Lecture Notes: Application Deployment Using

Docker
Docker Overview

1.1 Docker Journey

Docker came as a solution for several problems. The commonly faced problems were as follows:
a. ‘Runs at my end’ problem: The application does not run at the operations team’s end
but it runs completely fine at the developer’s end.
b. ‘The Matrix from Hell’ problem: The application has dependencies on the underlying
software and hardware, which makes it necessary to create the same environment
wherever you want to run the application. Every time a version of a specific application
changes, you might have to start from scratch to figure out compatibility problems.
c. For every new onboarding, you have to make sure that the OS Version, application
version, etc., are consistent.

Docker packages the application with all its dependencies and environment, so it runs perfectly
fine wherever it is deployed. You have to simply create a container, i.e., build docker
configuration once and everyone has to run ‘docker run’ and that is it!

Docker vs Virtual Machines (VM):

Docker and VMs are two different things. Docker virtualises the Operating System (OS), whereas
virtual machines implement the hardware virtualisation.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

Hypervisor is a software that is used to create and run virtual machines. It allows one host
computer to virtually share its resources with multiple guest OS VMs. There are two types of
hypervisors:
a. Type 1 hypervisor runs on the host's hardware and behaves like a lightweight operating
system.
b. Type 2 hypervisor behaves like any other computer program and runs as a software
layer on an operating system.

Resource utilisation is poor in virtual machines as there are usually multiple operating systems
(OS), high disk space (GBs) and boot-up time is in minutes whereas, in the case of containers,
less resource isolation happens as the OS kernel is shared. But in some scenarios, where you
want to work with multiple OS flavours, virtual machines are preferred as docker works with a
single OS only.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

The main advantages of docker are as follows:
● Portability: Docker can be deployed anywhere and will perform in the same manner as it
did when you tested it.
● Performance: Docker does not contain an OS like a virtual machine, and hence, is faster
to create.
● Agility: Portability and performance benefits make the development process more agile
and responsive, in addition to enhancing the continuous integration and continuous
delivery processes.
● Isolation: Docker containers are entirely independent of one another.
● Scalability: You can create new docker containers quickly if an application demands. You
can also benefit from the various container management options offered by docker.

The major limitations of docker are as follows:

● Docker does not provide data storage. The files written to the container layer are not
retained once the container goes off.
● Limited number of monitoring and debugging options are present with Docker. You can
use Docker Command Line Interface (CLI) to obtain the statistics; however, advanced
monitoring options are missing.
● Docker does not work with applications that require multiple OS flavours.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

1.2 Docker Vocabulary

The basic terminologies used in docker include:

● Docker image: It consists of multiple layers that define your container. Image is a static
read-only property.
● Docker container: It is a runtime instance of image. By default, it is read-write.

● Docker engine: It creates, ships and runs docker containers deployable on a physical or a
virtual host locally, in a data centre or by a cloud service provider.
● Registry service: It is a cloud or server-based storage and distribution service for your
images.

The following diagram illustrates the various components of Docker Engine.

Docker engine is a client-server technology that builds and runs containers using
docker’s components and services. The docker engine comprises the following components:

● Docker Daemon (background process) manages N/W, Data Volumes, containers and
images.
● REST API specifies interfaces that programs can use to talk to the daemon and to
instruct it regarding what to do.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 ● Command Line Interface (CLI) uses the Docker REST API to control or interact with the
Docker daemon through scripting or direct CLI commands. Note that docker CLI can be
stored on a different system altogether.

Docker Architecture:

● The docker daemon runs on the docker host and handles all the requests from the
docker client.
● The docker client interacts with the docker daemon using CLI commands.
● The daemon maintains all the docker objects, including docker images, containers and
volumes.
● The docker images can be stored in the docker registry to facilitate the sharing of docker
images.

1.3 Docker Installation

Given below are the prerequisites for installing docker on various operating systems.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 Docker installation is supported on all OSs. You can refer to the installation procedure
mentioned at the following URL, [Link]
The docker version command can be used to check the installed version and the docker info can
be used to display system-wide information regarding docker installation. The displayed
information includes the kernel version and the number of containers and images.

Docker Image Creation and Management

2.1 Creation of Docker Image

Docker image is a set of read-only layers, where each layer indicates the actions to be
performed for running Docker containers.

To build a docker image, you require a dockerfile and the docker build command.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

Dockerfile is a text document that contains all the instructions that a user could use on the
command line to assemble an image. It comprises instructions for the following:
● Inclusion of a base image
● Addition of files or directories
● Creation of environment variables
● Process to run when launching a container

Let’s summarise the functions of the instructions used in the Dockerfile with the help of the
following sample Dockerfile.

Docker provides a set of standard instructions to be used in the Dockerfile, such as the
following, which are a few basic ones:

FROM: It tells docker which base image needs to be used as a base for your image.
MAINTAINER: It refers to who is going to maintain this image.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 ADD: It means to copy the application jar in the docker container with the name
[Link].
WORKDIR: It defines the working directory of a docker container.
ENV: It sets the value for an environment variable. Here, it is setting the PATH variable.
ENTRYPOINT: It is used to specify the command to execute when starting the docker
container.

