How do Docker containers work?

Containers are high on the agenda for digitalization strategies with a focus on IT architectures. Containerization is considered to be the most significant upheaval in the IT world since the introduction of hardware virtualization with virtual machines (VMs). This new variant of virtualization gained momentum with the trend towards so-called microservices and away from monolithic applications.

Similar to VMs, containers are a kind of container for applications in which they can run. However, while VMs represent an entire computer environment, containers only contain the important data required to run the application. This includes operating system components such as libraries and binaries. This enables a more lightweight form of virtualization. The best-known container technology is probably Docker, which is why the term “Docker container” is on everyone's lips.

What are Docker containers?

Container technology is a modern solution for software provision. It can be compared to shipping containers: Just as these standardised transport containers carry various goods safely and efficiently, software containers encapsulate applications in isolated, portable environments. Containers enable developers to create complex software systems that function independently of the underlying infrastructure. Each container forms a self-contained unit that can accommodate applications such as databases, web servers or software programmes. The key advantage of this technology lies in its flexibility and portability. Containers can be moved seamlessly between different systems and environments - similar to a shipping container that transports its cargo safely regardless of the harbour and means of transport. This simplifies development, testing and production processes and increases efficiency in software development.

What is the difference between virtual machines and Docker containers?

Containers are referred to as a more lightweight form of virtualization, as several of them can run within an operating system installation with applications isolated from each other. If we want to achieve this separation of applications using hardware virtualization, two complete VMs including the operating system must be started. This means that VMs require significantly more resources.

In contrast to VMs, containers do not emulate the hardware, but the operating system. The VMs run directly on a physical server that is virtualized with the help of a so-called hypervisor such as VMware ESXi. Virtualization with containers takes place at a higher level, without a hypervisor. Here, the installed operating system with the container engine takes care of virtualization. This type of virtualization is significantly more complex compared to emulating a complete hardware.

What are the advantages of Docker containers?

The new technology is particularly popular with developers, as Docker containers are significantly more efficient and save resources compared to VMs: they require less CPU and memory.

Another advantage is their portability. As closed application packages, they can be executed on a wide variety of systems. This means they can not only be used for offline development, but also run smoothly on production servers, regardless of the chosen infrastructure or cloud platform. This results in greater speed and consistency in development, debugging and testing. No more discussions between development and operations along the lines of “but it still worked for me locally”.

Containers are highly scalable. If additional instances of an application are required, e.g. because the traffic on a website increases due to a good marketing campaign, new ones can simply be started and stopped again. Hundreds of containers can be started up or shut down within seconds. Orchestration solutions can make it easier to manage this large number of containers.

What is container management?

An orchestration solution is required to efficiently manage a large number of containers. The best known of these are Kubernetes, Docker Swarm and Amazon's Elastic Container Service. Among other things, they ensure starting and stopping, optimal placement on available compute nodes or the automated adjustment of required compute nodes in the event of load changes.

What are container images?

Now that the advantages of the new technology are obvious, the question arises as to how it can be built and used. The basis for containers are so-called images, a simple file that eliminates the need to install and update software. Images contain all the components needed to run an application independently of the platform. This means that an image can be transferred to another system simply by copying it. The container can then be started from the image.

Images are made available via a registry that stores, manages and provides them. The best-known public registry is Docker Hub.

What is the container lifecycle?

Of course, an image is not set in stone and can be customized at will. This customization process is also known as the container lifecycle. I would like to illustrate this using an example:

  1. Typically, the life of a Docker container begins with the download of an image from a registry. As mentioned above, a registry is a kind of warehouse for container images.
  2. We now download a sample image from it. By starting the image on our Docker host, we create the actual container. In our example, it contains an Ubuntu operating system and an Apache web server
  3. Now we can customize this as required, for example by adding another component. In our case, we use PHP.
  4. An image is created from the container again for permanent storage. The new image now consists of Ubuntu, Apache and PHP.
  5. Finally, the image is stored in the registry again and can then serve as the basis for other extensions.

What should I bear in mind?

Last but not least, here are a few tips and tricks:

  • Ideally, only one service or process should be implemented per container. Exceptions to this rule make sense if applications are closely interwoven or interdependent. For example, with PHP it can make sense to have nginx and php-fpm in the same container.
  • No user data, i.e. persistent data, should be stored in the container. Containers are to be understood as “immutable infrastructure” by default. This means that they only exist as long as they are doing something. When they are closed or redeployed, all data generated during runtime disappears. Accordingly, an external, persistent volume must be used for user data.
  • For higher quality and reusability, automation tools such as Terraform, Ansible and Jenkins should be used. With the aforementioned tools at hand and taking a few do's and don'ts into account, you can create a very modern, dynamic and highly scalable environment.

Claranet Managed Container Services