Docker Commands - cheatsheet

Background: Virtualization & Containerization

• What is Virtualization? When/why to use it? Some tools?

  Virtualization is a technology that allows you to create multiple virtual instances of physical hardware or resources on a single physical machine. It involves creating a virtual (rather than actual) version of something, such as a server, operating system, storage device, or network resource. This virtualization enables more efficient utilization of resources, improves flexibility, and enhances the scalability and manageability of IT infrastructure.

  Analogy: The Apartment Building

  Two types: bare-metal & hosted

  Tools for Virtualization:

  1. VMware vSphere/ESXi: A leading virtualization platform for server virtualization.
  2. Microsoft Hyper-V: Microsoft's hypervisor-based virtualization platform.
  3. VirtualBox: An open-source virtualization product that supports various guest operating systems.
  4. KVM/QEMU: Kernel-based Virtual Machine (KVM) is a Linux kernel module, and QEMU is an emulator that uses KVM for hardware acceleration.

• What is Containerization? When/why to use it? Some tools?

  Containerization is a lightweight and portable form of virtualization that allows you to package and isolate applications and their dependencies in a consistent and reproducible environment called a container. Containers provide a way to run applications in an isolated environment, ensuring that they are consistent across different environments and can be easily moved between development, testing, and production.

  Key Concepts:

  • Image: A lightweight, standalone, and executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools.
  • Container: An instance of a Docker image, running as a process in isolation on a host system.

  When/Why to Use Containerization:

  1. Consistency Across Environments, “it works on my machine”
  2. Isolation and Dependency Management
  3. Resource Efficiency
  4. Rapid Deployment and Scaling
  5. Microservices Architecture
  6. DevOps Practices

  Tools: docker, podman, containerd, rancht

• Compare Virtualization and Containerization: similarities and differences.

  Similarities between Containerization and Virtualization:

  1. Isolation:
     • Containerization: Containers provide isolation by encapsulating applications and their dependencies in a self-contained unit.
     • Virtualization: Virtual machines (VMs) isolate entire operating systems and applications from each other.
  2. Resource Utilization:
     • Containerization: Containers share the host operating system's kernel, leading to efficient use of resources.
     • Virtualization: Virtual machines emulate complete hardware, allowing for the consolidation of multiple virtual machines on a single physical server.
  3. Portability:
     • Containerization: Containers are portable and can run consistently across different environments.
     • Virtualization: Virtual machines can be migrated between virtualization platforms and hypervisors with some effort.
  4. Deployment and Scaling:
     • Containerization: Containers can be started and stopped rapidly, facilitating dynamic scaling and agile deployment.
     • Virtualization: Virtual machines can be deployed and scaled, but the process may be slower compared to containers.

  Differences between Containerization and Virtualization:

  1. Level of Abstraction:
     • Containerization: Operates at the application level, encapsulating applications and dependencies in containers.
     • Virtualization: Operates at the hardware level, emulating an entire computer system, including the operating system.
  2. Overhead:
     • Containerization: Generally incurs less overhead as containers share the host operating system's kernel.
     • Virtualization: Involves more overhead as each virtual machine has its own operating system and kernel.
  3. Resource Efficiency:
     • Containerization: More resource-efficient due to the lightweight nature of containers and shared kernel.
     • Virtualization: May have higher resource overhead due to the need for full virtualization of hardware.
  4. Start-Up Time:
     • Containerization: Containers can start up quickly since they don't require booting a full operating system.
     • Virtualization: Virtual machines take longer to start as they need to boot a complete operating system.
  5. Use Cases:
     • Containerization: Well-suited for microservices architectures, continuous integration/continuous deployment (CI/CD), and lightweight applications.
     • Virtualization: Suitable for running multiple different operating systems or legacy applications that require full isolation.
  6. Management Tools:
     • Containerization: Managed by container runtimes and orchestration tools like Docker and Kubernetes.
     • Virtualization: Managed by hypervisors such as VMware, Hyper-V, or KVM.
  7. Density:
     • Containerization: Allows higher density of application instances on a single host due to the lightweight nature of containers.
     • Virtualization: Generally has lower density compared to containers as each VM includes a full operating system.