Following are the other instructions used in Dockerfile:

RUN: It is used to run instructions against the image.

CMD: These instructions define the command that gets executed when the container
starts. CMD instruction is overridden if a command is specified in the terminal as a part
of the docker run command.
EXPOSE: It does not actually publish the port. It functions as a type of documentation
between the person who builds the image and the person who runs the container.
VOLUME: It creates a mount point with the specified name and marks it as holding
externally mounted volumes from the native host or other containers.

Docker build:
The syntax of docker build is shown below.

Docker build context is the set of files located at the specific PATH on Docker host. Those files
are sent to the Docker daemon during the build so it can use them in the file system of the
image. The docker build command takes build context as one of the arguments.

Docker Build Workflow:

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 ● The first step is to create a Dockerfile with all the instructions for packaging the
application with all the dependencies and binary files.
● The Docker CLI executes the docker build command. It acts as a client and invokes the
REST API interface of the docker daemon.
● The Docker daemon then interprets the instructions written in the Dockerfile and
creates the docker image.

Following are some of the commonly used commands on docker images:

● docker inspect command: Detailed information about the docker image can be
displayed using the ‘docker inspect’ command
● docker images command: Displays all the information about created docker images like
image repository, tag name, image ID, created date/time and size
● docker rmi <IMAGE-ID> command: Deletes an image

2.2 Share docker image

There are two ways to share the docker image. The first way is to access the docker images via
push/pull commands on the docker hub registry, which acts as a central repository for storing
docker images. The second way is creating a tarball.

Docker registry is a storage system, which holds docker images in different tagged versions. It is
similar to the Git repository and is used for source code management. It gives a way to store
and share the images. Docker push commands are used to save the image to the remote
registry. Similarly, the docker pull command is used to fetch the image from the remote registry.
Registry can be easily integrated with the CI/CD system.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

Push/Pull the image
● Login to the docker hub and create a public repository with the required name. For
example, the name of the repository is moviesvc.
● Click on the ‘Repositories’ link to verify that a repository with specified name is created
and also notice the suggestion it gives for pushing the image to the repository. Image full
name is expected to be starting with docker hub account name (say upgrad1) followed
by repository name and further tagname needs to be specified for the image. At the end
of this step, you have successfully set up a repository on Docker hub and push a Docker
image from a docker host.
● Use ‘docker tag’ command to name the required image by specifying its respective
image ID. For example, sudo docker tag 3c2261b7d1dc upgrad1/moviesvc:1.0.0
● Push the docker image by specifying the image’s full name. For example, sudo docker
push upgrad1/moviesvc:1.0.0
● Use the ‘docker pull’ command to fetch the image present in docker hub registry. For
example, sudo docker pull upgrad1/moviesvc:1.0.0

Share Docker Image as Tarball

● The Docker image could be shared in this manner if the docker registry is not set up or if
it is temporarily inaccessible to the deployment host.
● Execute the ‘docker save’ command to create tarball of the image by specifying the
tarball name and the image full name. This tarball image can be shared and used for
deployment. For example, sudo docker save --output [Link]
upgrad1/moviesvc:1.0.0
● Execute the ‘docker load’ command to extract the docker image from a given tarball as
shown below so that it can be used for deployment purposes (if docker images already
exist, first delete them and then use ‘docker load’ command). For example, sudo docker
load --input [Link]

Docker Volumes and container deployment

3.1 Docker container deployment

A docker container is created with the help of a docker image, which is, in turn, created with

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

the help of a dockerfile.

Docker containers go through different stages during their lifespan. Docker commands are used
to change the state of the docker container, as illustrated in the diagram given below.

The docker run command is used to create and start a container from a given docker image.
The syntax of the command is shown below.
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

The key points related to the docker run command are as follows:
● The --name option is used to give a name to the container. Here, the name of the

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 container is ‘application’.
● The -d option is used to run the container in detached mode. There are usually two ways
to run a container. One is the attached mode (in the foreground) and the other is
detached (in the background). With the help of this option, you can also close the
current terminal session without stopping the container.
● The -p option is used to open or publish specific ports to allow external connections to
the container. Here, the TCP port 8080 in the container is being mapped to port 3458 on
the docker host.

Following are some of the commands related to the container:

● docker logs command can be used to check the logs of the container. This command is
crucial for troubleshooting containerised applications.
● docker pause command can be used to change container status from ‘Up’ to ‘Paused’.
● docker unpause command can be used to change container status from ‘Paused’ to ’Up’.
● docker stop command can be used to change container status from ‘Up’ to ’Exited’.
● Command can be used to destroy the container.
● docker stats command can be used to monitor the CPU and memory consumption of
containers. Check the <CONTAINER ID> using the ‘docker ps -a’ command and use it to
check the stats of the container.

