What is Docker used for?
- Operate service software with dynamic scaling requirements
- Deploy software with Docker can help reduce customer impact
- Build pipelines and create more robust functional testing environments
Start an APP from Build
cd into the directory contains a
docker build --tag app-name .
. at the end denotes that a
Dockerfile is at the current directory.
Dockerfile Example :
# Use the official image as a parent image. FROM node:current-slim # Set the working directory. WORKDIR /usr/src/app # Copy the file from your host to your current location. COPY package.json . # Run the command inside your image filesystem. RUN npm install # Inform Docker that the container is listening on the specified port at runtime. EXPOSE 8080 # Run the specified command within the container. CMD [ "npm", "start" ] # Copy the rest of your app's source code from your host to your image filesystem. COPY . .
**Dockerfile Reference **: https://docs.docker.com/engine/reference/builder/
The file uses
WORKDIR to specify that all subsequent actions should be taken from the directory
/usr/src/app in your image filesystem (never the host’s filesystem).
Now we can run this app by a
docker run command.
docker run --publish 8000:8080 --detach --name bb bulletinboard:1.0
--publishasks Docker to forward traffic incoming on the host’s port 8000, to the container’s port 8080. Containers have their own private set of ports, so if you want to reach one from the network, you have to forward traffic to it in this way. Otherwise, firewall rules will prevent all network traffic from reaching your container, as a default security posture.
- local : 8000
- container : 8080
--detachasks Docker to run this container in the background.
--namespecifies a name with which you can refer to your container in subsequent commands
The running state of a container is directly tied to the state of a single running program inside the container. If a program is running, the container is running. If the program is stopped, the container is stopped. Restarting a container will run the program again.
When you use
docker run the second time, it creates a second container from the same repository. This means that if you repeatedly use docker run and create a bunch of containers, you’ll need to get a list of the containers you’ve created and maybe at some point destroy them.
Docker containers don’t use any hardware virtualization. Programs running inside Docker containers interface directly with the host’s Linux kernel.
Virtual machines provide hardware abstractions so you can run operating systems. Docker for Mac and Windows users, and almost all cloud computing users, will run Docker inside virtual machines.
Running Docker means running two programs in user space.
- Docker engine
- Docker CLI : This is the Docker program that users interact with. If you want to start, stop, or install software, you’ll issue a command by using the Docker program.
Further more, each is running as a child process of the Docker engine, wrapped with a container, and the delegate process is running in its own memory subspace of the user space. Programs running inside a container can access only their own memory and resources as scoped by the container.
Docker keeps things organized by isolating everything with containers and images.
What's more, containers limit the scope of impact that a program can have on other running programs, the data it can access, and system resources.
The 10 Major System Features Docker Use
- PID namespace— Process identifiers and capabilities
- UTS namespace— Host and domain name
- MNT namespace— Filesystem access and structure
- IPC namespace— Process communication over shared memory
- NET namespace— Network access and structure
- USR namespace— User names and identifiers
- chroot syscall—Controls the location of the filesystem root
- cgroups— Resource protection
- CAP drop— Operating system feature restrictions
- Security modules— Mandatory access controls
Docker uses those to build containers at runtime, but it uses another set of technologies to package and ship containers.
The component that fills the shipping container role is called an image. A Docker image is a bundled snapshot of all the files that should be available to a program running inside a container. And images are the shippable units in the Docker ecosystem.
Docker provides a set of infrastructure components that simplify distributing Docker images. These components are registries and indexes. You can use publicly available infrastructure provided by Docker Inc., other hosting companies, or your own registries and indexes.
- Docker takes a logistical approach to solving common software problems and simplifies your experience with installing, running, publishing, and removing software. It’s a command-line program, an engine background process, and a set of remote services. It’s integrated with community tools provided by Docker Inc.
- The container abstraction is at the core of its logistical approach.
- Working with containers instead of software creates a consistent interface and enables the development of more sophisticated tools.
- Containers help keep your computers tidy because software inside containers can’t interact with anything outside those containers, and no shared dependencies can be formed.
- Because Docker is available and supported on Linux, macOS, and Windows, most software packaged in Docker images can be used on any computer.
- Docker doesn’t provide container technology; it hides the complexity of working directly with the container software and turns best practices into reasonable defaults.
- Docker works with the greater container ecosystem; that ecosystem is rich with tooling that solves new and higher-level problems.
- If you need help with a command, you can always consult the docker help subcommand.