Mastering Docker: A Step-by-Step Guide for Beginners — Part 1
In this article, you will learn the fundamentals of using containers for your applications. We will cover creating and running Docker containers as a starting point. By the end, you will have a solid understanding of deploying containers in production and handling complex orchestration challenges like high availability, service discovery, and reconciliation.
Setup your Environment
You can use either Docker Personal and Play with Docker while following in this article
What are Containers
Containers are a powerful tool in computing, providing isolation for processes running on Linux through the use of namespaces and control groups. These features are built directly into the Linux kernel, making containers accessible and versatile. However, it is important to note that containers do not possess any inherent special qualities beyond these fundamental components.
The true value of containers lies in the surrounding ecosystem and supporting tools they offer. Docker provides developers and operators with an intuitive interface for creating, distributing, and executing containerized applications across various environments. These additional features enhance ease-of-use and facilitate seamless deployment within diverse computing infrastructures.
Running Container
Note : Use the Docker Cli to run this container, if you are using Play with Docker click the “Add new Instance” to create a new terminal
Open a terminal on your computer or if you are using Play with Docker, create a new instance and open the terminal inside. Run the following command in the terminal:
docker container run -t ubuntu topTo run a container with the Ubuntu image and use the top command, you can simplify by using the docker container run command with the -t flag to allocate a pseudo-TTY. This is necessary for the top command to function properly.
The docker run command downloads the Ubuntu image onto your host and starts the container. The output for the running container should resemble like this:
top is a Linux tool that displays and sorts the processes on a system based on resource usage. The output only shows the top process, which is the top process itself, because of PID namespace isolation.
Containers use Linux namespaces to isolate system resources from other containers or the host. The PID namespace specifically isolates process IDs. When running top inside a container, it will show processes within that container’s PID namespace, which differs greatly from what you would see if you ran top on the host machine.
It should be noted that even though we are using an Ubuntu image for our container, it does not have its own kernel. Instead, it uses the kernel of the host machine while utilizing tools and file systems available in an Ubuntu environment.
To connect to a new terminal on Play with Docker, click “Add New Instance” and then use the IP listed by node1 to SSH from node2 into node1.
In the terminal, retrieve the ID of the running container you created by using this command:
docker container ls 
To execute bash within the container, utilize the docker container exec command and incorporate the given container ID. In order to enable interaction with the container through your terminal, make use of the -it flag to allocate a pseudo-terminal while running in interactive mode.
docker container exec -it 935d717c162d bash Using the docker container exec command and entering the container’s namespaces using bash is a commonly used method to inspect a Docker container.
Notice the change in the prefix of your terminal, for example, root@935d717c162d:/. This is an indication that you are running bash inside the container.
Tip : Interacting with a bash process within a container is not the same as using ssh to connect to a separate host or VM. Unlike an ssh server, you do not require any specific setup for connecting to a bash process in your container. It’s important to keep in mind that containers leverage kernel-level features for achieving isolation and run on top of the host’s kernel. A container essentially consists of processes running independently in isolation on the same host, allowing you to utilize the docker container exec command and gain access to this isolated environment through the bash process. Once executed, this command will include both topand’bash’ within the group of processes operating within this isolated context.
To inspect the running process use this command:
ps -ef
Other Linux namespaces include:
- MNT: Mount and unmount directories without affecting other namespaces.
- NET: Containers have their own network stack.
- IPC: Isolated interprocess communication mechanisms such as message queues.
- User: Isolated view of users on the system.
- UTC: Set hostname and domain name per container.
These namespaces provide the isolation for containers that allow them to run together securely and without conflict with other containers running on the same system.
To compare, exit the container and run ps -ef or top on the host. These commands will work on both Linux and Mac. You may inspect the running processes in Windows by using tasklist.
Tip: Namespaces serve as a notable feature in the Linux kernel. However, Docker offers the ability to run containers on both Windows and Mac operating systems. The key lies in the incorporation of a Linux subsystem within Docker’s software package. Leveraging this integration, using Docker for containerization provides an advantage of running containers across various platforms.
Moreover, aside from running Linux containers on Windows through a Linux subsystem, it is now possible to execute native Windows containers by utilizing container primitives integrated into the Windows operating system. With this enhancement, users can run native Windows containers on compatible versions like Windows 10 or later generations such as Windows Server 2016 or above
Running Multiple Containers
Explore the Docker Hub.
