HandsonDocker

DedicatedtothepeopleIloveandtheGodItrust.

—NavinSabharwal

DedicatedtopeoplewhomademylifeworthlivingandcarvedmeintoanindividualIamtodayandtoGodwhoshadeseverystepofmylife.

—BibinW

ContentsataGlance

1:LinuxContainer

2:Docker

3:DockerInstallation

4:WorkingWithImagesandContainer

5:DockerContainerLinkingandDataManagement

6:BuildingimagesandcontainersfromscratchusingDockerfile

7:Testingandbuildingcontainer’susingJenkins

8:DockerProvisioningusingChefandVagrant

9:Deployment,ServiceDiscoveryandOrchestrationtoolsforDocker

10:Networking,SecurityandDockerAPI’s

11:CloudBasedContainerServices

Contents

LinuxContainersNamespaces:CgroupsCopyonwritefilesystem:

DockerIntroductionWhytouseDocker

DockerArchitecture:Dockerinternalcomponents:

WorkingofDocker:UnderlyingTechnology:ImmutableinfrastructurewithDocker

InstallationSupportedplatforms:InstallingDockeronwindows:InstallingDockeronUbuntu:LaunchingDockercontainers:Creatingadaemonizedcontainer:

ConnectingremotedockerhostusingdockerclientDockerserveraccessoverhttps

WorkingwithcontainersDockerImagesContainerlinking

Linkingcontainerstogether:

DatamanagementincontainersDockerdatavolumes:

BuildingandtestingcontainersfromscratchDockerfileDockerfileBestPractices

AstaticwebsiteusingApache

CreatingMySQLimageandcontainersCreatingaWordPresscontainerRunningmultiplewebsitesonasinglehostusingDocker:BuildingandtestingcontainersusingJenkins

DockerProvisionersDockervagrantprovisionerManagingDockerusingchef

DockerDeploymentToolsFigShipyardPanamax

DockerServiceDiscoveryandOrchestrationServicediscoverywithconsulConsulArchitectureDockerclustermanagementusingMesosMesosphere

DockerclustermanagementusingKubernetesKubernetescomponentsMinionserver

WorkUnitsInstallation

DockerorchestrationusingCoreOSandfleetCoreOSArchitecture

Networking,securityandAPI’sDockernetworkingDockersecurityDockerRemoteAPI:(versionv1.15)

CloudcontainerservicesGooglecontainerengineAmazoncontainerservice(ECS)

AbouttheAuthors

NavinSabharwal isan innovator, thought leader,author,andconsultant in theareasofvirtualization,cloudcomputing,bigdataandanalytics.

Navin has created niche award-winning products and solutions and has filed numerouspatents in diverse fields such as IT services, virtualmachine placement, cloud capacityanalysis, assessment engines, ranking algorithms, capacity planning engines, andknowledgemanagement.

NavinholdsaMastersinInformationTechnologyandisaCertifiedProjectManagementProfessional.

Navin has authored the following books: Cloud Computing First Steps (Publisher:CreateSpace,ISBN#:978-1478130086),ApacheCloudstackCloudComputing(Publisher:Packt Publishing, ISBN#: 978-1782160106), Cloud Capacity Management (PublisherApress,ISBN#:978-1430249238)

BibinW has been working with virtualization and cloud technologies, he is a subjectmatter expert in VMware, Linux Container, Docker, AmazonWeb Services, Chef andAzure.

BibinholdsaMastersinComputerSciencefromSRMUniversity,Chennai.

Theauthorscanbereachedatarchitectbigdata@gmail.com.

Acknowledgments

Special thanks go out to the peoplewho have helped in creation of this bookDheerajRaghavforhiscreativeinputs inthedesignof thisbook,PiyushPandeyforhisreviewsandinsightsintothecontent.

The authorswill like to acknowledge the creatorsofvirtualization technologies and theopen source community for providing such powerful tools and technologies and enableproductsandsolutionswhichsolverealbusinessproblemseasilyandquickly.

