What is Docker and what is it used for

Docker, a tool for Modern Application Management

In the field of application development and management, Docker has quickly gained popularity as an indispensable tool. This containerization technology has revolutionized the way applications are developed, deployed and managed, offering an efficient, portable and scalable solution.

What is Docker?

It is an open-source platform that simplifies the creation, deployment and execution of applications within containers. A container is an isolated environment that includes everything needed to run an application, such as code, libraries, dependencies and environment variables. Unlike virtual machines, containers share the kernel of the host operating system; this makes them much lighter and faster to boot.

Container vs. Virtual Machine

Virtual machines (VMs) and containers are two solutions for running applications in isolated environments, but there are fundamental differences in how they operate and how they manage system resources.

What is a virtual machine? As well explained here.

Virtual machines are software that offer the same functionality as physical computers. The most important idea is that a virtual machine mimics a complete operating system, including the kernel, by “simulating” (somewhat) the hardware resources available to the system.

A container, on the other hand, relies on the kernel of the host operating system, reproducing and isolating only what is needed to run the application layer.

Virtual Machine (VM)

Some features that virtual machines exhibit:

  • Isolation: VMs provide complete isolation between the guest operating system and the host. Each VM includes its own operating system, kernel and virtualized resources such as CPU, memory, storage and network interfaces.
  • Weight: VMs are heavier as they include a complete operating system. Each VM requires duplication of all components, including the operating system, drivers, and libraries.
  • Startup and Shutdown: The startup time of a VM is longer than that of a container, as it requires the complete loading of an operating system.
  • Resources: VMs may require more resources in terms of memory and storage, as each VM has its own separate operating system. VMs may consume more resources since they run full operating systems.
Container

Recall that containers share the kernel of the host operating system and create only the components needed to run the application, i.e., they isolate only the application, dependencies, and processes.

This fundamental characteristic results in the following properties:

  • Isolation: Each container is a separate instance of the application, but it shares the kernel and other components of the host operating system.
  • Weight: Containers are lightweight since they do not include a full operating system.
  • Start and Stop: Containers start and stop quickly since they do not have to start a full operating system.
  • Resources: Containers require fewer resources than VMs because they do not need to run a separate kernel or other components that are already on the host operating system. Containers are more resource-efficient because they can be started on a leaner system.
When to choose a VM or Container
  • VMS: They are best suited for applications that require complete isolation and need to run different operating systems. For example, in scenarios where different versions of operating systems or legacy applications need to run.
  • Container: They are best suited for distributed applications, microservices and development environments where resource efficiency and start/stop speed are crucial. They are ideal for microservice-based application development, staging and production environments.

How does Docker work?

Docker uses the concept of containerization to isolate and manage applications in lightweight, portable environments. Let’s see how it works from a technical perspective: it uses a client-server approach: the Docker client communicates with the Docker daemon, which manages the containers. Docker containers are created from images, which are lightweight layers that contain the application code and all its dependencies.

These images can be shared through Docker Hub, which is a public image registry, they can be saved in a private image registry, or they can be created and managed locally.

Docker behind the scenes

We may wonder how it is possible for a container to achieve somewhat similar isolation to virtual machines without recreating its own system and kernel. This is done by exploiting features of the Linux kernel that allow it to isolate processes and limit resources: namespaces. Namespaces in Linux allow you to isolate a process, a network resource, a filesystem; these features cause some processes in the system to run in an isolated environment, meaning they have no access to other processes and resources other than those assigned to them.

