Containers & Softwares
Containers are all about Software!
Traditionally we use the following process to run software:
- Find the software, usually a standalone web site.
- Download the software, usually a zip file or some sort of installer.
- Then we install the software, often extracting a zip file or running an installer.
- Then we run the installed software.
You can learn a lot about containers by relating them to the process above. Here's what it looks like to run software with containers:
- Find the software, on Docker Hub.
- Download the software with docker pull, comes down as an image which is much like a zip file or msi installer. An image is an application packaging format.
- Instead of installing the software, we create a container. So, a container--a stopped container--is like installed software. Docker unpacks the image onto the computer, creating a container. Note: if you just want to create a container, you can use docker create.
- Then we run the container which is exactly like running an exe. It's the same thing under the covers!!!
We often use docker run to orchestrate all of these steps with one command, how convenient!
docker exec can be thought of as running another copy of our installed software, like when we launch an executable twice. For example, two copies of Microsoft Word. Or with MongoDB, we might run two mongo clients. After a container is created and running, we can use docker exec to run multiple applications, or multiple copies of the same app, inside the container.
Why Docker?
With traditional softwares, we are faced with many challenges, such as:
Software Discovery
Problems:
-
Where to get software?
- App stores
- Package Managers
- Standalone Websites
- Software Stats and Metadata
- Trust and Security
- Download Availability
- Payment & Licensing
Solution:
- Where:
With Docker, we have just one place to go to get our software: Dockerhub.com. Here you can find any popular software repository that holds images you can download and use.
- Stats and Metadata:
Dockerhub provides download stats and data on how many people likes a software. Softwares have documentation and other instructions on use. There is provision for comments too from images users.
- Trust and security:
Dockerhub has what's called Official Images that Docker Inc certifies. On the Tags page of these images you can find the result of security scans on these images, showing discovered vulnerabilities, if any.
- Download Availability:
DockerHub can be relied upon to provide access to our software images for download. No need to search the whole internet for a simple software.
- Payment and Licensing:
DockerStore is a new way of accessing and paying for commercial images.
Software Installation:
Problem:
- Is it compatible? Is it cross-platform?
- What format is it?
- How to install?
- What did it install?
- Updates/uninstall
Solution:
- Compatibility:
With Docker you no longer need to worry if software is cross-platform as you can run Linux containers on windows and vice-versa.
- Format:
This is all taken care of in the Image for you. You can decide to peek into how the image was built by visiting Dockerhub page and inspecting the Dockerfile.
- Installation:
No more lengthy instructions on how to install a software. Just Docker Run.
- What was installed:
The publicly available Dockerfile can be access to find out what exactly was installed in a container.
- Updates/Uninstall
Docker remove command is used to uninstall software. As for updates, you can easily pull down an updated image. Images are tagged, making its update and versioning consistent and easier to understand and follow.
All other problems such as documentation, where its installed, starting service, stopping application, licensing, installing dependencies, and security, are equally taken care of by docker. Docker run starts all needed dependencies and performs all needed configs.
Breaking Changes
This used to be a huge one. An application update, operating system patch or upgrade of a shared library meant an end to a properly function software in the past. No more. Docker solves this as well.
Installation
Docker’s installation is very straightforward.
- Visit: https://docs.docker.com/get-docker/
- Click on your host type, Mac, Windows or Linux
- Follow the simple installation instruction to get started.
- On Ubuntu, the installation can be as simple as running:
Sudo apt install docker.io
Make sure your machine has support for virtualization. If you’re running a windows machine, ensure it has Hyper-V as this is the technology Docker leverages to function. You might have to turn-on the support in the machine’s BIOS.
Working with Docker
Common commands
| Docker Command | |
|---|---|
| After installation, use the following to check the success of the process: | Docker version Or Docker info |
| To start a container | Docker start < container-identifier> |
| To view all running containers in docker, you use the Process Status command: | Docker ps |
| To view all containers running or not: | Docker ps -a |
| To view all images, use: | Docker images |
| To run a container, you use: | Docker run |
| To start a container | Docker start |
| To stop a running container: | Docker stop |
| To uninstall a container: | Docker rm |
| To remove an image: | Docker rmi |
| To run another instance of an image: | Docker exec |
| To create a container | Docker create < container-identifier> |
| To search for an image | Docker search |
| To find all details about a container or image | Docker inspect |
Docker Demystification
Enter the following docker command into your terminal
docker run msoap/ascii-art cowsay 'Hello'
If you’re running this for the first time, this will:
- Download the software Image of Ascii-art from the msoap repository in Dockerhub.
- When this process is done, it’ll extract the files it just downloaded,
- Docker will the create a container and start up the application
- The ‘cowsay’ argument of the Ascii-art app takes a string input that it will display.
Attaching the “-rm” tag after the run, removes the container whenever it is done running.
