Are you new to Docker? If yes, then you are here for the treat. Docker allows you to deploy, run and test your applications easily in any operating system in no time.
In this Ultimate Docker tutorial for Beginners, learn Docker, docker container, and everything about Docker? Still interested?
Let’s get started.
Table of Content
- What is docker?
- Why Docker (docker vs vm or docker containers vs virtual machines)?
- What is a docker images?
- What is a Docker container?
- Docker vs Hypervisor
- what is containerd?
- containerd vs docker
- Docker Architecture
- Docker commands for devops engineer
If you’d like to follow along step-by-step, you will need the following installed:
- Ubuntu machine with Docker installed. This tutorial uses Ubuntu 21.10 machine.
- Docker v19.03.8 installed.
What is docker?
Docker is an open-source platform that allows you to deploy, run and ship applications. With Docker, it takes no time to deploy, run and test your applications anywhere in different operating systems. It is a lightweight, loosely isolated environment. It has a better cost-effective solution than a hypervisor virtual machine as you can use more compute resources.
Docker is written in the Go programming language and takes advantage of several features of the Linux kernel to deliver its functionality.
Docker provides the ability to package and run an application in a loosely isolated environment called a container. Containers are lightweight and contain everything needed to run the application, so you do not need to rely on the host.
Why Docker (docker vs vm or docker containers vs virtual machines)?
In this section, you will learn why you need docker and the difference between docker vs. VM by understanding docker vs. VM performance.
Virtual machine without Docker: The Operating system is dependent on hardware and is installed on it. But when you are hosting your applications directly on the operating system, applications depend on different libraries and other compatible issues. So, when you have two or more applications, it becomes difficult to manage so many microservices and takes a long time to step up.
Virtual machine with Docker engine: Now, this time, you are hosting your applications on Docker rather than directly on the operating system, so applications have their own libraries and dependencies. So, when you have two or more applications, it’s easier to manage as it has its own isolated environment and doesn’t break anything due to compatibility issues.
Containers have extra benefits such as:
- Easy to create container image rather than VM image.
- Container images are portable and can run on Ubuntu, RHEL, on-premises, public clouds, etc.
- predictable application performance.
What is a docker images?
Docker images basically contain a set of instructions for creating docker containers. Docker images are available in the docker hub’s public registry, and you can also customize the image by adding more instruction in a file known as the docker file.
Docker Images are binary data or package that contains the application and all its software dependencies and runtimes.
To find the docker images on the docker hub, find the image in the search box. For example, to find the docker image nginx.
What is a Docker container?
Docker applications run inside a lightweight environment known as docker containers, and you can run multiple containers in the host such as windows, Linux, or macOS. Docker containers are also known as runnable instances of a docker image. You can create, delete, stop, start docker containers at any time.
All the container contains their own services, networking interferences, processes, mounts, etc., but they all share the same OS Kernel, i.e., docker containers share the same kernel.
For example, Ubuntu, Fedora, centos all have the same OS kernel, i.e., Linux but have different software (UI, drivers, file manager, compilers). That is why Linux has so many flavors available, as some are different in GUI or as the command lines.
Docker container sharing the same kernel means: If you have docker installed on ubuntu machine, in that case you are allowed to run docker containers based on Ubuntu, Fedora, centos images as the underlying operating system kernel is same.
Virtual machines doesnt depend on underlying Operating system or kernel and can run any application on the same hypervisor.
OS kernel : OS kernel manages the operations of memory and CPU time. It is core component which acts as a bridge between applications or software’s and data processing performed at hardware level using system calls.
- You cannot run Windows based container in the Linux based OS Kernel. For that you will require docker on windows such as docker desktop.
- You can run Linux based container in windows based OS kernel but actually you are using Linux virtual machine on top of windows and then running Linux based container on Linux virtual machine.
In the below example: Docker can run any container based on Ubuntu, Fedora, or Centos as the underlying OS kernel is ubuntu. So the Containers share all the networking and other OS things from the kernel, but only software is installed on the container.
Docker vs Hypervisor
As you read earlier, Docker containers have only one underlying operating system that helps in cost optimization, utilization of resources, disk space, and less time to boot.