Preface

Dockerismakingwavesinthetechnologycirclesandisrapidlygainingmindsharefromdevelopers,startups,technologycompaniesandarchitects.

We all know how virtualization has changed the datacenter and cloud forever,virtualization has allowed enterprises and cloud providers tomake the datacentermoreagile, manageable, cloud friendly and application friendly. However virtualization hasoverheadsof theguestoperatingsystemandcostly licensing forvirtualizationsoftware,thuslimitingtheutilizationofthehost.

TheContainerization technology is seeing resurgencewithDocker, containerization hasbeenaroundsincemanyyears,andhoweveritisnowthatDockerhasrevivedtheinterestofthetechnologycommunityincontainers.

FundamentalsupportforcontainerizationwasactuallyincludedintheLinux2.6.24kerneltoprovideoperatingsystem-levelvirtualizationandallowasinglehosttooperatemultipleisolatedLinuxinstances,calledLinuxContainers(LXC).LXCisbasedonLinuxcontrolgroups (cgroups) where every control group can offer applications complete resourceisolation (including processor, memory and I/O access). Linux Containers also offercomplete isolation for the container’s namespace, so supporting functions like filesystems, user IDs, network IDs and other elements usually associated with operatingsystemsareuniqueforeachcontainer.

Docker uses the container technology but creates a layer above the LXC layer forpackaging,deploymentandmigrationofworkloadstodifferenthosts.

Dockercontainer technologyhas taken thecloudandapplicationdevelopmentworldbystormsince itwasopen-sourceda littleoverayearago,offeringaway topackageanddeployapplicationsacrossavarietyofLinuxinstances.

Enterprisesstandtogainbyfurtherreducingthedatacenterfootprintandusingthehost’sresourcestotheirmaximumusingtheDockerandLXCtechnology.Coupledwiththeeaseofmigrationandfastscaleoutofcontainersitisturningouttobeatechnologywhichiswellsuitedforthecloudusecase.

Dockerisalsogoingtohaveanimpactonthedevopslifecycle,byprovidingcapabilitiestosupport immutable infrastructuremodel, technologies likeDockermayfundamentallychange the way the operations world works, rather than updating the current runninginstances of operating systems, organizations may move to a model where the servercontaineritselfisreplacedwithanewerversionandtheoldonesaretakenout.

This book will help our readers to appreciate the Docker technology, the benefits andfeatures provided by Docker and get a deep dive technical perspective on architectingsolutionsusingDocker.

The book will enable a reader to appreciate, install, configure, administer and deployapplicationsontheDockerplatform.

Wesincerelyhopeourreaderswillenjoyreadingthebookasmuchaswehaveenjoyedwritingit.

Aboutthisbook

Thisbook

IntroducesDockertoreaders,thecoreconceptsandtechnologybehindDocker.ProvideshandsonexamplesforinstallingandconfiguringDockerProvidesinsightintopackagingapplicationsusingDockeranddeployingthem.ProvidesstepbystepguidelinestohaveyourDockersetupreadyDetailedcoverageofMesosphereforDockerdeploymentandmanagementDetailedcoverageofKubernetesclustersandFleet.HandsoncoverageofdeploymenttoolsincludingFig,ShipyardandPanamaxStepbyStepguidelinestohelpyoupackageyourapplicationonDockerIntroductiontoGoogleContainerEngineforDocker

WhatyouneedforthisbookDockersupportsthemostpopularLinuxandUNIXplatforms.

DownloadthelateststableproductionreleaseofDockerfromthefollowingURL:

https://docs.Docker.com/installation/

InthisbookwehavefocusedonusingDockerona64-bitUbuntu14.04platformandatplaces have cited references on how toworkwithDocker running on other Linux andwindowsplatforms.

Atthetimeofwriting,thelateststableDockerproductionreleaseis1.3.1

Wewillbeusing64-bitUbuntu14.04forexamplesoftheinstallationprocess.

