Docker is an open source platform that enables developers to build, deploy, run, update and manage containers—standardized, executable components that combine application source code with the operating system (OS) libraries and dependencies required to run that code in any environment.
Containers simplify development and delivery of distributed applications. They have become increasingly popular as organizations shift to cloud-native development and hybrid multicloud environments. It’s possible for developers to create containers without Docker, by working directly with capabilities built into Linux and other operating systems. But Docker makes containerization faster, easier and safer. At this writing, Docker reported over 13 million developers using the platform (link resides outside ibm.com).
Docker also refers to Docker, Inc. (link resides outside ibm.com), the company that sells the commercial version of Docker, and to the Docker open source project to which Docker, Inc, and many other organizations and individuals contribute.
Containers are made possible by process isolation and virtualization capabilities built into the Linux kernel. These capabilities—such as control groups (Cgroups) for allocating resources among processes, and namespaces for restricting a processes access or visibility into other resources or areas of the system—enable multiple application components to share the resources of a single instance of the host operating system in much the same way that a hypervisor enables multiple virtual machines (VMs) to share the CPU, memory and other resources of a single hardware server.
As a result, container technology offers all the functionality and benefits of VMs—including application isolation, cost-effective scalability, and disposability—plus important additional advantages:
Lighter weight: Unlike VMs, containers don’t carry the payload of an entire OS instance and hypervisor. They include only the OS processes and dependencies necessary to execute the code. Container sizes are measured in megabytes (vs. gigabytes for some VMs), make better use of hardware capacity, and have faster startup times.
Improved developer productivity: Containerized applications can be written once and run anywhere. And compared to VMs, containers are faster and easier to deploy, provision and restart. This makes them ideal for use in continuous integration and continuous delivery (CI/CD) pipelines and a better fit for development teams adopting Agile and DevOps practices.
Greater resource efficiency: With containers, developers can run several times as many copies of an application on the same hardware as they can using VMs. This can reduce cloud spending.
Companies using containers report other benefits including improved app quality, faster response to market changes and much more. Learn more with this interactive tool:
Docker is so popular today that “Docker” and “containers” are used interchangeably. But the first container-related technologies were available for years—even decades (link resides outside IBM)—before Docker was released to the public in 2013.
Most notably, in 2008, LinuXContainers (LXC) was implemented in the Linux kernel, fully enabling virtualization for a single instance of Linux. While LXC is still used today, newer technologies using the Linux kernel are available. Ubuntu, a modern, open-source Linux operating system, also provides this capability.
Docker lets developers access these native containerization capabilities using simple commands, and automate them through a work-saving application programming interface (API). Compared to LXC, Docker offers:
Even lighter weight and more granular updates: With LXC, multiple processes can be combined within a single container. This makes it possible to build an application that can continue running while one of its parts is taken down for an update or repair.
Automated container creation: Docker can automatically build a container based on application source code.
Container versioning: Docker can track versions of a container image, roll back to previous versions, and trace who built a version and how. It can even upload only the deltas between an existing version and a new one.
Container reuse: Existing containers can be used as base images—essentially like templates for building new containers.
Today Docker containerization also works with Microsoft Windows and Apple MacOS. Developers can run Docker containers on any operating system, and most leading cloud providers, including Amazon Web Services (AWS), Microsoft Azure, and IBM Cloud offer specific services to help developers build, deploy and run applications containerized with Docker.
Some of the tools, terms and technologies developers encounter when using Docker include:
Every Docker container starts with a simple text file containing instructions for how to build the Docker container image. DockerFile automates the process of Docker image creation. It’s essentially a list of command-line interface (CLI) instructions that Docker Engine will run in order to assemble the image. The list of Docker commands is huge, but standardized: Docker operations work the same regardless of contents, infrastructure, or other environment variables.
Docker images contain executable application source code as well as all the tools, libraries, and dependencies that the application code needs to run as a container. When you run the Docker image, it becomes one instance (or multiple instances) of the container.
It’s possible to build a Docker image from scratch, but most developers pull them down from common repositories. Multiple Docker images can be created from a single base image, and they’ll share the commonalities of their stack.
Docker images are made up of layers, and each layer corresponds to a version of the image. Whenever a developer makes changes to the image, a new top layer is created, and this top layer replaces the previous top layer as the current version of the image. Previous layers are saved for rollbacks or to be re-used in other projects.
