9
I’m reading about the Docker and I was confused about what a container and a image, the understanding of both are not clear to me.
6
A good analogy for understanding images and containers is that of the comment. The class would be the image, where you create the definition and behaviors that a particular container will have, and the container is the instance that you will effectively use during execution.
About your doubts, some of them are explained in documentation on the Docker base architecture.
What is an image in the context of Docker?
The image is a template that will be used by your container. It defines what will run inside, which libraries and settings will be present in your container.
The images are divided in the file system into several read-only layers, forming a stack. The images are mostly based on other images or layers, reusing what was previously built. You can add new customizations in new layers and build your image.
As in your example, you can use the PHP base image (which in turn is can be based on a Debian base image) and customize it by installing some extension or changing the settings of php.ini from a Dockerfile.
What is a container in the context of Docker?
The container is the structure you actually run. It is an isolated environment between the operating system and other containers at the process level. This includes file systems and network resources. Containers can be stopped, restarted or removed, but usually they are ephemeral. It is preferable to create a new container and start over instead of keeping containers running for a long time. Read more about this article on Pets vs Cattleen.
Is there any dependency between an image and a container or vice versa?
There is no mandatory dependency, but you usually create a new container based on an image. In the process of starting the container, a layer is added at the top of the layer stack that allows reading and writing to the running container and a volume is created for that container.
You can even start a container without any base image, but you won’t have any library or command to run inside.
With this, during the execution of this container, it is possible for internal processes to run normally, creating or editing files in this isolated volume. However, no changes persist in the previous layers of that image.
If you create two containers based on the same image, they will always be identical. It is possible to persist this layer that allows writing to a read-only layer, but this is usually done in a Dockerfile so that it is possible to reproduce the same configuration in the future.
Do containers and images have any difference? If so, what are?
They are two different concepts, but they are used together. The main difference is that you cannot directly execute an image and it is therefore read-only, a model that will be used by a container.
The container in turn allows you to execute what is set in an image so that changes that happen at runtime are not persisted back in the base image.
Another analogy I like to use is with a Linux distribution running on Live CD. ISO is your image and when you run Ubuntu Live CD, for example, you can run the system without installing it on your disk, creating new files, running your browser, among others.
Like containers, you have the option to persist with changes to your Live CD on disk or to end your session and start from scratch again.
3
It seems to me that everything depends on which "context" is employing the term "container", but yes, in general (usually) "container" will refer to the "images".
Now talk container in LXC context (LInuX Containers) may also be referring to the ability to virtualize a system (in this case Linux) on a "lower level" using operating system kernel resources, so LXC is a toolkit/features that enables such virtualization of "containers".
There are several tools, some make use of LXC, others of KVM, other "traditional" virtualization, all for similar purposes, porting software and its development environment, porting a program or more for easy execution, i.e., the use of virtualization of any level can rather be applied far beyond the development environment, at least it is what it seems to me so far, even if the initial focus is the most known (and encouraged).
I think this needs to be made clear, Docker is not a competitor, as stated by FAQ:
Docker technology is not a Replacement for LXC...
It uses LXC (just like it uses other media), it is a tool with more features and probably more dedicated to end users, focused on developers, possessing a command line interface and a simple configuration file that advances the hard part of doing certain things at hand, remembering that Docker is also able to run on Windows.
I know it seems strange that I claim that Docker uses LXC, but it runs on Windows, since this is not a Linux, but as I said that there are other tools that use LXC and other types of resources, Windows is an example of this, Docker in windows probably uses the Process Isolation (which is the "traditional" medium) or Hyper-V Isolation:
This is "traditional" method, the Microsoft documentation states that this is what resembles the LXC, but soon after states that Hyper-V is better at security, so it seems (I may be mistaken) that only provides a similar result for use, how to separate services and applications, but is not "totally isolated", this is best described in Windows containers, follows an image of how it works:
Microsoft states that this isolation mode offers enhanced security and wider compatibility between host and container versions. With Hyper-V isolation, multiple container instances run simultaneously on a host.
