## What is Docker?

Docker is an open-source platform that allows you to automate the deployment and management of applications within lightweight, isolated software containers.

## Advantages of using Docker:

* **Portability**:- Docker containers can run on any system, ensuring consistent behaviour across different enviornments.

* **Isolation**:- Containers provide isolation, preventing interference between applications and dependencies.

* **Efficiency**:- Docker containers are lightweight and start quickly, optimizing resource utilization.

* **Scalability**:- Docker simplifies scaling by easily replicating and distributing containers.

* **Versioning and Rollback**:- Docker enables versioning and rollback of containerized applications.

* **Dependency Management**:- Docker packages applications with their dependencies, avoiding conflicts.

* **Collaboration**:- Docker facilitates sharing and collaboration among developers and teams.

## What is Dockerfile

A Dockerfile is a text file that contains instructions on how to build a Docker image.

It specifies the base image, the application code, dependencies, and other configurations needed to create a runnable image.

## What is Docker Image

An image is a lightweight, standalone, and executable software package that includes everython needed to run an application, including the code, runtime, system tools, libraries, and settings.

Docker images are created from a base image and can be customized and layered with additional components.

## What is Docker Container

Containers are isolated enviroments that encapsulate an application and its dependencies, including libraries, frameworks, and other software components.

Each container runs as an isolated process on the host machine and has its own file system, networking, and resources.

You can create multiple Containers of one Docker Image.

## What is Docker Compose

Docker Compose is a tool for defining and managing multi-container applications.

It allows you to define a multi-container setup in a YAML file, specifying the containers, their configurations, how they communicate with each other.

Docker Compose simplifies the process of running complex applications with multiple interconnected containers.

## What is Container Registry

A container registry is a centralized repository for storing and sharing container images.

It allows you to manage and distribute containerized applications, ensuring secure access, versioning, and image integrity.

**Example**:-

* Docker Hub
* Amazon Elastic Container Registry (ECR)
* Azure Container Registry (ACR)
* GitHub Container Registry (GHCR)
* GitLab Container Registry 

## What is Docker Container Registry

A Docker registry is a central repository that stores Docker images.

The most commonly used registry id `Docker Hub`, which is a public registry where you can find a wide variety of pre-built Docker images.

You can also set up your private registry to store and distribute your own custom images.

## What is Base Image

A base image, refers to the initial starting point for building a Docker image.

It serves as the foundation or template on which you can add or customize additional layers to create your specific application image.

A base image is typically a pre-built and reusable image that contains a specific software stack.

It provides the necessary runtime environment and libraries for running applications within Docker containers.

**For Example**, you might use a base image that includes a lightweight Linux distribution, such as Apline Linux or Ubuntu, as the foundation for your application.

Regularly updating your base image and applying security patches is also recommended to ensure the overall security of your containerized applications.

![docker1](../image/docker/docker1.png)

## Docker Container vs Virtual Machine

Docker containers are lighweight, share the host OS kernel, start quickly, and have efficient resource usage.

Virtual machine are more isolated, require a separate OS, take longer to start, and have direct hardware access.

## What is Docker Volume

* Docker volume is a feature provided by Docker that allows you to manage persisent data in Docker containers.

* When a Conatiner is created and started, it generally runs in an isolated environment with its own file system.

* However, any data stored within the container is typically non-persistent, meaning it will be lost when the container is stopped or removed.

* Docker Volumes provide a way to overcome this limitation by allowing you to create a separate storage area that can be shared between containers or between a container and the host system.

* Volumes provide a mechanism for storing and managing data separately from the container itself, ensuring that the data persists even if the container is stopped or deleted.

* A Docker Volume is essentially a directory or a mount point located outside the container's file system, which is mapped to a specific path within the container.

* This mapping enables the container to read from or write to the volume as if it were a regular directory within the container.

* Docker volume is not created inside a container. Instead, a Docker volume is created separately from the container and can be mounted to one or more containers.

* It is independent and can be associated with one or more containers.

### Advantages of Docker Volume

* Volumes are easier to back up or migrate than bind mounts.
* You can manage volumes using Docker CLI commands or the Docker API.
* Volumes work on both Linux and Windows containers.
* Volumes can be more safely shared among multiple containers.
* Volume drivers let you store volumes on remote hosts or cloud providers, to encrypt the contents of volumes, or to add other functionality.
* New volumes can have their content pre-populated by a container.
* Volumes on Docker Desktop have much higher performance than bind mounts from Mac and Windows hosts.

### Commands

* `docker volume create volume_name`: It is used to create volume.
* `docker volume ls`: It is used to list volumes.
* `docker volume inspect volume_name`: It is used to inspect volume.
* `docker volume rm volume_name`: It is used to remove volume.
* `docker volume prune`: It is used to remove all volumes.
* `docker run -d --name container_name -v volume_name:/app nginx`: It is used to start a container and create a volume if volume doesn't exists.
* `docker run -d --name container_name -v volume_name:/app:ro nginx`: It is used to start a container and create a read only volume if volume doesn't exists.

