09 July, 2023

DOCKER

By- Bandan Kumar Sahoo

What is Docker?
Docker is an open-source container
orchestration platform. It enables developers
to package application into container.
How Containers are different from VMs?
Containers are very light-weight in nature as
they contain only application dependencies
and and some system libraries unlike VMs
that contains the whole package managers,
whole OS commands dependencies which are
of more size.
What is a Docker lifecycle?
Users would create a Dockerfile with a set of
instructions or commands that defines a
docker image. This Docker image acts as a
set of instructions to build a container.
What are networking types in Docker?
The default network in Docker is Bridge.
There are 4 types of networks in Docker:-
a. Bridge
b. Overlay
c. Host
d. MacVlan
What are distroless images in Docker?
Distroless image contains only application
and its runtime dependencies with a very
minimum operating system libraries. They
are very small and light weight images.
unlike Linux systems containing all the
system and OS dependencies which makes it
heavier.
Realtime Challenge in Docker
a. Docker daemon is a single daemon process
which can cause a single point of failure, if
the Docker daemon goes down for some
reason, whole application goes down.
b. Docker daemon runs as a root user, which
is a security threat. Any processs running as
a root can have adverse effect when it is
compormised for security reasons, it can
impact other applications or containers on
the host.
c. If you are using too much containers in a
host system. There can be resource
constraint.
How to maintain security in Containers?
a. Use Distroless image or image with not too
many packages. so that there will be minimal
vulnerability.
b. Configure custom networks (custom bridge
networks for example) and assign them to
isolate containers.
c. Use utilities like sync to scan container
images.
Why Docker monitoring is important?
Monitoring helps to identify issues
proactively That can be used to rollback any
changes to prevent the system outages.
The monitoring time series data provide
insights to fine tune applications for
robustness and better performance.
Why docker stop is preferred over docker
kill?
Docker kill abruptly stops the container
resulting in sudden disconnection and is user
is performing some actions on the contaainers
resulting in a bad experience where as docker
stop takes some seconds to gracefully stop
container after executing already given container
to docker.
Is it possible to pull/push image, run/stop
other docker containers from inside a
container?
Yes, it is possible.
Docker is written in which language?
It is written in Golang.
What is multistage builds in Docker?
Multistage build in docker allows to build yor
docker container in multiple stages allowing
you to copy artifacts from one stage to
another resulting in building light weight
containers.
What are the methodologies to restart a
container if my host system restarts due to
some issues?
There are some auto-restart policies in docker
and they are:-
1. on-failure
2. always
3. unless-stopped.
We can mention the --restart flag with the
above policies to auto-restart the container if
there is any mishap in the server.
Is it possible to use JSON instead of YAML
for docker compose?
We can use JSON for a docker compose file
by specifying the filename in the following
command:-
docker-compose -f docker-compose.json ip
What are the methodologies to restart a
container if my host system restarts due to
some issues?
There are some auto-restart policies in docker
and they are:-
1. on-failure
2. always
3. unless-stopped.
We can mention the --restart flag with the
above policies to auto-restart the container if
there is any mishap in the server.
Is it possible to use JSON instead of YAML
for docker compose?
We can use JSON for a docker compose file
by specifying the filename in the following
command:-
docker-compose -f docker-compose.json ip
Explain docker architecture.
Docker Host
Docker Host runs the Docker Daemon.
Docker Daemon listens for Docker requests.
Docker requests could be ‘docker run’,
‘docker build’, anything. It manages docker
objects such as images, containers, networks,
and volumes.
Docker Client
Docker Client is used to trigger Docker
commands. When we send any command
(docker build, docker run, etc) the docker
client sends these commands to Docker
daemon which further will deal with them.
Docker Registry

The Registry is a stateless, highly scalable

server-side application that stores and lets you
distribute Docker images. You can create your
own image or you can use public registries
namely, Docker Hub. Docker is configured to
look for images on Docker Hub by default.
We can create our own registry in fact.
So, when we run the command docker pull or
docker run, the required images are pulled from
your configured registry. When you use the
docker push command, your image is pushed to
your configured registry.