Containers

Overview

Containers are a kernel virtualization technology originating with Linux. They provide lightweight virtualization to isolate processes and resources. Containers have become popular since the emergence of Docker. Docker is the first system that allows containers to be portable on different machines. It simplifies the packaging of both applications and the applications' repository and dependencies. Even an OS file system can be packaged into a simple portable package that can be used on any other machine that runs Docker.

Containers use similar resource isolation and allocation modes as VMs. The difference between containers and VMs lies in that containers virtualize OSs but not hardware, which makes containers more portable and efficient.

Figure 1 Containers vs VMs

Containers have the following advantages over VMs:

Higher system resource utilization
With no overhead for virtualizing hardware and running a complete OS, containers outperform VMs in application execution speed, memory loss, and file storage speed. Therefore, with same configurations, containers can run more applications than VMs.
Faster startup
Traditional VMs usually take several minutes to start an application. However, Docker containerized applications run directly on the host kernel with no need to start the entire OS, so they can start within seconds or even milliseconds, greatly saving your time in development, testing, and deployment.
Consistent running environments
Inconsistent development, test, and production environments are a common issue in development. As a result, some issues cannot be detected prior to rollout. A Docker container image includes everything (code, runtime, system tools, system libraries, and settings) needed to run an application to ensure consistency in application running environments.
Easier migration
Docker provides a consistent execution environment across many platforms, both physical and virtual. Regardless of what platform Docker is running on, the applications run the same, which makes migrating them much easier. With Docker, you do not have to worry that an application running fine on one platform will fail in a different environment.
Easier maintenance and extension
A Docker image is built up from a series of layers and these layers are stacked. When you create a new container, you add a container layer on top of image layers. In this way, duplicate layers are reused, which simplify application maintenance and update as well as further image extension on base images. In addition, Docker collaborates with open-source project teams to maintain a large number of high-quality official images. You can directly use them in production environments or custom your images based on these images. This greatly improves the efficiency in creating images for applications.

Typical Process of Using Docker Containers

Before using a Docker container, you should know the core components in Docker.

Image: A Docker image is an executable package of software that includes the data needed to run an application, such as code, runtime, file systems, and executable file path of the runtime.
Image repository: A Docker image repository stores Docker images and entities to create and share container images. You can run an image on the computer where it is edited, or you can upload it to an image repository, download it to another computer, and then run it. Some repositories are public, which allow everyone to pull images from them. Some are private, which are accessible only to some users and machines.
Container: A Docker container is usually a Linux container created from a Docker image. A running container is a process running on the Docker host, but it is isolated from the host and all other processes running on the host. The process is also resource-limited, and it can access and use only resources (such as CPUs and memory) allocated to it.

Figure 2 shows the typical process of using containers.

Figure 2 Typical process of using Docker containers

A developer develops an application and creates an image on the development machine.
Docker creates the image and stores it on the machine.
The developer sends a command to Docker for uploading the image.
After receiving the command, Docker uploads the local image to the image repository.
The developer sends an image running command to the production machine.
After the command is received, Docker pulls the image from the image repository to the machine and then runs a container based on the image.

Example

In the following example, Docker packages a container image based on an Nginx image, runs an application based on the container image, and pushes the container image to an image repository.

Installing Docker

Docker is compatible with almost all operating systems. Select a Docker version that best suits your needs.

The following uses CentOS 7.5 64bit (40 GiB) as an example to describe how to quickly install Docker using a Huawei Cloud image.

Add a yum repository.

# yum install epel-release -y
# yum clean all

Install yum-utils.

# yum install -y yum-utils device-mapper-persistent-data lvm2

Configure the yum repository for Docker.

# yum-config-manager --add-repo https://mirrors.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
# sed -i 's+download.docker.com+mirrors.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

Install and run Docker.

# yum -y install docker-ce
# systemctl enable docker
# systemctl start docker

Check the installation result.

# docker --version
Docker version 26.1.4, build 5650f9b

Packaging a Docker Image

Docker provides a convenient way to package your application as a Dockerfile. Use Dockerfile to customize a simple Nginx image.

Run the following commands to create a file named Dockerfile:
```
# mkdir mynginx
# cd mynginx
# touch Dockerfile
```

Edit the Dockerfile file:

# vim Dockerfile

Add the following instructions to the Dockerfile:

# Use the Nginx image as the base image.
FROM hub.atomgit.com/amd64/nginx:1.25.2-perl 

# Run a command to modify index.html of the Nginx image.
RUN echo "hello world" > /usr/share/nginx/html/index.html

# Permit external access to port 80 of the container.
EXPOSE 80

Run the docker build command to package the image.
```
docker build -t hello .
```
In the preceding command, -t is used to add a tag to the image to name it. In this example, the image name is hello. The period . indicates that the packaging command is executed in the current directory.
Run the docker images command to view the image. The command results show that the hello image has been created and the image is created based on an Nginx image downloaded from an image repository.
```
# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello               latest              1ff61881be30        10 seconds ago      236MB
```

Pushing the Image to an Image Repository

Log in to the SWR console. In the navigation pane, choose My Images. On the page displayed, click Upload Through Client. In the dialog box displayed, click Generate a temporary login command. Then, copy the command and run it on the local host to log in to SWR.
Before uploading an image, specify a complete name for the image.
```
# docker tag hello swr.cn-east-3.myhuaweicloud.com/container/hello:v1
```
In the preceding command, the parameters are as follows:
- swr.cn-east-3.myhuaweicloud.com is the repository address, which varies with the region.
- container is the organization name. An organization is typically created in SWR. If no organization is available, an organization will be automatically created when an image is uploaded to SWR for the first time. Each organization name is unique in a single region.
- v1 is the version allocated to the hello image.

Run the docker push command to upload the image to SWR.

# docker push swr.cn-east-3.myhuaweicloud.com/container/hello:v1

To use the image, run the docker pull command to pull (download) the image.
```
# docker pull swr.cn-east-3.myhuaweicloud.com/container/hello:v1
```