Docker – Part 1 – Overview


Docker is an open-source platform that allows you to build, run, test, and deploy your applications inside software containers.

  • Containers are a method of operating system virtualization that allow you to run an application and its dependencies in resource-isolated processes.
  • Containers allow you or developers to easily package up an application’s code, configurations, dependencies and ship it all out as one package. By doing so, we can rest assured that the application will run on any other machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.

In short:

  • Docker enables you to deploy your application to a container.
  • Docker is designed to deliver your applications faster.
  • Docker is also considered as a container engine and a container management tool



Virtual machines include the application, the necessary binaries and libraries, and an entire guest operating system – all of which can amount to tens of GBs

Containers include the application and all of its dependencies – but share the kernel with other containers, running as isolated processes in user space on the host operating system.

Docker containers are not tied to any specific infrastructure: they run on any computer, on any infrastructure, and in any cloud.

NOTE: Docker itself isn’t a virtualization methodology. It uses Linux container-based virtualization.


Docker Engine is a client-server application with these major components:

  • A server which is a type of long-running program called a daemon process.
  • A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
  • A command line interface (CLI) client.

The CLI makes use of the Docker REST API to control or interact with the Docker daemon through scripting or direct CLI commands. Many other Docker applications make use of the underlying API and CLI.

The Docker daemon creates and manages Docker objects (include images, containers, networks, data volumes, and so forth)


Docker uses a client-server architecture:

  • The Docker client: Command-line utility or other tool, they talk to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers.
  • The Docker daemon: creates and manages Docker objects (receives commands from the Docker client)
  • Inside Docker is
    Docker’s internals
    including Docker images, Docker registries, Docker containers

Note: Both the Docker client and the Docker daemon CAN run on the same system, and you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate via sockets or through a RESTful API.


Docker images

A Docker image is a read-only template. For example, an image could contain an Ubuntu operating system with Apache and your web application installed. Docker Images will be used to create Docker containers.

Docker provides a simple way to build new images or update existing images, or you can download Docker images that other people have already created.

Docker images are the build component of Docker.

Docker registries

Docker registries hold images. These are public or private stores from which you upload or download images.

The public Docker registry is provided with the It serves a huge collection of existing images for your use. These can be images you create yourself or you can use images that others have previously created.

Docker registries are the distribution component of Docker.

Docker containers

Docker containers are similar to a directory. A Docker container holds everything that is needed for an application to run. Each container is created from a Docker image.

Docker containers can be run, started, stopped, moved, and deleted. Each container is an isolated and secure application platform.

Docker containers are the run-component of Docker.


As you known, Docker image is read-only template.

  • Each image consists of a series of layers and Docker use a union file system to combine these layers into a single image.
  • Each image starts from a base image such as Ubuntu, CentOS. NOTE that you can also use your own images as base image

When you change an image – for example, update an application inside your image to a new version.

  • These changes called instructions. Each instruction
    creates a new layer in that image, as a result, a new layer gets built.
  • ONLY that layer is added or updated instead of replacing the whole image or entirely rebuilding.

These instructions are stored in a file called a Dockerfile.

  • A Dockerfile is a text based script that contains instructions and commands for building the image from the base image.
  • Docker reads this Dockerfile when you request a build of an image, executes the instructions, and returns a final image.
  • Instructions include actions like:
    • Run a command
    • Add a file or directory
    • Create an environment variable
    • What process to run when launching a container from this image


  • Union file systems allow files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system.


The Docker registry is the store for your Docker images. Once you build a Docker image you can push it to a public registry such as Docker Hub or to your own registry running behind your firewall.

Using the Docker client, you can search for already published images and then pull them down to your Docker host to build containers from them.

Docker Hub provides both public and private storage for images. Public storage is searchable and can be downloaded by anyone. Private storage is excluded from search results and only you and your users can pull images down and use them to build containers.


A container consists of an operating system, user-added files, and meta-data.

As we’ve seen, each container is built from an image. That image tells Docker what the container holds, what process to run when the container is launched, and a variety of other configuration data.

The Docker image is read-only. When Docker runs a container from an image, it adds a read-write layer on top of the image (using a union file system as we saw earlier) in which your application can then run


Either by using the docker binary or via the API, the Docker client tells the Docker daemon to run a container.

The Docker Engine client is launched using the docker binary with the run option running a new container. The bare minimum the Docker client needs to tell the Docker daemon to run the container is:

  • What Docker image to build the container from, for example, ubuntu
  • The command you want to run inside the container when it is launched, for example /bin/bash

In order, Docker Engine does the following:

  • Pulls the ubuntu image: Docker Engine checks for the presence of the ubuntu image. If the image already exists, then Docker Engine uses it for the new container. If it doesn’t exist locally on the host, then Docker Engine pulls it from Docker Hub.
  • Creates a new container: Once Docker Engine has the image, it uses it to create a container.
  • Allocates a filesystem and mounts a read-write layer: The container is created in the file system and a read-write layer is added to the image.
  • Allocates a network / bridge interface: Creates a network interface that allows the Docker container to talk to the local host.
  • Sets up an IP address: Finds and attaches an available IP address from a pool.
  • Executes a process that you specify: Runs your application, and;
  • Captures and provides application output: Connects and logs standard input, outputs and errors for you to see how your application is running.


Part 1:
Part 2:
Part 3:
Part 4:


About Terri

System Administrator @Netpower Datacenter

Posted on 12.07.2016, in Linux, Technical Articles and tagged , , , . Bookmark the permalink. 5 Comments.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: