128

I've just started to study Docker and there's something that's being quite confusing for me. As I've read on Docker's website a container is different from a virtual machine. As I understood a container is just a sandbox inside of which an entire isolated file system is run.

I've also read that a container doesn't have a Guest OS installed. Instead it relies on the underlying OS Kernel.

All of that is fine. What I'm confused is that there are Docker images named after operating systems. We see images like Ubuntu, Debian, Fedora, CentOS and so on.

My point is: what are those images, really? How is it different creating a container based on the Debian image than creating a Virtual Machine and installing Debian?

I thought containers had no Guest OS installed, but when we create images we base them on some image named after one OS.

Also, in examples I saw when we do docker run ubuntu echo "hello world", it seems we are spinning up a VM with Ubuntu and making it run the command echo "hello world".

In the same way when we do docker run -it ubuntu /bin/bash, it seems we are spinning up a VM with Ubuntu and accessing it using command line.

Anyway, what are those images named after operating systems all about? How different is it to run a container with one of those images and spinning up a VM with the corresponding Guest OS?

Is the idea that we just share the kernel with the host OS (and consequently we have access to the underlying machine hardware resources, without the need to virtualize hardware), but still use the files and binaries of each different system on the containers in order to support whatever application we want to run?

Craig Tullis
  • 488
  • 3
  • 14
user1620696
  • 1,393
  • 2
  • 10
  • 9
  • 2
    In my opinion, your objectives in virtualisation are the keys. If you need libraries, languages, etc. on OS, so OS containers are suitable with your need. But if your need is only application as components, it doesn't necessary to use OS as your base image. I think this article could explain it clearly https://blog.risingstack.com/operating-system-containers-vs-application-containers/ – metamorph Aug 16 '16 at 16:40

4 Answers4

92

Since all Linux distributions run the same (yup, it's a bit simplified) Linux kernel and differ only in userland software, it's pretty easy to simulate a different distribution environment - by just installing that userland software and pretending it's another distribution. Being specific, installing CentOS container inside Ubuntu OS will mean that you will get the userland from CentOS, while still running the same kernel, not even another kernel instance.

So lightweight virtualization is like having isolated compartments within same OS. Au contraire real virtualization is having another full-fledged OS inside host OS. That's why docker cannot run FreeBSD or Windows inside Linux.

If that would be easier, you can think docker is kind of very sophisticated and advanced chroot environment.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • 3
    So that's why I can host my compiled golang code in the empty Scratch container - because the compiled code needs only the kernel? – Francis Norton Nov 04 '16 at 09:47
  • 1
    So how does the guest OS know to use the host OS' kernel (and how to do so)? AFAIK, the docker image bases use standard OS images. In your example, it's not like there's a custom CentOS build which knows to use the parent's kernel? Or is it as simple as a file system(aufs) trick where Docker redirects guests' (CentOS') reads of /boot to the host (Ubuntu)? In that case, the guest (CentOS) would install its own copy of /boot, but it'd just never get read? – James S Oct 04 '17 at 14:42
  • I like your explanation but how do you explain running Linux containers on Windows then? Do Server 2016 and Windows 10 contain a Linux kernel to enable the use of Docker? Is that why those versions are necessary? – duct_tape_coder Jan 24 '19 at 21:32
  • This is simple: they merey run under full-fledged virtualization stack of Hyper-V, inside a native Linux VM: https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers . – drookie Jan 25 '19 at 05:08
  • @duct_tape_coder. Docker will install a Linux kernel on top of your windows using the tech called Hyper-V – QuadSquad Feb 02 '20 at 12:03
  • @QuadSquad Thanks for the update. I had figured it out by now. Worth noting that WSL2 is now available and can be used instead of Hyper-V. – duct_tape_coder Feb 12 '20 at 22:13
1

I was struggling with the same question that you're asking, and this is what I've come to understand.

Container don't have a guest OS, you're right about that.

Then why do we base the container on an OS image?

Because you'd want to use some commands like (apt, ls, cd, pwd). These commands are calls to binary files which might available to you in your host OS without you installing anything. In order for you to be able to run these commands inside your docker image you must have the binaries for them inside your image, because of isolation you don't just execute binaries from the host OS.

See this answer to get a better understanding of why do we even need a base image: https://stackoverflow.com/a/62384611

Mohamed Abdelhady
  • 11
  • 1
1

Containers run on single kernel. In other words all containers have single kernel (Host OS). Whereas on other hand hypervisors have multiple kernals. Each virtual machine runs on different kernel.

And "docker run ubuntu" is just like to creating chroot environment.

Shiv sandhu
  • 11
  • 2
-1

To give more clarity on @drookie answer:

  • So when you install Docker desktop, generally it installs a Linux VM on which to run the containers.

    • what's happening is that on macOS/windowsOS, after installing docker desktop, it installed the Linux VM running Docker Engine.

    • To add more in-depth clarity: Some of the magic Docker Desktop takes care of for developers includes:

      • A secure, optimized Linux VM that runs Linux tools and containers
      • Seamless plumbing into the host OS giving containers access to the filesystem and networking
      • Bundled container tools including Kubernetes, Docker Compose, buildkit, scanning
      • Docker Dashboard for visually managing all your container content
      • A simple one-click installer for Mac and Windows
      • Preconfigured sane and secure defaults
      • Automatic incremental updates to keep your system running securely

in case you install docker-engine directly on an OS, it will use the same HOST Linux kernel.

Anu
  • 99
  • 2