How do use Docker and why does it work? The Docker platform was designed as a way to simplify the building of distributed applications so they could run more efficiently in the cloud. All of Docker Inc.’s basic composition, distribution, scheduling, and deployment components can be used with simple commands, typed into an ordinary command line interface.
The basic purpose of Docker is actually not to run colossal, scalable microservices across a wide span of hosts, although it so happens that this is one thing it ends up doing very well. Originally, Docker was designed to be a simple mechanism for deploying workloads onto a PaaS platform (at first, a specific one called dotCloud), extending the idea of in-isolation execution that was first achieved (successfully) by Linux’ LXC container system. The first developers to use Docker utilized its command-line tools to run workloads in isolation, including on simple PCs.
Locate and Acquire an Docker Image
Docker uses the concept of images to run its platform. How do you use it? First, you acquire a container image that includes the workload (the application) you wish to execute, from a registry such as Docker Hub. One way to locate this image is through Docker’s search command. All Docker commands are sent to Docker Engine by addressing its name first, so you would type docker search, followed by a term or excerpt of the title you’re searching for, such as a Linux distribution, Web server, database server, or blog server. Most every major open source workload has been assembled into multiple containers, most of them customized by their builders in particular ways. To help you select just the right one, attributes of the search command include filtering criteria, letting you narrow the search to only the most popular builds (users are encouraged to rate builds), or only trusted builds (digitally signed by their publishers).
Once you’ve located the build you’re looking for, you download it from Docker Hub (or, alternately, from the registry of your choice, such as a private registry on a public or private cloud) using the docker pull command, using the build’s name as the criterion for your selection. To help distinguish various builds from one another, the registry may utilize tags selected by their builders, although Docker reserves certain tags for convenience purposes — for example, latest, which is reserved for the most recent version of a build. The docker pull command initiates the download process.
When the download is completed, the docker images command lists all container images on the local client, and can be filtered down to specific criteria. Docker images are composable, meaning that the code for additional resources may be added to an image prior to it being run. An image is not a container; in Docker parlance, a container is the isolated form of an image being run. An image provides a snapshot of the contents of a container once it is first executed, although the composability of that image enables it to be amended and adjusted prior to execution.
How to Build and Execute a Container from an Image
The docker run command executes an image of a container within Docker Machine, and may execute any single image multiple times. The run command is surprisingly sophisticated, including the possibility of acquiring container images to which you’ve referred but which do not yet appear to exist.
The run command includes optional attributes that open up a pseudo-TTY terminal for user communication with the process running inside the container (such as a shell), and that map the keyboard input to the standard input of the application (what Linux and C developers call the stdin, or “standard-in”). This way, you can see the container and the container can “see” you. A Linux distribution that uses a shell can be addressed by including these attributes with the run command. On the other hand, a container that runs a process without needing to communicate with a user, would require neither of these attributes.
If a workload does not interact directly with the user, it may need to communicate with the outside world via IP network. With Docker’s native networking scheme, each container has access to an arbitrarily designated port mapping. A specific IP address port number for a network function, such as Web services (usually on port 80), may be mapped to any convenient port number for a container that hosts a Web server, such as Apache or NGINX. This port mapping may be stated explicitly in the docker run command, giving isolated workloads inside containers managed access to the outside world. Docker’s native port mapping may be overridden using a network overlay tool such as Weave Net, or Docker’s own SocketPlane.