Thanks again to everyone who joined last week’s Docker Demo webinar! There were more questions than time to answer them – and we wanted to share the Q&A publicly so everyone had access to this information on their Docker journey.
Don’t worry if you missed this most recent session, if you want to attend a future demo webinar, we host them biweekly – register here for the next one!
Featuring Chad Metcalf, Manager Solutions Engineering at Docker, Inc.
Q: Can you explain how Docker image layers work?
Docker images are read-only templates from which Docker containers are launched. Each image consists of a series of layers and we use union file systems to combine these layers into a single image. Union file systems allow files and directories of separate file systems, known as branches, to be transparently overlaid, forming a single coherent file system.
Q: Can you change where you pull images from?
Yes. Images can be pulled from Docker Hub, Docker Trusted Registry (DTR) or your deployment of the open source Registry. When you run the command
docker pull redis in your Docker Client, is by default pulling from Docker Hub, our SaaS registry service that hosts public, private and Official Repo content. To pull from your private Registry (DTR or open source), you would add a tag for that specific registry.
docker pull dtr.mycompany.com/metcalfc/redis:latest
Q: What’s included in the image that you download from the Hub? For example, when you download the redis image, did that also include the OS filesystem?
It depends on the image. Users on the hub are free to build their images however it makes sense for their project. You can always see the Dockerfile to understand what is in the image. Using redis as an example, you can go to the hub (https://hub.docker.com//redis/) and look at the Dockerfile for redis 3.0 and see how it was built from what base image. Recall that the only content you need to have in a docker image is what the application needs to run. If you look at the Docker Swarm Dockerfile (https://hub.docker.com//swarm/), you’ll see that the only things in the image are some root CA certificates and the statically linked swarm binary.
Q: How are image versions handled? For example, does redis:latest always update itself or is it the latest version of redis when I download it?
Latest is a bit of a misnomer. When you pull
image Docker will check your image cache, if you don’t have anything for image it will go to the registry and ask for the latest tag. Once you’ve pulled that if you run docker images you’ll see something like:
$ docker images image latest 0ff407d5a7d9 2 weeks ago 109.5 MB
You’ve now got the image at latest. If weeks go by and you ask for latest again, docker will check your image cache and will find a latest tag and not pull anything else. The best practice is to always use an explicit version tag if possible.
Q: How do Official Repos work? Who maintains them?
Official Repos are a collection of curated images that are maintained by Docker or by the upstream partner. These images are kept in parity with their upstream projects in versioning and patches.
Q: How do you save changes you make to an image or container?
When you pull a base image and run the application container, you can begin writing code inside the container itself. Additionally you can take a base image and add additional layers. When you are ready to save your changes, you need to run the command
docker commit and then you can also push the changed image to your Registry so it can then be shared with your team.
Q: What is the difference between a Docker container and a VM
Both VMs and containers provide isolation capabilities to application infrastructure environments, but they are different in their behavior and what is shared in that app stack. VMs run on a host running a hypervisor layer and each VM has a full instance of an OS which makes VMs bigger in size relative to containers but you can have a single host run multiple versions and types of OS’s because each is isolated in its own VM. Containers share the OS kernel on the host so that each container on that host is much smaller relative to the VM because it only contains the application and dependencies. Both VMs and containers have their respective use cases and containers run happily inside of VMs as well. Due to their smaller size and lightweight nature, containers are able to spin up in seconds.
Q: Can you have multiple apps running in one container or should you run apps in different containers?
Containers are a great way to enable microservices or distributed applications. This category of application is where many small applications are loosely coupled together to form an entire application. So instead of a monolithic code base, you could have 10’s or even 100’s of containers for your ecommerce site. With that in mind, a best practice is to have one container per application service and then linking them together to compose your distributed application.
Q: Are there any Windows images and containers?
Today Docker containers can run where any modern Linux kernel is deployed. However, support for Windows is not too far away. Microsoft has announced that the next version of Windows Server will support Docker containers.
Q: Can you limit the host resources available to a container?
There are a number of resource limits you can apply to a container at run time (CPU, memory, etc). You can read more in the docs here.
Q: How do you recommend monitoring a Docker application environment?
In recent releases, Docker Engine has released the Stats API and a number of logging drivers to make it easier for you to collect this data and then send it to the monitoring system of your choice. There are number of partners in the ecosystem that provide these capabilities today, from complex analytics to monitoring host and container level activity. Read more here.
Q: Can I “link” Docker to my Atlassian Stash (git) to use it as my repository?
Yes you can link your Github or Bitbucket accounts to the various registry services. Many users are doing this today when they dockerize their Continuous Integration and Delivery pipeline.
Q: How do I scale to more than one container? Do I need to setup a load balancer?
You can easily scale to create more than one container to have a multi-container application where each container includes a different service. If you want to scale an existing container so you have more, all you need is the command
container name=number i.e,
web=5 to scale your web servers. Once you scale an application you’ll have a number of containers running on various ports potentially across engines so you will need something to balance across these containers. The Docker Event API was built to support exactly this sort of automation. A good place to start understand how you might accomplish this is Evan Hazlett’s interlock project.
Q: Hey Chad, how can I make my terminal look like yours?
Thanks for the interest! I’ve spent more time then I will admit tweaking my development environment. There are a couple of Open Source projects I use. Starting with Steve Francia’s great vim project which includes a very opinionated vim distribution that has the vim-airline plugin out of the box. I add in the the vim-promptline and vim-tmuxline plugins to make all my environments look the same.
Learn More about Docker
- New to Docker? Try our 10 min online tutorial
- Share images, automate builds, and more with a free Docker Hub account
- Read the Docker 1.7 Release Notes
- Subscribe to Docker Weekly
- Register for upcoming Docker Online Meetups
- Attend upcoming Docker Meetups
- Register for DockerCon Europe 2015
- Start contributing to Docker