ConventionsUsedIntheBook

Italicindicatesimportantpoints,commands.ThisisusedtodenotetheCodeCommands

ThisistheOutputofthecommand…………

ThisisusedforExamplecommands

Thisiconindicatesstatisticsfigures

Thisiconindicatesexamples

Thisiconindicatespointstobenoted.

Thisiconindicatesfurtherreadinglinksorreferences.

Whothisbookisfor

This book would be of interest to Virtualization Professionals, Cloud Architects,technologyenthusiasts,ApplicationDevelopers.

The book covers aspects on Docker and provides advanced guidance on planning anddeployingtheDockertechnologyforcreatingInfrastructureasaServiceCloudstousingthetechnologytopackageanddeployyourapplications.

1LinuxContainers

InthischapterwewillcoverthebasicsofLinuxcontainers.

Virtualization refers to the creation of virtual machines which have an independentOperating Systems but the execution of software running on the virtual machine isseparatedfromtheunderlyinghardwareresources.Alsoitispossiblethatmultiplevirtualmachinescansharethesameunderlyinghardware.

The actualmachine that runs the virtualization software is called hostmachine and thevirtualmachinerunningontopofthevirtualizationsoftwareiscalledtheguestmachine.Thesoftwarethatprovidesvirtualizationcapabilitiesandabstractsthehardwareiscalleda“Virtual Machine Manager” or a “Hypervisor”. Popular hypervisor platforms areVMware,HyperV,XenandKVM.

DockerworksonatechnologycalledLinuxcontainers.Linuxcontainershaveadifferentapproachthanvirtualization;youmaycall itanOSlevelvirtualization,whichmeansallthecontainersrunontopofoneLinuxoperatingsystem.

You can run the host OS directly on the hardware or it can be running on a virtualmachine.Eachcontainerrun’sasafullyisolatedoperatingsystem.

Linux containers are light weight virtualization system running on top of an operatingsystem. It provides an isolated environment almost similar to a standard Linuxdistribution.

Docker works with LXC Container-based virtualization. It is also called operatingsystemvirtualizationOneofthefirstcontainertechnologiesonx86wasactuallyonFreeBSD,intheformofFreeBSDJails.

In container virtualization rather than having an entire Operating System guest OS,containersisolatetheguestbutdonotvirtualizethehardware.Forrunningcontainersoneneedsapatchedkernelandusertools,thekernelprovidesprocessisolationandperformsresourcemanagement.Thusallcontainersarerunningunderthesamekernelbuttheystillhavetheirownfilesystem,processes,memoryetc.

Unlikevirtualmachinesallcontainers runningonahostuse thesamekernel.Moreoverstarting and stopping a container is much faster than a virtual machine. It delivers anenvironment as close as possible to a standard Linux distribution. Containers from theinsidearelikeaVMandfromoutsidelikeabunchofLinuxprocesses.

With container-based virtualization, installing a guest OS is done using a containertemplate.

Incontainerapproachoneisusuallylimitedtoasingleoperatingsystem,thusyoucannotrunLinuxandwindowstogether.

Therearevariousadvantagesofusingcontainersascomparedtovirtualizationintermsofperformanceand scalability.Acontainerbased solutionworkswell ifyou intend to runmany hundreds of guests with a particular operating system, because they carry lesseroverhead.Thenumberofvirtualmachinesavailablewithcontainerapproachcanbemuchhigher as compared to virtualization as resources are available to the application ratherthanbeingconsumedbymultipleGuestOSinstancesrunningonahost.

OneareawherecontainersareweakerthanVMsisisolation.VMscantakeadvantageofring-1hardware isolationsuchas thatprovidedby Intel’sVT-dandVT-x technologies.Such isolation prevents VMs from ‘breaking out’ and interfering with each other.Containersdon’tyethaveanyformofhardwareisolation,whichmakesthemsusceptibletoexploits.

