-
Scalability, Maintainability, Agility, Portability.
-
Improved resource utilization.
-
A continuum of abstraction levels.
-
Sand boxing of process/Application
-
It is an application packaging and delivery mechanism.
-
Lightweight container virtualization platform.
-
Build once → run anywhere*
-
A clean, safe, hygienic and portable runtime environment.
-
No worries about missing dependencies, packages, etc.
-
Automate testing, integration, packaging → anything you can script.
-
It is portable* → so it reduces the concern about portability.
-
It reduces the time, from developing an application to putting it in to production.
-
The entire lifecycle can made more efficient, consistent and repeatable.
-
Reduce the inconsistencies between development, test, production and customer environment.
-
Because the containers are so light-weight, they significantly address performance, costs, deployment and portability issues.
-
Lighter than Virtual machines.
-
Less startup time.
-
We can run a lot of containers on a reasonably sized host.
-
Deploying and scaling is relatively easy.
-
Control Groups
-
Namespaces
-
Union filesystem
-
Kernel Security features
-
It helps to create isolated workspace for each process.
-
When you run a container, docker creates a set of namespaces for that container.
-
Control Groups are another key component of Linux Containers.
-
With Cgroup we can implement resource accounting and limiting.
-
Ensure that each container gets its fair share of memory, CPU, disk I/O.
-
Thanks to Cgroup, we can make sure that single container cannot bring the system down by exhausting resources.
-
Capabilities
-
By default docker drops all capabilities except those needed.
-
"root" within a container has much less privileges than the real "root".
-
The best practice for users would be to remove all capabilities except those explicitly required for their processes.
-
Even if an intruder manages to escalate to root within a container, it will be much harder to do serious damage, or to escalate to the host
-
-
Other kernel security features: TOMOYO, AppArmor, SELinux, GRSEC, etc.
-
SELinux provides secure separation of containers by applying SELinux policy and labels.
-
Image : It is a template which is used to launch containers.
-
Container : Container holds everything that is needed for an application to run.
-
Registry : It stores and serves up the actual image assets, and it delegates authentication to the index.
-
Index : It is the front end of Registry. It manages user accounts, permissions, search, tagging, and all that nice stuff that’s in the public web interface
-
You should be able to run docker command line on your workstation or in a VM or a machine running in public clouds.
-
We will recommend you to run a GNU/Linux distribution of your choice on your laptop or atleast a virtual machine. Then you should install docker on it.
-
Most of the Linux distributions e.g. Fedora provides you the docker package from the distribution it self.
-
Refer the below section for commands to install it on Fedora.
-
-
Before coming for the workshop, pull docker image of Fedora as conferences are not a good place to download stuff from internet.
$ docker pull fedora
Go to : Workshop hands-on guide