From the Linux documentation, we present some namespaces and the isolation they allow:

Architecture of Docker

Docker daemon:
  • The daemon (dockerd) is a background process that manages the creation, execution, and deployment of containers.
  • The daemon communicates with the Docker client via REST API and manages container operations.
Docker client:
  • The Docker client (docker) is a command-line interface or GUI that allows users to interact with the Docker daemon.
  • Users use the client to give commands to the daemon, such as creating new containers or managing images.
Docker Images:
  • A Docker image is a lightweight, self-sufficient snapshot of a file system that includes application code, libraries, dependencies, environment variables, and other elements needed to run the application.
  • Images are the basis from which containers are created.
  • Images can be saved and shared on online Docker registries, which allow them to be published (with more or less restricted access) and downloaded.
Docker Containers:
  • Containers are running instances of a Docker image. Each container is an isolated environment running a specific application.
  • Containers share the kernel of the host operating system but are separate in terms of file system, processes and resources.

Here is how the presentation page of the official documentation summarizes the architecture in an image:

As the Docker documentation reports:

The Docker client and Docker daemon can run on the same system or a Docker client can be connected to a remote Docker daemon. The client and daemon communicate using a REST API, via UNIX sockets or a network interface.

Docker images

A Docker image is a template that allows the creation of a container (cf. the documentation). In the image, you can include the files and programs that are to be present in the container, and you can specify the command that will be executed by the container at startup and any ports it is to expose on its network interfaces.

An image can be tagged, that is, we assign it a tag or identifier that specifies the version of the image. In this way, we can have multiple images for the same software, for example: we might have multiple images for ubuntu, specified in the name after the colon sign : as follows: ubuntu:mantic or ubuntu:noble. Usually, we use the latest tag to specify the most recent version of an image.

Volumes

Although containers can create, update and delete files, these changes are lost when the container is removed-Docker isolates all changes made to that container. With volumes you can change this behavior.

Volumes provide the ability to connect specific paths in the container’s file system to the host computer. If you mount a directory in the container, changes in that directory will also appear on the host machine. If you mount the same directory during container restarts, you would see the same files.

There are two main types of volumes:

  • A volume mount is the optimal choice when a persistent location in which to store application data is needed; usually, access from the host system to this data is not a recurring need.
  • A bind mount is another type of mount, which allows a directory to be shared from the host filesystem into the container. When working on an application, a bind mount can be used to mount source code in the container. The container immediately sees changes made to the code as soon as a file is saved. This means that you can run processes in the container that check for and respond to changes in the filesystem.

The following table, taken from the documentation, illustrates the main differences between volume mounts and bind mounts.

What is Docker Desktop

Docker Desktop is an application that can be installed in a Windows or Mac environment to create and share containerized applications.

Docker Desktop includes:

Advantages of Docker
  • Portability: Using Docker, development environments can be replicated exactly in production, eliminating “it works on my computer” problems.
  • Efficiency: Containers share the host operating system kernel, which makes them lighter and faster than virtual machines.
  • Isolation: Containers allow applications to be isolated, ensuring that a change in one container does not affect others.
  • Scalability: Containers can be easily scaled to multiple hosts, either manually or with orchestration tools such as Swarm or Kubernetes.

In summary, this software simplifies the deployment of applications, ensuring that they run consistently in different environments. The lightweight and flexible architecture has made Docker a key tool in the development and management of modern applications.

Conclusion

In conclusion, Docker and its related technologies have changed the way applications are developed, deployed, and managed. In addition, it is a tool that greatly facilitates the management of cloud-based applications and architectures. The use of containers offers great advantages in terms of portability and scalability; the cost required is quite manageable: understanding how to work with the APIs of this powerful product, how to use the client and interface to the daemon.

At AIknow, thanks to container-based deployment, we are able to install it both in the cloud and on premises, for example, we have used this product for the implementation of a MES or to the implementation of a COIL management/monitoring platform.

WE ARE READY, PUT US TO TEST!

Related Posts

Yocto Project Summit 2023

Over the course of three days, we participated in the Yocto Project Summit 2023 The Yocto Project community presented the new features to us, designed…

Read More »

Cosa è kasm

What is Kasm Kasm is a platform specializing in providing secure browser-based workspaces for a wide range of applications and industries. Its main goal is…

Read More »

aiknow-logo

BROCHURE
BROCHURE