This revision is designed to provide a concise overview of Docker, including basic and some advanced concepts. It is intended for developers, software engineers, and anyone interested in using Docker.

Docker is an open-source platform that enables developers to automate the deployment, scaling, and management of applications inside lightweight, portable, and self-sufficient containers. It provides an efficient and consistent way to package, distribute, and run applications, regardless of the underlying infrastructure.

Docker uses containerization technology to encapsulate applications and their dependencies, runtime environment, libraries, and configuration files into a single unit called a "container." Containers are isolated from the host system and other containers, ensuring consistent behavior across different environments.

The core component of Docker is the Docker Engine. It acts as a client-server application that runs on the host machine and manages containers. The Docker Engine includes a server (daemon) responsible for building, running, and managing containers, along with a command-line interface (CLI) that allows users to interact with the Docker Engine.

Docker follows Client-Server architecture, which includes three main components that are Docker Client, Docker Host, and Docker Registry.

is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to Docker daemon, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

• Docker CLI

is a physical or virtual machine on which the Docker platform is installed and where Docker containers are created, managed, and run. It's the environment where Docker engine, the core component of Docker, operates. A Docker host can run multiple Docker containers concurrently, each isolated from the others

• Linux
• Windows

Docker Registry manages and stores the Docker images.

1. Public Registry: Refers to a publicly accessible repository where Docker images are stored and can be shared with others. Docker Hub is one of the most popular public registries.
2. Private Registry: It is used to share images within the enterprise.

A container is a lightweight, portable, and self-sufficient software unit that encapsulates an application, its dependencies, and runtime environment. Containers provide isolation from the host system while sharing the host OS kernel, allowing for efficient resource utilization and rapid deployment.

• Portability: Applications run consistently on different platforms.
• Isolation: Improved security by isolating from the host system.
• Resource Efficiency: Containers share the host OS kernel, which reduces resource overhead compared to virtual machines. This efficiency allows for better utilization of system resources and enables running multiple containers on a single host without the need for full OS virtualization.
• Rapid Deployment: Containers enable rapid and consistent application deployment. They can be easily created, started, stopped, and scaled as needed.
• Scalability: Due to their lightweight nature, containers can be quickly scaled up or down to meet changing demand. This horizontal scalability facilitates efficient load balancing and resource allocation in distributed systems.
• Version Control and Rollback: Immutable, simplifying version management.
• DevOps and CI/CD: Containers play a significant role in modern DevOps practices and Continuous Integration/Continuous Deployment (CI/CD) pipelines. Their consistency and ease of deployment streamline development, testing, and production workflows.
• Ecosystem and Tooling: A Containers have a rich ecosystem with a wide array of supporting tools and platforms, such as Docker and Kubernetes. This ecosystem makes it easier for developers and operations teams to manage, orchestrate, and monitor containerized applications effectively.
• Microservices Architecture: Containers are well-suited for implementing microservices architecture, where applications are broken down into smaller, loosely coupled services. This enables better agility, scalability, and maintainability in complex systems.

Run command do the following

1. Pull the image if not exist
2. Create a container from it
3. Start the container

This means the run command equals the following 3 commands

1. docker image pull [image_name]
2. docker container create [image_name]
3. docker container start [container_name_or_id]

A Docker image is a snapshot of a file system with necessary application code, libraries, and dependencies, along with metadata that defines how to run the software within a container.

Docker images are built using a layered file system. Each image is composed of multiple read-only layers stacked on top of each other, forming a single coherent view. This layered approach provides efficiency, reusability, and versioning capabilities. Docker uses a union file system to combine these layers.

This means that none of its components can be altered after it's built. For instance, you cannot update the code, change the configuration, or modify any of the libraries or dependencies within the image directly. Instead, if you need to make changes to the application, you would typically create a new Docker image with those changes incorporated.

Docker images can be stored in public or private container registries. Docker Hub is a popular public registry where users can find and share images. Private registries allow organizations to manage and distribute their images securely.

Docker images can have multiple versions, allowing developers to control and track changes to the software. Versioning also facilitates rollback to a previous state in case of issues.

Docker images are designed for efficient distribution. When pulling or pushing images, Docker only transfers the necessary layers, reducing network bandwidth and speeding up image distribution.

