containers Docker virtualization

Docker - The Beginning

MarGib June 18, 2026
🌐 🇵🇱 Polski · 🇬🇧 EN
Following the previous introduction, it is time for a closer look at what Docker is and what it brings to the table. By now, the concept of a container should no longer be a mystery, and the general idea behind the technology itself should be familiar. If that is not the case, it is better to start with the previous post. 

To start, let's establish what Docker is not. First of all, this solution should not be confused with the term virtual machine. Virtual machines contain an entire operating system as a separate entity, a distinct creation independent of the main operating system on which the hypervisor runs. In the case of Docker, both the operating system and the containers use the same kernel, which means they do not consume as many resources as virtual machines, but they must be based on the same operating system. Docker is also not a cloud platform, although it shows many similarities to solutions like OpenStack, CloudStack, etc. In both cases, the goal is to enable horizontal scaling of applications according to needs, but Docker is only responsible for deploying, running, and managing containers on the existing hosts where it has been installed. It does not provide the ability to create new instances or new systems as is the case with cloud platforms. Docker configuration files allow you to describe the state of a container during build time. This fact might suggest a similarity to configuration management tools like Puppet, Chef, and similar ones; however, for the ongoing lifecycle of a container, it is better to use solutions designed for that purpose. Docker does not have a native clustering solution. To coordinate larger groups of systems with Docker, additional tools should be used, e.g., Swarm, which will enable monitoring the status of all systems and their resources. 

Application deployment process.

What does the application deployment process look like? Below is a simplified list of steps. 
  1. The development team defines the resources required to run the application and requests them from the operations team.
  2. Resources are provided to the developers.
  3. All necessary components required for the application to function are installed.
  4. The application is deployed to the environment.
  5. Testing and bug fixing.
  6. Developers discover further dependencies required for the application.
  7. Operations installs the necessary additional resources.
  8. Steps 5, 6, and 7 are repeated until the desired results are achieved.
  9. Application deployment is completed.
The above process can take a lot of time, which is neither productive nor cost-effective. Software developers, wanting to shorten the time needed for deployment—for example, in the step where they request the operations team to install additional components—might be tempted to bake them directly into the application themselves to bypass this step. 

This is where tools like heroku show their utility and strength, often compared to standard deployment methods as being more efficient.

Docker is not Heroku, but it enables achieving similar results. It uses a slightly different, more open approach, offering its solutions along with all necessary elements while allowing them to be swapped for others. The starting point is using an image repository, thereby separating the responsibility for builds from deployment and maintenance. 

Assuming the above, the deployment process can look as follows: 
  1. Image build.
  2. Pushing the image to the repository.
  3. Providing information to the operations team + configuration.
  4. Deployment.
  5. Deployed application.
Issues with dependencies that appear during a standard deployment are omitted here, as they can be resolved during development and testing. Communication between development and operations teams is also significantly streamlined. 

The above already gives an idea of the benefits of using this solution. Furthermore, one can observe strong support for this project from major IT market players. Over time, the project is constantly being developed and improved. Since June 2015, we can also speak of the standardization of such solutions thanks to The Open Container Initiative

Architecture

Docker offers great capabilities and is applicable in complex solutions. In itself, it is no longer so intimidating and represents a classic client-server architecture model. It has a single executable module handling both components; the difference lies in the parameter with which it is launched. 

During operation, Docker uses existing kernel mechanisms such as: 
  1. iptables
  2. virtual bridge
  3. cgroups
  4. namespaces
The Docker client sends tasks to the Docker daemon to be performed, which can include operations such as creating, running, or distributing a container. Both the client and the server can run on the same system, or the server can exist on a separate machine. Optionally, a third component appears, the so-called registry

The registry is responsible for storing images along with their descriptive metadata. Communication starts from the client, and then Docker servers can reach out to image registries if needed. 