3.2 Multi container deployment

Docker Compose is a tool that is used for defining and running multi-container docker
applications. Docker-compose YAML file is used to configure your application’s services. Then,
with a single command, you create and start all the services from your configuration.

The keywords used in the sample docker [Link] file are as follows:
● The db and web keywords are used to define two separate services.
● The image keyword is used to specify the docker images of MySQL and Tomcat web
server.
● The ports keyword is used to specify the mapping of the container port to the host
machine’s port where the service is exposed.
● The version keyword indicates the version of docker compose being used.
● The build keyword indicates the location of the service’s Dockerfile.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

The basic docker compose commands are listed below.

3.3 Storage in docker container

All files created inside a container are stored on a writable container layer and they persist only
till the container is alive.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

Storage options:

Volumes and bind mounts are the most commonly used options to store data on a host
machine. Apart from these two options, tmpfs mount can be used on a Linux host machine, and
in the case of Windows, the named pipe option can be used. The tmpfs mounts are stored only
in the host system’s memory and are never written to the host system’s file system. The
volumes mounts are the best way to persist data in a docker container. In Linux, they are stored
at path/var/lib/docker/volumes/. On the other hand, bind mounts may be stored anywhere on
the host system.

Docker volume can be used for long-term storage of your container data by mapping a directory
in the container to a directory on the host machine. It can also be used to share data among
containers. It significantly reduces the chances of data loss due to a failed container. Data is
available on the host machine even when a container is not alive. Logs and backups of the
application container can be stored in data volumes.

Ways to create docker volume:

There are two ways to create a data volume. One way is to create the docker volume while
running services and the other way is to create a data volume and mount it to the container.

Commonly used docker volume commands:

● docker volume create command is used to create the docker volume.
● docker volume list command is used to verify if the docker volume is created
successfully.
● docker volume inspect command is used to get detailed information about the docker
volume that includes the docker volume location on the docker host machine (i.e.,
mount point).

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

 ● docker exec –it command is used to get the bash shell inside the container. It takes the
CONTAINER ID as the command argument.

3.4 Docker networking

Docker installation creates three networks by default: Bridge (named docker0), Host and None.
Apart from these three, there are two additional networks as well, which are Overlay and
Macvlan.

● Bridge networks are used when applications run in standalone containers that need to
communicate and the default network type is used by the containers unless otherwise
specified using the docker run –net <NETWORK> option.
● Host networks are used for standalone containers, for removing network isolation
between the container and the Docker host and for directly using the host’s networking.
For instance, a container that binds to port 80 and where Docker network is the host,
the container’s application is available on port 80 on the host’s IP address.
● Launching the container with None network disables the networking stack on a
container, that is, eth0 is not created on the container.
● Overlay network is used when the containers need to be run on different Docker hosts.
Overlay networks connect multiple Docker daemons together and enable swarm
services for them to communicate with each other.
● Macvlan assigns a MAC address to a container so that it acts as a physical device on the
network. Docker daemon routes traffic to such containers using their MAC addresses.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

The communication between container to container and container to the external world
happens in the bridge network as follows:

● The docker0 bridge network is the default network used by the containers. It
uses a default private subnet [Link]/16 for container networking, with
[Link] as a default gateway.
● When a container is launched, a virtual Ethernet device (veth) is created on the
docker0 bridge, which maps to eth0 in a container that is assigned a private IP
address on the docker0 network.
● Containers communicate with each other via the docker0 bridge. Docker retains
a mapping of the container name and its IP address. This allows communication
using a container name against an IP address.
● Docker uses port forwarding to map the traffic between the container IP address
and specific port and the host IP address and port. To this end, every time a
Docker container is launched, new NAT rules are created for routing the traffic
from the host IP address and port to the container IP address and port.

Host network: Containers run directly on the docker host network along with the other host
processes.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved

Disclaimer: All content and material on the upGrad website is copyrighted material, either belonging to
upGrad or its bonafide contributors and is purely for the dissemination of education. You are permitted
to access print and download extracts from this site purely for your own education only and on the
following basis:

● You can download this document from the website for self-use only.
● Any copies of this document, in part or full, saved to disc or to any other storage medium may
only be used for subsequent, self-viewing purposes or to print an individual extract or copy for
non-commercial personal use only.
● Any further dissemination, distribution, reproduction, copying of the content of the document
herein or the uploading thereof on other websites or use of the content for any other
commercial/unauthorized purposes in any way which could infringe the intellectual property
rights of upGrad or its contributors, is strictly prohibited.
● No graphics, images or photographs from any accompanying text in this document will be used
separately for unauthorised purposes.
● No material in this document will be modified, adapted or altered in any way.
● No part of this document or upGrad content may be reproduced or stored in any other web site
or included in any public or private electronic retrieval system or service without upGrad’s prior
written permission.
● Any rights not expressly granted in these terms are reserved.

© Copyright. upGrad Education Pvt. Ltd. All rights reserved