Docker (Architecture, tools, images)
Docker is an Open Source platform for developing, deploying and running applications using container-based virtualization technology.
Docker product/tools
Docker Engine is the one that manages the whole “barrack”.
Docker Hub is a repository where Docker images can be stored.
Docker Swarm is a container clustering technology, to group together containers that are running on different physical machines, potentially located in different parts of the globe as if they were on the same physical machine.
Kitematic is a Docker client, in practice a graphical interface to create, manage and destroy containers, unlike the command line interface that we will see.
(The others will be described shortly)
Linux Kernel and Docker
Docker Engine (daemon) is the program that enables containers to be built, shipped and run. Docker Engine uses Linux Kernel namespaces and control groups (cgroups). Namespaces give us the isolated workspace. Cgroups limit, account for, and isolate the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.
Let’s see what the Docker Engine is also called Deamon Docker: it’s the main process. It’s the program that allows you to build, distribute and run containers.
Container-based technology, and Docker in particular, uses the host operating system kernel to do what it needs to do.
In particular, Docker uses two features made available by Kernel Linux which are Namespace and Control Groups (CGroups).
Namespaces provide an isolated working space for each container, CGorup limits the actions and resources that can be used within each container.
Basically, if we put ourselves from the container point of view, a Namespace tells us what they see the processes that run in a container, the CGroups tell us what processes can do about those things that they see and are specified by the Namespaces.
In other words, the CGroups tell us what we can do and the Namespaces tell us what we see and then what we can do.
Docker Client/Server and Deamon
See details of Docker’s architecture.
The architecture is client/server type, the role of the server is played by the Docker Engine (the docker deamon i.e. the process that manages all the creation, destruction, execution relative to containers).
The docker client that makes the client and what is invoked in the command line (for example, we use the command line).
We note that, when we write docker version, we are instructing the Docker client to pass the version command to the Docker Daemon to have us return information. So in general, the client takes an input from the user and sends it to the Docker daemon. It is the daemon docker who acts, i. e. he runs and distributes the containers.
Clients and Demon Docker can or cannot reside on the same physical machine. We can control a remote Docker daemon, so we can have a Docker client on a machine and send commands to a remote Docker located on a server on which we want to run containers.
Images, Registry, Repository and Containers
Let’s see another 4 concepts around which the Docker concept revolves: Images, Registry, Repository and Container.
When we create a VM (Virtual Machine) with the classic approach based on Hypervisor we start from a standard image like Ubuntu 14.04 and create the virtual machine starting from this image. Something very similar happens in Docker where we have images that are read-only templates used to create containers.
Images can be built by us or other users, and are usually saved in some registry that can be private registry (ours on reserved access machines), or we have public registry, called Docker Hub which is managed by Docker itself.
A feature it makes available is to create and upload public and private images, so that they can download them by themselves a small group of people that we decide.
Containers are platforms for running applications in isolation using the Namespace and CGroup mechanisms made available by Linux.
A container contains everything our application needs to run and is based on images. A container is created from images.
(Wanting to make a parallel with object programming, just as an object is an instance of a class, we can see a container as the instance of an image. Then starting from an image, then the container will specialize and will differ from the initial image from which we started.
A Registry is represented in the image on the left, a portion of Docker Hub, in the registry we find repositories, which are three hypothetical repositories, in each repository we find images such as: in the Ubuntu repository we can find the image relative to version 16.04, etc
Docker hub
Official Registry maintained by Docker (the Company). This is the official public official register maintained by Docker company.
Docker is not just an Open Source project. The Docker company was born from the OpenSource project that continues to develop.
This company has invented the “container as a service”, just as there are infrastructure ad a service, software as a Service, which allows the deployment of Container in their data centers.
There are two types of images in the repository:
official images that are characterized by repository name syntax: tags such as ubuntu: 16.04.
Or we can have images developed and uploaded on the repository and are in the form “username / repository name: tags”.
We pay attention to the images we put into practice because we don’t know what we do for user images, while for Docker images we have the transparency of the Build process. (We will see what is a Docker file which is a file that you use to build the docker images, which in fact list all the steps that are taken to lead to the construction of an image. For official images we have the transparency of this process so we know well the operations that have been made, and we know that for a certain image ubuntu the operations that have been carried out, for example starting from Ubuntu we know that Apt packet manager, and more has been installed).
In the images provided by users we cannot know this, i. e. we don’t know the programs that have been installed and the programs that are automatically run and there may be problems.
Official images are marked with official markings.
Images can be downloaded from Docker Hub at any time:
$ docker pull ubuntu:16.04
When downloaded, images are stored locally. Local images can be displayed:
$ docker images
When creating a container, Docker will attempt to use a local image first. If no local image is found, the Docker daemon will look in Docker Hub unless another registry is specified.