Docker - Highlights
Short notes from various online resources, including:
Key Docker terms:
Image - The basis of a Docker container. The content at rest. Think of image as a powered down container
Key Docker terms:
Image - The basis of a Docker container. The content at rest. Think of image as a powered down container
A container image is an immutable package that contains all the application code, system packages, binaries, libraries, configuration files, and the operating system running in the container.
Container - The image when it is ‘running’ or the in-memory instance of an image. It is the standardized packaging for software and dependencies.
A container is essentially a runtime that contains the bare essentials needed to run a unique application. The kernel or core part of the host operating system and services such as storage are shared across a host. The shared kernel enables containers to be light weight.
A container image is immutable. Once you've built an image, the image can't be changed. The only way to change an image is to create a new image.
Containerization is a way of bundling an application with everything that it depends on
Docker images make use of unionfs or Stackable Unification File System. Each of the command steps in the Dockerfile creates a cached container image as we build the final container image. These temporary images are layered on top of the previous and presented as single image once all steps complete.
Docker Enterprise Edition (EE) - subscription-based, commercially supported products for delivering a secure software supply chain. It is intended for: Production deployments + Enterprise customers. CaaS enabled platform for developers and IT. Docker EE offers a complete solution & a single Vendor for Support: Container Engine + Orchestration + Registry + Lifecycle Management
Docker Community Edition is a free, community-supported product for delivering a container solution. It is intended for: Software dev & test
Containers are an app level construct. VMs are an infrastructure level construct to turn one machine into many servers
Containers enable DevOps. Scrambling to fix software under pressure often results in architectural decay, also know as technical debt. Containers are re-defining DevOps to improve deployment velocity and application quality
Docker delivers agility, resiliency, portability, security and cost savings for all applications -
The 3 dominant cluster orchestrators are:
Many cloud providers provide orchestration services through PaaS solutions to simplify the management of containers.
Container - The image when it is ‘running’ or the in-memory instance of an image. It is the standardized packaging for software and dependencies.
A container is essentially a runtime that contains the bare essentials needed to run a unique application. The kernel or core part of the host operating system and services such as storage are shared across a host. The shared kernel enables containers to be light weight.
A container image is immutable. Once you've built an image, the image can't be changed. The only way to change an image is to create a new image.
Containerization is a way of bundling an application with everything that it depends on
Docker is a containerization platform used to develop, ship, and run containers.
Docker Container - The standard and isolated unit in which the application is packaged together with all of its libraries and binaries. At run time, the engine reads the image and spins up a container. Containers are built from a Docker image
Docker Engine - The container runtime with built in orchestration, networking and security that installs on any physical, virtual (VM) or cloud host (like AWS, Azure, Google Cloud Platform).The lightweight runtime installs directly on the host OS i.e Windows Server 2016, Ubuntu, CentOS, RHEL OpenSUSE. Docker containers run anywhere a Docker Engine is installed, and the Docker Engine runs anywhere i.e on bare metal, in VMs (vSphere, Hyper-V) and clouds (AWS, Azure, Google and more). This also means that Docker containers are portable from any environment to the another without having to recode the application
Control Plane - Management plane for container and cluster orchestration
Docker Engine - The container runtime with built in orchestration, networking and security that installs on any physical, virtual (VM) or cloud host (like AWS, Azure, Google Cloud Platform).The lightweight runtime installs directly on the host OS i.e Windows Server 2016, Ubuntu, CentOS, RHEL OpenSUSE. Docker containers run anywhere a Docker Engine is installed, and the Docker Engine runs anywhere i.e on bare metal, in VMs (vSphere, Hyper-V) and clouds (AWS, Azure, Google and more). This also means that Docker containers are portable from any environment to the another without having to recode the application
Control Plane - Management plane for container and cluster orchestration
Docker Hub – A a Software-as-a-Service (SaaS) Docker container registry where Docker images are stored, secured and managed. Multiple versions of an image (application) called “tags” can be stored within repositories (folders) within a registry.
You can use Azure Container Registry to store Docker containers to use in several Azure container enabled services.
Host OS is the OS on which the Docker engine runs.
Docker containers running on Linux share the host OS kernel and don't require a container OS as long as the binary can access the OS kernel directly.
However, Windows containers need a container OS. The container depends on the OS kernel to manage services such as the file system, network management, process scheduling, and memory management.
Container OS is the OS that is part of the packaged image.
We have the flexibility to include different versions of Linux or Windows OSs in a container. This flexibility allows us to access specific OS features or install additional software our applications may use.
The container OS is isolated from the host OS and is the environment in which we deploy and run our application.
Combined with the image's immutability, this isolation means the environment for our application running in development is the same as in production.
Dockerfile is a text file that contains the instructions we use to build and run a Docker image. The following aspects of the image are defined:
- The base or parent image we use to create the new image
- Commands to update the base OS and install additional software
- Build artifacts to include, such as a developed application
- Services to expose, such a storage and network configuration
- Command to run when the container is launched
An image is labeled with the latest tag if you don't specify a tag.
We must always consider containers as temporary when the application in a container needs to store data. Containers can make use of two options to persist data. The first option is to make use of volumes, and the second is bind mounts.
A volume is stored on the host filesystem at a specific folder location. Docker creates and manages the new volume by using the docker volume create command. This command can form part of our Dockerfile definition, which means that we can create volumes as part of the container creation process. Docker will mount and manage the volumes in the container. Once mounted, these volumes are isolated from the host machine.
Multiple containers can simultaneously use the same volumes.
Volumes are considered the preferred data storage strategy to use with containers.
A bind mount is conceptually the same as a volume, however, instead of using a specific folder, you can mount any file or folder on the host. Bind mount storage option is the best choice that allows the host and container to share a file to manage name server resolution, for example the resolve.conf file on Linux
Docker provides us with three pre-configured network configurations:
- Bridge network is the default configuration applied to containers when launched without specifying any additional network configuration. This network is an internal, private network used by the container and isolates the container network from the Docker host network.
- Host network allows us to run the container on the host network directly. This configuration effectively removes the isolation between the host and the container at a network level.
- None network option disables networking for containers
Docker Swarm - for deployment of cluster of Docker Hosts running locally or on cloud
Docker Enterprise Edition (EE) - subscription-based, commercially supported products for delivering a secure software supply chain. It is intended for: Production deployments + Enterprise customers. CaaS enabled platform for developers and IT. Docker EE offers a complete solution & a single Vendor for Support: Container Engine + Orchestration + Registry + Lifecycle Management
Docker Community Edition is a free, community-supported product for delivering a container solution. It is intended for: Software dev & test
Containers are an app level construct. VMs are an infrastructure level construct to turn one machine into many servers
Docker containers provide security features to run multiple containers simultaneously on the same host without affecting each other.
Docker has made containers standardized & portable across operating systems
Docker delivers agility, resiliency, portability, security and cost savings for all applications -
- Commercial Off The Shelf Apps
- Homegrown Traditional Apps
- Microservices Apps
- Kubernetes
- Docker Swarm
- Mesosphere DC/OS
Many cloud providers provide orchestration services through PaaS solutions to simplify the management of containers.
Containers provide a level of isolation. However, Containers share a single host OS kernel, which can be a single point of attack.
Comments
Post a Comment