Scribd
Upload
18 views

1docker Notes

Docker uses namespaces and control groups (cgroups) to provide isolation between containers. Namespaces isolate resources like networking, filesystems, users/groups, etc to separate containers. Cgroups limit resources like CPU, memory, storage for containers. The docker info command displays system information about the Docker daemon like images, containers, storage driver, kernel version. A Docker image consists of a filesystem snapshot and a start up command. Containers run as isolated processes on the host machine using the image.

Uploaded by

Test
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
18 views

1docker Notes

Docker uses namespaces and control groups (cgroups) to provide isolation between containers. Namespaces isolate resources like networking, filesystems, users/groups, etc to separate containers. Cgroups limit resources like CPU, memory, storage for containers. The docker info command displays system information about the Docker daemon like images, containers, storage driver, kernel version. A Docker image consists of a filesystem snapshot and a start up command. Containers run as isolated processes on the host machine using the image.

Uploaded by

Test
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Table of Contents

Docker Introduction ...................................................................................................................................1


Namespacing: ........................................................................................................................................1
Types of Namespaces .......................................................................................................................2
Control Group (cgroup).........................................................................................................................2
$docker info command ..............................................................................................................................3
Quick glance at docker image:...................................................................................................................3
Docker Container commands.....................................................................................................................4
Docker image commands.........................................................................................................................10
Creating new image: ................................................................................................................................11
Most useful commands in Dockerfile .................................................................................................13
ARG and ENV Availability............................................................................................................16
Multi-step image .................................................................................................................................16
Shell and Exec Form ...........................................................................................................................17
Docker network:.......................................................................................................................................17
Docker compose: .....................................................................................................................................18
The Dot-Env File (.env) ......................................................................................................................21
Setting ARG Values in docker-compose .............................................................................................21
Different ways to set environment variables ...........................................................................................22
1. Provide values one by one ..........................................................................................................22
2. Pass environment variable values from your host......................................................................22
3. Take values from a file (env_file) ..............................................................................................23
Restart policies (--restart) ........................................................................................................................24

Docker Vs VM
1. Docker image is smaller. Docker size is in megabytes vs VM size is typically in Gigabyte
2. Docker containers starts and run much faster.
3. VM of any OS can run on any OS host
4. Docker uses Host OS kernal vs VM uses its own kernal on top of host OS.
5. Docker uses operating system level virtualization as it uses host sytem to talk to kernal and
hardware.
6. VMs are hardware level virtualization as it brigs its own kernal to talk to the harware.
7. In docker we do process isolation.
Docker Introduction
Namespacing Vs CGroup
Namcepsace- Isolate resources per process or group like programs (different versions of java)
CGROUP - limit amount of resoures per process like CPU, Memory, HDD, and network

Namespacing:
isolating resources per process (or group of processes). Example: what portion of hard disk,
which harddisk or mount path to use. Which users to use. Which hostnames and which network
to use etc. which process to use as well for example if we have two version of java installed but
one application need java 8 and other need Java11 then these can be defined and isolated using
namespace to avoid version conflict.

“Namespaces are a feature of the Linux kernel that partitions kernel resources such that one
set of processes sees one set of resources while another set of processes sees a different set of
resources.”
It means two isolated processes work similar to running in two different systems with no
knowledge about each others
In other words, the key feature of namespaces is that they isolate processes from each other. On
a server where you are running many different services, isolating each service and its associated
processes from other services means that there is a smaller blast radius for changes, as well as a
smaller footprint for security-related concerns.
Types of Namespaces
Within the Linux kernel, there are different types of namespaces. Each namespace has its own unique
properties:
• A user namespace has its own set of user IDs and group IDs for assignment to processes. In
particular, this means that a process can have root privilege within its user namespace without
having it in other user namespaces.
• A process ID (PID) namespace assigns a set of PIDs to processes that are independent from the
set of PIDs in other namespaces. The first process created in a new namespace has PID 1 and
child processes are assigned subsequent PIDs. If a child process is created with its own PID
namespace, it has PID 1 in that namespace as well as its PID in the parent process’ namespace.
See below for an example.
• A network namespace has an independent network stack: its own private routing table, set of IP
addresses, socket listing, connection tracking table, firewall, and other network-related
resources.
• A mount namespace has an independent list of mount points seen by the processes in the
namespace. This means that you can mount and unmount filesystems in a mount namespace
without affecting the host filesystem.
• An interprocess communication (IPC) namespace has its own IPC resources, for example
POSIX message queues.
• A UNIX Time-Sharing (UTS) namespace allows a single system to appear to have different
host and domain names to different processes.

Control Group (cgroup)


Limit amount of resources used per process
like memory, CPU, HD I/O, network bandwith
A control group (cgroup) is a Linux kernel feature that limits, accounts for, and isolates the resource
usage (CPU, memory, disk I/O, network, and so on) of a collection of processes.
Cgroups provide the following features:
• Resource limits – You can configure a cgroup to limit how much of a particular resource
(memory or CPU, for example) a process can use.
• Prioritization – You can control how much of a resource (CPU, disk, or network) a process can
use compared to processes in another cgroup when there is resource contention.
• Accounting – Resource limits are monitored and reported at the cgroup level.
• Control – You can change the status (frozen, stopped, or restarted) of all processes in a cgroup
with a single command.
So basically you use cgroups to control how much of a given key resource (CPU, memory, network,
and disk I/O) can be accessed or used by a process or set of processes. Cgroups are a key component of
containers because there are often multiple processes running in a container that you need to control
together. In a Kubernetes environment, cgroups can be used to implement resource requests and limits
and corresponding QoS classes at the pod level.

$docker info command


Description:
1. This command displays system wide information of the docker server which is
running on your system.
Few imports details which command is providing as follow:
1. Containers count and its stats
2. Images count
3. Server Version which is installed
4. Storage Driver
5. Swarm active/inactive details
6. Kernal Version
7. Operating System
8. CPUS
9. Total Memory
10.Docker Root directory
11.Product License

Quick glance at docker image:


consist of two things:
→file system snapshot (includes binaries to run them. For example to run spring boot application we
need two things. One fat jar and java binary)
→ start up command.
Container
Image
java jar app.jar
File system snapshot Start up command (running process inside
Java, app.jar java jar app.jar container)

Kernel

RAM CPU Network

File system
Java, app.jar

We can override the start up command when creating new container.


$ docker run image_name new start up command
$ docker run busy-box echo hi
$ docker run busy-box ls
$ docker run busy-box ping www.google.com

docker run imageName = docker create imageName + docker start -a containerId

$ docker create image name


$ docker start -a container Id → to start the existing container which is in stopped state

$ docker system prune → this command will remove


→ all the stopped containers
→ all networks not used by at least one containers
→ all dangling images
→ all build cache

Docker Container commands


List containers $ docker ps → list only running
containers

$ docker ps -a → list running


and stopped containers

$ docker ps -q → list only


running container Ids
Create and Run docker run --name mycontainer
imageToUse

this command pulls the image


from the remote repository if the
host system does not have the
image locally and then create a
container

kubectl run podName --image


imageToUse
Create and Run in detached docker run -d imageName docker run -d redis
mode

You might also like