Fiche de révision : Mastering Docker: Container Architecture and Deployment

📋 Course Outline

1. Docker architecture & components
2. Containers & resource isolation
3. Images & layered structure
4. Docker CLI & management commands
5. Storage options & volumes
6. Networking & container connectivity
7. Dockerfile & image automation
8. Application packaging & deployment
9. Orchestration & Docker Compose

📖 1. Docker architecture & components

🔑 Key Concepts & Definitions

• Docker: An open-source platform that automates the deployment, scaling, and management of containerized applications, functioning as an engine to run containers on various operating systems.
• Container: A lightweight, standalone, and executable software package that includes an application and all its dependencies, providing isolated environments for running applications.
• Image: A read-only template used to create containers, composed of multiple layers, serving as a blueprint for containers.
• Containerization: The process of packaging applications and their dependencies into containers, enabling consistent execution across different environments without the need for full virtualization.
• Docker Engine: The core component that runs and manages containers, handling image building, container execution, and resource allocation.
• Docker Registry: A storage and distribution system for Docker images, with Docker Hub being the most popular public registry.

📝 Essential Points

• Docker enables running multiple containers simultaneously on a single OS, isolating applications without the overhead of full virtualization.
• Containers are based on Linux features like cgroups and namespaces, providing resource and process isolation without requiring separate OS instances.
• Images serve as the static templates for containers, stored in registries, and built from Dockerfiles.
• Docker's architecture includes components such as Docker Engine, Docker CLI, Docker Compose, and registries.
• Storage options include bind mounts, volumes, and in-memory storage, facilitating data persistence and sharing.
• Networking in Docker supports host port mapping, bridge networks, and user-defined networks, enabling container communication and external access.
• Dockerfiles automate image creation, defining the environment and commands to build images.
• Docker Compose simplifies orchestrating multi-container applications through YAML configuration files.

💡 Key Takeaway

Docker's architecture leverages lightweight, isolated containers built from images to provide portable, consistent, and efficient application deployment across diverse environments, all managed through a set of core components and tools.

📖 2. Containers & resource isolation

🔑 Key Concepts & Definitions

• Container: A lightweight, standalone software package that includes an application and all its dependencies, enabling consistent execution across different environments without the need for a full OS virtualization.
• Docker: An open-source platform that automates the deployment, scaling, and management of containerized applications, providing an engine to run containers efficiently.
• Image: A read-only template used to create containers, composed of multiple layers that define the application and its environment. Images are stored in registries like Docker Hub.
• Containerization: The process of packaging applications and their dependencies into containers, ensuring portability and consistency across various computing environments.
• Resource Isolation: Techniques (like cgroups and namespaces) used by containers to allocate and restrict CPU, memory, network, and other resources, preventing interference between containers and the host system.
• Namespaces: Linux kernel features that provide isolated views of system resources (e.g., process IDs, network interfaces, user IDs) for each container, ensuring separation from the host and other containers.

📝 Essential Points

• Containers share the host OS kernel but are isolated via Linux namespaces and cgroups, making them more lightweight than traditional virtual machines.
• Docker containers are not virtualization; they do not require separate OS instances, reducing overhead and licensing costs.
• Multiple containers can run simultaneously on a single host, each isolated but sharing the same kernel.
• Images serve as blueprints for containers, stored in registries like Docker Hub, and built using Dockerfiles.
• Storage options include bind mounts, volumes, and in-memory storage, facilitating data persistence and sharing.
• Networking in Docker includes host port mapping, bridge networks, and user-defined networks, enabling container communication and external access.
• Docker Compose simplifies orchestrating multi-container applications via a YAML configuration file, managing volumes and networks collectively.
• Resource isolation is achieved through cgroups (limiting CPU, memory) and namespaces (isolating process IDs, network, users).

💡 Key Takeaway

Containers leverage Linux kernel features to provide lightweight, portable, and isolated environments for applications, enabling efficient resource utilization and consistent deployment across diverse systems without the overhead of full virtualization.

