Docker is not a virtual machine. Unlike a virtual machine which provides hardware virtualization, Docker provides operating-system-level virtualization by abstracting the “user space”.
Docker is a software platform that allows developers to build, deploy, run, update and manage containers. Containers bundle an application’s code together with libraries and dependencies required to run it in an isolated, portable environment.
What is a container?
A container is a standardized, portable unit of software that allows an application and its dependencies to run quickly and reliably from one computing environment to another. Containers have some key characteristics:
- Isolated: Containers are isolated user spaces that do not require an entire virtual machine per application. This makes them more lightweight, portable and efficient.
- Portable: You can easily move containers from one environment to another since they only contain the application and its dependencies.
- Scalable: You can spawn multiple instances of a containerized application as needed to meet demand.
- Secure: Applications inside containers are isolated from the underlying infrastructure as well as each other for improved security.
How is Docker different than virtual machines?
The main differences between Docker and virtual machines are:
- Virtualization: Docker uses OS-level virtualization while VMs use hardware virtualization provided by a hypervisor. This makes Docker more lightweight.
- Resources: VMs require an entire guest operating system for every app which consumes more resources. Docker shares the host system’s kernel for multiple containers.
- Startup time: Docker containers have a faster startup time (seconds vs minutes) since they don’t boot an entire VM and OS.
- Portability: Moving Docker containers is easier because they only contain the app and its dependencies, not a whole VM image.
- Scalability: Its easier to scale Docker horizontally by just starting more containers and load balancing between them.
Below is a table summarizing some key differences:
So in summary, Docker achieves similar benefits as VMs but with less resource overhead and more portability.
The Docker platform uses a client-server architecture:
- Docker Daemon: Background service (dockerd) that manages Docker images, containers, builds and networking. Runs on Docker hosts.
- REST API: API for interacting with the Docker daemon (like starting containers, managing images etc.)
- Docker Client: Command line interface (CLI) client for communicating with the daemon to execute Docker commands. Other auxiliary tools also available.
The key components of Docker platform include:
- Docker Image: Read-only template used to create a Docker container. Base images can be combined to create custom images. Stored in Docker registry.
- Docker Container: Runnable instance of a Docker image. You can create, start, stop and remove containers from images. Containers can connect to networks, volumes, etc.
- Dockerfile: Text file with instructions for building a Docker image.
- Docker Registry: Storage and distribution system for Docker images – like a library and repository. Defaults to Docker Hub public registry.
- Docker Compose: Tool for defining and running multi-container Docker apps in a YAML file. Allows you to configure relationships between containers.
- Docker Swarm: Native clustering solution for Docker. Allows you to build a group of Docker hosts into a pool of swarm nodes providing fault tolerance and high availability. Enables managing multiple containers deployed across multiple hosts as a single entity.
Below is a diagram showing interaction between some key Docker components:
Is Docker a hypervisor?
No, Docker is not a hypervisor. It does not provide hardware virtualization like hypervisors Type-1 (VMware ESXi, Microsoft Hyper-V) or Type-2 (Oracle VirtualBox, VMware Workstation).
Docker uses operating-system-level virtualization, thus relying on the host machine’s kernel instead of virtualizing hardware. Hypervisors abstract the physical layer while Docker abstracts the OS layer.
This allows Docker to provide the isolation and resource management benefits of VMs but without the overhead of an entire guest operating system per container. Multiple Docker containers can share the host kernel leading to improved density and efficiency.
So in summary:
- Hypervisor: Type-1/Type-2 hypervisors provide full virtualization by abstracting hardware. Multiple VMs with separate OSs share hardware resources.
- Docker: Uses OS-level virtualization to allow multiple user space instances to share the host kernel. More lightweight than VMs.
What architecture does Docker use on Linux?
On Linux, Docker utilizes the following architectural components for containers:
- Namespaces: Creates independent workspaces (for processes, mounts, users, networks etc.) that containers are isolated into. Provides the isolated unit of execution for containers.
- Control groups (cgroups): Limits amount of resources (CPU, memory, disk I/O, network, etc.) available to containers. Necessary for resource management.
- UnionFS: Read-only layers that come together as unified filesystem. This allows Docker images to share files among them leading to disk efficiency and minimal storage.
UnionFS allows Docker to provide build once, run anywhere portability. Containers have just enough resources to run the application using virtualization provided by namespaces and cgroups.
By combining these components, the Docker Engine provides operating-system-level virtualization on Linux for building and running portable, self-sufficient containerized applications.
Can Docker run on bare metal?
Yes, Docker can run directly on bare metal hardware without requiring an underlying operating system or virtualization layer. This allows Docker containers to utilize hardware resources more efficiently leading to better density and performance.
- Some ways Docker can run on bare metal include:
- Using LinuxKit as base OS: Lightweight Linux distro optimized just enough for containers
- Leveraging HyperKit hypervisor in MacOS
- With solutions like RedHat’s Cri-o that replaces Docker daemon
- Specialty Docker platform distributions for bare metal
- Benefits over virtualization:
- Improved density from lower resource overhead
- Better storage performance without double write penalty
- Direct hardware access for higher efficiency and throughput
- Lower latency without hypervisor involvement
So Docker combines bare-metal performance with container portability by removing entire guest OSes required by VMs. This makes it well-suited for high throughput environments like cloud infrastructure and edge computing.
