The document provides an overview of Docker containers and how to get started with Docker. It discusses what containers are, how Docker works, the differences between containers and VMs, and how to use basic Docker commands. It also covers creating Docker images using Dockerfiles and provides examples of common Dockerfile commands.
2. Agenda
Container
Docker
Inside container/ outside container
Container Vs. VM
Why are docker containers light weight?
Basics of docker system
Play with docker commands
Docker file
3. Container
Isolated process(es)
Runs at native speed straight on host
Owns process space
Owns network stack
Owns root file system
Owns IPC
Shares kernal with host
4. Docker
A platform for developing, shipping and running applications using container
virtualization technology
An Open source project to commoditize LinuX Containers
Allows creation and sharing docker images
Uses copy-on-write for quick images
Client/ server architecture
5. Inside container
My code
My Libraries
My package manager
My app
My data
Outside container
Logging
Remote access
Network configuration
Monitoring
6. Containers vs. VM
App
A
Hypervisor (Type 2)
Host OS
Server
Gues
t
OS
Bins/
Libs
App
A’
Gues
t
OS
Bins/
Libs
App
B
Gues
t
OS
Bins/
Libs
AppA’
Docker
Host OS
Server
Bins/LibsAppA Bins/Libs
AppB
AppB’
AppB’
AppB’
Container
Containers are isolated,
but share OS and, where
appropriate,
bins/libraries
Gues
t
OS
Gues
t
OS
…result is significantly faster
deployment, much less overhead,
easier migration, faster restart
7. Why are docker containers light weight?
Original App
(No OS to take
up space, resources,
or require restart)
App
A
Bins/
Libs
App
A’
Gues
t
OS
Bins/
Libs
Modified App
Copy on write
capabilities allow
us to only save the
diffs
Between container A
and container
A’VMs
Every app, every copy of an
app, and every slight modification
of the app requires a new virtual server
App
A
Gues
t
OS
Bins/
Libs
Copy of
App
No OS. Can
Share bins/libs
Bins/
Libs
App
A
App
A
Gues
t
OS
Gues
t
OS
VMs Containers
AppΔBins
8. Basics of Docker System
Source Code
Repository
Dockerfile
For
A
Docker Engine
Build
Docker
Host 2 OS (Linux)Container
A
Container
B
Container
C
Push
Search
Pull
Run
Host 1 OS
(Linux)
ContainerA
Docker
Container
Image
Registry
9. Play with docker commands
Check docker version
#docker version
List local images
#docker images (latest, tag, local image pulled first)
List containers
#docker ps
#docker ps –a
Check logs
#docker logs <container id>
#docker logs –f <container id>
10. Play with docker commands
Create container (with terminal/ detached/ with volume/ with port mapping)
Docker run [options] [image] [command] [args]
#docker run ubuntu:14.04 echo “hello world”
#docker run –i –t ubuntu:latest /bin/bash
#docker run –d centos:7 ping 127.0.0.1 –c 50
#docker run –i –t –v /myvolume nginx:1.7
#docker run –d –P tomcat:7
13. Play with docker commands
Save changes in container as a new image
#docker run –i –t ubuntu:14.04 bash
#root@0c424bc93f0a:/#apt-get install curl
#root@0c424bc93f0a:/#exit
#docker commit 0c424bc93f0a sspt-artifactory.juniper.net/csp-myapp:1.0
#docker images
Find resource(cpu, memory, io) usage by container
# docker stats –no-stream=true <container-id>
14. Play with docker commands
Other useful commands
#docker history [image id]
#docker inspect [container name] | grep IPAddress
#docker start [container short id]
#docker stop [container short id]
#docker exec –i –t [container short id] /bin/bash
#docker rm [container short id]
#docker rmi [image-name:tag/ image id]
#docker save <image-name> > /home/image.tar
#docker load < /home/image.tar
15. Docker file
Configuration file that contains instructions for building docker image
More effective way to build images compared to using “docker commit”
Easily fits into CI/ CD process
Use “docker build” command to create image using docker file
Daemon runs instructions one-by-one, committing the result of each
instruction to a new image, finally outputting the ID of new new image
ENTRYPOINT instruction inside dockerfile defines command to run when a
container is executed
17. # Get base ubuntu image
FROM artifactory.net/my-ubuntu
# Copy installables
COPY client/ /opt/my-service-build/client/
COPY conf/*.conf /etc/my-service/
RUN mkdir /var/log/my-service
RUN
cd /opt/my-service-build &&
cd core-server &&
pip install --pre -rrequirements.txt -rtest-requirements.txt
&&
pip install my-services -f dist/ &&
RUN chmod +x /my-service-docker-entry.sh
ENTRYPOINT ["/my-service-docker-entry.sh”]
Sample Docker file
18. Play with Docker file
Set ENV to set environment variables inside container:
ENV myName="John Doe" myDog=Rex The Dog
myCat=fluffy
and
ENV myName John Doe
ENV myDog Rex The Dog
ENV myCat fluffy
will yield the same net results in the final container, but the first form is
preferred because it produces a single cache layer.
Change env variable using command – docker run --env <key>=<value>
Notas del editor
Docker:
Make containers very very easy to use
the Docker daemon runs in the background – manages containers, images, and builds – HTTP API (over UNIX or TCP socket) – embedded CLI talking to the API
libvirt: Platform Virtualization
LXC (LinuX Containers): Multiple isolated Linux systems (containers) on a single host
Layered File System
Client takes user inputs and send them to the daemon
Daemon builds, runs and distribute containers
Client and daemon can run on the same host or on different hosts
Benefits of docker:
Application portability
Scalability
Resource optimization
Better security as provides reduced set of default privileges and capabilities
VM:
Host OS manages the physical HW and provides multiple virtual HW that can run different operating systems on a single physical server. It does this by emulating the HW and the guest OS is not aware it is running on a physical platform or virtual platform. Virtual HW that can run unmodified guest operating system is called full virtualization. As HW emulation is expensive, for efficiency the guest OS drivers are modified to effectively share the physical HW and this form of virtualization is called para-virtualization.
Container
It runs a single OS and the OS provide isolation using name spaces. In container all applications run as processes within the container. This provides another level of security and processes running in a container don’t see or have access to other containers. To run applications built for other operating systems, container needs a simulated environment with a set of libraries and resources such file systems, networking support. Docker uses the container technology and provides the environment needed to support.
Virtual machines emulate the hardware and provide virtual platforms that can run unmodified SW including kernel. In environment where the kernel is heavily modified to fit the needs of the applications for efficiency and other reasons additional work is required to run these applications in the container based environment. Otherwise container based technology offers better resource utilization.
Virtual machines use the Hardware provided isolation in most cases and container uses the name spaces to provide the isolation.
A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes. One use of namespaces is to implement containers. Linux provides the following namespaces: Namespace Constant Isolates Cgroup CLONE_NEWCGROUP Cgroup root directory IPC CLONE_NEWIPC System V IPC, POSIX message queues Network CLONE_NEWNET Network devices, stacks, ports, etc. Mount CLONE_NEWNS Mount points PID CLONE_NEWPID Process IDs User CLONE_NEWUSER User and group IDs UTS CLONE_NEWUTS Hostname and NIS domain name
Docker hub is public registry that contains a large number of images available for use
Container runs as long as the process from specified docker run command is running
Command’s process is always PID 1 inside the container
Container has long ID and short ID. Docker ps command to get short ID and name
Give absolute path while mounting volume
Execute to start another process within a container, exiting from this terminal will not terminate container