Introduction
Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.
Video: https://youtu.be/Q5POuMHxW-0
Docker vs Virtual Machine
1. Snapshot process is faster in Docker than VMs
We generally start with a base image, and then make our changes, and commit those changes using docker, and it creates an image. This image contains only the differences from the base. When we want to run our image, we also need the base, and it layers our image on top of the base using a layered file system. File system merges the different layers together and we get what we want, and we just need to run it. Since docker typically builds on top of ready-made images from a registry, we rarely have to "snapshot" the whole OS ourself. This ability of Dockers to snapshot the OS into a common image also makes it easy to deploy on other docker hosts.
2. Startup time is less for Docker than VMs
A virtual machine usually takes minutes to start, but containers takes seconds, and sometime even less than a second.
4. Docker images have more portability
Docker images are composed of layers. When we pull or transfer an image, only the layers we haven’t yet in cache are retrieved. That means that if we use multiple images based on the same base Operating System, the base layer is created or retrieved only once. VM images doesn't have this flexibility.
5. Docker provides versioning of images
We can use the docker commit command. We can specify two flags: -m
and -a.
The -m
flag allows us to specify a commit message, much like we would with a commit on a version control system:
6. Docker images do not have states
In Docker terminology, a read-only Layer is called an image. An image never changes. Since Docker uses a Union File System, the processes think the whole file system is mounted read-write. But all the changes go to the top-most writeable layer, and underneath, the original file in the read-only image is unchanged. Since images don't change, images do not have state.
7. VMs are hardware-centric and docker containers are application-centric
Let's say we have a container image that is 1GB in size. If we wanted to use a Full VM, we would need to have 1GB times x number of VMs you want. In docker container we can share the bulk of the 1GB and if you have 1000 containers we still might only have a little over 1GB of space for the containers OS, assuming they are all running the same OS image.
Docker & Security
Docker brings security to applications running in a shared environment, but containers by themselves are not an alternative to taking proper security measures.
Last updated