The First Docker Book (Revised Edition) - Chapter 1 Introduction 1.1 Introduction to Docker

Summary: So what's so special about Docker? Docker adds an application deployment engine to a virtualized container execution environment. The goal of the engine is to provide a lightweight and fast environment that can run the developer's program, and deploy the program from the developer's notebook to the test environment easily and efficiently, and then to the production environment.

This book is excerpted from Chapter 1, Section 1.1 of the Asynchronous Community "The First Docker Book (Revised Edition)" by James Turnbull (Australia), more chapters You can visit the "Asynchronous Community" official account of Yunqi Community to view

Chapter 1 Introduction
In the computing world, containers have a long and legendary history. Containers are different from hypervisor virtualization (HV), which virtualizes one or more independent machines on physical hardware through an intermediate layer, while containers run directly on the operating system kernel user space above. Therefore, container virtualization is also called "operating system-level virtualization", and container technology allows multiple independent user spaces to run on the same host.

Because of the "guest" of the operating system, the container can only run the same or similar operating system as the underlying host, which does not seem very flexible. For example, you can run RedHat Enterprise Linux on an Ubuntu server, but you cannot run Microsoft Windows on an Ubuntu server.

Containers are considered insecure relative to fully isolated hypervisor virtualization. Opponents of this view argue that since the virtual machine virtualizes a complete operating system, this undoubtedly increases the scope of the attack, and also considers the potential exposure risk of the hypervisor layer.

Despite their limitations, containers are widely deployed in a wide variety of applications. Container technology is very popular in hyperscale multi-tenant service deployments, lightweight sandboxes, and isolated environments where security is not critical. One of the most common examples is a "chroot jail", which creates an isolated directory environment to run processes. If the running process in the privilege isolation prison is compromised by the intruder, the intruder will find himself "in prison", trapped in the directory created by the container due to insufficient permissions, and cannot further damage the host.

The latest container technologies have introduced OpenVZ, Solaris Zones, and Linux containers such as lxc. With these new technologies, containers are no longer just a mere runtime environment. Within its own authority, a container is more like a complete host. For Docker, it benefits from modern Linux kernel features, such as control group (control group), namespace (namespace) technology, more thorough isolation between container and host, container has independent network and storage stack, and also It has its own resource management capabilities, so that multiple containers in the same host can coexist amicably.

Containers are often considered lean technology because containers require limited overhead. Compared with traditional virtualization and paravirtualization, container operation does not require an emulation layer and a hypervisor layer, but uses the system call interface of the operating system. This reduces the overhead required to run a single container and also allows more containers to run on the host.

Despite their illustrious history, containers are still not widely recognized. A very important reason is the complexity of container technology: containers are inherently complex, not easy to install, and difficult to manage and automate. And Docker was born to change all that.

1.1 Introduction to Docker
Docker is an open source engine that can automatically deploy developed applications to containers. Written by the team at Docker (www.docker.com, formerly dotCloud, an established provider in the PaaS market) and released under the Apache 2.0 open source license.
So what's so special about Docker? Docker adds an application deployment engine to a virtualized container execution environment. The goal of the engine is to provide a lightweight and fast environment that can run the developer's program, and deploy the program from the developer's notebook to the test environment easily and efficiently, and then to the production environment. Docker is extremely simple, all it needs is a minimal host with a compatible version of the Linux kernel and binaries installed. The goal of Docker is to provide the following things.

1.1.1 Provide a simple and lightweight modeling method
Docker is very fast to get started, and users can "Dockerize" their own programs in just a few minutes. Docker relies on the "copy-on-write" model, which makes it very fast to modify the application, and it can be said that it has reached the realm of "do whatever you want, and the code is changed".

Afterwards, containers can be created to run the application. Most Docker containers take less than 1 second to start. Due to the removal of the overhead of the hypervisor, Docker containers have high performance, and at the same time, more containers can be run on the same host, so that users can make full use of system resources as much as possible.

1.1.2 Logical separation of responsibilities
With Docker, developers only need to care about the applications running in containers, while operators only need to care about how to manage containers. The purpose of Docker's design is to strengthen the consistency of the development environment where developers write code and the production environment where applications are deployed, thereby reducing the risk of "everything is normal during development, but it must be an operation and maintenance problem".

1.1.3 Fast and efficient development life cycle
One of Docker's goals is to shorten the cycle of code development, testing, deployment, and go live, making your applications portable, easy to build, and easy to collaborate on.

1.1.4 Encourage service-oriented architecture
Docker also encourages service-oriented architecture and microservices architecture [1]. Docker recommends that a single container run only one application or process, thus forming a distributed application model, in which an application or service can be represented as a series of interconnected containers, enabling distributed deployment Applications, extending or debugging applications are made very simple, while also improving the introspection of the program.

Note of course you don't have to stick to this pattern
if you want, you can easily run an application with multiple processes inside a container.