a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.» www.docker.com
layers that can be used to launch a container. This is like a class in OOP. - A container is an image instance. This is like an instance in OOP. A container can be started or stopped. - Both images and containers can be tagged. - A docker server runs the containers. - A docker client talks to the server to control containers. - A docker registry can be used to upload and download images. Publically available registries include the DockerHub and Quay. io.
- Nice docs - Great name & cute logo - Rise of cloud computing - Developed by a startup, not by a big enterprise company - Dockerhub - Great adoption, so a lot of hosting options
== root users - Don’t run your containers as root users! - Docker is safe in theory, but still young technology and not battle tested - Isolation through cgroups and namespaces. Shared kernel means that kernel exploits lead to bad consequences. - You should make yourself familiar with how namespaces and cgroups work.
through env variables. In the future through something like Vault. - Jenkins can build images after every successful test. - Jenkins can regularly rebuild images to include security updates in base layers. - We should regularly run the deployment script on moby to pull new images. - Read the docker book!