ProHoster > Blog > Administration > Understanding Docker

Understanding Docker

I have been using docker for several months now to structure the development/delivery of web projects. I offer the readers of "Habrahabr" a translation of the introductory article about docker - Understanding docker.

What is docker?

Docker is an open platform for developing, delivering and operating applications. Docker is designed to get your applications up and running faster. With docker, you can decouple your application from your infrastructure and treat your infrastructure as a managed application. Docker helps you deploy your code faster, test faster, deploy applications faster, and reduce the time between coding and running code. Docker does this with a lightweight container virtualization platform, using processes and utilities to help manage and host your applications.

At its core, docker allows you to run almost any application safely isolated in a container. Secure isolation allows you to run many containers on the same host at the same time. The lightweight nature of the container, which runs without the overhead of a hypervisor, allows you to get more out of your hardware.

The container virtualization platform and tools can be useful in the following cases:

  • packaging your application (and also used components) in docker containers;
  • distribution and delivery of these containers to your teams for development and testing;
  • uploading these containers to your productions, both in data centers and in the clouds.

What can I use docker for?

Quick release of your applications

Docker is great for organizing the development cycle. Docker allows developers to use local containers with applications and services. Which subsequently allows you to integrate with the continuous integration and deployment workflow process.

For example, your developers write code locally and share their development stack (a set of docker images) with colleagues. When ready, they push the code and containers to the test site and run any necessary tests. From the test site, they can send the code and images to production.

Easier laying out and unfolding

The docker container-based platform makes it easy to port your payload. Docker containers can run on your local machine, either real or virtual machine in the data center or in the cloud.

The portability and lightweight nature of docker makes it easy to dynamically manage your workload. You can use docker to deploy or retire your application or services. The speed of docker allows you to do this almost in real time.

High loads and more payloads

Docker is lightweight and fast. It provides a sustainable, cost-effective alternative to hypervisor-based virtual machines. It is especially useful in high-load environments, such as building your own cloud or platform-as-a-service. But it's also useful for small to medium applications where you want to get more out of your available resources.

The main components of Docker

Docker consists of two main components:

  • Docker: open source virtualization platform;
  • Docker Hub: Our platform-as-a-service for distributing and managing docker containers.

Note! Docker is distributed under the Apache 2.0 license.

Docker architecture

Docker uses a client-server architecture. The Docker client communicates with the Docker daemon, which takes the burden of creating, running, distributing your containers. Both client and server can run on the same system, you can connect the client to a remote docker daemon. The client and server communicate via a socket or via a RESTful API.

Understanding Docker

docker daemon

As shown in the diagram, the daemon is running on the host machine. The user does not interact directly with the server, but uses the client for this.

docker client

Docker client, the docker program is the main interface to Docker. It receives commands from the user and interacts with the docker daemon.

Inside docker

To understand what docker is made of, you need to know about three components:

  • images
  • register (registries)
  • containers

Images

Docker image is a read-only template. For example, an image may contain an Ubuntu operating system with Apache and an application based on it. Images are used to create containers. Docker makes it easy to create new images, update existing ones, or you can download images created by other people. Images are a docker build component.

Register

The Docker registry stores images. There are public and private registries from which you can download or upload images. The public Docker registry is Docker hub. There is a huge collection of images. As you know, images can be created by you or you can use images created by others. Registries are a distribution component.

Containers

Containers are like directories. Containers contain everything you need to run your application. Each container is created from an image. Containers can be created, started, stopped, moved or deleted. Each container is isolated and is a secure platform for the application. Containers are the component of the work.

So how does Docker work?

As long as we know that:

  • we can create images in which our applications are located;
  • we can create containers from images to run applications;
  • we can distribute images through Docker Hub or another image registry.

Let's see how these components fit together.

How does an image work?

We already know that an image is a read-only template from which a container is created. Each image consists of a set of levels. Docker uses union file system to combine these levels into one image. The Union file system allows files and directories from different file systems (different branches) to overlap transparently, creating a coherent file system.

