
What Exactly is Docker? - karakanb
https://medium.com/@burakkarakan/what-exactly-is-docker-1dd62e1fde38
======
orf
> # install chromedriver

> RUN apk update

> RUN apk add chromium chromium-chromedriver

These kind of poor examples lead to a huge amount of waste when using Docker
because people learning it are not taught about how layers interact, leading
to ridiculous things like 'COPY' followed by 'RUN chown'.

Layers are a _core_ part of how Docker works, why not make this example
"correct" by doing:

> RUN apk --no-cache add chromium chromium-chromedriver

Then just a comment like this: "it's important to group layers if possible to
reduce your image size. By using `--no-cache` apk will update at the same time
as installing".

~~~
fnord77
I wish Dockerfiles allowed you to group commands so that they would end up in
the same layer, so you don't have to do something ridiculous like

RUN cmd1 && cmd2 && cmd3 && cmd4

maybe with brackets:

    
    
        # 1 layer
    
        { 
    
          RUN cmd1
    
          COPY someshit
    
          RUN cmd2 -lots -of -long flags
    
          ...
    
        }

~~~
fctorial
Why do you want to avoid multiple layers. Performance?

~~~
orf
Build performance, image size and deployment speed mostly.

------
Waterluvian
I'll admit it took me a while to realise that Docker containers aren't magical
apparatuses that can run software. They are just an OS running like a VM. Yes
there's differences but I really wish learning resources began with that.

I think a lot of it has to do with the experts accidentally talking past
beginners, missing a lot of the basics before getting into teaching
abstractions.

It also reminds me of the feeling I'm experiencing now about learning
Elasticsearch. I'm amazed just how few JSON examples I can find online for the
API. It was amazing how much it helped for a peer to say, "an index is a
table, a document is a record and it's kind of like monogdb."

Furthermore this all reminds me of wrong atomic models in high school. Please
just teach me a really simple but wrong explanation then slowly work out the
details.

~~~
dharmab
>They are just an OS running like a VM.

This is exactly what Docker containers AREN'T.

Don't think of containers like tiny VMs. Think of them as processes with
additional isolation from each other.

~~~
3fe9a03ccd14ca5
A VM is a good way to logically think about the containers, and I’m sure it’s
the way the vast majority of people first think about them.

Under the hood they are simply a process isolated with namespaces, but their
behavior on the outside feels like getting a VM.

~~~
FartyMcFarter
But docker containers don't run their own kernel, which is a huge difference
to a VM.

~~~
3fe9a03ccd14ca5
My point is that most people don’t even really know that’s how a VM works.
They just think of a VM as a fresh sandbox where they can install and run
stuff without deleting somebody else’s files or programs.

~~~
wrs
I'm hearing a repeated theme in your comments that people don't know much
about how anything works, and that's supposedly OK. That's actually not OK. :)

~~~
kortex
No, that's how learning curves work. Until we can Matrix beam info into our
skulljack, humans will spend a notrivial amount of time having to make do with
using things while not fully understanding how they work.

Unless one is 31337-rockstar-ninja-IQ150-programmer, the uptake of new skills
is painful and takes time. The pedagogical process is important. It's totally
OK to not know how anything works as long as you acknowledge that and are
willing to learn.

~~~
wrs
I totally agree. That wasn’t the sentiment I was responding to, which sounded
more like “nobody knows how that works, and they don’t really need to, so why
are you wasting their time explaining how it actually works?”

------
stevebmark
> The actual way containers work is a complex topic that I will not get into
> here, but overall the concept is simple: give me an operating system (OS)
> level virtualization so that I can play around with different stuff in
> isolation.

Sad to see he gave up before he started, and instead of explaining what Docker
is, went off into the docker and docker-compose CLI commands. What an opaque
explanation too :(

Docker is hard to explain, and the official documentation won't help you
understand it. I'm sad that so few people are self aware enough to combine
just the right, minimal depth of concepts about kernels, operating systems,
systemd, namespaces, and the fact this all only works on Linux, to make a
truly approachable explanation. Most developers are really bad at teaching,
they only describe things they already know, vs actually trying to teach
something.

~~~
petilon
> _and the fact this all only works on Linux_

Docker runs on Windows. Windows containers run on Windows. Linux containers
run on Linux as well as Windows. (To run Linux containers on Windows a small
Linux kernel is run inside HyperV.)

You can think of Docker containers as VMs, except instead of running its own
copy of the OS it runs directly on top of the host machine's OS.

~~~
bitbang
That is not anything close to the kernel namespaces used to provide different
types of userspace isolation. That's crippled virtualization.

------
lazyant
Docker is 1) namespace and chroot for separating processes 2) cgroups to limit
hardware resources (CPU/RAM) . This allows for this "packaging" and kind of
"sandbox". In addition, it adds a file-saving feature by using a layering
filesystem.

Please watch this awesome presentation:
[https://www.youtube.com/watch?v=zGw_xKF47T0](https://www.youtube.com/watch?v=zGw_xKF47T0)

~~~
jdnier
That video really is awesome. A lot of practical experience distilled.

------
fulafel
The title was promising but it seems that the author hasn't noticed that
Docker the company uses the same name for many different things. On Mac and
Windows, Docker is a VM. On Linux it's what this article discusses. I don't
even know what Docker Enterprise is.

