Containerising with Docker

What are containers? What are Docker containers? Docker Architecture. Migrating to Docker.

What are containers?

Virtualisation logically divides resources including hardware platforms, storage, and networks between different applications. Hypervisor virtualisation allows creation of virtual machines each with its own OS, a translator program controls the interaction between the guest OS and the host OS. Container virtualisation separates the resources between processes, all of which run on the same host OS.

Source: SAP Blog

The latter when compared to the former offers advantages such as low resource overheads, easier setup, and support for dynamic use cases. As a low level design concept, containers take the form of cgroups in Linux. Each cgroup is a collection of processes, which run in isolation to other cgroups with allotted resources.

The low level APIs provided and the complexity of using cgroups led to the current design of containers. Containers are pieces of code packaged with all the dependencies into a single unit. These units can be run on any platform owing to the abstraction provided by Container Management Engines which run on the host system. The engines make use of cgroups, chroot jails, and kernel namespaces to run multiple applications in isolation. Containers support all features of virtual machines such as dedicated IPs, remote execution, and images.

What are Docker containers?

Docker is an open source container project. Docker containers are spawned from Docker images at runtime. Docker Engine installed in the host system manages all the containers running on the system.

Docker images are static in nature, they define the OS and the utilities which the container when started will have access to. Dockerfiles which specify the build of images do so in layered manner, with each line adding another utility to the previous build. These images can be stored in a central hub, like the publicly accessible Docker Hub.

Docker containers start executing from the static environment specified by the build image. Following which these can be interacted with either using CLI commands or API calls. The API calls make these highly suitable for micro-service based architectures. These also offer data persistence by binding data to local storage.

Docker Architecture

The docker engine is a client-server application composed of 3 parts: server which runs as a docker daemon, API which programs can use to communicate with the server, and the docker CLI which uses API to communicate with the server over a Unix socket or network interface. The docker daemon creates and manages docker objects such as containers, images, volumes, and networks.

Source: Docker documentation

What is Docker built on?

• namespaces to isolate the working environment of containers, including process isolation, network interface isolation, IPC resource access, filesystem mount point management, and kernel identifier management.
• cgroups for hardware sharing
• UnionFS

It uses libcontainer to combine these specifications into a container format.

Migrating to Docker

Some points to think on before deciding on moving production environment to Docker:

• Docker adds benefits for applications which are or can be easily decoupled into separate entities.
• If an entity is not stateless, then a choice must be made amongst persistence options provided by docker in the form of binds or external storage. Each option has to be evaluated in terms of availability and reliability.
• Based on the cpu and disk usage, the number of containers running per host can be determined.
• Networking modes have to be decided by using those provided by docker or something like a swarm.
• Method for service discovery and configuration management since containers may go down.
• Harden host for security purposes, and use daemon to limit resource allocation of daemon.
• Deciding on logging and log monitoring methods, though stdout remains most agreed on best practice.