/ Docker

An Introduction to Docker

The DevOps culture since it's inception has changed almost everything we know about how teams develop and deploy software, and obviously we found the need of certain tools to make it possible. Docker is one such tool enabling faster and safer deployments of high quality software products

So what is Docker?

Docker is not a programming language, neither it is a framework for building software. Docker is a tool that helps solve common problems like installing, removing, upgrading, distributing, trusting, and managing software.

In a nutshell Docker is an application platform that let's you package an application along with everything it needs, from the operating system upwards, into a single unit. This unit can be then shared as Docker Images and can run on any computer that has docker. Docker runs these units in containers which are lightweight, isolated components.

What Docker provides is pretty simple to comprehend and one might often try to draw parallels between containers and virtualization, at a intuitive level these may look the same, but are very different technologies.

Key Terminologies

Before diving into the details about Docker, it is important to understand some of the following terms. We will use these terms

  • Dockerfile – It contains the configuration of an application and specifies resources needed.
  • Docker Image – Created via the dockerfile. The image is a snapshot of the application.
  • Docker Container – The standard and isolated unit in which the application is packaged together with all of its libraries and binaries. At run time, the engine reads the image and spins up a container
  • Docker Engine – The container runtime with built in orchestration, networking and security that installs on any physical, virtual or cloud host.
  • Docker Registry – A service where Docker images are stored, secured and managed.
  • NamespacesA Linux namespace wraps a set of system resources and presents them to processes within the namespace, making it look as if they are dedicated to the processes.
  • Cgroups – Cgroups is a Linux kernel concept that governs the isolation and usage of system resources, such as CPU & memory, for a group of processes.
  • LXC – LXC is a Linux operating system-level virtualization method for running multiple isolated Linux systems on a single host.
  • UnionFS – It is a filesystem service that allows us to build stackable unification file system. Which essentially means that files and directories of separate file systems (known as branches) can be transparently overlaid to form a single coherent file system.

What are Containers?

If you're a system administrator you probably have a fair idea of what containers are. Containers like Docker is the technology that allows you to isolate, build, package, ship and run an application. Containers exist since years now, it is not a new revolutionary technology. Unix-style operating systems have used the term jail to describe a modified runtime environment for a program that prevents that program from accessing protected resources. Using containers has been a best practice for a long time. But manually building containers can be challenging and easy to do incorrectly, often resulting in a lot of security and manageability challenges. Containers have seen recent attention with the advent of easy to-manage containerization tools like Docker.

The first ever container was chroot, A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.

Containerization is not Virtualization.

Docker does not employ hardware virtualization, programs running in containers directly interface with the host's Linux kernel. Since there is not additional layer running between the container and the host OS, no amount of resources wasted in running any abstraction or simulation software. Docker helps us use the container technology already built in our Linux operating system.

Virtualization vs Containers


So at an operating system level, Docker is a process isolation tool that used LXC (an operating-system-level virtualization method for running multiple containers on a control host using a single Linux Kernel) The basic difference between LXC and VMs is that with LXC there is only one instance of Linux Kernel running. A Docker container wraps up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. By encapsulating and isolating everything in a container, this guarantees that the container will always run the same, regardless of the environment it is running in.

Using Docker and its ecosystem, you can easily manage a cluster of containers, stop, start and pause multiple applications, scale them, take snapshots of running containers, link multiple services running Docker, manage containers and clusters using APIs on top of them, automate tasks, create applications' watchdogs and many other features that are complicated without containers.

Docker as it is, is a simple proposition, but it is hugely powerful. The application package, called a Docker image, is typically only tens or hundreds of megabytes, so it’s cheap to store and fast to move. When you run a container from the image, it will start in seconds and the application process actually runs on the host, which means you can run hundreds of containers on a single machine. Images can be versioned, so you can be sure the software you release to production is exactly what you’ve tested, and the Docker tools can even scan images for security vulnerabilities, so you will know if your application is safe.

Docker Architecture

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.

Docker Architecture (docs.docker.com)

Docker Client

The docker client is essentially the a CLI that allows us to interact with the docker host. Using this we can run various commands to start, stop or configure images amongst other things. The command docker uses the Docker API to communicate to the Docker Daemon.

Docker Host

The Docker Host is essentially the host OS, this houses the various Docker Images, Containers and most importantly the Docker daemon. The docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. It can also communicate with other daemons to manage Docker services.

Docker HUB or Registry

A Docker registry stores Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.