Run the following to test:
docker run --rm -it wernight/funbox asciiquarium
To close the animation/container press Ctrl + C.
Inverted Learning
Execute this in your terminal:
Docker run -p 80:80 nginx
The -p flag specifies the port Docker should forward from the container it’ll launch to which port in your host machine.
This command pulls down Nginx server in layers. Since this comes in a compressed form to save bandwidth, docker then extracts them to save time in subsequent runs. Finally, docker starts the Nginx server and does the port forwarding.
A simple process like installation and configuration of Nginx server can take a considerable length of time, and require some level of expertise. With Docker, all you have to do is run a line of command and the process is set up. This is called Inverted Learning.
With Inverted learning one does not need to understand a technology to use it. With the Nginx example above, with just one line of code, you can have Nginx up and running, even without knowing how to set it up traditionally.
This enables people to preview/use software and decide if they want to invest the time to learn it, saving wasted time.
Images, and containers
In a Windows parlance, an image can be likened to a downloaded software in say, .zip format. By extracting this software, we can access the ‘.msi’ or ‘.exe’ we can use to install our software. The same with docker. To download a software we use:
Docker pull <image-name:tag>
This downloads the file to our machine. If we do not specify a tag in our image identifier, the ‘latest’ tag is automatically used. I.e. .
When we execute:
Docker run <image-name>
docker looks for the specified image locally first, and on locating it, it’ll extract it, create a container and run the app image inside it.
A container is essentially a running instance of an image, the same way a running application is an instance of its installer file. Traditionally, we can’t install an application without its installer. In docker, when we execute the run command with an image name, docker first searches locally in our machine for the image, if not found, it proceeds to search Dockerhub. If the image is found, it’ll download, extract, install and run the image.
Just as we can close a running application, we can also terminate a running container with:
Docker stop <container-name>
This doesn’t remove the container but merely stops its execution. To confirm this, you can use the command:
Docker ps -a
This shows you all your docker equivalent of installed applications, both running and terminated, with their running status specified.
If you want to ‘uninstall’ a container, you can use:
Docker rm <container-identifier>
The container identifier can be the ID or name. The full ID doesn’t need to be supplied, just enough to uniquely identify the container is enough. The output of this command is an echo of the affected container(s). To remove all containers, consider using:
Docker rm $(docker ps -aq)
This echoes out all the affected container IDs. The additional -q flag ensures only the container IDs are supplied to the rm command.
Just as uninstalling a software in Windows doesn’t delete its downloaded installer, so also does removing a container doesn’t remove its image. To view all pulled images use:
Docker images -a
To remove the image, you use:
Docker rmi <image-identifier>
The identifier can be the image ID or the repository name. Running this command spits out a lot of outputs. This is because an image is often layered and while removing them, each layer must be deleted for the images to go.
Isolation
Containers take isolation to a whole new level, and understandably so.
Let us step back and examine a running application. A running software is made up of the following layer:
- The Application (with supporting runtimes and frameworks)
OS Apps—cmd, powershell, etc
The libraries (dependencies, etc.)
Kernel, drivers
Hardware
When an image is pulled down, it contains the needed files in the User space. This is to ensure the application has access to all libraries, components and dependencies it’ll need. This is what makes the image large most times as it attempts to err on the part of being over careful. And well, sometimes you never know what else an application might be needing, so why not have it all.
Since it’s the Kernel that has full access to the machine’s computing resources, the software makes all request through API calls to the Kernel. The Kernel is responsible for telling the running container all the processes, network or files that it can see. This isolation enable container to be more independent and to not compromise the host system. It’s basically the Kernel lying to containers in order to provide security to the host.
All containers are processes with the same Process ID in a host system. Processes inside a container can only see and interact with processes within the same container.
Drive Mounting
In docker, there are times when we need a container to interact with files in a host machine. This can be to process, access or output data. To achieve this, we use the Drive mounting feature of docker:
Docker run -v c:/users/folder_to_share:/data
This command mounts the c:/users/folder to the container’s /data folder thanks to the -v (volume) flag. This way we can specify some extra command that can perform the desired operation.
Docker run –rm -v c:/Users/folder:/data alpine ls /data
Mounting is the process of adding a reference to a host filesystem for permission to access some host files.
Docker Docs
You can get the docker docs for local reference with:
Docker run -p 4000:4000 -d docs/docker.github.io
The -d flag is for it to run in detached mode. When the process is done, you can access the full docker docs in your browser at http://0.0.0.0:4000
Thanks for your time!
Top comments (2)
Great post! 🙌
One remark though on this statement here:
This is not actually true, as the containers have a strict dependency on the host operating systems kernel, it is not possible to run Windows Server containers on a Linux host operating system.
"docker exec can be thought of as running another copy of our installed software" maybe this would be better described as docker exec can be thought of as running a single shell command, it certainly won't run an extra copy of a docker container