Docker has become the defacto standard when it comes to container-based implementations. This article covers the underlying concepts of Docker, its evolution, and the key concepts involved.
Before Docker came into existence, we had the concept of Linux Containers. Let’s understand the underlying concept of Linux Containers before getting into Docker.
What is a Linux container?
In a typical virtualized environment, one or more virtual machines run on top of a physical server using a hypervisor like Xen, Hyper-V, etc.
Containers, on the other hand, run in userspace on top of operating systems kernel. You can call it as OS-level virtualization.
Each container has its isolated userspace, and you can run multiple containers on a host having its userspace.
It means you can run different Linux systems (containers) on a single host. For example, you can run an RHEL and a SUSE container on an Ubuntu server. The Ubuntu Server can be a virtual machine or a physical host.
The following image gives you a visual representation of Linux continers.
Containers are isolated in a host using the two Linux kernel features called namespaces and control groups.
Following are the key namespaces in Linux
- pid namespace: Responsible for isolating the process (PID: Process ID).
- net namespace: It manages network interfaces (NET: Networking).
- ipc namespace: It manages access to IPC resources (IPC: InterProcess Communication).
- mnt namespace: Responsible for managing the filesystem mount points (MNT: Mount).
- uts namespace: Isolates kernel and version identifiers. (UTS: Unix Timesharing System).
- usr namespace: Isolates user IDs. In simple words, it isolates the user ids between the host and container.
- Cgroup namespace: It isolates the control group information from the container process
Using these namespaces a container can have its own network interfaces, IP address, etc. Each container will have its own namespace and the processes running inside that namespace will not have any privileges outside its namespace.
Recommended Course: Docker Mastery: The Complete Toolset From a Docker Captain
The resources used by a container is managed by Linux control groups. You can decide on how much CPU and memory resource a container should use using Linux control groups.
A container is not a new concept. Google has been using its own container technology in its Infrastructure for years. Solaris Zones, BSD Jails, LXC are the few Linux container technology that has been around for years.
In this article, we will learn about Docker and see why Docker is very useful and different from other container technologies.
What is Docker?
Docker is a popular open-source project based on Linux containers. Docker is written in go and developed by Dotcloud (A PaaS Company).
It is basically a container engine that uses the Linux Kernel features like namespaces and control groups to create containers on top of an operating system.
You might ask how Docker is different from a Linux Container as all the concepts and implementation look similar?
Well, apart from just being a container technology, Docker has well-defined wrapper components that makes packaging application easy.
It decouples your application from the infrastructure by packing all application system requirements into a container.
Recommended eBook: The Docker Book
Docker has an efficient workflow for moving your application from the developer’s laptop to the test environment to production.
It is incredibly fast and it can run on any host with compatible Linux Kernel. (Supports Windows as well)
Note: you cannot run a Windows container on a Linux host because there is no Linux Kernel support for Windows. You can read about Windows containers from here
Docker uses a Copy-on-write union file system for its backend storage. Whenever changes are made to a container, only the changes will be written to disk using copy on write model.
Here is the google trends data on Docker. You can see it is an exploding topic for the last five years.
Difference Between Docker & Container
Docker is a technology or a tool developed to mange container implementation.
so can I run a contianer without Docker?
Yes! of course. you can use LXC technology to run containers on Linux servers.
Things you should know about Docker:
- Docker is not LXC
- Docker is not a Virtual Machine Solution.
- Docker is not a configuration management system and is not a replacement for chef, puppet, Ansible etc.
- Docker is not a platform as a service technology.
How Does Docker Work?
Lets looks at the key Docker components.
Docker is composed of the following four components
- Docker Daemon
- Docker Client
- Docker Images
- Docker Registries
- Docker Containers
Docker has a client-server architecture. Docker Daemon or server is responsible for all the actions that are related to containers.
The daemon receives the commands from the Docker client through CLI or REST API. Docker client can be on the same host as a daemon or it can be present on any other host.
Images are the basic building blocks of Docker. Containers are built from images. Images can be configured with applications and used as a template for creating containers. It is organized in a layered fashion. Every change in an image is added as a layer on top of it.
It is a repository for Docker images. Using the Docker registry, you can build and share images with your team.
A registry can be public or private. Docker Inc provides a hosted registry service called Docker Hub. It allows you to upload and download images from a central location.
If your repository is public, all your images can be accessed by other Docker hub users. You can also create a private registry in Docker Hub.
Docker hub acts like git, where you can build your images locally on your laptop, commit it and then can be pushed to the Docker hub.
It is the execution environment for Docker. Containers are created from images. It is a writable layer of the image.
You can package your applications in a container, commit it and make it a golden image to build more containers from it.
Two or more containers can be linked together to form tiered application architecture. Containers can be started, stopped, committed and terminated. If you terminate a container without committing it, all the changes made to the container will be lost.
You Might Like: List of Containers Orchestration Tools
Why Containers Are Better Than VMs?
We cannot completely say that containers are better than VM. However, containers have some key advantages over VMs.
Resource Utilisation & Cost
- You can use VMs to run your applications in an isolated manner. Meaning one service per VM. But it can still be underutilized. And resizing a VM is not an easy task for a production application.
- Containers, on the other hand, can run with very minimal CPU and memory requirements. Also, you can even run multiple containers inside a VM for applicatio.n segregation. Plus resizing a container takes seconds.
Provisioning & Deployment
- Provisioning a VM and deploying applications on it might take minutes to hours depending on the workflow involved. Even rollback takes time.
- But you can deploy a container in seconds and roll it back in seconds as well.
- Drift management in VMs is not easy. You need to have full-fledged automation and process in place to make sure all the environments are similar. Following immutable deployment models avoids drift in VM environments.
- When it comes to containers, once the image gets backed, it will be the same in all the environments. For any changes, you need to start making changes in dev env and re-bake the container image.
The best feature of Docker is collaboration.
Docker images can be pushed to a repository and can be pulled down to any other host to run containers from that image.
Moreover, Docker hub has thousands of images created by users and you can pull those images down to your hosts based on your application requirements.
If you want to run Docker for production workloads, make sure you follow the recommended practices of using Docker images.