What is Docker?

Docker is an open-source platform that provides the ability to package and run an application in a container. The container is a loosely isolated and lightweight environment, which makes it easier for more than one container to run simultaneously on the host. A container also doesn’t have to rely on its host machine, as it has everything installed to run an application. We can develop, test, and distribute an application easily using these containers.

Docker follows a client-server architecture. The server is known as the docker demon(dockerd). The Docker client communicates with dockerd through the REST APIs, and dockerd does all the heavy lifting and manages all the Docker objects, i.e., images, containers, networks, etc. We can get all these Docker features by simply installing the Docker desktop software. For installing the Docker desktop on Windows, we need to install WSL2 (the Windows Subsystem for Linux 2) first.

Difference between Dockerfile and docker-compose:

Dockerfile is a text file that defines an image that will be used to create a container.

A container can be built from one image only. However, we can extend an image by adding layers to it. Also, there are multistage builds where we can provide multiple distinct images to be built in sequence. So in that sense, we'd have multiple image configurations in one image build. However, it doesn't change the fact that the product of a multistage Docker build is still a single image which is the final image in the Dockerfile.

On the other hand, docker-compose is a tool for defining and running multi-container Docker applications. With Compose, we use a YAML file to configure the application’s services. Then, with a single command, we create and start all the services from the configuration.

Docker group:

The Docker Group effectively grants you root privileges since Docker itself (until version 19.xx) has a daemon running as root and containers are spawned in the root context. Therefore, people in the Docker group can:

manipulate firewalls
Read/manipulate/remove critical data
interact with your host on the root level

The containers themselves can only do what they were allowed initially (assuming no bug lets them do more) but are running effectively as root.

Creating this group is intended to avoid sudo and nothing else.

Docker EE: Docker Enterprise Edition - Premium

Docker CE: Docker Community Edition - free of cost

Docker cheat sheet:

https://kapeli.com/cheat_sheets/Dockerfile.docset/Contents/Resources/Documents/index

Most common commands:

docker build -t url_shortener . → To build an image named url_shortener from the . directory