I am new to docker and I am working with developers with another company. I believe they are new to docker as well. I have one developer asking me if "I'm running the command inside or outside the docker container" or "if I am creating a new branch outside of the container".
Can someone help clarify this meaning of inside or outside of the container?
I can't seem to understand, I searched online and I don't seem to find anything on the term inside or outside for running commands or anything else similar.
CodePudding user response:
Yes, it is normal (Docker uses the kernel on the host, and not its own, you will see it in ps
command on the host.) to see the processes running "inside" the docker container in your host (if you check the running processes with top
or ps
commands). Try to run pstree
in that way you will see all your running processes as a child of containerd
.
The process running inside a container is just a regular process. In most ways it is no different than a regular process running outside a container. Docker uses namespaces
and cgroups
to isolate processes from the rest of the system.
Namespaces
and cgroups
are abstractions that allow the kernel to isolate processes.
The docker daemon is just a process that makes putting other processes inside namespaces/cgroups convenient.
CodePudding user response:
A docker file is a description of what you would like Linux to look like for a specific application. That is, without anything that application doesn't need, and all the tools and libraries it uses already installed. Specialty docker files for e.g a database or web server can be included, simplifying it the definition.
A Docker image is basically applying all the specifications from a docker file. That is, a file system is set up, and all the software specified in the docker file is installed into this file system as if it were real Linux.
A docker container is basically booting the image file, so all the start scripts are executed and there will be all the expected processes running by the time it finishes. Any software it runs will think it's running on Linux booted on a stand-alone machine. Except everything it does only happens within the container. If a file is written, it's written only to the container's file system, which is a chunk of space borrowed from the actual file system.
Normally you also need to specify what should run inside the container, otherwise once it boots, it has nothing more to do, so stops. Once it stops, the memory and file space is deallocated so everything done inside disappears.
You could start a web server running a service, or a shell you can interact with, and so on. You also usually want to be able to connect to the network outside the container, read or write files outside files, and so on. You can map real world things to the container (e.g port 8080 in the container maps to port 18080 in actual Linux, /tmp/scratch
maps to /tmp/scratch
in the container, and so on).
You can also start another process running in the container with the exec
command. You can map the input and output to your terminal and start bash
for example.
Finally you can stop the container, and everything inside will stop running, and all the memory and files will be deallocated.