com/docker/labs/blob/master/beginner/chapters/webapps.md#23-create-your-first-image

Labels:

Comments

Post a Comment

Popular posts from this blog

How to skip resources, compiler, surfire, install plugin in maven's default build process

When we want to use maven command line to upload zip type artifact to artifact repository then we don't want resources, compiler, surefire, install phases in maven process, only assembly would be enough. To skip particular phases go to each plugin's original website phase according to latest running plugin version download the same to our own project refer the skip phase configuration of particular phase, either it can be done command line or as part of the build-plugin-configuration. Example using POM.xml file <project> [...] <build> <plugins> <plugin> <groupId...
Post a Comment
Read more

How to clone Github repository using SSH

Run ssh-keygen Upload ssh public key to github account curl -u "gitUsername:password" --data '{"title":"keyName","key":"'"$(cat ~/.ssh/id_rsa.pub)"'"}' https://api.github.com/user/keys Sample output of ssh public key upload command { "id": 1234567890, "key": "ssh-rsa aaaaaaaaaaaaaaaaaaaa/dddd/+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "url": "https://api.github.com/user/keys/123456...
Post a Comment
Read more

Install AWS CLI on Ubuntu localhost using Ansible Playbook

Install AWS CLI on Ubuntu localhost using Ansible Playbook --- - hosts: localhost tasks: - name: Installing Unzip package package: name: unzip state: present when: ansible_facts['os_family'] == "Debian" become: true - name: Create awscli directory in home directory file: path: ~/awscli state: directory mode: '0755' - name: Download bundled installer zip file get_url: url: https://s3.amazonaws.com/aws-cli/awscli-bundle.zip dest: ~/awscli/awscli-bundle.zip - name: Extract zip file unarchive: src: ~/awscli/awscli-bundle.zip dest: ~/awscli - name: Run install command shell: /home/ubuntu/awscli/awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws become: true Same script is also avail...
Post a Comment
Read more