Introduction to Docker
Docker is an open-source application that is used to create, deploy and manage containers. Docker is the leader in the containerization market, combining an enterprise-grade container platform with world-class services to give developers and operations team alike the freedom to build, manage and secure applications without the fear of technology or infrastructure lock-in. Docker is designed in such a way that it benefits both Developers and Operations team, making it a part of DevOps. Docker unlocks the potential of every organization with a container platform that brings traditional applications and microservices built on Window, Linux and mainframe into an automated and secure supply chain, advancing dev to ops collaboration. Before getting into Docker one should be familiar with the Container technologies and how a Container is different from a Virtual Machine. Numerous businesses have already moved their server application to Docker Container. Other than Docker there are many other applications that are used for deploying and managing containerized applications. Some of the popular ones are Kubernetes, skopeo, Builah, Podman.
About Docker
Docker is both a company and a product. Docker, Inc is the company behind the development of Docker application. The company was founded as dotCloud, Inc. in 2010 by Solomon Hykes and docker was an internal project within dotCloud with initial contributions by other dotCloud engineers. Docker represents an evolution of dotCloudās proprietary technology, which is itself built on earlier open-source projects such as Cloudlets. Docker was released as open-source in March 2013. On March 13, 2014, with the release of version 0.9, Docker dropped LXC as the default execution environment and replaced it with its own libcontainer library written in the Go programming language.
Architecture of Docker
Docker uses client-server architecture were docker talks to the docker daemon on the host. Docker daemon does all the operations and returns the output to the docker client. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface.
Docker Client is the primary way using which a docker user interacts with the Docker host. Docker uses REST API for the communication between the Docker client and the Docker Host.
For example, if you use any docker command, it is directly sent to the Docker daemon for execution. The Docker client can communicate with more than one daemon.
Docker Host contains the docker daemon dockerd, which listens to the incoming API requests from the docker client and manages the docker objects like images and container.
Docker registries are similar to a repository. Docker registries store the docker images. Docker hub is the public registry available for docker. It is also possible to create our own docker registry known as the Docker Trusted Registiry (DTR).
Docker image is a read-only template which contains the instruction on how to create a container. You can also create custom docker images based on your requirements.
Docker container is the runnable instance of a docker image. You can start, stop, run, delete containers using Docker API or CLI. You can also attach a container to one or more networks, volumes based on your requirements.
Docker service is a group of containers of the same image:tag. Services make it simple to scale your application.
The underlying technology in Docker
Docker is written in Go programming language and it uses much of the linux kernel functionalities such as Namespaces and Control groups.
Namespaces
Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.
These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
Docker Engine uses namespaces such as the following on Linux:
The pid namespace: Process isolation (PID: Process ID).
The net namespace: Managing network interfaces (NET: Networking).
The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication).
The mnt namespace: Managing filesystem mount points (MNT: Mount).
The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System).
Control groups
Docker Engine on Linux also relies on another technology called control groups (cgroups). A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can limit the memory available to a specific container.
Union file systems
Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers. Docker Engine can use multiple UnionFS variants, including AUFS, btrfs, vfs, and DeviceMapper.