Docker
Commercial product.
Evolution of the concept of Solaris Containers and Linux Containers (LXC).
Released with an OSS license at 2013.
Main concept: Container.
Build with an application base (disconnected from the infrastructure).
Composed of multiple functionalities (namespaces) that cooperate with each other.
1 Container - 1 Application (that can however make spawn/fork).
Containers contain all that is necessary to run an application, regardless of the hardware.
Configurations, dependencies, auxiliary data, etc.
Concepts
Image: the data of the container (application, libraries, images, etc).
Container: The instance of a running application.
Composed of one or more images, each image adds a functionality.
Engine: Software that executes the containers.
Registry: Repository of Docker images.
Control Plane: Infrastructure responsible for managing images and containers.
A container can run on VMs

Architecture

Docker Registry
A central repository that stores and delivers images.
Indexed by name and tag.
Can be private or public (Docker Hub).
Clients can push images to the registry.
Local client.
Docker Engine creates a pull of the images and executes the container.
Runs on the server.
Layers are hashed and indexed which allows for re-utilization.
An image pull only needs to download the layers that do not exist locally.
Workflow

Look for an image.
$ docker search nginx
Image pull.
$ docker pull nginx
List local images.
$ docker image ls
Run a container.
$ docker run -d -name frontend-server nginx
Dockerfile
A sequence of commands that prepare the container for execution.
List of dependencies.
List of commands to execute inside the container.
Set of commands to execute to initiate the container.
Used locally or distributed in a registry.
Can define versions of the same software.
FROM debian:stretch-slim
LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
ENV NGINX_VERSION 1.15.9-1~stretch
ENV NJS_VERSION 1.15.9.0.2.8-1~stretch
RUN set -x \ && apt-get update \ && apt-get install --no-install-
recommends --no-install- suggests -y gnupg1 apt-transport-https ca-
certificates \ && \
...
RUN ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf
/dev/stderr /var/log/nginx/error.log
EXPOSE 80
STOPSIGNAL SIGTERM
CMD ["nginx", "-g", "daemon off;"]
Images
Containers have their initial data in images.
Data, application, libraries.
Have an "entrypoint" that is executed when the container is initiated.
Composed of multiple layers.
Base image.
Various images, alter the content (with differences).
Use filesystems by layer (overlayfs, aufs, btrfs, ZFS).
Read-only or non-persistent.
Act as a base from where to initialize the container.
Multiple containers can share the same image.
Layers

It is important to keep images small.
Do not base images in complete distributions, prefer distros specially designed for containerization (ex. Alpine).

Available in the host.
/var/lib/Docker/overlay2/<ID>
/merged: filesystem view from inside the container.
/diff: differences to the base.
Last updated