Docker A to Z in 10..ish minutes

What is Docker in one line? It is an Application-level software that allows Container Process to virtualize environment above host OS. If you’re not keen on any of words in description, I will explain each of them.

Container; chroot on steroids

So, what is Container? Before Container, Virtualization software installed OS above virtualized hardware to create new environment. That’s a hell of cost in both time and space to emulate thousands of it. But Container took the other path. It is thinner layer of virtualization, admitting that OS already exists. It uses the same HOST OS’ Kernel ABI(Binary Interface), so doesn’t need to install whole new guest OS. (That is the only thing you have to remember.)

In 1995, Solaris Container brought a word Container over the computation industry for the first time. Briefly, it enlightened the world with its broad concept of thinner virtualization, isolating process with chroot and zones(LXC took it and evolved into namespaces), which became a fundamental concept for Docker.

Chroot only allowed user to isolate certain directory and to look like a root directory, but Solaris Container took whole another level to create isolated environment. (that’s why it was called chroot on steroid.) LXC took the concept, and developed it as a Linux application.

Docker was built in Linux environment with the container runtime: LXC, but now the Container runtime is replaced with runC. But it is still the same thing. It looks like a virtual environment, but it is just a process that imitates it.

Not a machine, it’s just one of proc

If you’re familiar with VMware, Vagrant and others, this is the point where you get confused. But Docker container is not a different machine at all. Everything is running process on Host OS.

Proof 1. We don’t need and OS installation iso file, which weighs hundreds of megabytes. Docker hub provides official images which imitates the environment.

Proof 2. It is much faster than launching a VM. (Milliseconds level of performance)

Proof 3. Guest OS’ File system is separated into designated directory, and you can access it from HOST OS’ file system easily. (Which is controversially critical.)

Here’s a great article about Docker’s proc characteristics.

Pros and Cons

Pros

1. Faster than VM.
2. You don’t need Guest OS. Less memory consumption and better disk management.

Cons

1. Vague layer of isolation & limitation.
2. Union File system performance is still limited.
3. Each Kernel’s limitation becomes Docker’s limitation (Linux cannot execute Windows 10 based image).
4. Higher level of abstraction in Network layer.

It is not only Docker’s case but inherent limit for thinner layer of isolation.

So, what is Layer

Think about Version Control system. Everything is layered. Then, what is layer in Docker Container? It is a container layer wrapping image layers that allows you to launch it as one process in OS.

Each image becomes a layer in which contains diff results than built over original image. That customized image with thousands of layers are wrapped by Container layer.

FROM ubuntu:18.04
COPY . /app
RUN make /app
CMD python /app/app.py

For example, this dockerfile overrides original ubuntu layer and make a new image that contains its own application. If you don’t get it, you should try to make a dockerfile to understand what I meant.

How Docker communicates

After we deploy a container with any application, we need to attach network to serve it. As I explained earlier, everything is running in Host OS, logically isolated process, therefore any lower level of Network configuration that were available in Linux might not be an option here.

As I mentioned earlier about higher level of abstraction in Network, Docker has few Network presets that user can choose:

1. bridge(default): Containers linked to bridge-network.
2. Host: It is bound directly to host port.
3. Overlay: Presets for Docker Swarm Orchestration with ingress & gwbridge rule.
4. Macvlan: Each container gets virtual MAC Address for specific macvlan networks.

Too many containers to launch? docker-compose

Almost done. If you’re aware of microservice architecture, you would notice that an application is consist of more than one container that communicate each other. Launching all these stacked containers is very time-consuming job, therefore docker-compose file written in yaml allows administrator to deploy multi container application in ease.

Closing

Not just a environment, I’ve been using docker in different ways like: Using centOS image to build a rpm file from ubuntu. I just mount rpm spec files over centOS container, and send specific CMD lines to run spectool, rpm-sign, createrepo and other tools to build a package file.

In this way I can save my time installing whole centOS VM. Docker just became a wonderful command line tool.