Docker architecture (source: https://docs.docker.com/engine/understanding-docker/)
By installing Docker, we get both client and server components as a single module, but the server can only be run on a Linux system. Starting the server-daemon requires only calling it with the -d parameter. Such a call means that the program is started as a daemon and listens for incoming connections. 

Network ports.

The port registered with IANA for the Docker tool is 2375 TCP for unencrypted communication and 2376 for encrypted communication. 

Additional tools used with Docker



Docker Compose

A tool for running multi-container applications. It allows you to create a compose file, thereby configuring all necessary services to be started with a single command. Documentation.

Docker Machine

A tool that allows you to install the Docker engine on a local Windows host and use it to issue commands and manage existing hosts with Docker installed in the infrastructure. Using docker-machine commands, you can start, check, stop, and restart managed hosts, upgrade the Docker server and client versions, and perform configuration changes. Documentation

Docker Swarm.

A solution providing a native cluster for Docker. It allows you to use a pool of Docker hosts from a single master host. Since Swarm communicates with the world using the same API as Docker, it is possible to use any tool that already communicates with Docker to leverage Swarm's capabilities. Documentation.

Docker Client

The most important interface you will encounter in Docker is the text-based client written in the GO language. Tasks that can be performed using it include: 
  • Creating container images.
  • Pulling a container image from an existing image registry.
  • Pushing created images to an image registry.
  • Running a container on a Docker server.
  • Fetching logs from a remote server.
  • Starting a command line inside a container on a remote server.

Beyond communication via the text client, it is also possible to use the API interface. 
API Documentation - https://docs.docker.com/engine/api/

 Networking

Although container processes are located within the host system itself, their behavior is slightly different from standard processes in the network layer. As a reference, one can compare containers to individual computers in a private local network. The Docker server acts as a virtual network bridge, while containers are clients connected through it. You could say it is a small internal network with connected hosts.

Each container has its own network interface connected to the Docker network bridge, and then the server ports are mapped to the container ports, which makes the container visible from the outside. Traffic directed to the container passes through a proxy mechanism existing in the Docker server. For operation, a free block of a private subnet is used, assigned to Docker's own virtual network, bridged to the local network using the docker0 interface. This solution also ensures communication between containers. Outbound traffic is handled by the virtual interface of the docker0 virtual bridge.

 Detailed documentation on Docker networking is available at:
https://docs.docker.com/engine/userguide/networking/


Where to apply the Docker solution?

The container technology offered by Docker will likely prove useful in many places. However, there are places where it fits better and others where it fits less. It is worth understanding how to fully utilize a given tool and be aware of what it will not be suitable for.

The architecture of this solution works excellently for stateless applications or those where state data is kept in internal data stores, e.g., cache or a database. In such cases, Docker forces the use of so-called programming best practices. The difference between stateful and stateless applications is that stateful ones store important data in memory, databases, or flat files and are exposed to data loss upon service restart if not permanently saved beforehand. The essence of stateless applications is that they are designed to respond quickly to individual client requests without storing any data.

General idea of Docker.

Using an analogy to other solutions, in the case of Docker, one should think of it as a separate space for storing individual Unix system processes. Such a process can also invoke other processes, and the whole thing is enclosed as if in a single separate package. One might consider it similar to virtual machines, but containers can be created and deleted much more easily. Compared to virtual machines, a container needs very few resources. There are examples where a container built from an existing image on disk takes up only 12 kilobytes. This happens because the container in this case only contains a pointer to the file system layer and metadata containing configuration information. The above boils down to the fact that you probably wouldn't use a new virtual machine just to execute a single SQL or curl request, but a container is perfect for that.

Although it is generally believed that containers are independent, isolated entities, in reality, it is more limited than one might expect. It is possible to limit their resources, but with default configuration, containers will behave like any Unix environment process, sharing and competing for the available resources of the host they are on. It is good to anticipate in advance whether many containers will share a single file system layer. The point is that if an update occurs for an image that is shared, many containers will then need to be recreated.

