Docker core concepts Piotr Hajder AGH University of Science and Technology
Docker core conceptsPiotr Hajder
AGH University of Science and Technology
Why to know dockerUsecases
DevOps process
DevOps process with docker
Microservices
https://hackernoon.com/how-microservices-saved-the-internet-30cd4b9c6230
Kubernetes
https://platform9.com/blog/kubernetes-enterprise-chapter-2-kubernetes-architecture-concepts/
Further usecases
https://www.docker.com/why-docker
https://www.infoworld.com/article/3310941/why-you-should-use-docker-and-containers.html
https://www.linode.com/docs/applications/containers/when-and-why-to-use-docker/
Docker in a nutshellCore concepts
What is docker
Docker is a set of platform as a service (PaaS)products that uses OS-level virtualization to deliversoftware in packages called containers. Containersare isolated from one another and bundle their ownsoftware, libraries and configuration files; they cancommunicate with each other through well-definedchannels. All containers are run by a single operatingsystem kernel and therefore use fewer resources thanvirtual machines.
https://en.wikipedia.org/wiki/Docker_(software)
Virtualization levels vs Docker
OS-level virtualization
Shares host kernel
Shares hardware
Faster than HAL
https://www.researchgate.net/publication/326683646_Implementation_levels_of_virtualization_and_security_issues_in_cloud_computing
Container vs VM
Container VM
https://www.docker.com/resources/what-container
Networking in docker
https://docs.docker.com/config/containers/container-networking/
Security concerns in docker
https://www.oreilly.com/content/five-security-concerns-when-using-docker/
https://docs.docker.com/engine/security/security/
https://www.cimcor.com/blog/the-top-5-security-risks-in-docker-container-deployment
Kernel threats Image threats
Terminology
Docker client – docker command, used for communication with docker server
Docker server – dockerd command, builds and launches containers via client
Image – docker images consist of one or more filesystem layer. Single image can be copied to numerous hosts. Consists of name and tag.
Container – initiated from image. A specific container can exist only once. However, you can create multiple containers from the same image.
Docker in OS Container is a lightweight wrapper around a single
Unix process
Dockerd can run natively only with Linux kernel
On other systems, virtual machine is used to emulate docker environment
Other container build tools
Podman: https://github.com/containers/libpod
Kubler: https://github.com/edannenberg/kubler
Dockerfile structure
https://docs.docker.com/engine/reference/builder/
Task
REST API connects to Database
Fetch all data from single table
Send response as JSON
Run both API and Database in docker
Use docker-compose