Docker works well within a VM, which allows it to be used on existing virtualinfrastructure,privatecloudsandpublicclouds.ThusVirtualizationandContainerizationwillco-existandinfuturetheremaybeahybridapproachwhichprovidesaunifiedwaytoleverageandmanageVirtualizationandContainerization.

Fig1-1:LinuxContainers

Containersworkontheconceptofprocesslevelvirtualization.Processlevelvirtualizationhas been used by technologies like Solaris zones and BSD jails for years. But thedrawbackofthesesystemisthattheyneedcustomkernelsandcannotrunonmainstreamkernels.Asopposed toSolariszonesandBSDrails,LXCcontainershavebeengainingpopularity in recent years because they can run on anyLinux platform.This led to theadoptionofcontainerizationbyvariouscloudbasedhostingservices.

IfyoulookintoLinuxbasedcontainerstherearetwomainconceptsinvolved,

1. Namespacesand2. Cgroups(Controlgroups.)

Fig1-2:NamespacesandCgroups

Namespaces:In Linux there are six kinds of namespaceswhich can offer process level isolation forLinux resources.Namespaces ensure that each container seesonly its ownenvironmentanddoesn’taffectorgetaccesstoprocessesrunninginsideothercontainers.Inaddition,namespaces provide restricted access to file systems like chroot, by having a directorystructureforacontainer.

The container can see only that directory structure and doesn’t have any access to anylevelaboveit.Namespacesalsoallowcontainerstohaveitsownnetworkdevices,sothateach container can have its own IP address and hostname.This lets each container runindependentlyofeachother.Let’shavealookateachnamespaceindetail.

PidNamespaceThisnamespaceisconsideredasmostimportantisolationfactorincontainers.Everypidnamespaceformsitsownhierarchyanditwillbetrackedbythekernel.Anotherimportantfeatureisthattheparentpid’scancontrolthechildrenpid’sbutthechildrenpid’scannotsignalorcontroltheparentpid.

Let’ssaywehavetenchildpid’swithvarioussystemcallsandthesepid’saremeaningfulonlyinsidetheparentnamespace.Itdoesnothavecontroloutsideitsparentnamespace.So each isolated pid namespace will be running a container and when a container ismigratedtoanotherhostthechildpid’swillremainthesame.

NetnamespaceThis namespace is used for controlling the networks. Each net namespace can have itsownnetwork interface.Let’ssaywehave twocontainersrunningwith twodifferentpidnamespace and we want two different instances of Nginx server running on thosecontainers.ThiscanbeachievedbynetnamespacesbecauseeachnetnamespacewouldcontainitsownnetworkinterfaceconnectedtoanEthernetbridgeforconnectionbetween

containersandthehost.

IpcnamespaceThisnamespaceisolatestheinter-processcommunication.

MntnamespaceThisnamespaceisolatesthefilesystemmountpointsforasetofprocesses.Itworksmorelike an advanced and secure chroot option. A file system mounted to a specific mntnamespaceandcanonlybeaccessedbytheprocessassociatedwithit.

UtsnamespaceThisnamespaceprovidesisolationforhostnameandNISdomainname.Thiscanbeusefulfor scripts to initialize and configure actions based on these names.When hostname ischangedinacontainer,itchangesthehostnameonlyfortheprocessassociatedwiththatnamespace.

UsernamespaceThisnamespaceisolatestheuserandgroupIDnamespaces.Usernamespaceallowsper-namespacemappingsofuserandgroupIDs.Thismeansthataprocess’suserandgroupIDsinsideausernamespacewillbedifferentfromitsIDsoutsideofthenamespace.

Moreover,aprocesscanhaveanonzerouserIDoutsideanamespacewhileat thesametime having a user ID of zero inside the namespace; in other words, outside its usernamespacealltheprocesseswillhaveunprivilegedaccessforoperations.