Processes running in containers also exist on the Docker server itself because they use the same Linux kernel. They can also be seen on the host operating system where Docker is running by using the ps command. This is a visible difference between the Docker solution and the hypervisor known from virtualization, where process isolation results from running them in a completely separate virtual machine operating system.

Security
  
The default configuration of containers is set up such that many of them use UID 0 to run processes, which does not raise objections, especially since we speak of a container as a closed, separate entity. Because the same Linux kernel is used for operation, even the simplest configuration errors can allow a container's root user to gain access to the system resources and processes of the host on which the container is located.

Earlier, I wrote that Docker works best with stateless applications. But what if such state must be saved and passed on? You can use environment variables stored in the metadata describing the container configuration for this purpose. This provides the ability to pass the same configuration to the container every time it is restarted. 



#containers #Docker #virtualization
Facebook X E-mail

Comments

Dodaj komentarz

Explore

Labels

internet 17
Google 14 Linux 11 news 8 AI 7 Windows 7 browsers 7 chrome 7 Artificial Intelligence 6 entertainment 6 web applications 6 God 5 Microsoft 5 Mind 5 Security 5 books 5 new technologies 5 Docker 4 Opera 4 Software 4 automation 4 coaching 4 containers 4 facebook 4 photography 4 technology 4 trivia 4 Android 3 BIG DATA 3 Business 3 FAQ 3 FIFA 3 Firefox 3 Google projects 3 RedHat 3 Windows system administration 3 algorithms 3 applications 3 artificial intelligence 3 bash 3 communication 3 computer science 3 curiosities 3 extensions 3 faith 3 help 3 interesting websites 3 interface 3 money 3 network 3 people 3 reading 3 religion 3 virtualization 3 web browser 3 www 3 Asus 2 Centos 2 Configuration 2 Docker Machine 2 Drones 2 Intel 2 Intelligence 2 LLM 2 Machine Learning 2 Programs 2 Technology 2 Vivaldi 2 ansible 2 children 2 cloud storage 2 communities 2 computer intelligence 2 computers 2 conferences 2 data 2 death 2 documentary 2 earning 2 file storage 2 fix 2 free application 2 free courses 2 free knowledge from the internet 2 free training 2 games 2 good movie 2 hacker 2 health 2 human 2 investments 2 knowledge 2 media 2 mind manipulation 2 mobile apps 2 mobile phones 2 movie 2 multimedia 2 opensource 2 personal competencies 2 personal development 2 personal thoughts 2 photos 2 plugin 2 programming 2 shell 2 system administration 2 terminal 2 tools 2 torrent 2 trick 2 wealth 2 weather 2 youtube 2 64 bit 1 7 1 AI Frameworks 1 AI History 1 AI Safety 1 AI in sports 1 AIMP 1 Alan Watts 1 Alexander Gerst 1 Anonymous 1 Anthropic 1 Automation 1 Banking 1 Bill Warner 1 Bono 1 C++ 1 CUDA 1 CentOS 1 Chemtrails 1 Claude 1 Claude AI 1 Coaching 1 Constitutional AI 1 Darwin 1 Debian 1 Deluge 1 DevOps 1 Diagnostics 1 Digitalization 1 EA GAMES 1 EA SPORTS 1 Email 1 Emigration 1 Error 1 FIFA 16 1 Fable 1 Flannel 1 Football 1 Free 1 Free Red Hat 1 Future of Finance 1 GUI 1 Generation Z 1 Google activity 1 Got Talent 1 HTML 1 ISIS 1 ISS 1 Intelligent email 1 Islam 1 Islamic State 1 Jacquard 1 Jboss 1 Kali Linux 1 Khan Academy 1 Kylian Mbappé 1 