Docker
This reference page is managed by StJohn Piano.
This reference page is managed by StJohn Piano.
If you have any questions, comments, corrections, or suggestions - please contact StJohn Piano on Tela:
tela.app/id/stjohn_piano/7c51a6
Join Tela Network and become a consultant:
telablog.com/how-to-use-tela-for-consulting
Docker
- Docker provides the ability to package and run an application in a loosely isolated environment called a container.
- Docker provides tooling and a platform to manage the lifecycle of your containers.
- The container becomes the unit for distributing and testing your application.
- To the deploy the application, ship the container to the hosting platform.
Application Containerization
- Containerized applications are applications that run in isolated runtime environments called containers.
- Containers encapsulate an application with all its dependencies, including system libraries, binaries, and configuration files.
- This all-in-one packaging makes a containerized application portable by enabling it to behave consistently across different hosts - allowing developers to write once and run almost anywhere.
- Notably, however, and unlike virtual machines, containerized applications don’t include their own operating systems. Instead, they use the OS provided by the host system.
- Without any need to bundle an extra OS along with the application, containers are extremely lightweight compared to virtual machines.
Containerization Advantages
- Engineers often struggle to make applications run consistently across different hosting environments. Even when the base OS of host systems is the same, slight differences among those systems in hardware or software can lead to unexpected differences in behavior. Containerizing an application avoids this problem by providing a consistent and standardized environment for that application to run in.
- Any hosted application needs to be isolated from all the others to run securely and reliably, but achieving this isolation with physical servers is resource-intensive. VMs provide this required isolation and are more lightweight than physical servers. Containers provide less isolation but are even more lightweight than VMs.
Containerization Disadvantages
- Lower built-in security than with VMs. An attacker who compromises a single container could potentially access the host itself or other containers.
- Lack of built-in persistent storage. Whenever you stop a running container, the data inside of it will disappear. To save the data, it needs to use a persistent storage unit.
- Administrative complexity. Containers often have a short lifetime as they are spun up or down to handle various tasks. Tracking them is a challenge.
Docker Objects
- When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects.
- A container is a runnable instance of an image.
- An image is a read-only template with instructions for creating a Docker container.
- Each image can be used to instantiate any number of containers, and for this reason, a container image can be thought of as a container blueprint.
- Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the
ubuntu
image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run. - You might create your own images or you might only use those created by others and published in a registry.
- To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image.
- A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker looks for images on Docker Hub by default. You can even run your own private registry.
- When you use the
docker pull
ordocker run
commands, Docker pulls the required images from your configured registry. When you use thedocker push
command, Docker pushes your image to your configured registry. - You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state.
Docker Technology
- Docker is written in the Go programming language and takes advantage of several features of the Linux kernel to deliver its functionality. Docker uses a technology called
namespaces
to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container. - These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
- To promote sharing and maximize compatibility among different platforms and tools, container images are typically created in the industry-standard Open Container Initiative (OCI) format. Docker is the tool most often used for creating OCI-compliant container images.
- Container engines refer to the software components that enable the host OS to act as a container host. A container engine accepts user commands to build, start, and manage containers through client tools (including CLI-based or graphical tools), and it also provides an API that enables external programs to make similar requests. But the most fundamental aspects of a container engine’s functionality are performed by its core component, called the container runtime. The container runtime is responsible for creating the standardized platform on which applications can run, for running containers, and for handling containers’ storage needs on the local system. Some popular container engines include Docker Engine, CRI-O, and containerd.
Docker Desktop
- Under the hood, Docker Desktop contains a lightweight LinuxKit VM.
- This VM is where a) all of Docker Desktop's Linux tools will run and is b) where all of the Docker containers will run.
- On Windows this VM runs on WSL2. On Mac, it runs on a HyperKit implementation. On newer Mac Intel and M1 machines, it runs under Apple’s Virtualization framework.
- Docker Desktop contains a graphical interface to manage the settings for this VM.
- You don’t need to "go into a VM" to use Docker. Instead it works natively on your local machine. This is achieved through integrations in both networking and the file system into the VM.
- Networking: Docker Desktop maps your local host ports to those in the VM, meaning that you can run a container on port 80 on the VM and be able to access that from the browser on your local host.
- Filesystem: Docker Desktop sets up bind mounts from your host to the VM giving you access to your local files inside the VM.
Environment variables: When you first run an image, there will be an option to set the relevant environment variables. Example: When you run the image postgres:14-alpine
, click the "Optional Settings" dropdown, and you'll be able to add environment variables for POSTGRES_USER
, POSTGRES_PASSWORD
, and POSTGRES_DB
. You'll also be able to set the port e.g. 5432. Note: You can't change these values for an existing container - you have to create a new one with new values.
Container Orchestration Tools
Container orchestrators provide automated management for containerized applications, especially in environments in which large numbers of containers are running on multiple hosts. In complex environments such as these, orchestrators are usually needed to handle operations such as deploying and scaling the containers. Kubernetes and Amazon Elastic Container Service (ECS) are examples of popular container orchestration tools.
Container Orchestration & Microservice Scaling
- Microservices-based applications are made up of many independent components, each of which is typically deployed in a container. The individual containers work together to form a cohesive application. This approach to application design provides the advantages of efficient scaling and updating.
- Instead of scaling up the entire application to handle increased load, only containers that receive the greatest load need to be scaled. This requires container orchestration.
- Container orchestration tools automate life cycle management and operational tasks for containers.
Sources
https://docs.docker.com/get-started/overview
https://www.datadoghq.com/knowledge-center/containerized-applications
https://docs.docker.com/desktop
https://www.docker.com/blog/the-magic-behind-the-scenes-of-docker-desktop
https://cloud.google.com/discover/what-is-container-orchestration
If you have any questions, comments, or suggestions - please contact StJohn Piano on Tela:
tela.app/id/stjohn_piano/7c51a6
Follow Tela Network on LinkedIn:
linkedin.com/company/tela-network
Follow Tela Network on Twitter:
twitter.com/tela_updates
Join Tela Network and become a consultant:
telablog.com/how-to-use-tela-for-consulting
Join the Tela Social channel on Telegram to get every new update:
t.me/tela_social
Follow Tela Network on Instagram:
instagram.com/tela_updates
Invest in Tela:
tela.network/invest
Vote for Tela Network on the Network State Dashboard:
https://thenetworkstate.com/dashboard/p/tela-network
(Just need to click the little up arrow to the left of "Tela Network" and authenticate with Google. If you've already voted, please ask a friend to vote for us.)