Docker

avatar
Created by
GiganticAngonoka72710

Subdecks (6)

Cards (132)

  • This task will explain how Docker interacts between the operating system and the container. When you install Docker, there are two programs that get installed:
    1. The Docker Client
    2. The Docker Server
    Docker works in a client/server model. Specifically, these two programs communicate with each other to form the Docker that we know and love. Docker achieves this communication using something called a socket. Sockets are an essential feature of the operating system that allows data to be communicated. 
  • For example, when using a chat program, there could be two sockets:
    1. A socket for storing a message that you are sending
    2. A socket for storing a message that someone is sending you.
    The program will interact with these two sockets to store or retrieve the data within them! A socket can either be a network connection or what is represented as a file. What's important to know about sockets is that they allow for Interprocess Communication (IPC). This simply means that processes on an operating system can communicate with each other!
  • In the context of Docker, the Docker Server is effectively just an API. The Docker Server uses this API to listen for requests, whereas the Docker Client uses the API to send requests.
    • For example, let's take this command: docker run helloworld. The Docker Client will request the Docker server to run a container using the image "helloworld". Now, whilst this explanation is fairly basic, it is the essential premise of how Docker works.
    • Let's look at the following diagram to show this process in action:
    • What's interesting is that because of this, we can interact with the Docker Server using commands like curl or an API developer tool such as Postman.
    • Finally, it's important to note that because of this, the host machine running Docker can be configured to process commands sent from another device. This is an extremely dangerous vulnerability if it is not correctly configured because it means someone can remotely stop, start, and access Docker containers. Despite this, there are use cases where this feature of Docker is extremely helpful!
  • Containerization:
    • Definition: A lightweight, portable, and executable software package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools.
  • Containerization:
    Advantages:
    • Isolation: Containers encapsulate applications and dependencies, ensuring isolation from the host system and other containers.
    • Portability: Containers can run consistently across different environments, facilitating easy deployment.
    • Resource Efficiency: Containers share the host OS kernel, making them more resource-efficient than traditional virtual machines.
    • Scalability: Easily scale applications by deploying additional containers.
  • Components:
    • Images: Lightweight, stand-alone, executable packages that include everything needed to run a piece of software, including the code, runtime, libraries, and system tools.
    • Containers: Running instances of Docker images.
    • Registry: Repository for Docker images, often used to share and distribute images.
  • Docker Architecture:
    • Components:
    • Docker Engine: Core of Docker, consisting of a server, REST API, and a command-line interface.
    • Docker Daemon: Background process that manages Docker containers on a host.
    • Docker Client: Interface through which users interact with Docker.
    • Docker Registry: Repository for storing and sharing Docker images.
    • Communication:
    • The Docker client communicates with the Docker daemon, which handles container management on the host.
  • Dockerfile:
    • Definition: A script containing instructions to build a Docker image.
    • Commands:
    • FROM: Specifies the base image.
    • RUN: Executes commands within the image.
    • COPY/ADD: Adds files from the host to the image.
    • CMD/ENTRYPOINT: Defines the default command when a container starts.
    • EXPOSE: Informs Docker that the specified ports will be used at runtime.
  • Orchestration:
    • Definition: Managing the deployment, scaling, and operation of containerized applications.
    • Tools:
    • Kubernetes: An open-source container orchestration platform for automating the deployment, scaling, and management of containerized applications.
    • Docker Swarm: Docker's native clustering and orchestration solution.
  • Kube Key Concepts:
    • Nodes: Individual machines in a cluster.
    • Pods: Smallest deployable units in Kubernetes, containing one or more containers.
    • Services: Abstraction to define a logical set of Pods and a policy by which to access them.
  • Networking in Docker:
    • Bridge Network: Default network that isolates containers on the same host.
    • Host Network: Shares the host's network stack with the container.
    • Overlay Network: Connects multiple Docker daemons across multiple hosts.
    • Macvlan Network: Assigns a MAC address to a container, making it appear as a physical device on the network.
  • Docker Registry:
    • OCI distribution spec standardizes container image distribution.
    • Registries include Docker Hub, GitHub, Bitbucket, GitLab, and custom registries.
    • Image layers with unique SHA hashes are pushed to and pulled from registries.
    • Docker push uploads image layers; Docker pull retrieves an identical copy.
  • Docker Container:
    • Docker containerization involves running applications in isolated environments.
    • Containers are isolated using Linux namespaces, providing a separate file system, IP address, virtual NIC, and process list.
    • Docker run command executes containers based on images, allowing multiple isolated instances.
    • Namespace: Linux feature preventing applications in one container from accessing others.
  • Image Representation:
  • Why Docker:
    Isolation:
    • Historical Challenge: Before containers, applications shared servers, leading to brittleness and difficulty managing dependencies.
    • Solution: Containers offer lightweight isolation, providing a dedicated environment for each application.
    • Result: Improved manageability and reduced conflicts between different applications on the same server.
  • Why Docker? Why Now?
    Environments:
    • Historical Challenge: Diverse OS and environment configurations made cross-platform compatibility complex.
    • Solution: Containers encapsulate applications and dependencies, ensuring consistency across different environments.
    • Result: Elimination of "works on my machine" issues, simplified deployment, and streamlined environment management.
  • Why Docker? Why Now?
    Speed:
    • Historical Challenge: Traditional infrastructure deployment methods were time-consuming.
    • Solution: Containers enable rapid development, testing, and deployment, aligning with the industry's need for agility.
