how about we do some...dockering together?

software development has drastically changed in recent years, not least due to the growing importance of containerization. one name stands out in particular: docker. in this blog post, you’ll learn what docker is, how it works, and why it has transformed the way applications are developed, tested, and deployed. we’ll also look at concrete use cases and provide practical tips for getting started

what is docker?

docker is an open-source platform for containerizing applications. it allows software to be packaged into so-called containers, including all dependencies (such as libraries, runtimes, and configurations). these containers run isolated from the host system but are lighter and faster than traditional virtual machines (VMs).containers are especially popular because they:

  1. are portable – they run on any system with the Docker engine.
  2. start quickly – compared to VMs, which need to boot an entire operating system.
  3. are easy to version and manage.

docker was released in 2013 and has since established itself as the standard in the world of containers. traditional software development often suffers from the so-called “It works on my machine” problem. an application works on the developer’s PC but not on the server. the reasons for this are usually differences in:

  1. operating systems
  2. dependencies
  3. environment variables
  4. network configurations

docker solves this problem quite elegantly, as everything an application needs is included within a container. the result is a consistent runtime environment, no matter where the application is running – whether on a developer’s PC, in the cloud, or on a test server.

docker vs. vm

feature docker-container virtual machine
start time seconds minutes
resource consumption small amount high
isolation level at process level at OS level
portability very high restricted

how does docker works?

The core component is the docker Engine – a client-server system with the following main components:

  1. docker CLI (command line interface): user input tool
  2. docker daemon: background service that manages containers
  3. docker images: snapshot of an application including its enviroment
  4. docker container: runtime instance of an image

a typical workflow look like this:

  1. the developer writes a dockerfile – a text file that describes how an image should be built
  2. an image is created from this using docker build
  3. the image can be started as a container using docker run

example of a simple dockerfile


                Dockerfile
                FROM python:3.10
                COPY . /app
                WORKDIR /app
                RUN pip install -r requirements.txt
                CMD ["python", "main.py"]

imagine you want to run a small python web application using flask. without docker, you’d have to make sure that python and flask are installed on every system. with Docker, it’s much simpler. you can write a dockerfile (see above) and then build the image with docker build -t my-flask-app and start the container with docker run -d -p 5000:5000 my-flask-app and done! the application is running on http://localhost:5000. many applications consist of multiple components, such as a web server, a database, and a cache. with Docker Compose, you can define these containers in a single docker-compose.yml file and start them together.

example:


                version: '3'
                services:
                web:
                build: .
                ports:
                    - "5000:5000"
                db:
                image: postgres:13
                environment:
                POSTGRES_PASSWORD: s3cr3t

with docker-compose up everything is started at once.

security in docker

even though Docker isolates processes, this doesn’t automatically mean complete security. Some important security aspects:

  1. containers often run as root – a risk!
  2. containers should contain only the bare essentials (principle of the smallest attack surface)
  3. configure networks and volumes specifically and do not share everything
  4. perform regular updates of the images

hint: Use official images from the docker hub (https://hub.docker.com), pay attention to security updates and use tools like docker scan or trivy.

sources