{"id":5487,"date":"2015-12-26T23:42:55","date_gmt":"2015-12-26T15:42:55","guid":{"rendered":"http:\/\/rmohan.com\/?p=5487"},"modified":"2015-12-28T12:17:18","modified_gmt":"2015-12-28T04:17:18","slug":"docker","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=5487","title":{"rendered":"docker"},"content":{"rendered":"

Docker is an open platform for Sys Admins and developers to build, ship and run distributed applications. Applications are easy and quickly assembled from reusable and portable components, eliminating the silo-ed approach between development, QA, and production environments.<\/p>\n

Individual components can be microservices coordinated by a program that contains the business process logic (an evolution of SOA, or Service Oriented Architecture). They can be deployed independently and scaled horizontally as needed, so the project benefits from flexibility and efficient operations. This is of great help in DevOps<\/p>\n

\"docker-model\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

At a high-level, Docker is built of:<\/p>\n

– Docker Engine: a portable and lightweight, runtime and packaging tool<\/p>\n

– Docker Hub: a cloud service for sharing applications and automating workflows<\/p>\n

There are more components (Machine, Swarm) but that’s beyond the basic overview I’m giving here.<\/p>\n

 <\/p>\n

Containers are lightweight, portable, isolated, self-sufficient “slices of a server” that contain any application (often they contain microservices).<\/p>\n

They deliver on full DevOps goal:<\/p>\n

– Build once\u2026 run anywhere (Dev, QA, Prod, DR).<\/p>\n

– Configure once\u2026 run anything (any container).<\/p>\n

 <\/p>\n

Processes in a container are isolated from processes running on the host OS or in other Docker containers.<\/p>\n

All processes share the same Linux kernel.<\/p>\n

Docker leverages Linux containers to provide separate namespaces for containers, a technology that has been present in Linux kernels for 5+ years. The default container format is called libcontainer. Docker also supports traditional Linux containers using LXC.<\/p>\n

It also uses Control Groups (cgroups), which have been in the Linux kernel even longer, to implement resources (such as CPU, memory, I\/O) auditing and limiting, and Union file systems that support layering of the container’s file system.<\/p>\n

 <\/p>\n

\"isolation\"<\/a><\/p>\n

Kernel namespaces isolate containers, avoiding visibility between containers and containing faults.\u00a0\u00a0 Namespaces isolate:<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 pid (processes)<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 net (network interfaces, routing)<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 ipc (System V interprocess communication [IPC])<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 mnt (mount points, file systems)<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 uts (host name)<\/p>\n

?\u00a0\u00a0\u00a0\u00a0 user (user IDs [UIDs])<\/p>\n

 <\/p>\n

\n

Containers or Virtual Machines<\/h4>\n<\/div>\n

Containers are isolated, portable environments where you can run applications along with all the libraries and dependencies they need.
\nContainers aren\u2019t virtual machines. In some ways they are similar, but there are even more ways that they are different. Like virtual machines, containers share system resources for access to compute, networking, and storage. They are different because all containers on the same host share the same OS kernel, and keep applications, runtimes, and various other services separated from each other using kernel features known as namespaces and cgroups.
\nNot having a separate instance of a Guest OS for each VM saves space on disk and memory at runtime, improving also the performances.
\nDocker added the concept of a container image, which allows containers to be used on any host with a modern Linux kernel. Soon Windows applications will enjoy the same portability among Windows hosts as well.
\nThe container image allows for much more rapid deployment of applications than if they were packaged in a virtual machine image.<\/p>\n

\"containersandvm\"<\/a><\/p>\n

 <\/p>\n

\n

Containers networking<\/h4>\n<\/div>\n
When Docker starts, it creates a virtual interface named docker0 on the host machine.
\ndocker0 is a virtual Ethernet bridge that automatically forwards packets between any other network interfaces that are attached to it.
\nFor every new container, Docker creates a pair of \u201cpeer\u201d interfaces: one \u201clocal\u201d eth0 interface and one unique name (e.g.: vethAQI2QT), out in the namespace of the host machine.
\nTraffic going outside is NATted<\/div>\n
<\/div>\n
\"docker-network0\"<\/a><\/div>\n
\n
\n

ou can create different types of networks in Docker:<\/p>\n

veth<\/b>: a peer network device is created with one side assigned to the container and the other side is attached to a bridge specified by the lxc.network.link.<\/p>\n<\/div>\n

vlan<\/b>: a vlan interface is linked with the interface specified by the lxc.network.link and assigned to the container.<\/p>\n

phys<\/b>:\u00a0 an already existing interface specified by the lxc.network.link is assigned to the container.<\/p>\n

empty<\/b>: will create only the loopback interface (at kernel space).<\/p>\n

macvlan<\/b>:\u00a0 a\u00a0 macvlan interface is linked with the interface specified by the lxc.network.link and assigned to the container.\u00a0 It also specifies the mode the macvlan will use to communicate between\u00a0 different macvlan on the same upper device.\u00a0 The accepted modes are: private, Virtual Ethernet Port Aggregator (VEPA) and bridge<\/p>\n

Docker Evolution – release 1.7, June 2015<\/h3>\n

Important innovation has been introduced in the latest release of Docker, that is still experimental.<\/p>\n

Plugins<\/h4>\n

A big new feature is a plugin system for Engine, the first two available are for networking and volumes. This gives you the flexibility to back them with any third-party system.
\nFor networks, this means you can seamlessly connect containers to networking systems such as Weave, Microsoft, VMware, Cisco, Nuage Networks, Midokura and Project Calico.\u00a0 For volumes, this means that volumes can be stored on networked storage systems such as Flocker.<\/p>\n

Networking<\/h4>\n

The\u00a0 release includes a huge update to how networking is done.
\n<\/span>\"CNM\"<\/a><\/p>\n<\/div>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Docker is an open platform for Sys Admins and developers to build, ship and run distributed applications. Applications are easy and quickly assembled from reusable and portable components, eliminating the silo-ed approach between development, QA, and production environments.<\/p>\n

Individual components can be microservices coordinated by a program that contains the business process logic (an evolution […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5487"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5487"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5487\/revisions"}],"predecessor-version":[{"id":5495,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5487\/revisions\/5495"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}