Docker

Commercial product.

• Evolution of the concept of Solaris Containers and Linux Containers (LXC).

• Released with an OSS license at 2013.

Main concept: Container.

• Build with an application base (disconnected from the infrastructure).

• Composed of multiple functionalities (namespaces) that cooperate with each other.

• 1 Container - 1 Application (that can however make spawn/fork).

Containers contain all that is necessary to run an application, regardless of the hardware.

• Configurations, dependencies, auxiliary data, etc.

Concepts

• Image: the data of the container (application, libraries, images, etc).

• Container: The instance of a running application.

  • Composed of one or more images, each image adds a functionality.

• Engine: Software that executes the containers.

• Registry: Repository of Docker images.

• Control Plane: Infrastructure responsible for managing images and containers.

A container can run on VMs

Architecture

Docker Registry

A central repository that stores and delivers images.

• Indexed by name and tag.

• Can be private or public (Docker Hub).

Clients can push images to the registry.

• Local client.

Docker Engine creates a pull of the images and executes the container.

• Runs on the server.

Layers are hashed and indexed which allows for re-utilization.

• An image pull only needs to download the layers that do not exist locally.

Workflow

Look for an image.

$ docker search nginx

Image pull.

$ docker pull nginx

List local images.

$ docker image ls

Run a container.

$ docker run -d -name frontend-server nginx

Dockerfile

A sequence of commands that prepare the container for execution.

• List of dependencies.

• List of commands to execute inside the container.

• Set of commands to execute to initiate the container.

Used locally or distributed in a registry.

Can define versions of the same software.

FROM debian:stretch-slim

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

ENV NGINX_VERSION 1.15.9-1~stretch

ENV NJS_VERSION 1.15.9.0.2.8-1~stretch

RUN set -x \ && apt-get update \ && apt-get install --no-install-
recommends --no-install- suggests -y gnupg1 apt-transport-https ca-
certificates \ && \

...

RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf
/dev/stderr /var/log/nginx/error.log

EXPOSE 80

STOPSIGNAL SIGTERM

CMD ["nginx", "-g", "daemon off;"]

Images

Containers have their initial data in images.

• Data, application, libraries.

• Have an "entrypoint" that is executed when the container is initiated.

Composed of multiple layers.

• Base image.

• Various images, alter the content (with differences).

• Use filesystems by layer (overlayfs, aufs, btrfs, ZFS).

Read-only or non-persistent.

• Act as a base from where to initialize the container.

• Multiple containers can share the same image.

Layers

It is important to keep images small.

• Do not base images in complete distributions, prefer distros specially designed for containerization (ex. Alpine).

Available in the host.

• /var/lib/Docker/overlay2/<ID>

  • /merged: filesystem view from inside the container.

  • /diff: differences to the base.