With Hypervisor, you have so many operating systems to work ( or many kernels) with that increases the overall load, disk size, utilization of resources, and also take more time to boot.
There are two docker editions: the community edition and the enterprise edition. The community edition is free and present in windows, Linux, macOS, and cloud( AWS or Azure ). Enterprise Edition comes with more features such as image security image management.
What is containerd?
containerd is an industry standard container runtime which emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and windows which manages container lifecycle. Its a container runtime which has command line tool ctr which comes with containerd.
You can install containerd by your own without needing docker and manage the docker containers- using the ctr command line. This is also used for debugging purpose
ctr ctr image pull docker.io ctr run docker.io
Note: Another tool compared to ctr is nerdctl (container runtime based) which also supports docker compose which is generally used to inspect and debug on containerd. Finally there is another command line tool which is also known as crictl which is based on kubernetes compatible runtime community.By default the priority of runtime is as below.
- Use the command to set the container runtime endpoint
Containerd vs docker
For containerization docker was the tool which was compared the best as compared to other tools such as rkt. Kubernetes introduced Container Runtime Interface ( CRI ) so that rkt or docker anyone of them can work with kubernetes. CRI follows Open Container Initiative protocol ( OCI ) which contains imagespec and runtimespec.
Docker shim was introduced in between because docker directly didnt connect with CRI so it was temporary way of connecting however another way was containerd acts as daemon which use to connect with CRI and now Containerd is a separate entity itself.
Docker uses a client-server architecture where the docker client connects to the Docker daemon, which performs all the functions such as building images, running containers, what is containerddistributing containers.
- Docker client connects to docker daemon using REST API over Unix sockets. For example, when you run the docker run command the docker client first connects to
docked daemonwhich performs the task. Docker daemons can also communicate with other daemons to manage containers.
- Docker Daemon:
dockerdis the docker daemon which listens to API requests and manages Docker objects such as images, containers, network, and volumes.
- Docker registries store docker images. Docker hub is the public registry that anybody can use. Using docker pull or docker run command images are pulled from Docker hub and using docker push they are pushed into docker hub.
Docker commands for devops engineer
In this section, you will be introduced to all the important docker commands that you should know. Knowing the docker command is important if you need to work with Docker engineers and docker containers. Let’s dive into it.
Docker run command
Docker run command is used to start a container and run a command in a new container.
- To run a container from
nginximage run the
docker runcommand as shown below.
- If docker contains the image on the system then it uses that to run the container else it will pull it from the docker hub and later for subsequent execution same image which got downloaded will be used.
- By default container runs in Foreground or in attached mode that means container will be attached to the console or the standard output of the docker container and you will see the output of web service on your screen.
Also you wont be able to do anything on the console even if you press clt +x it wont take any effect on the console.
docker run name_of_the_image docker run nginx
- To run a container from hello-world image, run the following command.
docker run hello-world
- To run a container from ubuntu image.
In this case, the container starts and exits immediately. Unlike virtual machines, docker is not supposed to host the operating system; instead, they are supposed to run any web application or specific tasks or web server.
docker run ubuntu
- To run a container from ubuntu image and keep the container running you can allow container to sleep for particular time from an ubuntu image.
docker run ubuntu sleep 5000
- To run a container from ubuntu image or centos image and keep the container running run the execute command on the container directly followed by cat /etc/*release* but container will exit after you log out from the container as it is not doing anything or running any service.
Like Python in general if application prompts you to provide input then Dockerzing the application wouldn’t wait for the prompt it just prints the output on the standard output that is STDOUT and exists because by default container doesn’t listhen to the standard input even though you are attached to the console.
iflag indicating you’d like to open an interactive SSH session to the container. The
iflag does not close the SSH session even if the container is not attached. The
tflag allocates a pseudo-TTY which much be used to run commands interactively.
