- About docker and how it works
- Examples of usage
- Why we use docker at FLOV
Docker and podman use OS-level virtualization (as opposed to hardware-level virtualization) to run containers that share the host's kernel. They are most commonly used to run Linux distributions on top of a Linux host. When running Linux dockers on MacOS and Windows a virtual machine is required. The exception being when running native Windows containers on Windows.
chroot is an example of OS-level virtualization technology.
sudo debootstrap buster ./debian-buster
sudo mount --bind /dev ./debian-buster/dev
sudo mount --bind /proc ./debian-buster/proc
sudo mount --bind /sys ./debian-buster/sys
sudo cp /etc/resolv.conf ./debian-buster/etc/ # DNS
sudo chroot ./debian-buster /bin/bash
Docker and podman are designed around The Open Container Initiative (OCI), a Linux Foundation project, started in June 2015 by Docker, CoreOS, and the maintainers of appc to design open standards for operating system-level virtualization (containers).
- runc (Docker default - written in Go)
- crun (Podman default - written in C)
- nvidia container runtime (to get access to GPU)
To check which runtime is used:
docker info | grep -i runtime
podman info --format '{{.Host.OCIRuntime}}'
Example, creating your own (using debootstrap).
sudo debootstrap --arch=amd64 --variant=minbase buster ./debian-buster
sudo tar --numeric-owner -czf ../debian-buster.tar.gz .
docker import ../debian-buster.tar.gz custom-debian:buster
Specifies the distribution methods for container images, ensuring that images can interact with repositories through standardized HTTP APIs.
In practice:
docker pull <image>
Official images typically from https://hub.docker.com/
Local repositories can be created.
Hello world
docker run hello-world
docker ps -a # list all containers, even non-running ones
docker rm <container-name> # remove the container
docker run --rm hello-world # run and remove container directly afterwards
docker ps -a
Python
docker pull python:latest
docker run --rm python:latest # seemingly nothing happens
docker run --rm python:latest cat /etc/os-release # run a command
docker run --rm python:latest bash # seemingly nothing happens again
docker run --rm -it python:latest bash # run command interactively
# create script on host and run it from the docker by mounting a dir on the host
echo 'print("Hello world")' > /tmp/hello-world.py
docker run \
--rm \
-v /tmp/:/srv/ \
python:latest \
python /srv/hello-world.py
pytorch with GPU (using nvidia container runtime)
docker run \
--rm \
--gpus all \
-v /srv/data/pytorch_example/:/workspace \
pytorch/pytorch:2.6.0-cuda12.4-cudnn9-runtime \
python ./torch_example.py
Nginx (server)
docker run --rm nginx:latest
docker run -d --name nginx-server nginx:latest # run in background and name container
docker ps
docker stop nginx-server # stop container
docker start nginx-server # since container exists with a config, we can just start it
docker logs # check logs
docker inspect nginx-server # container configuration
Check out subdir /custom-webapp
- Custom image based on official python image.
Check out subdir /drupal-with-sql
- only official images, no Dockerfile
- internal network created automatically
- publishing - firewall concerns
- user privilege
- podman run as user
- container storage in home dir
- docker run as root (unless rootless)
- container storage system wide
- podman run as user
- No dependency conflicts between applications running on the same host (custom distro for each app)
- Minimal maintenance required between OS upgrades