📖 3. Images & layered structure

🔑 Key Concepts & Definitions

• Image: A read-only template used to create containers, composed of multiple layered filesystems that include code, runtime, libraries, and dependencies.
• Layer: A single, immutable filesystem layer in an image, representing changes or additions to the previous layer.
• Container: A runtime instance of an image, with a writable layer on top of the image layers, providing an isolated environment.
• Layered Structure: The architecture where images are built from stacked layers, enabling efficient storage, sharing, and versioning.
• Dockerfile: A script containing instructions to automate the creation of a Docker image, defining the layered build process.

📝 Essential Points

• Images are built from multiple read-only layers, which are stacked to form the complete filesystem of the container.
• Each layer in an image represents a set of filesystem changes, such as adding files or installing packages.
• When an image is updated, only the changed layers are modified or added, optimizing storage and transfer.
• Containers are instantiated from images and include a writable layer that captures runtime changes.
• The layered architecture allows for image reuse; common layers can be shared across multiple images, saving space.
• Docker Hub and other registries store images, making them accessible for download and deployment.
• Building images via Dockerfile automates the layering process, ensuring reproducibility and consistency.

💡 Key Takeaway

Docker’s layered image structure enables efficient, reusable, and portable application deployment by stacking immutable filesystem layers, with containers providing isolated, writable environments on top.

📖 4. Docker CLI & management commands

🔑 Key Concepts & Definitions

• Docker CLI: Command-line interface used to interact with Docker, allowing users to manage images, containers, networks, and volumes through commands.
• Container: A lightweight, standalone, and executable package that includes an application and its dependencies, isolated from other containers and the host system.
• Image: A read-only template used to create containers, composed of layered filesystem components, identified by a unique name or tag.
• Docker Hub: A public registry where Docker images are stored and shared; can also host private registries.
• Volumes: Persistent storage mechanisms in Docker that manage data outside of containers, allowing data to persist across container restarts.
• Dockerfile: A script containing instructions to automate the building of Docker images, defining the environment and application setup.

📝 Essential Points

• Docker commands are categorized mainly into image management (docker pull, docker build, docker push) and container management (docker run, docker ps, docker stop, docker rm).
• Containers are instantiated from images and can be run in detached mode (-d) or interactively (-it).
• Managing storage involves bind mounts, volumes, and in-memory storage, with volumes being the preferred method for persistent data.
• Networking in Docker includes bridge networks (default), custom networks, and host port mapping (-p flag) for exposing container ports.
• Dockerfiles automate image creation, enabling reproducible environments and simplifying deployment.
• Docker Compose facilitates orchestration of multi-container applications via a YAML configuration file (docker-compose.yml).

💡 Key Takeaway

Mastering Docker CLI commands for images, containers, storage, and networking is essential for efficient container management and deploying scalable, reproducible applications.

📖 5. Storage options & volumes

🔑 Key Concepts & Definitions

• Bind Mounts: Storage option that links a directory or file from the host system directly into a container, allowing real-time data sharing and persistence outside the container’s lifecycle.
• Volumes: Named, managed storage space within Docker that persists data independently of containers, stored on the host filesystem but managed by Docker.
• In-memory Storage: Temporary storage that resides entirely in RAM, offering high-speed data access but non-persistent across container restarts.
• Docker Image Layers: Read-only filesystem layers that make up a Docker image; changes are stored in a writable container layer.
• Container Volume Layer: The writable layer in a container that stores data changes during container runtime, separate from image layers.
• Docker Registry: Repository for storing and sharing Docker images, such as Docker Hub or private registries.

📝 Essential Points

• Volumes are preferred for persistent data storage due to their manageability and independence from container lifecycle; they are created and managed via Docker commands.
• Bind mounts are useful for development environments where real-time data sharing between host and container is needed.
• In-memory storage is suitable for temporary data that does not require persistence, such as cache or session data.
• Data stored in volumes can be shared among multiple containers and are resilient to container deletion.
• Docker manages volumes through commands like docker volume create, docker volume ls, and docker volume inspect.
• When deploying databases or stateful applications, volumes ensure data durability across container updates or failures.
• Volumes are stored in Docker’s default directory (/var/lib/docker/volumes) but can be mounted to custom locations.

💡 Key Takeaway

Docker volumes provide a reliable, manageable way to persist and share data across containers, making them essential for stateful applications, while bind mounts and in-memory storage serve specific use cases like development and temporary data.

