Under the hood: understanding docker Containers and images
Containers — A technology to run one or more than one process on an independent and isolated environment.
What are process here?
Execution of programs(set of instructions). It could be applications, databases, message queues, etc…
What are resources needed to execute a process standalone?
- Memory
- CPU
- I/O devices
- Files Systems
In our day to day life, we use the containers without knowing it. For example Parallel Space/Secondary space and Dual apps features in Android mobiles are using Linux Container technology.
In Linux kernel, we have options to create more than one parallel space and run processes in it, like jail, These are called as containers.
Linux kernel features behind containers:-
Using linux Kernel features like Namespace, Cgroup, chroot and UnionFS, host Linux kernel can split it’s resources and provide the isolated space to run a process.
Namespaces → This feature isolates below terms from host and other containers.
- Mount — isolate filesystem mount points.
- UTS — isolate hostname and domain name.
- IPC — isolate interprocess communication (IPC) resources.
- PID — isolate the PID number space.
- Network — isolate network interfaces.
- User — isolate UID/GID number spaces.
Cgroups → limits resources like CPU, memory, network...
Chroot → change the root directory for specified process and its child processes.
UnionFS → layered File system. docker images are created as immutable layer and data are persisted on mutable layer. Mutable layer can be mount to local storage or external cloud store. it help for effective reuse of docker image and data management.
If containers share host operating systems, then
Why do we have operating system images(Container OS) on docker registries?
Even though Containers are running on same machine, OS utilities and libraries are not available, because of its isolation(Namespace). So Containers cannot access softwares installed on Host OS. so we have to configure required software for each docker container as docker image in Dockerfile.
What exactly is operating systems image(Container OS)?
These images are not full fledged Operating systems, just a bunch of utilities/libraries.
Therefore, To run a container, we just need to load few utilities and libraries not entire operating systems.
Docker Container CLIs:-
Images — A blueprint or template, from which one or more than one containers can be created.
Most of the images are build based on Scratch image. It is like super parent image. Scratch doesn’t have any utility, it is empty image with zero size.
Docker image CLIs:-
Dockerfile:-
Docker image is created from Dockerfile. it has a set of vocabularies to execute processes with its dependencies independently.
Eventually, using container technology software can be created/changed, packed, tested and shipped quicker with less hurdles than traditional ways. It simplifies software business. programmable Platform (PaaS) accelerate software development and deployment(SaaS).
Thanks for reading… This is my understanding after using docker for few months. Feel free to comment your suggestions !!!
