What is Docker and what problem does it solve?
Introduction: What is Docker
Very simply put, docker is a tool that simplifies the process of installing, running, distributing and deleting software.
Interestingly enough, although docker came into existence in 2013, the concept of containerizing has been available forever in all the UNIX based operating system. Historically, the UNIX based OS used the term ‘jail’ to describe a modified runtime environment for a program that prevents that program from accessing protected resources. In 2005, after the release of Sun’s Solaris Containers, ‘container’ has been the preferred word instead of ‘jail’. Using containers has been a best practice for a long time, but developing containers is not that straightforward and thus the practice had been out of reach for a lot of developers.
That’s where Docker helps. Implementing containers without getting into the complexities of it. Since all the heavy-lifting is done by docker, we don’t have to worry about highly technical and rapidly evolving world of building strong application jails.
What problem does Docker Solve?
Using any software is complex. Before installing any software we have to find out what operating system does it run on, what resources does it need, what other software does it depend upon, is there any other software already installed that might interfere with the installation, and finally, how to install it.
After installation comes the process of upgrading and maintaining the software. Computers have more that one application running. What if one application needs upgrade in the dependency but other application runs on older version of the dependency? Finally, when we want to remove a software we need to remember all the changes we had to do to install the software and then undo them after installation.
The gist is, the more software we use, the more difficult is becomes to manage and run them, and we have not even considered the security aspects of it. So, these are the problems that docker solves and we will go through them one by one:
Getting Organized
As discussed earlier, applications creates a messy web of interactions with their dependencies as shown in the figure below
But apart from the complex interaction, running application without containers also poses a risk of over consumption of resources by any one application and not leaving enough resource for others. Say for any reason (almost always, bad programming) one of your application’s memory consumption starts growing and after a time it hogs all of the memory. What will happen to your other applications? They will start to fail as well. Not a pleasant scenario at all. By deploying the application in container we also allot fixed amount of resources to them so even if they start using all the resource inside that container, that specific application might fail, but the other applications continue to run as if nothing bad happened.
In the figure below, the containerization of application has solved both the problem of dependency and resource allocation. Container A’s gcc could be version 8 and B’s could be 7, and tomorrow if you want to upgrade/downgrade one of them, the other would be unaffected.
Portability of Software
Portability among different operating systems is a major problem in software development. If a software runs only on Linux, it results in a lot of unhappy Windows and OSX users. On the other hand, if a software needs to run on all operating system, its a big headache for the developer of that software.
Docker runs natively on Linux and comes with a single virtual machine for OS X and Windows. One might argue, if using virtual machine is the solution, why not create them independently without docker, why use docker after all. The reason is simple enough. Creating virtual machines on your system introduces computing and resource overhead, so you cannot create a lot of virtual machines each for your application. What docker does is that it just creates one virtual machine (for Windows and OSX only, in Linux it is supported natively) and all the containers run in that single virtual machine. By taking this approach, the overhead of running a virtual machine is fixed while the number of containers can scale up.
This kind of portability unlocks a whole lot of softwares that were previously inaccessible for all operating systems, and secondly, its now possible to run the exact same software on any system.
Protecting your Computer
Every time we install and run new software on our computer, we are at risking the security of our computer. Containerizing the softwares helps us mitigate that risk. Like physical jail, anything inside a container can only access things that are inside it as well. This is illustrated in the figure below:
What this means is that the scope of any security threat associated with running a particular software is limited to inside the container. Creating strong application containers is complicated and a critical component of any defense in-depth strategy. It is far too commonly skipped or implemented
in a half-hearted manner and thus we use docker which helps us implement containers by abstracting the complexity of it.
References:
- Docker in Action, Jeff Nickoloff
- Docker and Kubernetes: The complete Guide (Udemy)