~~~
karakanb
Hey, OP here, thanks a lot for the input. I know that the company uses the
same name for multiple stuff, but I also think that, from my very own
experience, people associate the name "Docker" with containers in general,
regardless of the runtime used with them; therefore, I wanted to come up with
an explanation that is simple enough to get started with containers, and
decorate it with some examples to make things more approachable for beginners.
I believe that there are certain improvements that containers might bring to
software development lifecycle of certain products, and I wanted to enable
people to attempt improving their workflows with this article.

If you have suggestions to improve my point above in the article itself I'd be
glad to take that input and incorporate it into the article itself, feel free
to write here or reach out to me via email in my bio. Again, thank you for the
feedback.

------
zzzeek
> We are going to containerize our app, use container orchestration tools for
> deployments, and we have to install Docker.

you do not. you may also install Podman. Docker does not "own" containers,
there is an open standard for containers that any vendor may implement.

------
yegle
The post emphasize that docker (or its proper name, a container) provide
weaker isolation compare to VM but I wish author can expand on this topic a
little bit.

Also I'm disappointed that the good old chroot is not mentioned, or the BSD
jail system.

------
d_burfoot
> therefore, you will be externalizing these values and decouple them from the
> application, which will give you great flexibility in the long term

I think this is one of the worst "Best Practices" ideas that are parroted by
people who haven't thought deeply about the issue. It's really a bad legacy
from the era when most software was actually _distributed_. Now that most
software runs in environments that are controlled by the same organization
that developed the software, the principle is far less valuable.

Nowadays, most software should have most of its configuration information -
paths, DB URLs, HTTP endpoints, etc - hard-coded into it. This strategy
follows the "convention over configuration" philosophy, and it gives you a
range of benefits. First of all, you can run tests on your config to make sure
everything is working properly (check various files are present, do a SELECT *
LIMIT 1 from DB tables, etc). You can catch config errors at compile time, eg
by using enums like prod/dev/qa to represent environment names. And it prompts
you to apply a refactoring mindset to your config - when you notice that your
config code is repeating itself extensively, you'll realize this and be able
to take steps to refactor, standardize, and simplify the config.

~~~
lbotos
This feels... backwards, but it's probably because I'm indoctrinated to
external configs.

Do you have references to companies that are developing software this way at
scale?

~~~
Izkata
I'm not entirely sure if this is what GP was describing, but as a quick
example, likely any that use the Django web framework. By default it puts the
settings inside the repo, and at least at my work we just build off of that by
putting multiple settings files in the repo and switch between them depending
on dev/beta/live/etc.

------
z3t4
I'm currently working on implementing Docker support for a multi tenant
service where users can login to their IDE from a Chromebook or what not... It
seems docker was not designed for that use case. And every tutorial out there
assumes you are running as root and have the Docker daemon installed on your
local system...

~~~
wrboyce
I deal with Docker daily and don’t run as root and quite frequently am not
dealing with a local Docker instance. Maybe you should RTFM, as they say?

~~~
z3t4
How do you solve local mounts, eg. a folder on your local developer machine
mounted to a folder inside the container, if using a remote docker daemon?

My current solution is to give each user their own docker daemon running in a
dedicated virtual machine... Do you have a better solution?

------
jeffehobbs
This is a wonderful overview. Many thanks to the OP for putting this together.

~~~
karakanb
Thank you very much for your comment, it made my day. I have had a hard time
getting started with these technologies, especially with everyone talking
about these without explaining what they actually are in a basic state, that's
why I tried to come up with an article that I wish existed when I started.
There is probably a lot of stuff to improve there, but I hope it helps getting
started with these topics somehow.

------
otabdeveloper2
> What Exactly is Docker?

For 99% of the world, the answer is "a file format like .tar.gz except
composable".

These guys are really missing their target audience needs by a mile.

~~~
petilon
More like a VM that shares the host machine's OS.

------
Ericson2314
Docker is bad because while docker images crudely compose sequentially (the fs
layers), docker files don't compose at all.

The goal of Nix and Nixpkgs is to have effient recipes for building
_everything ever, in all configurations_. The docker ecosystem could never get
there.

Now containers do make sense for deployment, but that has little to do with
docker, as those docker replacements for kubernetes demonstrate.

~~~
3fe9a03ccd14ca5
> _The goal of Nix and Nixpkgs is to have effient recipes for building
> everything ever, in all configurations. The docker ecosystem could never get
> there._

Packaging is just one component of a container, and it actually works quite
well in docker, since it feels like you’re packaging up the entire OS.

------
mmis1000
I thought Docker is a common standard that defines. How archive format? How
build file format? How the config format? What operation system need to
support in order to be fully compatible with docker cli?

Instead of a cli tool.

Because there are already standalone docker implementations that implemented
with completely different technology. Just like docker on windows (the one
runs exe).

------
city41
I have a SQL library that I maintain and it supports Postgres, Maria, MySQL
and SQLite. I use Docker for integration testing and it works really well. I
have no need for these db engines otherwise, so making them just completely go
away when not working on the library is excellent.

------
cosmolev
cgroups + namespaces

~~~
toomuchtodo
And tar files!

------
kdot
Can anyone speak to why deploying your application as a container is more
expensive than deploying on an VM instance?

------
senderista
Minor correction: ECS isn't serverless. You need to explicitly allocate
instances for your cluster.

~~~
ranrotx
You don’t need to allocate instances in advance if you use Fargate.

------
arminiusreturns
cgroups and pid's, just like every other container tech

------
enriquto
just an extremely static executable

------
sadness2
What is Docker? We just don't know.