LibreOffice 1 Londoners 1 Maps 1 Material Design 1 Medicine 1 My take 1 Mythos 1 NVIDIA 1 Neural Networks 1 New 1 Notion 1 Open Source 1 Opera Neon 1 P2P 1 Pac-Man 1 Pekao S.A 1 Perceptron 1 Personal Development 1 Personal Finance 1 Personal development 1 Philosophy 1 Poland 1 Poles 1 PowerShell 1 Privacy 1 Productivity 1 Programming 1 Project TANGO 1 Psychology 1 RHEL7 1 Raspberry PI 1 Raspbian 1 Red Hat 1 Red Hat Enterprise Linux Developer Suite 1 Robo-advisors 1 Rust 1 SUSE 1 Snip. 1 Social Media 1 Software Engineering 1 Soli 1 Solo Projects 1 Solopreneurship 1 Sound 1 Sport 1 The Shack 1 Time Management 1 Tips 1 Tools 1 Tribler 1 U2 1 USB 1 Ubuntu 1 VentuSky 1 WBC 1 Weave 1 Web browser 1 Windows 10 1 Windows errors 1 Work 1 World Cup 1 World Cup 2026 1 X-Files 1 X-files 1 ZenFone 1 a drop of motivation 1 about this blog 1 ad blocking 1 addiction 1 aids 1 animations 1 assertiveness 1 audio 1 automateit 1 autonomous cars 1 awareness 1 bank 1 bash on windows 1 bat files 1 batch 1 battery 1 better life 1 better living 1 better quality 1 bin/bash 1 blocking 1 blogger 1 body language 1 bookmarks 1 boot 1 bootable usb 1 boxing 1 brain 1 business intelligence 1 c# 1 calc 1 campaign 1 cards 1 chemistry 1 clearance 1 clothing industry 1 cmd 1 code editor 1 coldplay 1 command history 1 command prompt 1 comments 1 configuration management 1 console 1 conspiracy 1 conspiracy theories 1 converter 1 courses 1 courses for free 1 creativity 1 cyberattacks 1 dark mode 1 date and time 1 deep learning 1 developer tools 1 digital clothing 1 disqus 1 document 1 dreams 1 dubai 1 dying 1 e-book 1 economy 1 education 1 emotions 1 energy 1 evolution 1 excel 1 exploitation 1 extreme 1 file sharing 1 file size 1 flash drive 1 flat earth 1 flying 1 food 1 football 1 for sale 1 format change 1 free 1 friend location 1 future of transport 1 future of work 1 genius 1 geoengineering 1 growing up 1 hacking 1 helion 1 history 1 hobby 1 hostname 1 hostnamectl 1 how many people live on earth 1 humor 1 immortality 1 innovation 1 installation 1 investing 1 javascript 1 kuba wojewódzki 1 labor market 1 learning 1 light 1 login 1 machine learning 1 magic 1 make life harder 1 making money 1 material design 1 meditation 1 messenger 1 mind programming 1 mindfulness 1 mobile 1 mobile photography 1 mounting 1 mp3 player 1 music 1 music player 1 mysteries 1 net use 1 network resources 1 networking 1 new player 1 new things 1 office 1 onestep4red 1 online courses 1 operating systems 1 outage 1 parenting 1 parents 1 pdf 1 penetration testing 1 performance 1 personal data 1 philosophy 1 php 1 plague 1 player 1 poison 1 promissory notes 1 prompt 1 protection 1 questions 1 radar 1 red 1 relax 1 relaxation 1 reportage 1 rest 1 robotaxi 1 science 1 scientific facts 1 screen 1 screenshot 1 show 1 skydive 1 sleep 1 smart clothing 1 smartphone 1 social engineering 1 social media 1 society 1 software 1 space 1 sport 1 sports 1 spreadsheet 1 stalking 1 statistics 1 sub-millimeter sensor 1 syngrapha 1 system acceleration 1 tablet 1 talk show 1 television 1 terrorism 1 testing 1 the world in numbers 1 threats 1 time travel 1 timelapse 1 ubuntu 1 upbringing 1 users 1 virtualbox 1 web 1 webmaster 1 websites 1 windows automation 1 wisdom 1 word processing 1 work 1 world 1 world cup 2026 1 world wide web 1 you are a miracle 1 zeitgeist 1

Blog archive

Z bloga

Table of contents