Internal

• Docker

Overview

Docker is at the same time a packaging format, a set of tools with server and client components, and a development and operations workflow. Because it defines a workflow, Docker can be seen as a tool that reduces the complexity of communication between the development and the operations teams.

Docker architecture centers on atomic and throwaway containers. During the deployment of a new version of an application, the whole runtime environment of the old version of the application is thrown away with it, including dependencies, configuration, all the way to, but excluding the O/S kernel. This means the new version of the application won't accidentally use artifacts left by the previous release, and the ephemeral debugging changes are not going to survive. This approach also makes the application portable between servers, which act as places where to dock standardized containers.

A Docker release artifact is a single file, whose format is standardized. It consists of a set of layered images.

Docker Workflow

Container

Layered Image

Docker and Virtualization

Containers implement virtualization above the O/S kernel level.

In case of O/S virtualization, a virtual machine runs its own kernel. The hypervisor that manages the VMs and the VMs use a percentage of the system's hardware resources, which are no longer available to the applications.

A container is just another process that interacts directly with the Linux kernel, and can utilize more resources that otherwise would have gone to hypervisor and the VM kernel.

Security

• https://docs.docker.com/engine/security/security/