Introduction to Docker: A Guide to Containerization

Docker, at its core, is quite basic. It is a containerization engine. But what is containerization? Containerization performs the same basic function as virtualization. It creates several virtual computers inside a single computer or server. What makes containerization different from virtualization is that it is crazy fast. Like, insanely fast. When you are provisioning a virtual machine, you might expect it to take about 5-10 minutes assuming it is an OS designed to be very light-weight. A container, on the other hand, can provision an Ubuntu server in mere seconds! That is INSANE!

I am sure you are wondering "How does Docker achieve that much performance?". Here is the secret to Docker's superpowers. When you create a VM, you are recreating the whole OS including the kernel. That is very resource intensive, and therefore, takes a lot of time. Docker simply shares the kernel with the host. As you would expect, though, this comes with quite a few drawbacks.

As stated before, Docker is great! It brings us a level of performance we have never seen before. But what practical advantages does Docker bring to an organization other than just being 10 minutes ahead of schedule. Well, the main advantage is portability

I am sure you have at least herd of this problem. It is the thing every Systems Admin is afraid of. They will give anything to avoid hearing this sentence. "It works on my computer, why does it not work on yours?!".

It gave you chills, didn't it. This is a painful problem to deal with. Some small configuration mismatch could mean that an app works on one computer while not working on another. It is nearly impossible to standardize every piece of configuration in every system and every VM in every department throughout the organization. It simply will not happen. So what do we do?

Docker to the rescue! Instead of sharing the code to the app, the developers can build a Docker image and ensure it works on that. Once it does, you can simply share the docker image. Since creating the containers is so easy, building the image is easy, and using the image to create a container is also easy. Once testing is done, you can deploy the container into production. No problems anywhere.

While Docker is a very powerful tool, it has several drawbacks when compared to virtualization.

The first, and possibly, most important drawback is security. Since Docker Containers are not completely isolated from the server itself, there are several security vulnerabilities that a careless admin might expose accidentally. There have been several examples of this. This is something you have to be very careful about in production.

2. Compliance

As mentioned previously, Docker Containers are not fully isolated from their host. There are several compliance requirement like HIPPA, GDPR, and PCI-DSS, that disallow the usage of containers in several use-cases.

3. Persistence

Docker containers are ephemeral by nature. They were created from the ground up to be temporary. Persisting any sort of data or anything on it is very hard and complicated. A single slip-up can lead to the loss of lots of priceless data.

There are many more drawbacks to docker, but these are the main ones.

Now that you have a good idea of what docker is and why we need it, lets get to the actual learning of Docker. The following are some important Docker concepts that will be useful once you start using Docker.
  1. Container: Containers are light-weight, portable, and (semi-)isolated environments that you can create using Docker. They are just like VM's, but with the differences mentioned above.
  2. Image: Images tell Docker how to deploy a container. Every image spins up the exact same docker container in (almost) every host, every time.
  3. Registries: While you can share an image that you created with one other person, things get quite complicated if you want to share to 10, 100, or maybe even 1000 people. Registries are basically centralized repositories for images to be stored.
  4. Volume: As mentioned above, containers are supposed to be ephemeral. But that means the data you store is also ephemeral. There are many cases where that is less than ideal. Volumes are supposed to live past the life-cycle of the instance. If the instance is deleted, the volumes still exist. They might not seem important now, but you will truly realize the power of volumes when you start using docker.
  5. Networking: A computer being inside a computer is a weird and new concept. If you think about it, there is no intuitive and obvious way to connect a container to the internet. You might expect this concept to be simple, but it is surprisingly complex. For more details, view this post.
I know this post was lacking a lot in depth. I want to create several other posts going deeper into every docker concept. You can be on the lookout for that. Until then, I want to leave you with another gift. This is a docker cheat sheet that you can reference whenever you want.
Docker.md
If you have any more questions about things covered in this article, you know of another thing I should cover, or you think I should just have done something better, please leave a comment. Thank you for reading.

Comments

Post a Comment

Popular posts from this blog

Persistent Data in Docker: Explanation + Hands-On Demo

Docker containers, by nature, are ephemeral. They are not designed to stay without being deleted for long periods of time. While you could, theoretically never delete the image, most of the benefits of docker are realized when containers are temporary. There is something wrong with this approach, though. Almost all the data in the world is designed to be persistent. This poses a problem that docker volumes can solve. What are docker volumes? Docker volumes are a method of ensuring data persistence in a containerized environment. To comply with best practices, you need to make sure that spontaneously losing a container or 2 does not have an impact on anything but the performance of your infrastructure. To do this, all the important data in your containers needs to be put somewhere. Somewhere which is not liked to the life-cycle of the container itself. That somewhere is a volume. A docker volume is little more than a place to store data. From the point of view of the container, nothing
Read more

Pods to Deployments | Kubernetes Architecture Evolution

Image
When I was learning the basic kubernetes concepts, I was confused between pods, replicasets, and deployments. Each one seemed to have the other inside of it. I remained confused for a long time. I kept trying to avoid the topic. When I actually understood, it felt great. I do not want you to have that confusion when you are learning these concepts. That is why I created this post. Manifest files As we talked about in our previous post, to access your cluster, you use a tool called kubectl . While you can execute commands to deploy and manage resources, there is a better way of doing it. As you must know if you have read my posts about docker compose , Infrastructure As Code is often more efficient and easier to manage when compared to traditional CLI tools. This is why kubernetes also supports infrastructure as code. It is written in yaml. Those files are called kubernetes manifest files. It is best practice to use them. That is why we are going to be using them here. Step 1: Deploying
Read more

Docker Compose Explained: Simplifying Multi-Container Deployments

Docker compose and other IaC (Infrastructure as Code) tools are very important to learn. Today, they are almost essential knowledge to manage any sort of infrastructure, anywhere. Docker Compose is one of the most prominent tools in this space. According to Stackshare, at the time of writing, there are about 2108 companies using docker compose in their tech stack. This includes giant companies like Udemy. The knowledge of this relatively simple tool is very important. That is why I am going to break it down for you here. What is Docker Compose As mentioned before, Docker Compose is an IaC tool for Docker containers. It makes it significantly easier to deploy and manage containers in an environment with several containers. Why Docker Compose Now that you know what docker compose is, let's talk about why somebody would need such a tool. What benefits does it provide? Simplifies Deployment: Docker compose simplifies deployment. Once you have the IaC template in place, you can deploy a
Read more