2. What is it?
● It's everything it's slogan says
– “Build, ship, and Run Any App, Anywhere”
● It's a container platform
– OS-level virtualisation (LXC)
– Multiple isolated Linux (and Windows) systems on
one host using that one host's Linux kernel
● Standardised unit for software development
– Portable way of deploying applications
3. How is this different from VMs?
● Historically application developers ship a VM per
application/service (micro-service architecture)
– This requires a VM guest OS per application with
associated resourcing
● Using Docker, all containers share host kernel with
all other containers
– Isolated process in user-space
● Docker Engine instead of Hypervisor
7. Docker Image
● The build component of Docker
● e.g. “Ubuntu running Apache”
● Read only template
● Used to build up Docker containers
– Layered architecture i.e. UnionFS
● Download and use Images others have created
● Create your own Image using your container
8. Docker Container
● The run component of Docker
● Application environment
– Dev, Test, Prod...
● Run, start, stop, move, delete
9. Other basics
● Dockerfile
– Scripted method of building Docker Images automatically
●
Volumes
– Shared data mount amongst containers and host bypassing UnionFS
– Persistence for RO images
● Networking
– Similar capabilities to VMs
– Isolated network stack per container
– Default bridge docker0
● Security
– Similar concerns to VMs
– Intrinsic security provided by host kernel
●
Namespaces (process isolation), cgroups (resource accounting and limiting)
– Less isolation than VM...
12. Docker Swarm
● Native clustering for Docker
● Turns a pool of Docker hosts into a single,
virtual Docker host
● Docker Machine can provision a Docker Swarm
13. Docker Compose
● A tool for defining and running multi-container
Docker applications
● Use a Compose file to configure your
application and it's components (services)
● Then, use a single command to create and start
your application
15. Disadvantages
● Complexity in managing containers
– http://kubernetes.io/
● Less isolation than VMs
– A security flaw (or any flaw) in the host Kernel
affects all containers
● Overheads in changing legacy product
● Overheads in changing developer approach to
problems
Editor's Notes
Similar resource allocation and isolation benefits
A different architectural approach