Geek Answers Handbook

Docker: base image

I am trying to understand the concepts of Docker, but one thing I cannot catch:

As I understand it, an image (therefore, a container) can be created from different linux distributions, such as Ubuntu, CentOS and others.

Say, on the host machine, I am running standard Ubuntu 14.04,

  • What happens if I use a container that is not created from a single distribution?
    • Not 04/14?
    • Not Ubuntu (or any other Debian-based)?
    • What are the disadvantages of using the different base images of the images you use? (Say I use Image A, which uses Ubuntu as the base image, Image B, which uses Debian as the base image, and Image C, which uses CentOS as the base image)?

Bonus question: how can I determine which base image is used for the image if the developer did not specify it in the description of the Docker hub?

Thank you in advance!

+6
source share
3 answers

Docker does not use LXC (not with Docker 0.9 ), but libcontainer (now runc ), a built-in runtime driver that manages namespaces, control groups, features, apparmor profiles, network interfaces, and firewall rules - everything is consistent and predictable and independent of LXC or any other userland package.

The docker image is a set of files that the winch will run as a container in its own memory, as well as on disk and user space when accessing the host kernel.
This is different from a virtual machine that does not access the host core, but includes its own hardware / software stack through hypervisor .
The container should only set limits (disk, memory, processor) in the host. A virtual machine must create a whole new host.

This docker image (group of files) can be anything if:

This means that the image can be anything: another linux distribution or even one executable file. For example, any executable compilation in go ( https://golang.org/ ) can be packed into its own docker image without any linux distribution:

 FROM scratch COPY my_go_exe / ENTRYPOINT /my_go_exe

scratch is an "empty" image, and the go executable is statically linked, so it is autonomous and depends only on kernel system calls.

+6
source

The main thing that separates between the host OS and the docker container is the kernel. The main risk of launching docker containers from different distributions / versions is that they may depend on the functionality of the kernel that is not available in the host system, for example, if the container expects a newer kernel than the host.

Theoretically, the Linux kernel is backward compatible. As long as the host kernel is newer than the container core, it should work.

From an operational point of view, every time you start depending on a different base image, which is a different dependency, you need to keep an eye on updates and security issues. Standardizing a single distribution reduces the workload for your ops team when it detects the next major vulnerability.

+4
source

Docker uses LXC, which is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a management host using a single Linux kernel.

You can compare this to a virtual machine on your computer, where you run another Linux distribution, which should not be the same as your host OS. Therefore, it does not matter if your os host matches the base image of your container.

In Docker, a container is created from layers. Each step (command) in your Docker file is one layer that is applied one after another. The first step is to apply the base OS layer, which is indicated by FROM .

So, to answer your question about the bonus, you can look inside the Dockerfile container you are using (this is the third tab on DockerHub) and see in the first application, which is the base image (os).

+1
source

More articles:


All Articles