However, each container runs inside a virtual machine and effectively gets its own kernel. The presence of the virtual machine provides hardware level isolation between each container and the container host. Here’s an image of how it works:
Some people have confused believing it to be a new LXC or an alternative or something like that, but as LXC already states it is "the capacity" of the Linux kernel virtualizing at a lower level would not have to exist two ways to provide the same capacity, unless it was the same, but improved, but not the case.
LXD is a tool for managing containers and I don’t really know if it will replace the "simpletons" tools that LXC already has, but looking over the LXD seems more like a competitor of Docker than of native tools, of course I may be wrong, but from what I read it seems so far.
It is developed by Canonical (same developer of Ubuntu), and despite this provides support for different systems and distros (even Macos, does not mean that use LXC):
This support seems to me to demonstrate where the LXD "this", what it seems to me a competitor of the Docker.
I could also speak of LXCFS, I will summarize, is a file system designed to "resolve" some limitations of the Linux kernel, to allow access without privileges to systemd inside the container interact with the cgroups (groups of Linux controls), that is, just another tool to use with LXC.
So image and container in the context of the questions seems to me to refer to the same thing, because image is a way to refer to this, the Docker of course in turn can be one from a container to a really separate system, which will depend on the need.
The downvoter could point out where I went wrong, or whether I went wrong in everything so I could review, correct or even remove the answer?
I believe it’s because of the statement that container and image are the same thing
@gmsantos ok, thank you for trying to guide me, but as far as I have read what is based on images is the LXD and the Docker, I have not seen (or found) any mention of it in the LXC, and as I have tried to understand also based on the texts I read from the https site://linuxcontainers.org I may have misunderstood something, but I really went through everything, the only places that I saw making such a comparison of "object orientation" was a response from Soen and the such comment that you quoted, and I am not stating that they are wrong, but really it was not what I read in other places and nor understood from their site.
Did you ever read docker’s documentation? There is explained these definitions in the context that is requested in the question.
@gmsantos ok, I will read, but by the sound of your comment it seems to me that’s what I said, LXD and Docker are specific things and LXC other, as said the whole comparative q are taking into consideration is looking to me based on Docker. But I will not get into debates, I will review calmly everything you send me, because it really is something deserved to dress calmly.
Roughly speaking, the Docker uses the LXC to manage Linux containers. About LXD, I need to read more about.
@@gmsantos o q vc commented was EXACTLY what I said in the reply, Docker uses LXC (when available) and when is the desired (if the such "image" is not something "different"), and the LXD seems to follow the same as the Docker, has "images" and also "Oses" different. I’m going to be honest, and I really didn’t want to get into this debate, but it seems to me that almost everyone relied on Docker’s "behavior" and almost nothing on the linuxcontainers site, to make the affirmations and the comparative ones, including the "Soen" question similar to this and the answer and comment here in the AP question.
The question was specific to Docker and what is a container or image in this specific context.
@tvdias If Docker were an independent technology that works alone there would be some sense, but Docker is not a new technology that replaces the LXC or Hyper-V and you need to understand this, Docker is like a tool that uses these features, when available, and of course on their website they focus on explaining only the "macro", because it’s pure "marketing" of how they manage to go so far, but if you don’t understand what virtualization technologies are, and I’m not talking about Docker or LXD, I’m talking about things at processor and OS level, so you need to review this again
@tvdias the answer explains exactly this, Docker is a tool, they can invent the way they want, but to understand Docker and think he’s something independent is to be totally wrong, I can even put a hat on a duck, but it’s still a duck. So the way they organize things doesn’t necessarily take away the merit of understanding and of me explaining the core.
Browser other questions tagged docker
You are not signed in. Login or sign up in order to post.
Know the class and instance difference in OOP?
– Woss
@Woss Instance is an object of a class in memory, class is just the representation of something, at least in most languages, some class languages can be objects even having no "instance";D
– gato