Docker, Transformation and Automation
Docker Overview
Docker is an open platform that helps companies BUILD, SHIP and RUN their applications, Docker enables to separate applications from infrastructure so that software can be delivered quickly, we can significantly reduce the delay between writing code and running it in production. With Docker, we can manage infrastructure in the same ways we manage our applications. By taking advantage of containers:
? Portability: Provide cross-platform deployment on any infrastructure.
? Agility: Low resource usage, start up fast and high performance.
? Self-sufficiency: Comprise only the libraries, files and configurations needed to deploy specific function.
Docker Architecture
Docker uses a client-server architecture to build, ship& run any application, anywhere:
? The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. Both the Docker client and daemon communicate via sockets or through a RESTful API.
? A Docker container holds everything that is needed for an application to run. Each container is created from a Docker image. A Docker image is a read-only template.
? Docker registries are the distribution component of Docker images.
These are the major resources of Docker:
? Docker daemon: As shown in the diagram above, the Docker daemon runs on a host machine. The user does not directly interact with the daemon, but instead through the Docker client.
? Docker client, in the form of the Docker binary, is the primary user interface to Docker. It accepts commands from the user and communicates back and forth with a Docker daemon.
? A Docker image is a read-only template. For example, an image could contain an Ubuntu operating system with Apache and your web application installed. Images are used to create Docker containers. Docker provides a simple way to build new images or update existing images, or you can download Docker images that other people have already created. Docker images are the build component of Docker.
? Docker registries hold images. These are public or private stores from which you upload or download images. The public Docker registry is provided with the Docker Hub. It serves a huge collection of existing images for your use. These can be images you create yourself or you can use images that others have previously created. Docker registries are the distribution component of Docker. For more information, go to Docker Registry and Docker Trusted Registry.
? Docker containers are like a directory. A Docker container holds everything that is needed for an application to run. Each container is created from a Docker image. Docker containers can be run, started, stopped, moved, and deleted. Each container is an isolated and secure application platform. Docker containers are the run component of Docker.
The Underlying technology
By this point, you’re probably wondering how exactly containers can isolate processes if they’re running on the same operating system. Two mechanisms make this possible.
1. Linux Namespaces, makes sure each process sees its own personal view ofthe system (files, processes, network interfaces, hostname, and so on).
2. Linux Control Groups (cgroups), which limit the amount of resources the processcan consume (CPU, memory, network bandwidth, and so on).
Docker Networking
The following 4 are the foundation of how containers talk to each other or outside.
VXLAN: - VXLAN is a layer 2 tunneling protocol which encapsulates L2 frames inside UDP. You can think of it as an extension of VLAN over UDP.
Network Namespace: - Very similar to namespaces in any OOP language. It is a network stack boundary that helps to create a clean segregation b/w the resources like link, iptables, routes, arp/ndp.
VETH: - Virtual ethernet device is a bidirectional pipe and can connect different namespaces.
IPTables: - A utility program that can used to configure firewalls, routes and various networking rules.
Gossip Protocol: - As the name suggests, it uses frequent exchanges of data to relay the state/information.
Following are the different network setup available and how the communication occurs in the respective setup.
Host network
This is the vanilla setup. In this namespace will be shared between the parent and container host. This will be a typical setup that we have on our local machines.
Bridge network
In this setup there is segregation between the stack. As soon as we start dockerd, it creates a default bridge called "docker0" and all the containers will be part of that namespace and use that bridge to talk to the interface.
Overlay network
Overlay comes into picture when we have multiple hosts (Cluster).
MACVLAN
In this setup, each docker acts like a real physical host, it will have its own network.
Orchestration
There are plenty of orchestration tool available for docker like DC/OS, Mesos, Swarm, Kubernetes. Container Orchestration Engine holds the metadata of your containers so that you can get one view of the cluster. It makes sure that the rules that you have provided in your configs around availability, schedules, healthcheck, loadbalancing, discovery all are met without you worrying about them.
Conclusion:- Docker had simplified the life of engineers by adding a layer of abstraction. With that abstraction came a lot of management tool that helped engineers automating the workload and get more efficient, like what VMware did way back.