📖 6. Networking & container connectivity

🔑 Key Concepts & Definitions

• Container: A lightweight, portable unit that packages an application and its dependencies, providing isolated execution environments without the overhead of full virtualization.
• Docker Image: A read-only template containing the application code, runtime, libraries, and dependencies, used to instantiate containers.
• Docker Container: A running instance of an image, isolated from the host system and other containers, with its own network and filesystem.
• Docker Network: A virtual network that allows containers to communicate with each other and with the host system, including types like bridge, host, overlay, and user-defined networks.
• Port Mapping: The process of exposing container ports to the host machine, enabling external access to containerized applications.
• Volumes: Persistent storage mechanisms in Docker, such as bind mounts and named volumes, used to store data outside containers for durability and sharing.

📝 Essential Points

• Containers are isolated environments that share the host OS kernel, unlike full VMs, making them lightweight and fast.
• Docker networks facilitate container communication; default is the bridge network, but custom networks can be created for advanced connectivity.
• Port mapping (e.g., -p 81:80) exposes container ports to the host, enabling access from outside the container.
• Volumes enable persistent data storage; they can be created (docker volume create) and attached to containers for data durability.
• Containers can be connected to multiple networks; network isolation can be managed for security and organization.
• Docker Compose simplifies multi-container orchestration, defining networks and dependencies in a docker-compose.yml file.
• Container communication can be achieved via container names within user-defined networks, simplifying network management.

💡 Key Takeaway

Docker networking provides flexible, lightweight connectivity options that enable containers to communicate securely and efficiently, supporting scalable and portable containerized applications.

📖 7. Dockerfile & image automation

🔑 Key Concepts & Definitions

• Dockerfile: A text file containing instructions to automate the building of a Docker image, specifying the base image, dependencies, configurations, and commands to set up the environment.
• Docker Image: A read-only template composed of layered filesystem snapshots that contain everything needed to run an application, including code, runtime, libraries, and dependencies.
• Layers: Individual read-only components of a Docker image, stacked to form the complete image. Each command in a Dockerfile creates a new layer.
• Build Context: The directory containing the Dockerfile and all files needed during the image build process, sent to the Docker daemon.
• docker build: CLI command used to create a Docker image from a Dockerfile.
• docker run: CLI command to instantiate a container from a Docker image, executing the specified application or command.

📝 Essential Points

• Dockerfiles automate the creation of images, ensuring reproducibility and consistency across environments.
• Each instruction in a Dockerfile (e.g., FROM, RUN, COPY, CMD) contributes to the image layers, which can be cached for faster rebuilds.
• Images are stored in registries like Docker Hub or private registries, facilitating sharing and deployment.
• Building an image involves specifying a context and Dockerfile, then executing docker build -t <name> ..
• Containers are instantiated from images using docker run, which can be customized with options for ports, volumes, and networks.
• Automating image creation with Dockerfiles simplifies complex setups, supports CI/CD pipelines, and promotes DevOps practices.

💡 Key Takeaway

Dockerfile-based automation streamlines the creation of consistent, portable images, enabling efficient deployment and scaling of containerized applications.

📖 8. Application packaging & deployment

🔑 Key Concepts & Definitions

• Docker: An open-source platform that automates the deployment, scaling, and management of applications using containerization. It isolates applications in containers, ensuring consistency across environments.

• Container: A lightweight, standalone, and executable software package that includes code, runtime, system tools, libraries, and settings, enabling applications to run reliably across different computing environments.

• Image: A read-only template used to create containers, composed of multiple layers. It acts as a blueprint for containers and is stored in registries like Docker Hub.

• Containerization: The process of packaging applications and their dependencies into containers, providing environment consistency, resource isolation, and portability without full virtualization.

• Dockerfile: A text file containing instructions to automate the building of Docker images, defining the environment, dependencies, and commands to set up the application.

• Docker Compose: A tool that simplifies multi-container application deployment through a YAML configuration file (docker-compose.yml), managing networks, volumes, and container orchestration.

📝 Essential Points

• Docker enables running multiple containers simultaneously on a single OS, each isolated but sharing the host kernel, avoiding full virtualization overhead.

• Containers are portable and can run on any system with Docker installed—laptops, servers, or cloud environments—ensuring consistent behavior.