CgroupsCgroups(controlgroups)isafeatureofLinuxkernelforaccounting,limitingandisolationofresources.Itprovidesmeanstorestrictresourcesthataprocesscanuse.Forexample,youcanrestrictanapachewebserveroraMySQLdatabasetouseonlyacertainamountofdiskIO’s.

So,Linuxcontainerisbasicallyaprocessorasetofprocessesthancanruninanisolatedenvironmentonthehostsystem.

BeforegettingintoDockerlet’sunderstandanotherimportantaspectofcontainers“copyonwritefilesystem”.

Copyonwritefilesystem:Innormalfilesystemlikeext4,allthenewdatawillbeoverwrittenontopofexistingdataandcreatesanewcopy.UnlikeotherLinuxfilesystemscopyonwritefilesystemneveroverwritesthelivedata,insteaditdoesalltheupdatingusingtheexistingunusedblocksinthediskusingcopyonwritefunctionality(COW).Thenewdatawillbeliveonlywhenallthedatahasbeenupdatedtothedisk.

For example, consider howdata is stored in file system. File systems are divided in tonumberofblocks,let’ssay16blocks.Soeachinnodewillhave16pointerstoblocks.Ifa

file stored is less than16blocks, the innodewill point to theblockdirectly. If thedataexceeds16blocks,the16blockwillbecomeapointertomoreblockscreatinganindirectpointer.

Fig1-3:copyonwrite

Whenyoumodifyanexistingdata,itwillbewrittenonunusedblocksinthefilesystemleavingtheoriginaldataunmodified.Alltheindirectblockpointershavetobemodifiedinorder to point to the new blocks of data. But the file systemwill copy all the existingpointerstomodifythecopy.Filesystemwillthenupdatetheinnodeagainbymodifyingthecopytorefertothenewblocksofindirectpointers.Oncethemodificationiscomplete,the pointers to original data remain unmodified and there will be new set of pointers,blocksandinnodefortheupdateddata.

Fig1-4:copyonwritemechanism

OneofthefilesystemsusedbyDockerisBTRFS.ResourcesarehandlesusingCopyonWrite(COW)whensamedataisutilizedbymultipletasks.Whenanapplicationrequestsdata froma file, thedata is sent tomemoryor cache. Individual applications thenhavetheirownmemory space. In the casewhenmultiple applications request the samedata,onlyonememoryspaceisallowedbyCOWandthatsinglememoryspaceispointedtobyallapplications.Anapplication,which ischangingdata, isgiven itsownmemoryspace

withthenewupdatedinformation.Theotherapplicationscontinueusingtheolderpointerswithoriginaldata.

BTRFSalsousesthefilesystemlevelsnapshottingtoimplementlayers.Asnapshotisaread-only,point-in-timecopyofthefilesystemstate.Astoragesnapshotiscreatedusingpre-designated space allocated to it. Whenever a snapshot is created, the metadataassociatedwiththeoriginaldataisstoredasacopy.Metadataisthedatawhichgivesfullinformation about the data stored in the disk.Also snapshot does not create a physicalcopyandcreationofasnapshotisnearlyimmediate.Thefuturewritestotheoriginaldatawillbeloggedandthesnapshotcautiouslykeepstracksofthechangingblocks.Thedutyofthecopy-on-writeistotransfertheoriginaldatablocktothesnapshotstorage,priortothewriteontotheblock.Thisinturnmakesthedataremainconsistentinthetimebasedsnapshot.

