Docker Host OS, Guest OS, Base Image etc.
When I started working with docker I had so many questions: The first question was obviously how docker was different from VMs? There are plenty of answers across the web on this. Here is what docker describes as its architecture:
So we have a host OS and on top of that Docker runs and then we have our applications packaged. So far so good. But I got confused when I came across Dockerfile to build OpenJDK snippet which looks like:
FROM alpine:3.6
ENV LANG C.UTF-8
# add a simple script that can auto-detect the appropriate JAVA_HOME value
# based on whether the JDK or only the JRE is installed
RUN { \
echo '#!/bin/sh'; \
echo 'set -e'; \
echo; \
echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
} > /usr/local/bin/docker-java-home \
&& chmod +x /usr/local/bin/docker-java-home
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/binopenjdk-alpine
...
Alpine is a distro/flavor of linux just like Ubuntu. It very well could have been Ubuntu here. In fact in my organization we use Ubuntu as "Base Image"
So why we t use alpine 3.6 as a Base Image when we are installing this on a server which runs, say, Redhat Linux (RHEL) as its Host OS. So in that case the architecture transforms:
Also it appears to be very heavy as there is a guest OS and a host OS. But in that case it would not be as fast. So whats the catch? And why do we need a base image?
To understand that first let us understand the relationship between linux kernel and linux distributions such as Redhat, Ubuntu etc. I could not have put myself better than the following answer at Ubuntu Forum
All distros use the same "Linux" kernel, however all distros make slight changes to it in order make the kernel work best for them, however these changes will almost always get uploaded back to the top where Linus will merge them himself. So all use the Linux kernel, however they all have a few different lines of code in them to make them work best for that distro
So essentially, to refer from a Serverfault Thread ,
Since all Linux distributions run the same (yup, it's a bit simplified) Linux kernel and differ only in userland software, it's pretty easy to simulate a different distribution environment - by just installing that userland software and pretending it's another distribution. Being specific, installing CentOS container inside Ubuntu OS will mean that you will get the userland from CentOS, while still running the same kernel, not even another kernel instance.
So lightweight virtualization is like having isolated compartments within same OS. Au contraire real virtualization is having another full-fledged OS inside host OS. That's why docker cannot run FreeBSD or Windows inside Linux.
Well now it makes sense!! So the base image is not really a base OS. Base image is much more lighter than base OS and that's why docker containers can be really fast. It only installs distro specific (or "userland" ) software. For example in our case, " From alpine 3.6" would only install alpine 3.6 specific software and use host Linux (in our case it is Redhat ) kernel. So the next question why do we need a base image?
From Docker Forum
The docker containers filesystem is isolated from the host OS. So an application packaged inside a docker image wont be able to see the host filesystem(unless attached as volume) at the time of running as a container. So, imagine the application you have inside the container depends on various OS libraries, so maintaining the isolation if we want to run the application we will have to package those dependencies too inside the Docker Image. This is why there are base images available for various Linux distros. Also having a distro will give us its package management features like yum/apt-get so that we can design the docker image with required dependencies in much easier way. And the ubuntu image you are referring is not a full blown one, its a stripped down version of Ubuntu even though its not the smallest docker image available. Also these docker images doesn't come with a kernel, at runtime, it uses the host kernel.
So in our this image "Guest OS" is not really a full fledged Operating System. It is a "Guest Image" which only consists of so called "userland" or distro specific libraries etc. I found the concept of "OS vs Image" is extremely important to understand. It answers a lot of questions which seems unintuitive when we start to scratch the surface of Docker. So Guest Image is essentially a part of "Bins/Libs" box of docker architecture and not a virtualized environment. So it looks like following
http://techknowblogs.blogspot.in/2017/12/docker-host-os-guest-os-base-image-etc.html
Cloud DevOps (Docker, CKA, CKAD, Helm, Redhat Openshift, OpenStack, GIT, Ansible, Jenkins, ArgoCD, Terraform, AWS) || GitOPS || 4G IMS/VoLTE (Deployment & E2E Testing) || Telco-Cloud || Network & K8 Security
1yNice Clarification !!!
Senior Software Engineer at Radix IoT
3yVery nice, Concept is very clear, Thank you! Abhijit.
Chief Executive Officer @ Madgical Techdom | Empowering businesses with secure, cost-effective cloud solutions
3yThanks buddy.
Why are you saying that the guest OS is part of the bins/libs? I thought you said at one point that alpine is the guest OS that all containers use. Still a bit confused.
Engineer at ZF Group | Power Platform Developer Associate | 5 × Microsoft Certified
4yWell explained! Thanks Abhijit!