docker-desktop

Docker Desktop

What is Docker Desktop?

Docker Desktop is secure, out-of-the-box containerization software offering developers and teams a robust, hybrid toolkit to build, share, and run applications anywhere.

Docker Desktop is a one-click-install application for your Mac, Linux, or Windows environment that lets you to build, share, and run containerized applications and microservices.

It provides a straightforward GUI (Graphical User Interface) that lets you manage your containers, applications, and images directly from your machine. You can use Docker Desktop either on its own or as a complementary tool to the CLI.

Docker Desktop reduces the time spent on complex setups so you can focus on writing code. It takes care of port mappings, file system concerns, and other default settings, and is regularly updated with bug fixes and security updates.

Install Docker Desktop

To install Docker Desktop, search for install docker desktop and click on the link: install docker desktop, find the related installation on different platform (Windows, Linux, Mac) and click on the link. I am installing here on Windows:Install Docker Desktop on Windows . By selecting the link the Docker Desktop Installer.exe is downloaded. start Installation and flow the instructions after installation you need create account, and login, then you can see the following figure:

What is included in Docker Desktop and what are the key feature of Docker Desktop

1. Docker Engine overview

Docker Engine is an open source containerization technology for building and containerizing your applications. Docker Engine acts as a client-server application with:

• A server with a long-running daemon process dockerd.
• APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
• A command line interface (CLI) client docker.

The CLI uses Docker APIs to control or interact with the Docker daemon through scripting or direct CLI commands. Many other Docker applications use the underlying API and CLI. The daemon creates and manage Docker objects, such as images, containers, networks, and volumes.

For more details, see Docker Architecture.

2. Docker CLI client

Docker CLI tool is a command line application used to interact with the dockerd daemon. The dockerd daemon is the process that manages containers and handles all the commands sent from the CLI by exposing an API endpoint. So both dockerd and Docker CLI pieces are needed for docker to work.

3. Docker Scout

Container images are often built from layers of other container images and software packages. These layers and packages can contain vulnerabilities that make your containers and the applications they run vulnerable to attack.

Docker Scout can proactively help you find and fix these vulnerabilities, helping you create a more secure software supply chain. It does this by analyzing your images and creating a full inventory of the packages and layers called a Software bill of materials (SBOM)open_in_new. It then correlates this inventory with a continuously updated vulnerability database to identify vulnerabilities in your images.

You can use Docker Scout in Docker Desktop, Docker Hub, the Docker CLI, and in the Docker Scout Dashboard. Docker Scout also supports integrations with third-party systems, refer to Integrating Docker Scout for more information.

4. Docker Build

Docker Build is one of Docker Engine’s most used features. Whenever you are creating an image you are using Docker Build. Build is a key part of your software development life cycle allowing you to package and bundle your code and ship it anywhere.

Docker Build is more than a command for building images, and it’s not only about packaging your code. It’s a whole ecosystem of tools and features that support not only common workflow tasks but also provides support for more complex and advanced scenarios.

5. Docker Extensions?

Docker Extensions let you use third-party tools within Docker Desktop to extend its functionality. You can seamlessly connect your favorite development tools to your application development and deployment workflows. Augment Docker Desktop with debugging, testing, security, and networking functionalities, and create custom add-ons using the Extensions SDK.

Anyone can use Docker Extensions and there is no limit to the number of extensions you can install.

Available extensions?

There is a mix of partner and community-built extensions and Docker-built extensions. You can explore the list of available extensions in Docker Hubopen_in_new or in the Extensions Marketplace within Docker Desktop.

To find out more about Docker Extensions, we recommend the video walkthrough from DockerCon 2022

6. Docker Compose

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.

Compose works in all environments; production, staging, development, testing, as well as CI workflows. It also has commands for managing the whole lifecycle of your application:

• Start, stop, and rebuild services
• View the status of running services
• Stream the log output of running services
• Run a one-off command on a service

The key features of Compose that make it effective are:

• Have multiple isolated environments on a single host
• Preserve volume data when containers are created
• Only recreate containers that have changed

7. Content trust in Docker

When transferring data among networked systems, trust is a central concern. In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system operates on. You use Docker Engine to push and pull images (data) to a public or private registry. Content trust gives you the ability to verify both the integrity and the publisher of all the data received from a registry over any channel.

About Docker Content Trust (DCT)

Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags.

Through DCT, image publishers can sign their images and image consumers can ensure that the images they pull are signed. Publishers could be individuals or organizations manually signing their content or automated software supply chains signing content as part of their release process.

Image tags and DCT

An individual image record has the following identifier:

[REGISTRY_HOST[:REGISTRY_PORT]/]REPOSITORY[:TAG]

A particular image REPOSITORY can have multiple tags. For example, latest and 3.1.2 are both tags on the mongo image. An image publisher can build an image and tag combination many times changing the image with each build.

DCT is associated with the TAG portion of an image. Each image repository has a set of keys that image publishers use to sign an image tag. Image publishers have discretion on which tags they sign.

An image repository can contain an image with one tag that is signed and another tag that is not. For example, consider the Mongo image repositoryopen_in_new. The latest tag could be unsigned while the 3.1.6 tag could be signed. It is the responsibility of the image publisher to decide if an image tag is signed or not. In this representation, some image tags are signed.

8. Kubernetes (K8s)

Kubernetes, also known as K8s, is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for the deployment, maintenance, and scaling of applications.

9. docker-credential-helpers

docker-credential-helpers is a suite of programs to use native stores to keep Docker credentials safe.

Conclusion

In this post we have talked about Docker Desktop and  what is contained and its functions

My next post describes Dockerfile and Docker-compose file

This post is part of  Docker step by step

Back to home page