Docker Overview - Gauravjain449/kubenetes GitHub Wiki

Docker is written in Go

  • Docker is an open platform for developing, shipping, and running applications.
  • Docker enables you to separate your applications from your infrastructure so you can deliver software quickly.

The Docker platform

  • Run many containers simultaneously on a given host.
  • Container run directly within the host machine’s kernel.

Docker Engine

  • Docker Engine is a client-server application with these major components:
  1. Server which is a type of long-running program called a daemon process (the dockerd command).
  2. REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
  3. Command line interface (CLI) client (the docker command).

Images

  • To build own image, you create the Dockerfile.
  • Each instruction in a Dockerfile creates a layer in the image.
  • When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt.

CONTAINERS

  • A container is a runnable instance of an image.
  • A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear.

Namespaces

  • Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.
  • These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.
  • Docker Engine uses namespaces such as the following on Linux:
  1. The pid namespace: Process isolation (PID: Process ID).
  2. The net namespace: Managing network interfaces (NET: Networking).
  3. The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication).
  4. The mnt namespace: Managing filesystem mount points (MNT: Mount).
  5. The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System).

Control groups

  • Docker Engine on Linux also relies on another technology called control groups (cgroups). A cgroup limits an application to a specific set of resources. Control groups allow Docker Engine to share available hardware resources to containers and optionally enforce limits and constraints. For example, you can limit the memory available to a specific container.