Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.
In a way, Docker is a bit like a virtual machine. But unlike a virtual machine, rather than creating a whole virtual operating system, Docker allows applications to use the same Linux kernel as the system that they’re running on and only requires applications be shipped with things not already running on the host computer. This gives a significant performance boost and reduces the size of the application.
And importantly, Docker is open source. This means that anyone can contribute to Docker and extend it to meet their own needs if they need additional features that aren’t available out of the box.
Who is Docker for?
Docker is a tool that is designed to benefit both developers and system administrators, making it a part of many DevOps (developers + operations) toolchains. For developers, it means that they can focus on writing code without worrying about the system that it will ultimately be running on. It also allows them to get a head start by using one of thousands of programs already designed to run in a Docker container as a part of their application. For operations staff, Docker gives flexibility and potentially reduces the number of systems needed because of its small footprint and lower overhead.
What are the benefits of using Docker?
Docker provides a consistent runtime across all phases of a product cycle: development, testing, and deployment. For example, if development team has upgraded one dependency, other teams must also do the same. If they don’t, app may work during development but fail in deployment or work with unexpected side effects. Docker overcomes this complexity by providing a consistent environment for your app. Hence, it’s become essential for DevOps practice.
Docker containers are smaller in size and boot up faster compared to VMs. They’re also more cost efficient since many more containers than VMs can run on a machine.
Docker is open source. There’s freedom of choice since any type of application (legacy, cloud native, monolithic, 12-factor) can run in a Docker container. Security is built into the Docker Engine by default. It’s powered by some of the best components such as the containerd. There’s also powerful CLI and API to manage containers. Via certified plugins, we can extend the capabilities of the Docker Engine.
What are some basic Docker commands that a beginner should know?
Some Docker commands are listed in the official Docker documentation:
To build a new image from a Dockerfile use the build command. We can then push this to a registry using push. Commands search and pull can be used to find and download an image from registry to our local system. To create a new image from a running container’s changes, we can use commit. To list images, use images. A downloaded image can be removed using rmi.
Once we have an image, we can create and start a container using create and start. Containers can be stopped using stop or kill. A running container can be restarted using restart. We can use rm to remove containers. The command ps will list all running containers. To list stopped containers as well, use “-all” option.
Commands that deal with processes inside containers include run, exec, pause, unpause and top. Commands that deal with container filesystem include cp, diff, export and import.
Which are the essential components of the Docker ecosystem?
The Docker Engine is a client-server app of two parts: the Docker Client and the Docker Daemon. Docker commands are invoked using the client on the user’s local machine. These commands are sent to daemon, which is typically running on a remote host machine. The daemon acts on these commands to manage images, containers and volumes.
Using Docker Networking we can connect Docker containers even if they’re running on different machines. What if your app involves multiple containers? This is where Docker Compose is useful. This can start, stop or monitor all services of the app. What if you need to orchestrate containers across many host machines? Docker Swarm allows us to do this, basically manage a cluster of Docker Engines.
Docker Machine is a CLI tool that simplifies creation of virtual hosts and install Docker on them. Docker Desktop is an application that simplifies Docker usage on MacOS and Windows.
Among the commercial offerings are Docker Cloud, Docker Data Center and Docker Enterprise Edition.
- Which are the command-line interfaces (CLI) that Docker provides? Since Docker has many components, there are also multiple CLIs:
- Docker CLI: This is the basic CLI used by Docker clients. For example, docker pull is part of this CLI with “pull” being the child command. These commands are invoked by user using the Docker Client. Commands are translated to Docker API calls that are sent to the Docker Daemon.
- Docker Daemon CLI: The Docker Daemon has its own CLI, which is invoked using the dockerd command. For example, the command $ sudo dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & asks the daemon to listen on both TCP and a Unix socket.
- Docker Machine CLI: This is invoked with the command docker-machine.
- Docker Compose CLI: This is invoked with the command docker-compose. This uses Docker CLI under the hood.
- DTR CLI: Invoked with docker/dtr, this is the CLI for Docker Trusted Registry (DTR).
- UCP CLI: Invoked with docker/dtr, this is the CLI for installing and managing Docker Universal Control Plane (UCP) on a Docker Engine.
Here are some resources that will help you get started using Docker in your workflow. Docker provides a web-based tutorial with a command-line simulator that you can try out basic Docker commands with and begin to understand how it works. There is also a beginners guide to Docker that introduces you to some basic commands and container terminology. Or watch the video below for a more in-depth look:
Docker and security
Docker brings security to applications running in a shared environment, but containers by themselves are not an alternative to taking proper security measures.
Dan Walsh, a computer security leader best known for his work on SELinux, gives his perspective on the importance of making sure Docker containers are secure. He also provides a detailed breakdown of security features currently within Docker, and how they function.
- Chanezon, Patrick. 2017. “Docker Leads OCI Release of v1.0 Runtime and Image Format Specifications.” Blog, Docker, July 19. Accessed 2019-08-06.
- Chaturvedi, Vineet. 2019. “What Is Docker & Docker Container? A Deep Dive Into Docker!” Blog, Edureka, May 22. Accessed 2019-06-05.
- Docker. 2019a. “The Industry-Leading Container Runtime.” Accessed 2019-08-06.
- Docker. 2019b. “Docker Desktop.” Accessed 2019-08-06.
- Docker Core Engineering. 2016. “Docker 1.12: Now with Built-in Orchestration!” Blog, Docker, June 20. Accessed 2019-08-06.
- Docker Core Engineering. 2017. “Introducing Docker 1.13” Blog, Docker, January 19. Accessed 2019-08-06.
- Docker Docs. 2019a. “docker (base command).” Command-Line Interfaces (CLIs), Docker v19.03, August 02. Accessed 2019-08-06.
- Docker Docs. 2019b. “docker ps.” Command-Line Interfaces (CLIs), Docker v19.03, August 02. Accessed 2019-08-06.
- Docker Docs. 2019c. “Best practices for writing Dockerfiles.” Command-Line Interfaces (CLIs), Docker v19.03, August 02. Accessed 2019-08-06.
- Docker Docs. 2019d. “dockerd.” Command-Line Interfaces (CLIs), Docker v19.03, August 02. Accessed 2019-08-06.