One of the reasons why docker is lightweight is the use of these levels. When you change the image, such as updating an application, a new layer is created. So, without replacing the entire image or rebuilding it, as you might have to do with a virtual machine, only a layer is added or updated. And you don't have to distribute the whole new image, only the update is distributed, which makes it easier and faster to distribute images.

At the heart of every image is a base image. For example, ubuntu, the base image of Ubuntu, or fedora, the base image of the Fedora distribution. You can also use images as a base for creating new images. For example, if you have an apache image, you can use it as the base image for your web applications.

Note! Docker usually pulls images from the Docker Hub registry.

Docker images can be built from these base images, we call the description steps for building these images instructions. Each instruction creates a new image or level. The instructions will be the following:

  • run command
  • adding a file or directory
  • creating an environment variable
  • specifying what to run when the container of this image is launched

These instructions are stored in a file Dockerfile. docker reads this Dockerfile, when you build the image, executes these instructions, and returns the final image.

How does the docker registry work?

The registry is a repository of docker images. Once the image is created, you can publish it to the public Docker Hub registry or to your private registry.

With the docker client, you can search for already published images and download them to your docker machine to create containers.

Docker Hub provides public and private image repositories. Searching and downloading images from public repositories is available to everyone. The contents of private storages are not included in the search results. And only you and your users can receive these images and create containers from them.

How does a container work?

The container consists of the operating system, user files, and metadata. As we know, each container is created from an image. This image tells docker what is in the container, which process to run, when the container starts, and other configuration data. Docker image is read-only. When docker starts a container, it creates a read/write layer on top of the image (using the union file system as mentioned earlier) in which the application can be run.

What happens when a container starts?

Or using the program docker, or with a RESTful API, the docker client tells the docker daemon to start the container.

$ sudo docker run -i -t ubuntu /bin/bash

Let's take a look at this team. The client is started with the command docker, with the option run, which says that a new container will be started. The minimum requirements to run a container are the following attributes:

  • which image to use to create the container. In our case ubuntu
  • the command you want to run when the container is started. In our case /bin/bash

What happens under the hood when we run this command?

Docker, in order, does the following:

  • download the ubuntu image: docker checks for an image ubuntu on the local machine, and if it is not there, it downloads it from Docker hub. If there is an image, then it uses it to create a container;
  • creates a container: when the image is received, docker uses it to create the container;
  • initializes the filesystem and mounts read-only level: the container is created in the file system and the read-only level is added to the image;
  • initialize network/bridge: creates a network interface that allows docker to communicate with the host machine;
  • Setting the IP address: finds and sets the address;
  • Starts the specified process: launches your application;
  • Processes and emits the output of your application: connects to and logs the standard input, output, and error stream of your application so you can monitor how your application is performing.

You now have a working container. You can manage your container, interact with your application. When you decide to stop the application, remove the container.

Technologies used

Docker is written in Go and uses some features of the Linux kernel to implement the above functionality.

Namespace(namespaces)

Docker uses technology namespaces to organize isolated workspaces, which we call containers. When we start a container, docker creates a set of namespaces for that container.

This creates an isolated layer, each aspect of the container running in its own namespace, and not having access to the external system.

List of some namespaces that docker uses:

  • pid: for process isolation;
  • net: to manage network interfaces;
  • ipc: to manage IPC resources. (ICP: InterProcess Communication);
  • mnt: to manage mount points;
  • utc: for kernel isolation and version generation control (UTC: Unix timesharing system).

Control groups (control groups)

Docker also uses technology cgroups or control groups. The key to running an application in isolation is to provide the application with only the resources you want to provide. This ensures that the containers are good neighbors. Control groups allow you to share available iron resources and, if necessary, set limits and restrictions. For example, to limit the possible amount of memory to the container.

Union File System

Union File Sysem or UnionFS is a file system that works by creating levels, making it very lightweight and fast. Docker uses UnionFS to create the blocks from which the container is built. Docker can use several flavors of UnionFS including: AUFS, btrfs, vfs and DeviceMapper.

Container Formats

Docker combines these components into a wrapper that we call the container format. The default format is called libcontainer. Docker also supports the traditional Linux container format with LXC. Docker may support other container formats in the future. For example, integrating with BSD Jails or Solaris Zones.

Source: habr.com

Add a comment