Docker is an implementation of Container Technology.
Lets take a step back and understand that one liner.
What are Containers
To understand Containers, lets see how we used to deploy application on a hardware. Traditionally we used to,
- Procure a hardware
- Install a hypervisor
- Create Logical separations/partition of hardware resources e.g. CPU, memory etc to create secure, isolated runtime environment
- Deploy Application on a partition
In above approach we need to install OS on each hypervisor partition which has following drawbacks,
- It consumes a lot of memory of underlying hardware.
- OS needs periodic patching/maintenance in all partitions.
- We need to procure license (for windows os etc.) for all partitions.
Also, We can’t afford to install 2-3 apps on a single partition
- As bad code (resource/memory leak) in one App will bring down all the apps on that partition.
- We may need different version(s) of same librarie(s) for different apps.
Can we deploy Apps on same OS maintaining Isolated Runtime between them?
Here Container Technology come to rescue,
Container runs on a thin virtualization on top of Operating System
To understand above definition lets compare it with VM or hypervisor.
VM or hypervisor grabs physical resources like CPU, RAM, storage, networks etc and slices them into virtual versions i.e. virtual CPU, virtual RAM, virtual NICs etc and then it builds virtual machines out of them, which feels like normal physical servers.
Container Engines on the contrary, slice operating system resources instead of slicing physical server resources e.g. process namespace, the network stack,the storage stack, the file system hierarchy etc.
In effect, every container gets its own,
- Process tree (i.e. PID 0, PID 1…).
- Implying a process inside of one container cannot send a signal to a process inside of another container.
- Network stack i.e. it’s own IP addresses, port range, routing table.
- Root filesystem i.e. ‘/’ on Linux and ‘C:/’ on Windows
- Control Groups (cgropus)
- We map containers to cgroups in a 1:1 mapping setting limits on how much CPU, memory, block IO, that the container has access to
Container act as multiple isolated instances of user spaces on OS sharing a single common kernel
Benefits of using containers
- We don’t need hypervisor
- App packed into container consumes less space than deploying App on hypervisor partition
Enough of containers lets get back to its implementation…
- Its an implementation of container technology using libcontainers (a pure Go library) as its underlying execution driver (replacing historic LXC driver)
- It provides a uniform and standard runtime environment where the functionality of an app packed into container remains unchanged whether its running on developers laptop or datacenter or a cloud provider e.g. AWS or Azure
Components of Docker
Docker engine/Docker daemon is a standardized runtime environment, that looks and feels the same no matter what platform it’s running on making application portability super simple.
Docker Images And Docker Containers
The relation between image and container resembles the relation between program and process i.e.
Container is running instance of Image.
- Images are build time constructs while containers are runtime constructs.
- Image contains all the data and metadata required to fire up a container.
- Image layering is a technique by which we can enhance functionality of an already existing image.
- It is accomplished through union mounts i.e. ability to mount multiple file systems on top of each other.
- In case of conflict higher layer wins.
- All layers in image is mounted as read only
- When container is launched,
- An additional layer is added at top which is the only writable layer
- To persist data outside containers
Union file System into Docker host we can mount a volume from dockerhost into container.
- Essentially it decouples data from the container. So if a container stops or is deleted the data persists.
- Volume can also be shared among multiple containers.
Docker Registries / Docker Hub
- Docker Registries is like an online marketplace to store and retrieve container images
- Docker hub is the big one but we can host private repositories as well.
- Inside registries, we can have multiple repositories.