Containers and Related Technologies
NOTE: I have notes on using the docker CLI elsewhere so don't plan to discuss the docker CLI here.
First, the chicken and/or the egg? Knowing domain terminology is critical to learning a domain. However, it's also good to get a little experience in a domain before digging into possibly more academic concerns. This RedHat article on Practical Introduction to Container terminology is nicely broken into sections initially introducing basic terminology and providing more advanced topics further down. You might want to read through the first section to at least understand the difference between an image and container before going to deep into docker tutorials. There are also links to much more detailed information in the article, you could get very deep, very quickly. You might want to save that for later. But remember it's there and review the definitions occasionally.
Speaking of learning the basics, I initially looked for books (on bookshare.org) for docker introductions. I didn't find anything as good as the docker documentation. If you've already installed Docker Desktop and setup an account on Docker Hub, you might want to jump in to the getting started tutorial. Docker even has an image ready to go with the getting-started tutorial.
After running the following command:
> docker run -dp 80:80 --name docker-getting-started-tutorial docker/getting-started
Type "localhost" into your browser's address bar and you should be in the getting started tutorial.
Note that I added the "--name" argument as I prefer to give containers names so I don't have to find the container id.
What are containers?
Containers seem to be based on three core technologies (these links are ones I found useful in trying to learn this tech myself):
- Linux Name Spaces - I learned a lot about name spaces from this RedHat article on the 7 most used Linux name spaces. And there are plenty of links to go as deep as you're willing on name spaces and containers.
- chroot (change root) - The chroot command dates back to original UNIX (see the Wikipedia article on chroot). It arguably provides some sort of isolation in which to run a process, but no real security. It's foundational to containers but far from the same thing. There is some good discussion regarding the difference between docker and simple chroot at this post on Dev Ops StackExchange .
- cgroups (control groups) - Control groups are another kernel feature used to isolate processes. These are used to control to which system resources a process or set of processes has access. This blog post from Nginx regarding name spaces and control groups goes into nice details on both technologies.
More Container Reading
Here are a few more links I found interesting. I'll start with a few and maybe add more as I dig in to details.
- Open Container Initiative (OCI) - The OCI is an organization formed to create and maintain specifications around container technologies. The idea is companies can write to the specifications and everything will interoperate.
- Building smaller container images - Another Nginx blog post (along with the name spaces and control groups) regarding why and how to build smaller images.
To get started, read this blog post from RedHat answering the question, "what is container orchestration?"
As much as people probably think docker when thinking of containers, kubernetes (AKA, 'k8s', because 'kubernetes' starts with 'k', ends with 's', and has 8 letters in between) dominates the container orchestration domain.
With that in mind, this section is intentionally very short. If you'll be supporting some application using containers to build out a distributed system possibly consisting of (too) many micro services, you'll almost certainly need to know about kubernetes. There is plenty out there already, no need for me to add more noise.
On the other hand, if you need to spin up a few services for local development, e.g., postgres for development data and redis for a local key value store, you probably want to use something like docker compose. If you haven't already, go back to the getting started section and run through the docker getting started tutorial. The tutorial shows how to configure and run multiple containers locally using docker-compose.