Docker overview
OS-level virtualization
Note: This document is marp compatible.
Intro
Similar technologies existed for decades:
- zones (Solaris 10, February 2004)
- jails (FreeBSD 4.0, March 2000)
- chroot (Unix v7, 1979)
- user access separation (multics, unix, early 1970s)
Most Linux required features existed since 2.6
Docker reuses existing standards/technologies/philosophy.
- That’s it? What’s the catch?
Ecosystem
- comprehensive documentation
- https://docs.docker.com/
- distinct interface:
- CLI: docker, podman
- clouds
- registries (hubs):
- public: docker.io, quay.io, registry.fedoraproject.org
- self-hosted
- localhost cache
Terminology
- image (
ls ~/.local/share/containers/storage/overlay/) - container
- hub (https://hub.docker.com/search?type=image)
- volume
https://docs.docker.com/glossary/
Under the hood
- runC universal runtime
- split: kernel namespaces (net/pid/mount/user/networks…) (2002)
- limit: cgroups (2007)
- chroot (pivot root)
- …
- OverlayFS (layers)
https://www.codementor.io/blog/docker-technology-5x1kilcbow
Key takeaway
- NO kernel inside
- SINGLE process (although it may fork kids inside the same container)
From wikimedia –>
Hands on
docker search <name>
docker pull <NAME[:TAG|@DIGEST]>
docker run -it --rm -p <host_port>:<docker_port> -v <image> [cmd]
docker run -d <image>
docker attach
docker stop
docker start
docker log
Example: docker run -p 8080:8888 -it --rm bash nc -l -p 8888
Dockerfile
Refer: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ Doc: https://docs.docker.com/engine/reference/builder/
| Notable keywords | ||
|---|---|---|
| FROM | LABEL | USER |
| RUN | COPY/ADD | EXPOSE |
| ENV | (ENTRYPOINT) | CMD |
Example: ubuntu dockerfile
Quick build and share image
docker image build --rm -t test_image <path-to-dockerfile>
docker image save test_image -o test.tar
...
docker image load -i test.tar
Consider using multi-stage builds.
Exploring and housekeeping
docker info | less
docker history --no-trunc <imgname>
docker image inspect <imgname>
docker image ls
docker image rm <image_name>
docker image prune
docker container ps -a
docker container rm <container_id>
docker container prune