Notes
Notes
Below is the screenshot of official ubuntu base image which you can
use for your container. It's just ~ 22 MB, isn't it very small ? on a
contrary if you look at official ubuntu VM image it will be close to ~ 2.3
GB. So the container base image is almost 100 times less than VM
image.
/bin: contains binary executable files, such as the ls, cp, and ps
commands.
/sbin: contains system binary executable files, such as the init and
shutdown commands.
/lib: contains library files that are used by the binary executables.
/var: contains variable data, such as log files, spool files, and
temporary files.
The host's file system: Docker containers can access the host file
system using bind mounts, which allow the container to read and
write files in the host file system.
System calls: The host's kernel handles system calls from the
container, which is how the container accesses the host's resources,
such as CPU, memory, and I/O.
What is Containerization?
Containerization is the process of packaging software code +
dependencies into a single container.
What it builds?
A Container Image.
Why it is used?
What is Docker ?
Docker is a containerization platform that provides easy way to
containerize your applications, which means, using Docker you can
build container images, run the images to create containers and also
push these containers to container regestries such as DockerHub,
Quay.io and so on.
Docker LifeCycle
The Docker daemon (dockerd) listens for Docker API requests and
manages Docker objects such as images, containers, networks, and
volumes. A daemon can also communicate with other daemons to
manage Docker services.
Docker client
The Docker client (docker) is the primary way that many Docker users
interact with Docker. When you use commands such as docker run,
the client sends these commands to dockerd, which carries them out.
The docker command uses the Docker API. The Docker client can
communicate with more than one daemon.
Docker Desktop
Docker registries
When you use the docker pull or docker run commands, the required
images are pulled from your configured registry. When you use the
docker push command, your image is pushed to your configured
registry. Docker objects
When you use Docker, you are creating and using images, containers,
networks, volumes, plugins, and other objects. This section is a brief
overview of some of those objects.
Dockerfile
Dockerfile is a file where you provide the steps to build your Docker
Image.
Images
Install Docker :
If you notice that the docker daemon is not running, you can start the
daemon using the below command
To grant access to your user to run the docker command, you should
add the user to the Docker Linux group. Docker group is create by
default when docker is installed.
In the above command ubuntu is the name of the user, you can
change the username appropriately.
NOTE: : You need to logout and login back for the changes to be
reflected.
Use the same command again, to verify that docker is up and running.
Container Operations:
Image Management:
Volume Management:
Network Management:
What is it?
A private internal network created by Docker on the host machine.
Containers can talk to each other within this network using container
names as DNS.
Example:
When?
You want containers to talk internally on one host.
Common in local development or testing.
2. Host Network
What is it?
Container uses host's own network stack. No port mapping required.
Example:
3.Overlay Networking
4.Macvlan Networking
1. Bridge Networking
Advantages:
Isolation: Each container gets its own IP; traffic goes through NAT,
isolating containers from the host.
Default mode: Automatically set up by Docker (no extra config).
Custom bridges allow better control (e.g., user-defined DNS, names).
Disadvantages:
Slight overhead: NAT introduces performance overhead.
Limited cross-host communication: Cannot communicate across
different hosts.
Manual port mapping: Needed for external access.
Use Case:
Default choice for most standalone containers.
Ideal for local development or when network isolation is important.
2. Host Networking
Advantages:
Performance: No network translation layer — direct access to host
network.
Low latency: Suitable for performance-sensitive applications.
No port mapping needed: Services are exposed directly on host ports.
Disadvantages:
No isolation: Containers share the host’s network namespace.
Port conflicts: Containers can’t use the same ports simultaneously.
Security: More risk, as containers access the host’s full network stack.
Use Case:
When maximum performance is needed (e.g., media streaming,
monitoring agents).
For trusted environments (e.g., internal tools on a secure host).
Advantages:
Cross-host communication: Containers can talk across multiple
Docker hosts.
Built-in encryption: Secure communication between nodes.
Service discovery: Integrated with Swarm’s DNS-based discovery.
Disadvantages:
Complex setup: Requires Docker Swarm or orchestrators like
Kubernetes.
More overhead: Due to encapsulation and routing layers.
Debugging is harder: Networking issues can be harder to trace.
Use Case:
For distributed applications in multi-host setups.
When using Docker Swarm or Kubernetes for container orchestration.
Scalable microservices applications.
What is eth0?
eth0 is the name of the primary Ethernet interface on a Linux system.
It represents the first physical network interface card (NIC) — like
your main network adapter.
Through eth0, your system connects to the LAN, gets IP addresses via
DHCP/static, and accesses the internet.
What is docker0?
docker0 is a virtual bridge automatically created by Docker on the
host.
It acts like a software switch.
It connects your containers together and allows them to talk to each
other internally.
It typically has an IP like 172.17.0.1.
Docker Netwoking Commands :
1. docker network ls: Lists all Docker networks, including their ID,
name, driver, and scope (local or global).
Problem Statement:
Solution
Volumes
For example:
Bind mounts also aims to solve the same problem but in a complete
different way.
Using this way, user can mount a directory from the host file system
into a container. Bind mounts have the same behavior as volumes, but
are specified using a host path instead of a volume name.
For example,