Docker images can be reused across different environments and projects, saving time and resources. Cached layers are leveraged when building new images, making subsequent image builds faster.

Docker images play a vital role in the containerization ecosystem, enabling developers to package, distribute, and run applications in isolated environments. They provide a powerful means of encapsulating software and its dependencies, making it easier to manage complex applications and ensuring consistency across development, testing, and production environments.

A Dockerfile is a text file that contains a set of instructions used to build a Docker image, It defines the environment and configuration required for a containerized application.

The Dockerfile starts with specifying a base image using the FROM instruction. The base image serves as the starting point for building the new image, it is a minimal image that includes only the necessary components for the application, The new image inherits the file system and configuration of the base image.

The WORKDIR instruction sets the working directory inside the container. It defines the location where subsequent commands will be executed. Note that if the specified directory doesn't exist, Docker will create it. Note this instruction can be used multiple times within a Dockerfile to change the working directory for different commands.

The COPY or ADD instructions are often used to copy files from the host machine to the container. This is helpful for including application code, configurations, and other necessary files.

The Dockerfile can include various instructions to set up the environment, such as installing dependencies and setting environment variables.

The EXPOSE instruction informs Docker about the ports the container will listen on at runtime. Note that while the EXPOSE instruction informs Docker about the ports the container will potentially use, it doesn't automatically publish these ports to the host. Ports must be explicitly mapped when running a container using the -p or --publish option to make them accessible externally.

The CMD or ENTRYPOINT instruction specifies the command that runs when the container starts.
CMD, on the other hand, is used to specify the default command and arguments that should be executed when a container is started.

On the other hand ENTRYPOINT is used to specify the main command that should be executed when a container is started using the image. The default ENTRYPOINT command is /bin/sh -c.

If both ENTRYPOINT and CMD are specified in a Dockerfile, the command specified in CMD will be appended to the ENTRYPOINT command. It acts as an argument for ENTRYPOINT. The resulting command will be executed when the container is started.

Look at the following three examples

For more information Entrypoint vs CMD

There are other instructions like ENV (setting environment variables), VOLUME (defining volumes), RUN (executing commands during the image build process), and LABEL (adding metadata to the image) that further customize the container image.

Docker volume is a feature in Docker that allows you to manage and persist data outside the container's lifecycle. it provides a way to share and store data between containers and ensure that the data remains available even if the container is stopped, removed, or replaced. Docker volumes are particularly useful for managing persistent data in containerized applications.

Named volumes are created using a specified name and managed by Docker. They have identifiable names and are easy to manage and share between containers.

# Example
docker run -d --name [container_name]  -v [volume_name]:[/path/in/container] [image_name]

Anonymous volumes are created without specifying a name, and Docker assigns a random name to them. They are generally used for temporary data.

# Example
docker  run -d --name [container_name] -v [/path/in/container] [image_name]

Bind mounts allow you to mount a directory or file from the host machine into the container. This enables sharing data between the host and container, and changes in the mounted directory are immediately reflected in both places.

# Example
docker run -d --name [container_name] -v [/path/in/host]:[/path/in/container] [image_name]

Docker networks are a key feature of Docker that facilitate communication and connectivity between containers. They provide an isolated and secure environment for containers to interact with each other, as well as with external networks, such as the host network or other Docker networks. Docker networks play a vital role in creating complex multi-container applications, microservices-based architectures, and distributed systems.

This is the default network driver for Docker. Containers connected to a bridge network can communicate with each other via their internal IP addresses on the same host but are isolated from external networks.

The downside with the bridge driver is that it’s not recommended for production, the containers communicate via IP address instead of automatic service discovery to resolve an IP address to the container name. Every time you run a container, a different IP address gets assigned to it. It may work well for local development or CI/CD, but it’s definitely not a sustainable approach for applications running in production.

Another reason not to use it in production is that it will allow unrelated containers to communicate with each other, which could be a security risk.

Containers using the host network share the network namespace with the host system. They can directly access the host's network stack, This can improve network performance but sacrifices isolation.

One limitation with the host driver is that it doesn’t work on Docker desktop, you need a Linux host to use it.

Overlay networks enable communication between containers running on different Docker hosts. They are essential for creating multi-host Docker clusters.