    • Result: Accelerated software lifecycle, faster iteration, and quicker delivery of applications to end-users.
  • Docker Containers on Servers:
  • Why Containerization:
    • Better Isolation in a single OS
    • Reduced Environment Variance
    • Increase Speed of Change
  • docker container run:
    Background Processes of docker container run:
    • Image Lookup:
    • Docker searches for the specified image locally in the cache.
    • If not found, it fetches the image from Docker Hub (default remote repository).
    • Version selection: If not specified, it defaults to the latest version.
    • Container Creation:
    • Docker initiates a new container based on the fetched or existing image.
    • No copying of the image; instead, Docker adds a new layer of changes.
    • Customizes networking settings: assigns a virtual IP address within Docker's virtual network.
    • Port Configuration:
    • Opens specified ports (if --publish or -p flag is used).
    • Maps the host port to the container port.
    • Command Execution:
    • Container starts executing the command specified in the Dockerfile.
    • Introduction to Dockerfile and customization options.
    1. Customization Options:
    • Version Specification:
    • Use nginx:version to specify a particular version of the image.
    • Introduction to image versions.
    • Port Customization:
    • Customize port configuration according to specific requirements.
    • Default Command:
    • Specify a default command to run when the container starts.
  • Explain the architecture of Docker.
    • Docker uses a client-server architecture.
    • Docker Client is a service that runs a command. The command is translated using the REST API and is sent to the Docker Daemon (server). 
    • Docker Daemon accepts the request and interacts with the operating system to build Docker images and run Docker containers.
    • A Docker image is a template of instructions, which is used to create containers.
    • Docker container is an executable package of an application and its dependencies together.
    • Docker registry is a service to host and distribute Docker images among users.
  • What are the advantages of Docker over virtual machines?
    • Docker containers occupy less space
    • Short boot-up time
    • Containers have a better performance, as they are hosted in a single Docker engine
    • Easy to scale up
    • High efficiency
    • Easily portable across different platforms
    • Data volumes are shared and used again across multiple containers
  • How do we share Docker containers with different nodes?
    • It is possible to share Docker containers on different nodes with Docker Swarm.
    • Docker Swarm is a tool that allows IT administrators and developers to create and manage a cluster of swarm nodes within the Docker platform.
    • A swarm consists of two types of nodes: a manager node and a worker node.
  • What are the commands used to create a Docker swarm?
    • Create a swarm where you want to run your manager node.Docker swarm init --advertise-addr <MANAGER-IP> 
    • Once you've created a swarm on your manager node, you can add worker nodes to your swarm.
    • When a node is initialized as a manager, it immediately creates a token. In order to create a worker node, the following command (token) should be executed on the host machine of a worker node.docker swarm join \ --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \ 192.168.99.100:2377
  • How do you run multiple containers using a single service?
    • It is possible to run multiple containers as a single service with Docker Compose.
    • Here, each container runs in isolation but can interact with each other.
    • All Docker Compose files are YAML files.
  • What is a Dockerfile used for?
    • A Dockerfile is used for creating Docker images using the build command.
    • With a Docker image, any user can run the code to create Docker containers.
    • Once a Docker image is built, it's uploaded in a Docker registry.
    • From the Docker registry, users can get the Docker image and build new containers whenever they want.
  • Explain the differences between Docker images and Docker containers.
    Docker Images:
    • Docker images are templates of Docker containers
    • An image is built using a Dockerfile
    • It is stored in a Docker repository or a Docker hub
    • The image layer is a read-only filesystem
    Docker Container:
    • Containers are runtime instances of a Docker image
    • Containers are created using Docker images
    • They are stored in the Docker daemon
    • Every container layer is a read-write filesystem
  • Instead of YAML, what can you use as an alternate file for building Docker compose?
    • To build a Docker compose, a user can use a JSON file instead of YAML. In case a user wants to use a JSON file, he/she should specify the filename as given:
    • Docker-compose -f Docker-compose.json up
  • How do you create a Docker container?
    Task: Create a MySQL Docker container 
    A user can either build a Docker image or pull an existing Docker image (like MySQL) from Docker Hub.
    Now, Docker creates a new container MySQL from the existing Docker image. Simultaneously, the container layer of the read-write filesystem is also created on top of the image layer.
    • Command to create a Docker container: Docker run -t –i MySQL 
    • Command to list down the running containers: Docker ps
  • What is the difference between a registry and a repository?
    Registry:
    • A Docker registry is an open-source server-side service used for hosting and distributing Docker images
    • In a registry, a user can distinguish between Docker images with their tag names
    • Docker also has its own default registry called Docker Hub
    Repository:
    • The repository is a collection of multiple versions of Docker images 
    • It is stored in a Docker registry 
    • It has two types: public and private repositories
  • What are the cloud platforms that support Docker?
    The following are the cloud platforms that Docker runs on:
    • Amazon Web Services
    • Microsoft Azure
    • Google Cloud Platform
    • Rackspace
  • What is the purpose of the expose and publish commands in Docker?Expose
    • Expose is an instruction used in Dockerfile.
    • It is used to expose ports within a Docker network.
    • It is a documenting instruction used at the time of building an image and running a container.
    • Expose is the command used in Docker.
    • Example: Expose 8080
  • What is the purpose of the expose and publish commands in Docker
    Publish
    • Publish is used in a Docker run command.
    • It can be used outside a Docker environment.
    • It is used to map a host port to a running container port.
    • --publish or –p is the command used in Docker.
    • Example: docker run –d –p 0.0.0.80:80