Introduction to Docker
According to Wikipedia, Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are lightweight and contain everything necessary to run an application, such that they become the unit for distribution and testing of applications.
Docker helps developers build, share, and run applications anywhere which significantly reduces the delay between writing code and running it in production.
Docker Images
An image is a read-only template with instructions for creating a container. Most times, an image is based on another image known as the Base image.
A Dockerfile contains the different steps to create an image and run it.
Images can also be downloaded from a public registry such as Docker Hub which is a cloud hosted registry that allows developers to share container images. Companies can also have their private repositories where they store container images.
Docker Containers
A container is a runnable instance of an image. It defines a way to package applications with all necessary dependencies and configurations. This makes the application easy to share. It also makes development and deployment more efficient.
Before containers, all services needed to be installed independently by each developer in the same team when working on the same application. The installation steps depended on the operating system each developer uses. There were also multiple steps used to complete this installation making the process was very error prone and tedious.
However, with containers, no installation needs to be done directly on the operating system because the container is an isolated system on its own with a Linux base OS. Containers are packaged with all the needed configurations for particular services and they need to only be pulled and used.
When a container is removed, any changes to its state that are not stored in a persistent storage disappear.
Benefits of Containerization
Portability: Containers encapsulate all configurations and dependencies needed to run an application which are abstracted away from the host operating system. This facilitates the portability of the container from one environment. Because of this ease in portability, agile processes can easily be implemented for rapid application development.
Scalability: Containers are light-weight, cheap, and can easily be launched. This makes it easier and faster to scale systems, and improve responsiveness and performance.
Security: Containers isolate the processes of one container from another, as well as from the host system. Thus invasion of malicious code in one container is inherently prevented from affecting others.
Security in Docker
When docker is used properly, it can increase the overall security posture of the application in comparison to running applications directly on the host. However, misconfigurations can lead downgrade the of security and even introduce new vulnerabilities.
Set resource quotas to limit the amount of memory and CPU resources that a container can consume. This feature helps prevent one application or container from using all system resources which can be used for a Denial of Service (DoS) attack.
Do not run as a root: Running docker as an unprivileged user ensures that if an attackers breaks out of a container, they will not have root privileges on the host, hence limiting the attack surface.
Secure the container registries: Container registries make it easy to set up a central repository from where container images can easily be pulled. The container registry you use should allow only particular users to upload or download from the registry.
💡 If you are interested in knowing more about docker security, you can check out this post on 21 Docker Security Best Practices - Daemon, Image & Container.
Thank you for reading through till the end😊. I hope it helped you in one way or the other to understand and use a particular concept. If you enjoyed reading this, do leave a like ❤️ and a comment stating how I can improve 💡
Top comments (0)