• Images are layered; changes are stored in a writable container layer, while the underlying image remains immutable.

• Storage options include bind mounts, volumes, and in-memory storage, allowing flexible data persistence and sharing between containers.

• Networking in Docker includes host port mapping, bridge networks, and user-defined networks, facilitating container communication and external access.

• Building Docker images involves writing a Dockerfile, which automates environment setup and application packaging, leading to reproducible builds.

• Docker Compose simplifies deploying complex applications with multiple containers, managing their configurations, networks, and storage in a single YAML file.

💡 Key Takeaway

Docker streamlines application packaging and deployment by encapsulating applications and dependencies into portable containers, enabling consistent, scalable, and efficient software delivery across diverse environments.

📖 9. Orchestration & Docker Compose

🔑 Key Concepts & Definitions

• Docker Compose: A tool for defining and managing multi-container Docker applications using a YAML configuration file (docker-compose.yml). It simplifies the orchestration of complex setups involving multiple containers, networks, and volumes.

• docker-compose.yml: The configuration file used by Docker Compose to specify services, networks, volumes, and their relationships within an application.

• Services: Individual containers defined within a Docker Compose file, each representing a component of the application (e.g., web server, database).

• Volumes: Persistent storage mechanisms in Docker that allow data to be stored outside of containers, ensuring data persists across container restarts or recreations.

• Networks: Virtual networks created by Docker to enable communication between containers, such as bridge networks or custom user-defined networks.

• Orchestration: The automated arrangement, coordination, and management of multiple containers and their resources to ensure proper operation, scaling, and connectivity.

📝 Essential Points

• Docker Compose enables easy setup, deployment, and management of multi-container applications by defining all components in a single YAML file.

• The docker-compose.yml file specifies services, networks, and volumes, allowing containers to be linked and configured declaratively.

• Commands like docker-compose up start all services defined in the configuration, while docker-compose down stops and removes them, simplifying lifecycle management.

• Compose supports defining environment variables, dependencies, and resource constraints, facilitating scalable and reproducible environments.

• Orchestration with Docker Compose is suitable for development, testing, and small-scale production environments but is not designed for large-scale or distributed orchestration (e.g., Kubernetes).

• Docker Compose integrates with Docker's storage and networking features, allowing containers to share data and communicate seamlessly.

💡 Key Takeaway

Docker Compose streamlines the deployment and management of multi-container applications through declarative configuration, enabling efficient orchestration of complex Docker environments with minimal effort.

📊 Synthesis Tables

⚠️ Common Pitfalls & Confusions

1. Confusing Containers with Virtual Machines: Containers share the host OS kernel; they are not full virtualization like VMs.
2. Misunderstanding Layered Image Structure: Assuming images are monolithic; they are composed of multiple shared layers.
3. Overlooking Resource Limits: Forgetting to set CPU/memory limits can lead to resource contention.
4. Ignoring Data Persistence: Not using volumes or bind mounts causes data loss when containers are removed.
5. Incorrect Network Configuration: Misconfiguring port mappings or networks can prevent container communication.
6. Confusing Dockerfile Commands: Misusing commands like RUN, CMD, ENTRYPOINT, leading to build or runtime issues.
7. Assuming Images Are Self-Contained: Images depend on layers; updating base images affects dependent images.

✅ Exam Checklist

• Describe Docker's architecture and core components (Engine, CLI, Registry, Compose).
• Explain how containers provide resource isolation using namespaces and cgroups.
• Differentiate between images and containers, emphasizing the layered filesystem structure.
• List and describe common Docker CLI commands for managing images, containers, networks, and volumes.
• Identify storage options in Docker and their use cases, including bind mounts and volumes.
• Explain Docker networking features, including port mapping, bridge networks, and custom networks.
• Describe how Dockerfiles automate image creation and define build instructions.
• Discuss application packaging strategies with Docker, including containerization benefits.
• Outline the purpose and usage of Docker Compose for orchestrating multi-container applications.
• Understand the process of building, tagging, pushing, and pulling images from registries.
• Recognize common pitfalls related to resource limits, data persistence, and network configuration.
• Explain the layered structure of Docker images and how sharing layers optimizes storage.