Docker
Contents
Docker
Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own application, libraries, and configuration files; they can communicate with each other through well-defined channels. Because all the bundled components are in one package, the developer can be assured that the software will run the same on any machine.
Docker provides an additional layer of abstraction and automation of OS-level virtualization on Linux, and initially used the LXC (Linux Containers) technology. However, it later switched to its own technology, `libcontainer`, which was later renamed to `runC`.
While OS-level virtualization is not new (dating back to technologies like chroot, FreeBSD Jails, and Solaris Containers/Zones), Docker popularized the concept and simplified its use through tools, APIs, and a widely adopted container image format.
Concepts
Docker uses a client-server architecture. The Docker client talks to the Docker daemon (which manages Docker objects like images, containers, volumes, and networks). The Docker daemon listens for Docker API requests.
Key concepts in Docker include:
- Dockerfile: A text document that contains all the commands a user could call on the command line to assemble an image. Docker can build images automatically by reading the instructions from a Dockerfile.
- Docker Image: A read-only template with instructions for creating a Docker container. It's a lightweight, standalone, executable software package that includes everything needed to run a piece of software, including the code, runtime, libraries, environment variables, and config files. Images are built from a Dockerfile and can be stored in a registry like Docker Hub.
- Docker Container: A runnable instance of a Docker image. A container is created from a Docker image and runs the application. Containers are isolated from each other and the host system, but share the host OS kernel. This isolation provides security and allows multiple containers to run on the same host without interfering with each other.
- Docker Engine: The core Docker technology. It's a client-server application with these major components: a daemon process (the `dockerd` command), which is the server; a REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do; and a command line interface (CLI) client (the `docker` command), which talks to the REST API.
- Docker Hub: A cloud-based registry service provided by Docker, Inc. for building and shipping container images. It allows users to find and share container images with their team and the Docker community.
- Docker Compose: A tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application's services. Then, with a single command, you create and start all the services from your configuration.
- Docker Swarm: A container orchestration tool native to Docker for managing a cluster of Docker hosts. While still available, it has seen less adoption compared to Kubernetes for large-scale orchestration.
How it Works
Docker leverages specific features of the Linux kernel (and similar features on other operating systems via Virtualization):
- Namespaces: Docker uses kernel namespaces to provide isolation. Namespaces wrap a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own instance of the global resource. This includes PID, network interfaces, mount points, IPC, hostname, and user ID namespaces.
- Cgroups: Cgroups (control groups) are used to limit or isolate the usage of resources (CPU, memory, disk I/O, network bandwidth) for a set of processes. This ensures that containers don't consume excessive resources and impact the performance of the host or other containers.
- Union File Systems (UnionFS): Docker uses Union File Systems to create images with multiple read-only layers. When a container is started from an image, a thin, writable layer is added on top of the read-only layers. Changes made inside the container are written to this top layer, preserving the original image. This layering makes images lightweight, fast to build, and efficient in terms of storage and network usage when transferring layers.
Benefits
- Portability: Containers package the application and its dependencies, ensuring it runs consistently across different environments (developer laptop, testing server, production cloud).
- Consistency: Reduces the "it works on my machine" problem by providing a predictable environment.
- Efficiency: Containers are typically much smaller and start faster than virtual machines because they share the host OS kernel rather than requiring a full guest OS.
- Isolation: Provides process and file system isolation, enhancing security and preventing conflicts between applications.
- Faster Development Cycles: Allows developers to quickly build, test, and deploy applications. Simplifies CI/CD pipelines.
- Resource Utilization: Allows higher density of applications on a single server compared to using virtual machines, potentially leading to better resource utilization and lower infrastructure costs.
Drawbacks and Criticisms
- Kernel Sharing: Sharing the host OS kernel offers efficiency but less isolation compared to virtual machines. A vulnerability in the host kernel could potentially affect all containers.
- Complexity: While simplifying many aspects, managing many containers, especially in clustered environments, can introduce complexity, requiring tools like Docker Compose or Kubernetes.
- Storage Management: Managing persistent data and volumes across multiple containers can be complex.
- Initial Learning Curve: Understanding Docker concepts, Dockerfile syntax, and the container Ecosystem requires an initial Investment in learning.
- Platform Dependence: While aiming for portability, containers built for one operating system (e.g., Linux) cannot run natively on a different one (e.g., Microsoft Windows) without some form of Virtualization (like running a Linux VM on Microsoft Windows to host Linux containers).
History
Docker was launched in March 2013 by Docker, Inc., based on the internal project DotCloud, a PaaS company. Docker leveraged existing work on cgroups and Linux namespaces and was built on top of LXC.
In 2015, Docker, Inc. initiated the Open Container Project (later renamed the Open Container Initiative, OCI) to create open industry standards for container formats and runtimes, contributing its `libcontainer` runtime (renamed `runC`) and image format specification. This move helped standardize the container Ecosystem.
Over the years, Docker's popularity grew significantly, becoming a key technology in the DevOps, Microservices, and cloud-native movements.
Comparison to Virtual Machines
| Feature | Docker Containers | Virtual Machines |
|---|---|---|
| Technology | OS-level virtualization | Hardware virtualization |
| Isolation | Process/FS/Network (shared kernel) | Full Hardware Emulation (separate kernel) |
| Resource Usage | Lower overhead, more efficient | Higher overhead (full guest OS) |
| Startup Time | Seconds | Minutes |
| Size | MB to GB | GBs |
| Operating System | Shares host OS kernel, runs apps | Full guest OS installed and booted |
| Portability | Application-level (consistent env) | OS-level (can run different OS on different VMs) |
| Primary Use | Packaging/Running applications | Running full OS environments, different OSes |
Use Cases
Containerization using Docker is suitable for a wide range of applications and workflows:
- Application Deployment: Standardizing the deployment of applications across different environments, from development to production.
- Microservices: Packaging and deploying individual Microservices as separate containers.
- CI/CD Pipelines: Providing consistent and reproducible build and test environments.
- Development Environments: Setting up identical development environments for teams using a shared configuration.
- Testing: Creating isolated environments for automated testing.
- Consolidating Workloads: Running multiple applications on a single server efficiently.
- Cloud-Native Development: A foundational technology for building and deploying applications in cloud environments.
See Also
- Containerization
- Operating-system-level virtualization
- Virtual machine
- Kubernetes
- OCI (Open Container Initiative)
- Linux namespaces
- Cgroups
- Microservices
- DevOps
- Continuous Integration
- LXC
- Podman - A daemonless container engine alternative to Docker.
- Buildah - A tool for building OCI-compatible container images.
- Container runtime
- Container registry
References
- Docker Official Overview - Official documentation providing a technical overview.
- Red Hat - What is Docker? - Explanation of Docker from a major Linux vendor involved in containers.
- The New Stack - The Curious Case of the History of Docker - Article discussing Docker's history and origins.
- IBM Cloud Learn - What is containerization? - General explanation of containerization, often referencing Docker.
- Kubernetes Official Documentation - What is Kubernetes? - Provides context on container orchestration, commonly used with Docker.