The Docker Hub is the public central registry for Docker images. Anyone can share images here publicly. The Docker Store contains community and official images that can also be found on the Docker Hub.
When searching for images, you will find filters for Store and Community images. Store images include content that has been verified and scanned for security vulnerabilities by Docker. Go one step further and search for Certified images that are deemed enterprise-ready and are tested with Docker Enterprise Edition.
It is important to avoid using unverified content from the Docker Store when you develop your own images that are intended to be deployed into the production environment. These unverified images might contain security vulnerabilities or possibly even malicious software.
In this demonstration, we will use NGINX and MongoDB as an example to showcase how multiple containers can be run concurrently.
To run an NGINX server, you can use the official NGINX image available on the Docker Store.
docker container run --detach --publish 8080:80 --name nginx nginx
You are using some new flags. The — detach flag runs this container in the background. The — publish flag exposes port 80 in the container (default for NGINX) on port 8080 of your host machine. Note that the NET namespace provides a separate network stack for processes within the container. The — publish flag allows networking from the container to be accessed from outside through the host machine.
How do you know port 80 is the default port for NGINX? Because it is listed in the documentation on the Docker Store. In general, the documentation for the verified images is very good, and you will want to refer to it when you run containers using those images.
Specify the — name flag to name your container. This makes it convenient for running commands on your container as you can reference the name instead of the ID. For instance, use docker container inspect nginx instead of docker container inspect 102l if you have named your container nginx.
Because this is the first time you are running the NGINX container, it will pull down the NGINX image from the Docker Store. Subsequent containers created from the NGINX image will use the existing image located on your host.
NGINX is a lightweight web server. You can access it on port 8080 on your localhost.
Run a MongoDB, the official MongoDB image from the Docker Store will be used. Instead of using the most recent tag (which is the default if no tag is supplied), utilize 3.4 of the Mongo image.
docker container run --detach --publish 8081:27017 --name mongo mongo:3.4
Because this is your first time operating a Mongo container, download the Mongo image from the Docker Store. The — publish flag is used to expose the 27017 Mongo port on your server. Because 8080 is already available on your host, you must choose a different port for the host mapping. See the documentation on the Docker Store to get more information about using the Mongo image.
Checking the running containers
docker container ls
You have an NGINX web server container and a MongoDB container running on your host. Note that these containers are not yet configured to communicate with each other.
The names you assigned for the containers are “nginx” and “mongo”.The port mappings specified with the “ — publish” flag can also be observed. To obtain more details about these running containers, use the command “docker container inspect [container id]”.
One thing you might notice is that the Mongo container is running the docker-entrypoint command. This is the name of the executable that is run when the container is started. The Mongo image requires some prior configuration before kicking off the DB process. You can see exactly what the script does by looking at it on GitHub. Typically, you can find the link to the GitHub source from the image description page on the Docker Store website.
Containers are self-contained and isolated, which means you can avoid potential conflicts between containers with different system or runtime dependencies. For example, you can deploy an app that uses Java 7 and another app that uses Java 8 on the same host. Or you can run multiple NGINX containers that all have port 80 as their default listening ports. (If you’re exposing on the host by using the --publish flag, the ports selected for the host must be unique.) Isolation benefits are possible because of Linux namespaces.
Remember: You didn’t have to install anything on your host (other than Docker) to run these processes! Each container includes the dependencies that it needs within the container, so you don’t need to install anything on your host directly.
Running multiple containers on the same host gives us the ability to use the resources (CPU, memory, and so on) available on single host. This can result in huge cost savings for an enterprise.
Although running images directly from the Docker Store can be useful at times, it is more useful to create custom images and refer to official images as the starting point for these images.
Remove the Containers
Check all the running containers
docker container lsTo stop the containers by running this command for each container
docker container stop [container id]Tip: You need to enter only enough digits of the ID to be unique. Three digits is typically adequate.
You can also use names of the container
docker container stop mongo nginxTo clean up your environment, the following command can be used to remove any stopped containers, unused volumes and networks, as well as dangling images
docker system prune
Leave a 👏 and comment and let me know what you think.
Do you enjoy what you’ve read so far? Join and buy me a ko-fi
© All Rights Reserved Kent Edoloverio
