To offer a consistent experience to the application developers, some key concepts are used in Docker’s architecture that are worth discussing.
Docker images
A Docker image is a reusable read-only template that includes code, dependencies, runtime, and tools that can be replicated by one or more containers. It is usually based on another parent image and adds some customization delta on top of it. For example, using Ubuntu as a base image, you could add Nginx on top to build an image that offers web server capabilities.
You can create your own Dockerfile – a blueprint that contains all instructions for creating Docker images. It specifies the base image to use, the dependencies to install, and the commands to run during the image creation process. Once the Docker image has been built, it can be used to spawn multiple containers.
Filesystem layers
This is what powers the creation of images andcontainer executions. Every single instruction in your Dockerfile results in a new read-only layer being added on top of previous instructions. When acontainer is spun off from this image, Docker adds an ephemeral thin read-write layer for the specific container instance that can be used by processes running inside that container.
Docker containers
Containers are the running instances of an image. The thin write-only layer they get lasts for the lifetime of the container and can be used by the contained processes for any transient needs. The docker run command we have used in the book creates a container by pulling the akskap/ awsdevopssimplified-toolbox image onto your local system (if it doesn’t exist already) andthen running a container from the packaged artifact.
We can see how containers, images, and the surrounding tools work together in Figure 7.1:
Figure 7.1 – Docker ecosystem and the relationship between containers and images
Next, let’s briefly discuss what registries are and how they work.
Docker registries
Registries host Docker images. They can be public or private, depending on how you would like to distribute those artifacts to the end user. Common examples are Docker Hub and Amazon ECR. Organizations that need to host private registries and encrypt the data at rest can use managed KMS keys and IAM. Under the hood, ECR stores the images in Amazon S3.
By leveraging these capabilities, it’s not very difficult to get started with basic container deployments.
However, some areas need more attention.