  In summary, containerization and virtualization share the goal of providing isolation and resource utilization, but they operate at different levels of abstraction and have distinct characteristics. Containerization is favored for lightweight, portable applications, while virtualization is suitable for running multiple diverse workloads on a single physical server. Organizations often choose between these technologies based on their specific use cases, performance requirements, and deployment scenarios.

• Explain the following:

  • Docker and its components

    • Docker CLI, Docker Engine, Docker Daemon & Docker Registry

  • Dockerfile, Docker Image, Docker container,

    • Dockerfile (source code) >> Docker Image (executable) >> Container (running process)
    • While the analogy comparing Docker images and containers to classes and objects in object-oriented programming (OOP) can be helpful for conceptual understanding, it has its limitations and doesn't perfectly capture all aspects of containerization. For one, it brings the build process to the forefront. Next, it helps to reinforce the idea that containers are ephemeral, just like running process. You can suspend/un-suspend them and their state is lost at the end of their lifecycle.
    • Docker image is a complete package containing the application and its dependencies, while a layer is a specific set of file changes or additions within an image. Layers contribute to the efficiency and speed of Docker operations, such as image building and sharing, by allowing for layer reuse and incremental updates.

  • Layers are read-only, and each layer is uniquely identified by a content-addressable identifier (hash). When a container is started from an image, a read-write layer (container layer) is added on top of the image layers to allow modifications during the container's runtime.

  • Container Lifecycle

    • Start and Stop (Lifecycle Operations): Directly related to the initiation and termination of container processes. Common Commands: docker start and docker stop. Same as turning on/off a machine.
    • Suspend and Unsuspend (Checkpointing Operations): Involve capturing and restoring a container's state without fully stopping it. Common Tools: CRIU (Checkpoint/Restore In Userspace) is a tool commonly used for container checkpointing. Same as pressing CRTL+Z.

    

Docker Concepts

Networking

Docker networking allows containers to communicate with each other and with the outside world. Here are key concepts related to Docker networking:

1. Bridge Network:

   By default, Docker creates a bridge network called bridge on each host. Each container connected to this network is assigned an internal IP address, and containers can communicate with each other using these internal IP addresses. The bridge network also provides outbound internet access for containers.

   <aside> 💡 To get the internal IP, you can inspect the network or container.

   </aside>

2. User-Defined Bridge Network:

   You can create custom bridge networks to isolate and segment containers. Containers within a user-defined bridge network can communicate with each other using container names as hostnames.

   # Create a custom bridge network
   docker network create mynetwork
   
   # Run a container and attach it to the custom network
   docker run --network=mynetwork myimage
   

3. Host Network:

   Containers can be attached to the host's network namespace using the -network=host option. This allows containers to share the network namespace with the host, making them directly accessible on the host's network.

   # Run a container using the host network
   docker run --network=host myimage
   

4. Overlay Network:

   Overlay networks are used for communication between containers across multiple Docker hosts in a swarm. This enables the creation of multi-host services. Overlay networks use the VXLAN protocol to encapsulate and route container traffic.

5. Port Mapping: Port mapping allows exposing container ports to the host or the external network. This is achieved using the p option with the docker run command.

   # Expose container port 80 to host port 8080
   # host:container
   docker run -p 8080:80 myimage
   

6. Network Inspection: Docker provides commands to inspect network configurations. The docker network inspect command can be used to view details about a specific network, including its containers and IP addresses.

   # Inspect a network
   docker network inspect mynetwork
   

Exposing a Port:

• Isolation: Provides network isolation for the container.
• Port Mapping: Requires explicit port mapping.