Ivan's wiki

Site Tools

docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker [March 16, 2026 at 01:06] yanevskivdocker [May 16, 2026 at 14:56] (current) Ivan Janevski
Line 1: Line 1:
 +# docker
 +
 +## What is docker?
 +**Docker** is a tool for managing containers. Containers are somewhat like virtual machine instances except a lot more lightweight.
 +
 +Think of an application e.g. a web app. You want to run the application, but you don't want to pollute your host OS with all the baggage that comes with it (libraries, dependencies, config files, services, ...). So what do you do? You can run the application in a virtual machine.
 +
 +What does it take to run an application in a virtual machine? First, you first need to set up a virtual machine. This means giving it a slice of your hardware (CPU, RAM, HDD, ...). Then, you need to install an OS on the virtual machine (let's say, Ubuntu). Then, you also need to install everything the application needs (`apt install ...`). Finally, you need to copy your application inside the virtual machine. This works, but wastes a lot of resources + the application will obviously be a lot slower than it would have been if it was ran on the host.
 +
 +What if instead of emulating hardware, we just run the application we wanted on the host, but somehow made the application "feel" like it's in a virtual machine? That's exactly what Docker does! "Containerizing" an application means making the application "feel" like it's in a virtual machine, even though it's not.
 +
 +But actually, it's even better! Not only can we make an application "feel" like it's in a virtual machine, we can setup the environment inside the container such that everything the application expects is already there. Meaning, inside the container: every library that the application needs is already installed, every configuration file that the application reads is already configured, every environment variable that the application expects is already set, every directory that... you get the idea. All that remains is actually *running* the application inside that preconfigured container, and the application just works out of the box.
 +
 +Therefore, it's actually more appropriate to think of Docker as an "environment manager" than anything! The fact Docker containers act like lightweight virtual machines is nice to think of as an analogy, but it's not where the *true* utility of Docker lies in.
 +
 +## Install
 +Follow the guide on https://docs.docker.com/engine/install/
 +
 +On Debian and Ubuntu systems, this usually boils down to modifying `/etc/apt/sourcesl.list` then running:
 +```bash
 + $ sudo apt update
 + $ sudo apt install          \
 +       docker-ce             \
 +       docker-ce-cli         \
 +       containerd.io         \
 +       docker-buildx-plugin  \
 +       docker-compose-plugin
 +```
 +
 +If you want to make a regular user be able to use `docker` command, just add them to the `docker` group:
 +```
 + $ sudo gpasswd -a john docker
 + $ sudo groups john
 +john : john docker
 +```
 +Remember that they will have to log out and then log back in, in order for their groups to update.   Warning: Do not do this if you don't trust the user! 
 +
 +## Practice
 +In order to see what Docker is in practice, it's best if you try it yourself:
 +```
 +docker run -it --rm ubuntu:latest
 +```
 +This puts you inside a container, running bash shell as root. You can now use `apt` to install anything you like. You can also break the system if you like (e.g. run `rm -rf /usr`). When you exit the shell, everything you ever did inside is lost. This includes anything you installed, but also anything you created, edited, changed, removed, or broke.
 +
 +When you run `docker run -it --rm ubuntu:latest` again, you're put in the exact same environment again, as if you were running it for the first time. Anything you installed is no longer there, but also anything you broke before is no longer broken (e.g. if you did `rm -rf /usr` you now do have `/usr`). You get a blank slate. The power of Docker comes from the fact it's able to efficiently replicate the exact same image environment, every single time. 
 +
 +But what if you **do** want to preserve what you've installed? That's where `docker commit` and `docker build` commands come in, but that comes later.
 +
 +## Concepts
 +### Images
 +Docker images are predefined environments. You run an application within these predefined environments with `docker run -it --rm <image>`. You list images with `docker images`. You remove an image with `docker rmi <image>`.  An image is usually named `<name>:<tag>`. For example, `ubuntu:latest`. The tag is usually used for different versions of an image with the same name. You retag an image `docker tag ubuntu:latest my:example`. At this point, you can run 'ubuntu:latest' or 'my:example' -- it's the same environment (makes no difference). You rename an image by retagging it and deleting the old one with `docker rmi`.
 +
 +Docker images are pulled from https://hub.docker.com/. This is like GitHub for docker images.  You use `docker pull <image>` to pull an image from the repository to your local filesystem. You use `docker search <image>` to search the repository for a particular image.  Running the image will also pull the image if it doesn't exist on your filesystem.
 +
 +Continuing on the virtual machine analogy, you can think of a docker image as `.iso` file, containing OS installation + system configuration. Running a container is then somewhat like starting a virtual machine, installing an OS with that `.iso`, then running a desired application within that OS.
 +
 +Docker images are stored in `/var/lib/docker` directory. Docker manages images in an efficient way, using a filesystem engine called `overlay2`. Unlike `.iso` files, which are often ~4-6GB in size, docker images are usually pretty small (often several megabytes).
 +
 +The following are some image related commands you should remember:
 +
 + - `docker run -it --rm <image>` - Run a docker image with image's default application (likely, the shell)
 + - `docker images` - List docker images on your local filesystem
 + - `docker rmi <image>` - Delete a docker image from your local filesystem
 + - `docker pull <image>` - Pull a docker image from "docker.io" repository
 + - `docker search <image>` - Try to find a particular image on docker.io repositories
 + - `docker tag <image1> <image2>` - Retag an image e.g. 'ubuntu:latest' to 'my:image' (they refer to the same environment)
 +
 +### Containers
 +Docker containers are particular instances of an image. You run a container with `docker run -it --rm <image>`. You list containers with `docker ps`. You
 +