-it ( attaches input and terminal to the container)
docker run -it centos bash cat /etc/*release*
- To run a container in detached mode or in the background and you will get the prompt immediately as container starts. With this mode you need to use -d flag. The container will continue to run in the background.
docker run -d nginx
If you want to attach the container back in attached mode consider running
docker attach name_of_the_container or container_id
- To run a container from a specific version run the below command by using the correct tag and if you dont specify the tag then docker will pick the latest version of tag.
docker run image:tag
Docker ps command
Docker ps command is used to list the running containers. After you execute the docker ps command, you will see it; the command provides details such as docker image used, docker command if any, docker container creation time, container status if this container is mapped with hots,and the name of the container.
To list all the containers irrespective of their states such as exited or still running, pending, Inactive or terminated, etc.
docker ps -a
Docker stop command
If you need to stop your docker container run the docker stop command. If you want to stop a container after a few seconds or some time, consider using the -t flag along with the docker stop command.
Stopping the container is ok but you don’t get rid of space consumption.
docker stop container-name or container-id -t
Docker pull command
If you need to pull or download the images directly from the docker public repository, then use the docker pull command such as to pull the fedora image.
docker pull name_of_the_image
Docker rm command
If you need to remove containers from the docker engine, you should use the docker rm command.
- To remove the container and get rid of space consumption.
docker rm name_of_the_container
- To remove multiple containers in the docker.
docker rm container_ID_1 container_ID_2 container_ID_3
Docker rmi command
If you need to remove the docker images, you should use the docker rmi command below.
docker rmi name_of_the_image
Make sure first you get rid of all associated containers that is remove all the containers associated with the images.
Docker exec command
One of the most useful and important commands in docker is the docker exec command. The docker exec command allows you to execute a command inside the running container. Let’s see below how to run a command inside the running container.
docker exec name_of_the_container cat /etc/hosts
As you can see below, there is already a running container with container id 3d….. on which you tried executing the cat command. After running the docker exec command, it will display all the hosts inside the directory.
docker exec -it 3d55ce5bfc50 cat /etc/hosts
Docker attach command
By default, the docker container runs in attached mode, but you can attach it back by running the docker attach command if you run your container in detached mode. Docker attach command attaches local standard input, output, and error streams to a running container.
As shown below topdemo container was run in the detached mode in the background using the docker run command and attached back to the console.
docker run -d --name topdemo ubuntu /usr/bin/top -b docker attach topdemo
Docker Port Mapping
Do you what, when you create or run a container using
docker create or
docker run command , the containers are not exposed to the outside world on their own.
To expose the docker to the outside world via service you need to expose it via
-pflag. By running the –publish or -p flag a firewall rule is created that maps a container port to a port on the Docker host to the outside world.
- To access the container running on port 5000 from web browser over port 80 you would need to run the docker run command with p flag. p flag will map Port 80 on docker host to Port 5000 to containers Port as shown in the below case 1.
- Similarly, in the below case 2: Docker host will listen to application on port 8000 on web and internally on Port 5000 on container IP address.
- Again in the final case 3: Docker host will listen to application on port 8001 on web and internally on Port 5000 on container IP address.
You can run as many applications you wish to run with different docker host ports but you cannot use the same docker host port again.
docker run -p 80:5000 nginx # Case 1 docker run -p 8000:5000 nginx # Case 2 docker run -p 8001:5000 nginx # Case 3
Docker Volume Mapping
Do you know docker has its own isolated filesystem? If your container is deleted by mistake or you need to delete the container, then your data is gone. For example, when running the MySQL container, the volume is created on the /var/lib/mysql directory inside the container and is blown away as soon as you either stop or remove the container.
To solve the issue, it is recommended to have data persistent within the container and consider mounting a volume from the docker host to the container using the below command.
- /opt/datadir is the volume created on docker host
- /var/lib/mysql : Mapping the volume with containers directory
- mysql is the name of the docker image
- v flag mounts the volume from host to container.
docker run -v /opt/datadir:/var/lib/mysql mysql
- To find detailed view of container use inspect command.
docker inspect name_of_the_container or container_id
- To find logs of the container use docker logs command.
docker logs container_name or container_id
In this Ultimate Guide on docker for beginners, you learned what docker is, what is docker container is, various docker commands that you should know.
Now that you have Sound Knowledge on Docker and containers, which applications do you plan to host on it?