Docker Runtime Installation and Image Management on Linux
Containers represent a OS-level virtualization method enabling isolated application environments. Unlike hardware virtualization, containers share the host kernel while maintaining process isolation through kernel features.
Key differentiators from hypervisor-based virtualization:
- Initialization time measured in seconds rather than minutes
- Direct hardware access without emulation layer overhead
- Shared kernel architecture reducing memory footprint
Core Components:
- Images: Immutable application templates
- Containers: Runnable instances of images
- Registries: Distributed storage for image distribution
Underlying Kernel Mechanisms: Namespace isolation provides segregation of process trees, network stacks, and filesystem mounts. Control groups (cgroups) enforce resource quotas on CPU cycles and memory allocation.
Runtime Implementations: Docker CE (Commuinty Edition), Podman (daemonless alternative), and containerd (industry-standard runtime).
Verify system compatibility and network accessibility:
[admin@host-01 ~]$ hostnamectl | grep "Operating System"
Operating System: CentOS Linux 7 (Core)
[admin@host-01 ~]$ curl -sI https://registry.hub.docker.com | head -1
HTTP/1.1 200 OK
Configure package repositories:
[admin@host-01 ~]$ sudo tee /etc/yum.repos.d/docker.repo <<EOF
[docker-stable]
name=Docker Stable Repository
baseurl=https://download.docker.com/linux/centos/\$releasever/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
EOF
[admin@host-01 ~]$ sudo yum makecache fast
Install and initialize the service:
[admin@host-01 ~]$ sudo yum install -y docker-ce docker-ce-cli containerd.io
[admin@host-01 ~]$ docker --version
Docker version 24.0.7, build afdd53b
[admin@host-01 ~]$ sudo systemctl start docker
[admin@host-01 ~]$ sudo systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
Configure registry mirrors for accelerated pulls:
[admin@host-01 ~]$ sudo mkdir -p /etc/docker
[admin@host-01 ~]$ sudo tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://mirror.ccs.tencentyun.com",
"https://hub-mirror.c.163.com",
"https://registry.docker-cn.com"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
EOF
[admin@host-01 ~]$ sudo systemctl reload docker
Docker creates a virtual bridge interface facilitating container communication:
[admin@host-01 ~]$ ip addr show dev docker0
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:1/64 scope link
valid_lft forever preferred_lft forever
Kernel paramter enabling IPv4 forwarding:
[admin@host-01 ~]$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
NAT configuration for outbound container traffic:
[admin@host-01 ~]$ sudo iptables -t nat -L POSTROUTING -v
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any !docker0 172.18.0.0/16 anywhere
List available images in local storage:
[admin@host-01 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Import compressed image archives:
[admin@host-01 ~]$ docker load < alpine-latest.tar.gz
8e3ba11ec2a2: Loading layer 5.846MB/5.846MB
Loaded image: alpine:latest
Export existing images to portable archives:
[admin@host-01 ~]$ docker save nginx:stable > nginx-stable.tar
[admin@host-01 ~]$ ls -lh nginx-stable.tar
-rw-r--r-- 1 root root 142M Dec 15 09:30 nginx-stable.tar
