Knowledge Base

What is Docker?

Docker is a platform that packages applications and their dependencies, ensuring they run consistently in any environment. These packages are called containers. Docker makes it easier for developers to develop, ship, and run applications. It is similar to virtualization technology, but it is lighter and uses resources more efficiently.

• Basic Concepts: Docker images, containers, Dockerfile, Docker Hub, Docker Compose
• Advantages: Portability, isolation, scalability, efficiency

What is a Container? What is the Difference Between a Container and a Virtual Machine?

A container is an isolated environment that contains everything an application needs to run (code, runtime, system tools, system libraries, settings). Virtual machines (VMs), on the other hand, are virtualized copies of physical hardware and have their own operating systems.

Key Differences:

• Size and Weight: Containers are much smaller and consume fewer resources than VMs. VMs are larger and require more resources because they contain a complete operating system.
• Startup Time: Containers can be started in seconds, while VMs take longer to start.
• Resource Usage: Containers share the host operating system's kernel and use resources more efficiently. VMs consume more resources because they have their own operating systems.

Example: Consider a web application. Using a container, we can package all the application's dependencies (e.g., Python runtime, required libraries) into a container. This container will run consistently in any Docker environment. Using a VM, we would need to install a complete operating system (e.g., Ubuntu) and then install the application's dependencies on that operating system.

What is a Docker Image? What is a Dockerfile?

A Docker Image is a read-only template used to create a container. It contains the application's code, runtime, system tools, system libraries, and settings. Images can be stored and shared in a registry such as Docker Hub.

Dockerfile is a text file used to create a Docker image. It contains instructions that specify how the image should be built. These instructions include specifying the base image, copying files, running commands, and setting environment variables.

Dockerfile Example:

# Use Ubuntu as the base image
FROM ubuntu:latest

# Install necessary packages
RUN apt-get update && apt-get install -y python3 python3-pip

# Copy application files
COPY . /app

# Set the working directory
WORKDIR /app

# Install dependencies
RUN pip3 install -r requirements.txt

# Run the application
CMD ["python3", "app.py"]

Step-by-Step Image Creation:

1. Create a Dockerfile.
2. Build the image using the docker build command:

   docker build -t my-app .

3. You can list the created image with the docker images command.
4. You can push the image to Docker Hub (optional).

Steps to Create and Manage Containers in Linux

The steps to create and manage containers in Linux are as follows:

1. Docker Installation: Install Docker suitable for your Linux distribution. For example, for Ubuntu:

   
   sudo apt-get update
   sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
   

2. Starting the Docker Service:

   sudo systemctl start docker

3. Downloading a Docker Image: Download an image from Docker Hub (e.g., Ubuntu):

   docker pull ubuntu:latest

4. Creating a Container: Create a container from the downloaded image:

   docker run -it ubuntu:latest /bin/bash

   • -it: Interactive terminal mode
   • ubuntu:latest: Image name and tag
   • /bin/bash: Command to be executed inside the container
5. Container Management: You can use the following commands to manage containers:
   • docker ps: Lists running containers.
   • docker ps -a: Lists all containers (running and stopped).
   • docker stop [container_id]: Stops the container.
   • docker start [container_id]: Starts the container.
   • docker restart [container_id]: Restarts the container.
   • docker rm [container_id]: Deletes the container.
   • docker exec -it [container_id] /bin/bash: Connects to a running container.

Example: To run an Nginx web server:

1. Download the Nginx image:

   docker pull nginx:latest

2. Create the container and map port 80 to port 80 of the host machine:

   docker run -d -p 80:80 nginx:latest

   • -d: Run in the background
   • -p 80:80: Map port 80 of the host machine to port 80 of the container
3. Verify that Nginx is running by going to http://localhost in your web browser.

What is Docker Compose? How to Use It?

Docker Compose is a tool used to define and run multi-container applications. Using a YAML file, you can define the application's services, networks, and volumes. Docker Compose makes it easy to manage complex applications.

Compose File (docker-compose.yml) Example:

version: "3.9"
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./html:/usr/share/nginx/html
  db:
    image: postgres:13
    environment:
      POSTGRES_USER: myuser
      POSTGRES_PASSWORD: mypassword
      POSTGRES_DB: mydb
    volumes:
      - db_data:/var/lib/postgresql/data

volumes:
  db_data:

Explanation:

• version: Version of the Docker Compose file format
• services: Defines the application's services (e.g., web, db)
• image: Docker image to be used for the service
• ports: Port mappings between the host machine and the container
• volumes: Volume mappings between the host machine and the container
• environment: Environment variables inside the container

Docker Compose Usage:

1. Create a docker-compose.yml file.
2. Run the following command in the directory where the file is located:

   docker-compose up -d

   • up: Starts the application
   • -d: Runs in the background
3. To stop the application:

   docker-compose down

What is Docker Hub? Image Publishing and Pulling Operations

Docker Hub is a cloud-based registry service used to store and share Docker images. Developers can use Docker Hub to publish their own images and pull images from others. Docker Hub supports both public and private image repositories.

Docker Hub Usage:

1. Create a Docker Hub account.
2. Log in to your Docker Hub account in your terminal:

   docker login

3. Create your own image or tag an existing image:

   docker tag my-app username/my-app:v1

   • my-app: The name of the existing image
   • username: Your Docker Hub username
   • my-app:v1: The name and tag of the new image
4. Push the image to Docker Hub:

   docker push username/my-app:v1

5. To pull another image:

   docker pull username/other-app:latest

Security Issues and Best Practices Related to Docker

Security is an important issue when using Docker. Here are some security issues and best practices to consider:

• Base Image Security: Use reliable and up-to-date base images. Prefer official and verified images on Docker Hub.
• Image Scanning: Regularly scan your images for vulnerabilities. Docker Hub offers automatic image scanning features. You can also use third-party tools like Clair.
• User Authorization: Avoid running containers as the root user. If possible, create a dedicated user and run the container under that user.
• Resource Limitations: Limit the resources that containers can use, such as CPU, memory, and disk. This prevents one container from consuming excessive resources and affecting other containers.
• Network Security: Limit communication between containers. By using Docker networks, you can isolate containers and allow only necessary containers to communicate with each other.
• Secret Management: Avoid embedding sensitive information such as API keys, passwords, and certificates directly into containers. Use tools like Docker Secrets or HashiCorp Vault to securely manage secrets.
• Dockerfile Security: Avoid installing unnecessary packages in your Dockerfiles. Also, when using the COPY command, copy only the necessary files.
• Stay Up-to-Date: Regularly update Docker and related tools. Security vulnerabilities are often fixed with updates.