When you search for what docker is you might see something like this:
“Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.”
But what exactly does that all mean? let’s start with “hello world” and learn how this great technology works under the hood.
docker run hello world: starts up the docker client/cli. Which takes commands from the user to run processes and commands to the “Docker server”. Docker run hello world started a new container for hello world. The hello world image has a command that is supposed to print a message. First it checks for a local copy on the machine of the hello world image / file.
This checked in the image cache for that file. When it sees that its empty it checks docker hub for a hello-world image. Which is a repository of free public images to use. Docker server downloads this file and stores it run your local image this means it can run without being re downloaded now we can use this to run an instance of the container.
Kernel: a running software process that governs access for programs running on your computer and all the physical hardware connected as well. For example: An intermediate layer that governs between apps and the hard drive.
They interact through system calls: they are basically function invocations
For example: lets say we have dependencies that need different versions.
Name Spacing: We use name spacing to section out those resources to create. A segment on the hard drive for each version of python
Issues system call to figure out which process its coming from. With this each can work on the same machine.
This entire process of segmenting a hardware resource based on the process asking for it is known as name spacing. Namespace specific resources limit the resources or redirect the requester resource through a particular process. Control groups can be used to limit the amount of resources a particular process can use
In short:
Name spacing: this area of the hard drive is for this process
Control group: can be used to limit the amount of memory, CPU, Hard drive input output, and network bandwidth
These are used together to isolate a process and limit the amount of resources it can talk to and the amount of bandwidth that can make use of. They are specific to the linux Operating system.
CONTAINERS: Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Containers take up less space than VMs (container images are typically tens of MBs in size), can handle more applications and require fewer VMs and Operating systems.
Containers are a running process along with a subset of physical resources on your computer that are allocated to that process specifically.
The red dotted box is a container. The running process plus a running resource are talking to like python v2. They aren’t physical constructs in your computer. containers are a set or sets of processes that have a grouping of resources specifically assigned to it.
Chrome is our running process which sends system calls to a kernel. It looks at the incoming system call and directs it to a specific portion of the hard drive, ram, network, cpu. A portion of each of these resources are available to that singular process “chrome”.
Images are file system snapshots kindof like the Mac’s time machine. It has specific set of directories. So we could have an image of just chrome and python it also has a specific start up command. So when we make a container the kernel is going to isolate a little section of the hard drive and make it available to just this container.
after the subset is created, the file snapshot inside the image is taken in place of the segment of the hard drive. Which now has chrome and python installed. The start up command is then executed. So chrome is invoked we create a new instance of that process and that created process is then isolated to the set of resources inside the container.
So how are we running docker on a Mac system when it’s for linux? When you install docker for windows or Mac. You installed a linux virtual machine, so long as docker is running you technically have a linux virtual machine running too. Inside of this virtual machine is where all the containers are created. So the Linux kernel is going to be running processes inside of containers. That linux kernel is in charge of limiting/isolating access to different hardware resources on your computer.
To see this in action type: docker version
You’ll see that there is a distribution of linux installed.
Now we can start to see the big picture. Container images become containers at runtime and in the case of Docker containers — images become containers when they run on Docker Engine. It leverages existing computing concepts around containers and specifically in the Linux world, primitives known as cgroups and namespaces. Docker’s technology is unique because it focuses on the requirements of developers and systems operators to separate application dependencies from infrastructure.
VIRTUAL MACHINES
Virtual machines (VMs) are an abstraction of physical hardware turning one server into many servers. The hypervisor allows multiple VMs to run on a single machine. Each VM includes a full copy of an operating system, the application, necessary binaries and libraries — taking up tens of GBs. VMs can also be slow to boot.
Containers and VMs used together, provide a great deal of flexibility in deploying and managing apps. this combination of technology has recently become the building blocks of the internet we know today.
