Making A Docker Service in Hindsight

A 20/20 on commands found in the Making A Docker Service Cookbook

Docker is one of several competing technologies that attempt to give you a mechanism for bundling an application and all its dependencies to eliminate the “it works on my machine” syndrome as well as a providing the isolation capabilities of a virtual machine – all with less overhead. While originally supporting just Linux applications, Microsoft has provided docker images to allow windows apps to also be run inside a docker container and has added support to Windows for running docker containers.

The general goal for a Docker container is to bundle an application with all its dependencies into a deployable unit that is isolated from other applications. It is recommended to deploy only 1 application per container and while that might seem limiting if you have a suite of applications, you can still tie them together. You do this by placing each application into its own container an then linking them. By running each application in its own container, you allow more freedom during deployment such as how many running instances and on which machines.

In short, you create a docker image with a single application and its runtime dependencies. You deploy this image in one or more docker containers which will be run as a single process on the host. You can link multiple containers together and configure a container to allow it access to the folders on the host filesystem if necessary.


Warning: the terminology has changed over the past couple of years. A host has a docker engine that hosts docker containers. There is the docker machine client or its replacement, docker cloud that is used to manage 1 or more docker engines in order to create, deploy and manage docker containers. A docker engine has 0 or more docker containers. There is another client that interacts directly with the docker engine, that is the docker client. These engines can be on physical machines, local VMs or cloud based VMs. For linux machines, OS functionality is used to isolate the container without resorting to the heavy weight VM solution. The docker-machine executable can create local VMs on Mac or Windows or provision VMs in a cloud environment.

As note earlier on Linux, the Docker container is hosted using a lightweight process group with its own isolated file system and processes. The docker container uses Linux’s namespaces and control groups (cgroups).

  • Namespaces isolate IP, network stack, file system, other processes
  • Control groups isolate resource usage.

This prevents one container from bringing down the rest of the containers on a machine.


On a linux pc, your machine is the docker-engine. On older windows, all macs, and various cloud environments, you need a docker-engine running in a vm. For running items locally on Macs, the docker machine uses virtual box. To manage these, use the docker-machine commands.