The Docker daemon routes traffic to containers by their MAC addresses. Using the macvlan driver is sometimes the best choice when dealing with legacy applications that expect to be directly connected to the physical network, rather than routed through the Docker host’s network stack.

The none network driver does not attach containers to any network. Containers do not access the external network or communicate with other containers. You can use it when you want to disable the networking on a container.

Docker Compose is a tool for defining and running multi-container Docker applications. It allows you to define the services, networks, and volumes used by your application in a docker-compose.yml file, and Then, with a single command, you can create and start all the services from your configuration.

YAML (YAML Ain't Markup Language) is a human-readable data serialization language used to represent data in a structured and easy-to-read format. It is commonly used for configuration files and data exchange.

YAML uses indentation to define the hierarchical structure of data. Indentation with spaces is essential for indicating nested elements. The number of spaces used for indentation should be consistent throughout the file.

1. Key-Value Pairs:

   • YAML uses key-value pairs to represent data. The key is followed by a colon (:) and a space, and the value is specified after the colon. For example:

        key: value

2. Lists:

   • YAML supports lists, which are represented using hyphens (-) followed by a space, and the list items are indented under the hyphen. For example:

         fruits:
           - apple
           - orange
           - banana

3. Dictionaries:

   • In YAML, dictionary is a collection of key-value pairs. For example:

     # An user dictionary
          user:
            name: Mohamed
            age: 25

      # list of user dictionaries
          users:
            - name: Mohamed
              age: 25
              job: programmer
            - name: Mahmoud
              age: 30
              job: manager

4. Nested Structures:

   • YAML allows nesting data structures within each other. Nested elements should be indented further to the right than their parent. For example:

         person:
           name: John Doe
           age: 30
           address:
             city: New York
             country: USA

5. Three initial dashes (---) :

   • While using a YAML if we want to know the start of a file, we will supply three initial dashes (---) at the top of a file. this allow us to add multiple documents in a single file

         doc 1
         ---
         doc 2

This YAML file is the heart of Docker Compose. It defines services, networks, and volumes for your application.
Here's a basic structure:

1. Version:

   • Specifies the version of the Docker Compose file format being used. It helps Docker Compose to understand which features and syntax are available.

     version: '3'

2. Services:

   • Defines the different containers (services) that make up your application. Each service is a separate container with its own configuration.

     services:
      web:
        image: nginx:latest
      database:
        image: postgres:latest

3. Volumes:

   • Volumes are used for persistent storage and data sharing between containers. it can be named volumes or bind mounts for containers

     version: "3"
     
     services:
       app:
         image: your_image
         volumes:
           - /path/on/host:/path/in/container
           - named_volume:/path/in/container
     volumes:
       named_volume:

     In this example:

   • The first volume (/path/on/host:/path/in/container) is a bind mount, where /path/on/host on the host machine is mounted into /path/in/container within the container.

   • The second volume (named_volume:/path/in/container) is a named volume. Docker Compose will create a volume named named_volume, and it will be mounted into /path/in/container within the container.

4. Networks:

   • Specifies custom networks that connect containers. It allows services to communicate with each other over a private network.

     services:
       web:
         image: nginx:latest
         networks:
           - frontend
       db:
         image: postgres:latest
         networks:
           - backend
     
     networks:
       frontend:
       backend:

5. Configs:

   • Configs are used to provide configuration to services. They can be used to manage non-sensitive configuration data.
     They allow services to adapt their behaviour without the need to rebuild a Docker image.

     version: '3.8'
     
     services:
       web:
         image: nginx:latest
         configs:
           - nginx_config
     
     configs:
       nginx_config:
         file: ./configs/nginx.conf

     For more information
     Configs

6. Secrets:

   • Secrets are a flavor of Configs focusing on sensitive data such as passwords or API keys.

     version: '3.8'
     
     services:
       db:
         image: postgres:latest
         secrets:
           - db_password
     
     secrets:
       db_password:
         file: ./secrets/db_password.txt

     For more information
     Secrets

   Eaxample

   This is an article of How to Use it with an Example What is Docker Compose? How to Use it with an Example

I welcome any suggestions or improvements so If you have any ideas, please open an issue or submit a pull request.

• Docker سلسلة تعلم
• Docker Docs
• Docker Networking
• Chat GPT