Any“read-requests”tosnapshotsofunchangeddataarereflectedtotheoriginalvolume.Requests are directed to the “copied” block only in the scenariowhen the requests arerelatedtothechangeddata.Snapshotsmaintainmeta-data,containingreportspertainingtothedatablocks,whichhavebeenupdatedsincethelastsnapshotwasperformed.Attentionmustbegiventothefactthatthedatablocksarecopiedonlyatonce,intothesnapshot,onfirstwriteinstancebasis

Fig1-5:COWimagesnapshot

Oneofthemainadvantagesofcopy-on-writetechniqueisitsspaceefficiency.Thisisdueto the fact that space required tocreatea snapshot isminimal, as itholdsonly thedatawhich is being updated, also, the data is considered to be valid onlywhen the originalcopy is available. The performance of original data volume is somewhat impacted bycopy-on-writetechniqueofsnapshot,becausethewriterequeststodatablockscanonlybeperformed when original data is being “copied” to the snapshot. Read requests aredivertedtotheoriginalvolumewhenthedataremainsunchanged.

2Docker

IntroductionThebestwaytodescribeDockeristousethephrasefromtheDockerwebsite—Dockeris“anopensourceprojecttopack,shipandrunanyapplicationasalightweightcontainer.”Thus the idea of Docker is to have an abstraction layer that allows the applicationdevelopers to package any application and then let the containerization technology takecareofthedeploymentaspectstoanyinfrastructure.

Dockerisanalogoustoshippingcontainerswhereyoucanloadthegoodsinstandardizedcontainersandshiptodifferentlocationswithoutmuchhassle.Theadventofstandardizedcontainersmadeshippingfastandagile.Dockerdoesthesamewithapplications.

Dockerplatformcanbeusedbydevelopersandsystemadministratorsfordevelopingandshipping applications to different environments. The decoupled parts of the applicationcanbeintegratedandshippedtoproductionenvironmentsreallyfast.

For example, a developer can install and configure an application inDocker container,pass it on to anopsperson andhe candeploy it on to any server runningDocker.Theapplicationwillrunexactlylikeitranonthedeveloper’slaptop.

This amazing feature ofDocker results in huge savings in the time and effort spent ondeployingapplications,ensuring that thedependenciesareavailableand troubleshootingthedeploymentbecauseofissuesrelatedtodependenciesandconflicts.

Docker technology is well suited for applications deployed on cloud as it makes theirmigrationsimplerandfaster.

Docker leverages LXC (Linux Containers), which encompasses Linux features likecgroupsandnamespacesforstrongprocessisolationandresourcecontrol.HoweveritistobenotedthatDockerisnotlimitedtoLXCbutcanuseanyothercontainertechnologyinfutureandwiththenewreleasetheynowsupportlibcontainer.

Docker leverages a copy-on-write file system and this allows Docker to instantiatecontainers quickly because it leverages the pointers to the existing files.Copy-on-writefilesystemalsoprovideslayeringofcontainers,thusyoucancreateabasecontainerandthenhaveanothercontainerwhichisbasedonthebasecontainer.

Dockerusesa“plaintext”configurationlanguagetodefineandcontroltheconfigurationoftheapplicationcontainer.ThisconfigurationfileiscalledaDockerFile.

DockermakesuseofLinuxkernelfacilitiessuchascGroups,namespacesandSElinuxtoprovide isolation between containers. At first Docker was a front end for the LXCcontainer management subsystem, but release 0.9 introduced libcontainer, which is anativeGolanguagelibrarythatprovidestheinterfacebetweenuserspaceandthekernel.

Containerssitontopofaunionfilesystem,suchasAUFS,whichallowsforthesharing

of components such as operating system images and installed libraries across multiplecontainers.

A container is started from an image,whichmay be locally created, cached locally, ordownloadedfromaregistry.DockerIncoperates theDockerHubpublic registry,whichhostsofficialrepositoriesforavarietyofoperatingsystems,middlewareanddatabases.

Most linux applications can run inside a Docker container, containers are started fromimagesandrunningcontainerscanbeconvertedintoimages.TherearetwowaystocreateapplicationpackagesforcontainersManualandDockerfile.

Manualbuilds

A manual build starts by launching a container with a base operating system image.NormalprocessforinstallationofanapplicationontheoperatingsystemisperformedandoncetheapplicationisinstalledthecontainercanbeexportedtoatarfileorcanbepushedtoaregistrylikeDockerHub.

