Docker

Commercial product.

  • Evolution of the concept of Solaris Containers and Linux Containers (LXC).

  • Released with an OSS license at 2013.

Main concept: Container.

  • Build with an application base (disconnected from the infrastructure).

  • Composed of multiple functionalities (namespaces) that cooperate with each other.

  • 1 Container - 1 Application (that can however make spawn/fork).

Containers contain all that is necessary to run an application, regardless of the hardware.

  • Configurations, dependencies, auxiliary data, etc.

Concepts

  • Image: the data of the container (application, libraries, images, etc).

  • Container: The instance of a running application.

    • Composed of one or more images, each image adds a functionality.

  • Engine: Software that executes the containers.

  • Registry: Repository of Docker images.

  • Control Plane: Infrastructure responsible for managing images and containers.

A container can run on VMs

Architecture

Docker Registry

A central repository that stores and delivers images.

  • Indexed by name and tag.

  • Can be private or public (Docker Hub).

Clients can push images to the registry.

  • Local client.

Docker Engine creates a pull of the images and executes the container.

  • Runs on the server.

Layers are hashed and indexed which allows for re-utilization.

  • An image pull only needs to download the layers that do not exist locally.

Workflow

Look for an image.

$ docker search nginx

Image pull.

$ docker pull nginx

List local images.

$ docker image ls

Run a container.

$ docker run -d -name frontend-server nginx

Dockerfile

A sequence of commands that prepare the container for execution.

  • List of dependencies.

  • List of commands to execute inside the container.

  • Set of commands to execute to initiate the container.

Used locally or distributed in a registry.

Can define versions of the same software.

FROM debian:stretch-slim

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

ENV NGINX_VERSION 1.15.9-1~stretch

ENV NJS_VERSION 1.15.9.0.2.8-1~stretch

RUN set -x \ && apt-get update \ && apt-get install --no-install-
recommends --no-install- suggests -y gnupg1 apt-transport-https ca-
certificates \ && \

...

RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf
/dev/stderr /var/log/nginx/error.log

EXPOSE 80

STOPSIGNAL SIGTERM

CMD ["nginx", "-g", "daemon off;"]

Images

Containers have their initial data in images.

  • Data, application, libraries.

  • Have an "entrypoint" that is executed when the container is initiated.

Composed of multiple layers.

  • Base image.

  • Various images, alter the content (with differences).

  • Use filesystems by layer (overlayfs, aufs, btrfs, ZFS).

Read-only or non-persistent.

  • Act as a base from where to initialize the container.

  • Multiple containers can share the same image.

Layers

It is important to keep images small.

  • Do not base images in complete distributions, prefer distros specially designed for containerization (ex. Alpine).

Available in the host.

  • /var/lib/Docker/overlay2/<ID>

    • /merged: filesystem view from inside the container.

    • /diff: differences to the base.

Last updated