How do containers compare to serverless computing?
Containers and serverless computing both aim to increase developer productivity and deployment velocity but take different approaches:
- Package application code with dependencies into single units for consistency and portability
- Still require managing underlying infrastructure
- Offer control over entire environment
- Persist when application is not in use
- Startup in seconds
- Pay per month for number of containers running
- No need to provision infrastructure – handled by cloud provider
- Automatically scales and bills per execution duration/usage
- Limited controls as its fully-managed back end
- Stateless and event-driven
- Startup in milliseconds (no boot time)
- Usage based billing per request and resources utilized
Containers are ideal for consistent, portable deployment of microservices apps. Serverless is suited for sporadic, event-based workloads where automation is preferable over control. Using both together is also a valid approach.
- Docker uses operating system level virtualization and thus does not provide hardware virtualization like a hypervisor. It relies on host kernel instead of emulating hardware.
- Containers package apps in user space instances called containers which are portable and efficient unlike VM images.
- Docker provides faster startup times and lower resource overhead compared to virtual machines using a combination of Linux namespaces, cgroups and UnionFS.
- With lightweight footprint, containers are well suited for orchestrating distributed apps across machines compared to VMs.
- Docker containerization balances application portability with performance by removing guest OS overhead typical of hardware virtualization and VMs.
In conclusion, Docker is not a virtual machine or hypervisor. It uses OS-level virtualization to allow multiple isolated user-space instances called containers to run on a host using its Linux kernel.
This approach allows Docker containers to provide efficient application virtualization and portability without a whole guest operating system for every app instance. By avoiding hardware emulation, containers have a smaller footprint and faster startup times compared to virtual machines.
Docker revolutionizes software delivery using containerization to bundle applications with their execution dependencies. This allows apps to reliably deploy across different environments. Combining Docker with orchestration delivers even more large-scale benefits for modern distributed applications.
Frequently asked questions
- What type of virtualization does Docker use?
Docker uses operating system-level virtualization, not hardware virtualization. It relies on host OS kernel instead of emulating hardware.
- Can Docker run on bare metal?
Yes, Docker can run directly on bare metal by leveraging lightweight Linux distributions and removing the guest OS overhead. This improves performance.
- Is Docker a container or image?
Docker itself is a platform. A Docker container is a runnable instance launched from a Docker image. Images are read-only templates used to create containers.
- Is Docker similar to VMware?
No. Docker uses OS-level virtualization while VMware provides hardware virtualization by abstracting physical resources. Containers are thus more lightweight.
- What is the difference between Docker and hypervisor?
Hypervisors like VMware ESXi provide hardware virtualization by emulating physical layers. Docker uses namespaces and cgroups in Linux OS instead to provide operating system-level virtualization for containers.
- Can Docker replace VMs?
For some workloads requiring full machine virtualization, VMs may still be needed. But containers complement VMs by providing portable application virtualization without the guest OS overhead.
- Is Kubernetes a Docker?
No. Docker focuses on individual containerized applications while Kubernetes is a cluster manager used for orchestrating container lifecycles across multiple Docker hosts at scale.
- What is a Docker registry?
A Docker registry is a repository for saving, sharing and distributing Docker images. Docker Hub is the default public registry. Many organizations also have private registries.
- What is Docker networking?
Docker creates virtual Ethernet bridges on hosts that containers attach to like virtual network cards. This virtual networking allows communication between containers and outside world.
- Is Docker better than a VM?
Docker has faster startup times, lower resource footprint and better portability. But VMs provide hardware virtualization which may be needed for some workloads. Using both together is a common modern approach.
- What OS does Docker run on?
Docker originally ran only on Linux as it relied on Linux kernel features for containers. Now Docker Desktop allows running Docker Engine natively on Mac and Windows as well in addition to Linux.
- How does Docker work with Linux?
Docker leverages Linux namespaces, cgroups and UnionFS to create isolated containers that run as independent processes while sharing the host kernel. This differs from hardware virtualization in hypervisors.
- Can you run a VM in Docker?
Nested virtualization is possible but running traditional VMs inside Docker containers is not generally recommended or optimal. Alternate approaches like QEMU are more viable.
- Is Docker the same as LXC?
No. LXC (Linux Containers) provides low-level OS virtualization capabilities on which Docker Engine relies. But Docker also includes ecosystem tools for building and managing images, storage, networking etc.
- Can Docker containers communicate?
Yes, Docker sets up virtual networks that allow communication between containers and outside world. Containers on a host network belong to bridges which implement network stacks and assigns IPs.
- Do I need VMs if I have Docker?
Not necessarily. For many applications, containers provide ample workload isolation without overhead of VMs. But certain cases like kernel changes still require full virtualization, where containers complement VMs.
- Is Docker a hypervisor or virtualization platform?
No. Docker utilizes OS-level virtualization, which does not require hardware virtualization provided by hypervisors. Containers allow multiple user space instances to share the host machine’s kernel.
- What operating systems support Docker?
Docker originally ran on Linux and now also runs on Windows 10 and higher as well as macOS systems that meet specific requirements. Support for alternative platforms like IBM Z and Power (ppc64le) also exists.