Dockerfile

ThismethodismorescriptedandautomatedforconstructionofaDockerContainer.TheDockerfile specifies the base image to start and then the other installation on top aredefinedasaseriesofcommandsthatarerunorfilesthatareaddedtothecontainer.

TheDockerfilealsocanspecifyotheraspectsofconfigurationofacontainersuchasports,defaultcommandstoberunonstartupetc.SimilartothemanualapproachDockerfilecanbeexportedandtheDockerHubcanuseanautomatedbuildsystemtobuildimagesfromaDockerfile.

WhytouseDockerLet’s look at a few features which make Docker useful and attractive to applicationdevelopersandinfrastructureadministratorsalike:

PortableDeployments:Ascontainersareportable,theapplicationscanbebundledintoasingleunitandcanbedeployedtovariousenvironmentswithoutmakinganychangestothecontainer.

Fastapplicationdelivery:TheworkflowofDockercontainersmake it easy fordevelopers, systemadministrators,QA and release teams to collaborate and deploy the applications to productionenvironmentsreallyfast.

Because of the standard container format, developers only have to worry about theapplications running inside the container and system administrators only have toworryaboutdeployingthecontainerontotheservers.ThiswellsegregatedDockermanagementleadstofasterapplicationdelivery.

Fig2-1:Dockerapplicationdeliveryanddeployment

Moreover,buildingnewcontainersisfastbecausecontainersareverylightweightandittakes seconds to build a new container. This in turn reduces the time for testing,developmentanddeployment.Also,acontainercanbebuiltiniterations,thusprovidingagoodvisibilityonhowthefinalapplicationhasbeenbuilt.

Dockerisgreatfordevelopmentlifecycle.Dockercontainerscanbebuiltandpackagedindeveloperslaptopandcanbeintegratedwithcontinuousintegrationanddeploymenttools.

Forexample,whenanapplicationispackagedinacontainerbythedeveloper, itcanbesharedamongotherteammembers.Afterthatitcanbepushedtothetestenvironmentforvarioustests.Fromthetestenvironmentyoucanthenpushallthetestedcontainerstotheproductionenvironment.

Scaleanddeploywithease:DockercontainerscanvirtuallyrunonanyLinuxsystem.Containerscanbedeployedoncloudenvironments,desktops,onpremisedatacenters,physicalserversandsoon.Youcanmove containers from your desktop environment to cloud and back to physical serverseasilyandquickly.

Anotherinterestingfactoraboutcontainerisscalability.Scalingupanddowncontainersisblazinglyfast.Youcanscaleupcontainersfromonetohundred’sandscaleitdownwhennot needed. Thus Docker containers are ideally suited for scale out applicationsarchitectedandbuiltforthepubliccloudplatforms.

Higherworkloadswithgreaterdensity:Fig2-2:VirtualmachineVs.Dockercontainers

More container applications can be deployed on a host when compared to virtualmachines.SincethereisnoneedforDockertouseahypervisor,theserverresourcescanbe well utilized and cost of extra server resources can be reduced. Because Dockercontainers do not use a full operating system, the resource requirements are lesser ascomparedtovirtualmachines.

Fewusecases

1.Applicationscanbedeployedeasilyonserverwithbuildpipeline.

2.CanbeusedinproductionenvironmentswithMesosorKunbernetesforapplicationHAandbetterresourceutilization.

3.Easytoclonetheproductionenvironmentindeveloper’sworkstation.

4.Toperformload/scaletestingbylaunchingcontainers.

DockerArchitecture:Dockerhasclient server architecture. IthasaDockerclient andaDockerdaemon.TheDocker client instructs the Docker daemon for all the container specific tasks. Thecommunication between the Docker client and Docker daemon is carried out throughsockets or through REST API’s. Docker daemon creates runs and distributes thecontainers based on the instructions from the Docker client. Docker client and Dockerdaemoncanbeonthesamehostordifferenthosts.