Docker Images without Docker

[00:00:00]
>> Just to kind of demonstrate to you that there's no mystery into what is a Docker image. We're gonna start to run a Docker image by hand, right? Using the same techniques that we did before. Yeah, just to show that they're literally just zip files, pretty much, right?

[00:00:17]
So, a pre-made container is called an image, right? And you can base your images off of other people's images, right? And you kind of build these what they're called is layers on top of each other. And basically an all in images is it just dumps out the state of a particular container and ties it together or zips it together.

[00:00:38]
It's actually literally what it does, right? So, let's go ahead and have some fun with this. So yeah, we're gonna do this within a docker container. So we're gonna run docker from within a docker container. There's some levels to this, right? And the reason is I need Ubuntu, and I'm on Mac right now.

[00:01:02]
So if you run this container right here, what this is gonna do is it's going to run a docker container that has a docker client that's connected to your host VM, right? Or your host computer, right? So if I run this, This is going to connect to my docker that's running on my docker desktop right?

[00:01:27]
So you can see now, I'm actually, if cat /etc/issue. I'm actually within Alpine Linux, and we'll talk about what Alpine Linux is later, but suffice to say I'm within Linux, but if I say docker ps, I can actually see the container within which I'm running, right? This is atypical, typically you cannot connect outside of the host, but that's what this dash feed did.

[00:01:48]
It allowed me to connect outside of it, right? So I opened a tunnel to the host, Docker desktop. Again, don't worry too much about the semantics of that. Just know that we're connecting to the host Docker container. So I ran this command right there. So what I wanna do right now is I want to download a Docker container.

[00:02:10]
And then I wanted to route into the environment and unshare it and then add it to C groups. I'll leave out running the C groups because we saw how to do that, tt's a bit burdensome? So I think you'll trust me, right? But what I'm gonna do right now is I'm gonna say another Docker command right now, docker run -- rm -dit --name my-alpine.

[00:02:35]
And we're gonna run Alpine : 3.10, and we're gonna run shell from within that. Now all this is gonna do, this is gonna start a container in the background, that's all we did here. So if I look in docker PS again, you can see you right there I have this container here which I have named my alpine and all is doing it's just running, not doing anything, just running.

[00:03:03]
Now why did I do this? I'm going to dump the state out of this right and then I'm gonna run it as my own container, which is exactly what an image is. So I'm going to say docker export -o dockercontainer.tar, which is like a zip file right, for Linux.

[00:03:23]
And I'm going to dump out the state of my alpine. So you can see now I have this dockercontainer.tar, this is the state of what that container is. Now I'm going to make a directory, mkdir container-root. And I'm gonna say tar xf. I can never remember the flags for tar.

[00:03:45]
Dockercontainer.tar -C container-root/ this is going to, if I look inside of container-root now, looks pretty familiar, right? Looks like another file system for Linux. Again, that's what it is. So now, this should feel very familiar too if I say unshare --mount --uts --ipc --net --pid --fork --user --, you can copy and paste this if you are not a glutton for punishment like I am.

[00:04:28]
Map-root-user and I'm gonna say change root to container root and I am not going to run bash, I am going to run a different called ash because it is Alpine right, it is not Ubuntu. I think you could just say shell as well. Okay, now you can see If I run pwd, you can see I'm in the root directory.

[00:05:02]
I am unshared now into this docker container image. And if you could do the typical mount procs none/ proc, mount- t sysfs none/sys N mount-t tmpfs none/temp. Then I can save ps aux and the same thing, right. I can see it's running the shell, so on and so forth, right?

[00:05:30]
So I have essentially executed this Docker image, but I've done it with the previous techniques. And again, I haven't c grouped this. But if you wanted to, you could go and do that song and dance again if you wanted to. So again, there's no mystery to what Docker images are, right?

[00:05:47]
They're pretty much just zip files, right, that go in and run these commands for you. Again, Docker is doing more than that for you. It's connecting volumes and by mounting a bunch of other like useful things for you, that I could teach you, that would not be very useful to you because you would never do it by hand, right?

[00:06:01]
That I'm just kind of showing you that these are the sorts of things that it's doing underneath the hood for you. But this is complexity that you never have to understand, right? You never needed to but it's I think it's useful for you to know, yeah.
>> On that previous command after you change root, you don't need the pwd/container?

[00:06:21]
>> No
>> Right there, yeah.
>> This one right?
>> You dont need to prefix with pwd?
>> No, so I have that in my notes, just to make sure that it would always work depending on where you put that container root, right. So the pwd there, all it's going to do is like your present working directory, right?

[00:06:43]
But because I know I put that Docker container in the roots, right, it's right there. That yeah, so it wasn't necessary. It's just making sure the path is correct. So we can exit out of that and we are still within Alpine or the Docker container, right? So we did a container within a container, which is always kinda fun, right?

[00:07:07]
But now I can exit out of that, which again, will destroy your entire environment, but now I'm back in macOS.