Docker Containers First Step

A simple introduction to the docker containers

Docker makes our life easy while running or installing a software without worrying about the setup or dependencies and probably the unique purpose of the docker is to provide an ecosystem for creating and running isolated software in other words containers. In order to fulfill this requirement, it has six components as depicted in the following figure.

Docker Architecture[1]

Docker daemon listens continuously to the request of Docker API and is responsible mainly for the orchestration of Docker objects, i.e. images, running containers, network interfaces and volumes (reserved data block). In order to enrich the functionality, docker daemons can communicate with each other (to manage Docker services). Docker daemon can be seen as a docker server running on the operating system, which is responsible for downloading, building and running containers.

Docker client enables the interaction between Docker and users. For instance while executing docker build, run, etc. all these client commands are forwarded to dockerd. Whenever a docker command is executed, the docker API is called.

Docker containers are isolated user-spaces on which the applications are executed and share the same host OS. A container is a runnable instance of the image, therefore they are created from the images. They can be controlled via Docker API and CLI. We have the opportunity to control the container’s network, storage, etc.

Docker images are the read-only template that inherit application required libraries and applications. An image can be constructed on another image, which we call mostly as a custom image. For example, we can simply create an image that uses the Debian OS and install java applications. These custom images can be also uploaded to the Docker’s public registry known also as docker hub, which is a image store. It is also possible to create a local registry that can keep the custom images.

Creating and running a container from an image

$docker run <image name>$docker run hello-world

After that points the docker creates an instance from this image and executes it. Notice that the execution of the same command does not include the first “downloading descriptions”, since it is already in the image cache.

A short definition for the namespace and control groups

Kernel is always a middleware or intermediate layer that coordinates the access between the programs and the physical resources through the system calls. The software programs can require different dependencies or libraries that cannot run at the sometime on the hardware, for instance an application can require lib2 whereas the other necessitates lib3. The segmentation and resource sharing are done at the hardware level, which is done by the namespaces and controls groups. Namespace isolates resources per process or a bunch of processes, while control groups allow us to limit the amount of the resource that a process can consume. With these two features it is possible to isolate a process and specify its consumable resources that it can use. The container term is constructed on these features, and it isolates the resource usage and tailor the resource size.

Docker profits from the namespacing and control groups to provide an isolated workspace (container). The following figure enlighten the docker architecture on the Linux OS, namespaces and control groups.

Docker Engine on Linux OS [2]

How does an image become a container?

Kernel isolates the required section of the hard drive and make it available just for the related container. The content of the image file can be placed in this reserved hard drive location. A startup command actually means “run the program inside the container”

One can say that only Linux does include name spacing and control groups by default, if so how can we use on the other OSes? The newest Linux kernels supports these features, if not, through the kernel configuration and recompiling we will be able to enable these features. For windows and mac OSes a Linux virtual machine is installed on the related platform and all containers run actually in this VM.

It is quite easy to figure out which OS is issued in the docker image, we simply execute docker info and receive the following console output.

Console Output on Mac OSX

In the following steps we will dive into the details of the docker as much as possible. For more information it is recommended to check the official docker website [3].

References

  1. https://devopedia.org/docker
  2. https://pradeeploganathan.com/docker/docker-architecture/
  3. https://docs.docker.com/get-started/overview/