Docker: Difference between revisions

Containers

At a high level, containers are a lightweight form of virtual machines which encapsulate an application and its dependencies. However, there are some key differences between containers and virtual machines:

• Some resources are shared with the host operating system, which reduces the overhead involved in comparison with a VM. How much overhead is debatable, especially given that hardware support for virtualisation exists on most modern CPUs, and any machine operating a server is likely to have this available and enabled.
• Portability of containers should make them easier to deploy and migrate across hardware.
• Lower resource utilisation, particularly RAM and CPU, means running a dozen containers is more realistic than the same number of VMs, especially on a developer's laptop.
• Due to the sharing of resources, containers always run the same kernel as the host.

Requirements

• Modern kernel
• 64 bit Linux

Security

• The Docker daemon currently requires root privileges. As a result, all docker commands must be prefixed with sudo, or alternatively you can create a group called docker and add users to that. This does not provide any security benefits.

Basic running

docker run debian

Cleanup

Containers only run as long as their main process. However, exiting the main process will only stop the container, it will not remove it from disk. To do this you must run:

docker rm [container]

Passing --rm to docker run will automatically delete the container when the main process exits, e.g.

docker run --rm debian echo "Hello World"

docker ps -a will show all containers, included those which have been stopped.

All Docker containers can be removed with the following command:

docker rm -v $(docker ps -aq -f status=exited)