Each time a container is created from a Docker image, yet another new layer called the container layer is created. Changes made to the container—such as the addition or deletion of files—are saved to the container layer only and exist only while the container is running. This iterative image-creation process enables increased overall efficiency since multiple live container instances can run from just a single base image, and when they do so, they leverage a common stack.
Docker containers are the live, running instances of Docker images. While Docker images are read-only files, containers are life, ephemeral, executable content. Users can interact with them, and administrators can adjust their settings and conditions using Docker commands.
Docker Hub (link resides outside ibm.com) is the public repository of Docker images that calls itself the “world’s largest library and community for container images.” It holds over 100,000 container images sourced form commercial software vendors, open-source projects, and individual developers. It includes images that have been produced by Docker, Inc., certified images belonging to the Docker Trusted Registry, and many thousands of other images.
All Docker Hub users can share their images at will. They can also download predefined base images from the Docker filesystem to use as a starting point for any containerization project.
Other image repositories exist, as well, notably GitHub. GitHub is a repository hosting service, well known for application development tools and as a platform that fosters collaboration and communication. Users of Docker Hub can create a repository (repo) which can hold many images. The repository can be public or private, and can be linked to GitHub or BitBucket accounts.
Docker Desktop (link resides outside ibm.com) is an application for Mac or Windows that includes Docker Engine, Docker CLI client, Docker Compose, Kubernetes, and others. It also includes access to Docker Hub.
Docker daemon is a service that creates and manages Docker images, using the commands from the client. Essentially Docker daemon serves as the control center of your Docker implementation. The server on which Docker daemon runs is called the Docker host.
A Docker registry is a scalable open-source storage and distribution system for Docker images. The registry enables you to track image versions in repositories, using tagging for identification. This is accomplished using git, a version control tool.
When running just a few containers, it’s fairly simple to manage an application within Docker Engine, the industry de facto runtime. But for deployments comprising thousands of containers and hundreds of services, it’s nearly impossible to manage the workflow without the help of some purpose-built tools.
Docker plugins (link resides outside ibm.com) can be used to make Docker even more functional.A number of Docker plugins are included in the Docker Engine plugin system, and third-party plugins can be loaded as well.
Developers can use Docker Compose to manage multi-container applications, where all containers run on the same Docker host. Docker Compose creates a YAML (.YML) file that specifies which services are included in the application and can deploy and run containers with a single command. Because YAML syntax is language-agnostic, YAML files can be used in programs written in Java, Python, Ruby and many others languages.
Developers can also use Docker Compose to define persistent volumes for storage, specify base nodes, and document and configure service dependencies.
Monitoring and managing container lifecycles in more complex environments requires a container orchestration tool. While Docker includes its own orchestration tool (called Docker Swarm), most developers choose Kubernetes instead.
Kubernetes is an open-source container orchestration platform descended from a project developed for internal use at Google. Kubernetes schedules and automates tasks integral to the management of container-based architectures, including container deployment, updates, service discovery, storage provisioning, load balancing, health monitoring, and more. In addition, the open source ecosystem of tools for Kubernetes—which includes Istio and Knative—enables organizations to deploy a high-productivity platform-as-a-service (PaaS) for containerized applications and a faster on-ramp to serverless computing.
Red Hat OpenShift on IBM Cloud leverages OpenShift in public and hybrid environments for velocity, market responsiveness, scalability and reliability.
With IBM Cloud Satellite®, you can launch consistent cloud services anywhere — on premises, at the edge and in public cloud environments.
Store data where it makes the most sense for applications and services with IBM hybrid cloud storage solutions across on-premises, private and public cloud.
See how a managed cloud services approach helps mitigate potential tension between traditional IT management and DevOps culture.
New IBM research documents the surging momentum of container and Kubernetes adoption.
Build a stand-alone container image to serve Watson NLP models, and then run it on a Kubernetes or Red Hat OpenShift cluster
An enterprise container platform provides orchestration across multiple public and private clouds, to unify your environments for improved business performance and operational performance. It’s a key component of an open hybrid cloud strategy that lets you avoid vendor lock-in, build and run workloads anywhere with consistency, and optimize and modernize all of your IT. Deploy highly available, fully managed Kubernetes clusters with Red Hat OpenShift on IBM Cloud, a managed OpenShift service that leverages the enterprise scale and security of IBM Cloud to automate updates, scaling and provisioning.