Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker: base image

Tags:

docker

I am trying to understand Docker concepts but one thing I can not catch:

As I understand image (consequently - a container) can be instantiated from different linux distributives, such as Ubuntu, CentOS and others.

Let's say on host machine I run standard Ubuntu 14.04,

  • What happens if I use container that is not instantiated from same distributive?
    • Not 14.04?
    • Not Ubuntu (or any other Debian-based)?
    • What disadvantages of using different base-images of images you use? (Let's say I use Image A that uses Ubuntu as a base image, Image B that used Debian as base image and Image C that uses CentOS as base image)?

Bonus question: How can I tell what base image used for an image if developer didn't specified it in a Docker hub description?

Thank you in advance!

like image 602
SmxCde Avatar asked Jul 10 '16 07:07

SmxCde


People also ask

What is a Docker base image?

A base image is the image that is used to create all of your container images. Your base image can be an official Docker image, such as Centos, or you can modify an official Docker image to suit your needs, or you can create your own base image from scratch.

What is a good base image Docker?

The following are some of the most useful Docker images: Ubuntu. This is one of the most downloaded Docker images in the industry. It is the official OS for Ubuntu and is used as a base image for nearly every type of server OS.

Do we need base image in Docker?

In fact, Docker works through application of layers that are added to the base image. As you have to maintain coherence between all these layers, you cannot base your first image on a moving target (i.e. your writable file-system). So, you need a read-only image that will stay forever the same.

Can we have 2 base images in Docker?

Using multi-stage dockerfiles, you can use several base images as well as previous intermediate image layers to build a new image layer.


3 Answers

Docker does not use LXC (not since Docker 0.9) but libcontainer (now runc), a built-in execution driver which manipulates namespaces, control groups, capabilities, apparmor profiles, network interfaces and firewalling rules – all in a consistent and predictable way, and without depending on LXC or any other userland package.

A docker image represents a set of files winch will run as a container in their own memory and disk and user space, while accessing the host kernel.
This differs from a VM, which does not access the host kernel but includes its own hardware/software stack through its hypervisor.
A container has just to set limits (disk, memory, cpu) in the host. An actual VM has to build an entire new host.

That docker image (group of files) can be anything, as long as:

  • it does not depends on host libraries (since it is isolated in its own disk space, it does not have access to hosts files, unless volumes are mounted)
  • it does only system calls: see "What is meant by shared kernel in Docker?"

That means an image can be anything: another linux distro, or even a single executable file. Any executable compile in go (https://golang.org/) for instance, could be packaged in its own docker image without any linux distro:

FROM scratch
COPY my_go_exe /
ENTRYPOINT /my_go_exe

scratch is the "empty" image, and a go executable is statically linked, so it is self-contained and only depends on system calls to the kernel.

like image 84
VonC Avatar answered Oct 06 '22 23:10

VonC


The main thing shared between the host OS and docker container is the kernel. The main risk of running docker containers from different distributions/versions is that they may depend on kernel functionality not present on the host system, for example if the container expects a newer kernel than the host has installed.

In theory, the Linux kernel is backwards compatible. As long as the host kernel is newer than the container kernel it should work.

From an operational perspective, each time you start depending on a different base image that is another dependency that you need to monitor for updates and security issues. Standardizing on one distribution reduces the workload for your ops team when the next big vulnerability is discovered.

like image 40
Chris Pitman Avatar answered Oct 06 '22 23:10

Chris Pitman


Docker uses LXC, which is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

You can compare this to a VM on your machine, where you start another Linux distro, which does not have to be the same as your host OS. So it does not matter, if your host os is the same as the base image of your container.

In Docker, the container is built from layers. Each step (command) in your Dockerfile represent one layer, which are applied one after the other. The first step ist to apply the base OS layer, which is indicated by FROM.

So to answer your bonus question, you can have a look inside the Dockerfile of the container you're using (it's the third tab on DockerHub) and see in the first statement, which is the base image (os).

like image 27
Martin Seeler Avatar answered Oct 07 '22 01:10

Martin Seeler