## Between Host and Container

* We can share data between host to container without creating docker volume by directly mounting host directory to container directory.

`docker run -itd --name python-c1 -v /local_path: /container_path python`

`docker exec -it python-c1 bash`

## Between Containers

To share a volume between two Docker containers, you can create a Docker volume and then mount it to both containers.

![docker2](../image/docker/docker2.png)

**Create Volume then mount to container**

* `docker volume create myvol`
* `docker run --name c1 -itd -v myvol:/myapp python`
* `docker run --name c2 -itd -v myvol:/myapp1 python`


**Create Container with volume**

* `docker run --name c1 -itd -v /myvol python`
* `docker run --name c2 -itd --volume-from c1 python`


## Volume with Dockerfile

`FROM ubuntu`
`VOLUME ["/data"]`

This line VOLUME /data in the Dockerfile is an instruction that tells Docker to create a mount point for a volume inside the conatiner. It specifies that the directory /data should be treated as a volume.

It means that any data written to or read from the /data directory within the container will be stored outside the container in a volume.

Note that the VOLUME instruction in the Dockerfile does not create the volume itself.

It merely sets up the mount point within the container. THe actual volume created when you run the container and specify a volume name or path using the -v flag.

Dockerfile

        FROM ubuntu
        VOLUME ["/data"]

* `docker build -t myimage .`
* `docker run --name c1 -itd -v myvol:/data myimage`
* `docker run --name c2 -itd --volume-from c1 myimage`

## What is Docker Networking

Docker networking is a fundamental aspect of Docker that enables communication between Docker containers and external networks. It allows you to connect containers together, as well as connect containers to the host machine and other external resources.

A container has no information about what kind of network it's attached to, or whether their peers are also Docker workloads or not.

A container only sees a network interface with an IP address, a gateway, a routing table, DNS services, and other networking details.

By default, when you create or run a container using create or docker run, the container doesn't expose any of its ports to the outside world.

Use the --publish or -p flag to make a port available to services outside of Docker. This creates a firewall rule in the host, mapping a container port to a port on the Docker host to the outside world.

### Network Drivers

* **bridge** :- The default bridge network is good for running containers that don't require special networking capabilities. User-defined bridge networks enable containers on the same Docker host to communicate with each other. A user-defined network typically defines an isolated network for multiple conatiners belonging to a common project or component.

* **host** :- Host network shares the host's netwokr with the container. When you use this driver, the container's network isn't isolated from the host.

* **overlay** :- Overlay network are best when you need containers running on different Docker hosts to communicate, or when multiple applications work together using Swarm services.

* **macvlan** :- Macvlan networks are best when you are migrating from a VC setup or need your container to look like physical hosts on your network, each with a unique MAC address.

* **ipvlan** :- IPvlan is similar to Macvlan, but doesn't assign unique MAC addresses to containers. Consider using IPvlan when there's a restriction on the number of MAC addresses that can be assigned to a network interface or port.

* **none** :- No Networking

* Network plugins

### Bridge Network Drivers

In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network.

The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other.

Bridge network apply to containers running on the same Docker daemon host.

When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified.

### Default Bridge Network

![docker3](../image/docker/docker3.png)

* Containers can communicate to each other.
* Container and Host can communicate via bridge
* Containers can only communicate by IP address, not by container name.

### User-defined Bridge Network

![docker4](../image/docker/docker4.png)

* Possible to achieve isolation of container.
* C1 and C2 can communicate to each other and to Host via bridge default.
* C3 can't communicate to C1 and C2 but can communicate to Host via bridge net1.
* Containers can communicate by IP address & also resolve a container name to an IP address. This capability called automatic service discovery.

### Commands

* `docker network ls`: It is used to list all networks. Bridge is the default network.
* `docker network inspect bridge`: It is used to inspect bridge network to see what containers are connected to it.
* `docker network create --driver bridge network_name`: It is used to create user-defined bridge network.
* `docker network inspect network_name`: It is used to inspect network.
* `docker run --name container_name -itd --network_name alpine`: It is used to connect a container to a specified network e.g. host, user-defined bridge.
* `docker network connect container_name network_name`: It is used to connect a running container to an existing user-defined bridge.
* `docker network disconnect container_name network_name`: It is used to connect a disconnect a running container to an existing user-defined bridge.

### Host Network

![docker5](../image/docker/docker5.png)

* It allows a container to use the networking stack of the host machine directly.
* The container shares the host's network namespace, and the container processes can bind to host ports directly.

### Overlay Network

![docker6](../image/docker/docker6.png)

Overlay networks enable communication betwenn Docker containers running on different Hosts.

They are particularly useful in distributed or clustered setups where containers span multiple machines.

Overlay networks require a container orchestration tool, such as Docker Swarm or Kubernetes, to manage the network across multiple hosts.