We are going to start a new tutorial series on Docker. In this part of tutorial series (Learn Docker From Scratch), we will discuss about Docker, its components and the architecture.
What is Docker?
Docker is an Open-Source tool that allows developers to easily deploy their applications, ship them into containers which can then be deployed anywhere. The key benefit of Docker is that it allows users to package an application with all of its dependencies into a standardized unit so that anybody can deploy and run them on any other machine without facing runtime environment conflicts. I.e, Docker solves the problem of having identical environments across various stages of development and having isolated environments for your individual applications.
This is very similar to virtualization concept. Difference between a Virtual Machine and a Docker Image is that docker image does not package the whole virtual operating system but only the application and it’s runtime specific dependencies.
You will get a clear picture about Docker from the below image.
- Lightweight resource utilization: Containers isolate at the process level and use the host’s kernel.
- Portability: All of the dependencies for a containerized application are bundled inside of the container, allowing it to run on any Docker host. (Amazon EC2 instance, Google Compute Engine instance, Rackspace server, or VirtualBox)
- Fast Deployment: Containers have reduced the deployment time by many folds in comparison to virtual machines.
- Less Size: The average size of a Docker Container is within the range of tens of MB while VMs can take up several gigabytes.
- Security: Docker is secure because every container is isolated. I.e, one container cannot poke into another container.
- Predictability: The host does not care about what is running inside the container and the container does not care about which host it is running on.
Docker is written in Go and it mainly uses the following two features of the Linux kernel to deliver its functionality:
The namespace is a feature of Linux kernel which isolates and virtualizes system resources for a process so that each process gets its own resource. In other words the Namespace wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. This makes a process running in a container cannot see or affect processes running outside the container.
Currently, Linux implements six different types of namespaces.
The pid namespace: Process isolation (PID: Process ID). The net namespace: Managing network interfaces (NET: Networking). The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication). The mnt namespace: Managing filesystem mount points (MNT: Mount). The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System).
The resources used by a container is managed by Linux control groups. Control groups allow Docker Engine to share available hardware resources like CPU, Memory, Disk I/O, Network and Devices to containers and optionally enforce limits and constraints. We can list the Control Groups attached to a process from its /proc folder.
[email protected]:~> cat /proc/1683/cgroup 11:blkio:/ 10:hugetlb:/ 9:memory:/ 8:perf_event:/ 7:net_cls,net_prio:/ 6:devices:/user.slice 5:pids:/user.slice/user-1000.slice/session-3.scope 4:cpu,cpuacct:/ 3:freezer:/ 2:cpuset:/ 1:name=systemd:/user.slice/user-1000.slice/session-3.scope
UnioFS serves as a building block of containers. It creates layers, and, thereby, accounts for Docker’s lightweight and fast features.
Docker Client is the user interface that allows communication between the user and the Docker daemon.
Docker Daemon runs on the host machine answering requests for services.
Docker Container is a running instance of a Docker Image and they hold the entire package needed to run the application. It includes the operating system, user added files, and meta-data.
Docker Images are ready-only templates that help launch Docker containers.
Docker registries stores Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry.
DockerFile is used to define your images which can ultimately be used to launch docker containers.
Working of Docker
Docker has a client-server architecture. It includes a Docker client – used to trigger Docker commands, a Docker Host – running the Docker Daemon and a Docker Registry – storing Docker Images.
Docker client is the user interface that allows communication between the end user and the Docker daemon. The Docker host or Docker demon is where all the containers will be running on. The Docker daemon receives commands from the Docker client in the form of CLI or REST API’s. The Docker client and Docker daemon can be present on the same host or different hosts.
The Docker file is where we define an application along with its dependencies. The Docker images are created using these Docker files. The Docker image is the basic building blocks of Docker and it’s organized in a layered manner. Every change in an image is added as a layer on top of it. The Docker containers are runtime instances of these Docker Images. Containers can be started, stopped, committed and terminated. If you terminate a container without committing it, all the changes made to the container will be lost.
Docker Registry is a Git like repository for Docker images. It can be either public or private. The Docker Hub is a registry service provided by the Docker Inc. We can pull images from the public repositories of Docker Hub. You can also create a private registry in Docker Hub.
Hope you are now interested to know how to install Docker on your machine. We will cover the installation part and more practical implementation of Docker on the coming series of “Learn Docker From Scratch“.