Docker: Contain All The Things

Docker: Contain All The Things

An introduction to Docker and Containers


Davey Shafik

June 16, 2015


  1. Docker: Contain All The Things

  2. Proprietary and Confidential •Community Engineer at Engine Yard •Author of

    Zend PHP 5 Certification Study Guide, Sitepoints PHP Anthology: 101 Essential Tips, Tricks & Hacks & PHP Master: Write Cutting Edge Code •A contributor to Zend Framework 1 & 2, phpdoc, & PHP internals • Original creator of PHAR/PHP_Archive •@dshafik Davey Shafik
  3. Let’s start a conversation about mental health in tech

  4. What is Docker?

  5. Docker is a tool that can package an application and

    its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on premise, public cloud, private cloud, bare metal, etc. “ ” Source: 451 Research (Emphasis Mine)
  6. [Docker] automates the deployment of applications inside software containers, by

    providing an additional layer of abstraction and automation of operating- system-level virtualization on Linux. “ ” Source: Wikipedia
  7. • Docker is not the container technology • Docker is

    an abstraction and automation framework for deploying applications on Linux containers (LXC) • Provides process isolation (sandboxing) • Does not require a virtualized environment, runs on the host OS What is Docker?
  8. What is Docker?

  9. What is Docker? Server (Real or Virtual)

  10. What is Docker? Host OS (Linux) Server (Real or Virtual)

  11. What is Docker? Host OS (Linux) Server (Real or Virtual)

    Docker Daemon
  12. Container What is Docker? Host OS (Linux) Server (Real or

    Virtual) Docker Daemon binaries/libs Container binaries/libs Container binaries/libs Container binaries/libs
  13. • boot2docker • Lightweight Linux distro for running Docker in

    a VM • 27MB Docker on Mac OS X/Windows
  14. Docker Images Like an Onion: It has Layers

  15. UnionFS: Layered Images readonly {

  16. • You can build an image from scratch: don’t •

    Extend from a base image – Ubuntu, Debian – CentOS, RHEL, Fedora – ArchLinux – OpenSUSE – Gentoo – CoreOS Extending Images
  17. CoreOS

  18. • Minimal Distro (based on Gentoo) • Automatic Updates (Atomic

    + Rollbacks) • Container Support • Cluster Management (fleet) • Service Discovery (etcd) • Everything is a service, accessed via an API CoreOS
  19. • Manages Container • Systemd for the cluster • Schedules

    tasks automatically • Resolving conflicts • Automatically handles machine failure Fleet
  20. • Key-Value Store • Handles service discovery • Configuration Storage

    • Guaranteed Consistency – Useful for implementing things like distributed locking etcd
  21. • Flannel: Container Networking Layer • Rkt: CoreOS backed container

    format (alternative to Docker) • Locksmith: Reboot Manager, allows you to smartly reboot segments of a cluster and ensure zero interruptions • Many more… Other Tools
  22. Building an Image

  23. • Create a Dockerfile • Have Docker Hub build it

    for you by linking to a Github/Bitbucket repo • Build it locally • Build it on deploy with Deis Building an Image
  24. Docker Hub

  25. • Github for Docker Images – Sign up with Github

    (or with bespoke credentials) – Supports organizations – Private images (one free) – Automatic builds on push to Github/Bitbucket – Images: <username or organization>/<image> Docker Hub
  26. Proprietary and Confidential FROM ubuntu:wily MAINTAINER Davey Shafik <> RUN

    apt-get update -qq RUN apt-get install -q -y memcached CMD ["memcached", "-u", "daemon"] EXPOSE 11211 Dockerfile Example: memcached
  27. • Must start with FROM (first non-comment), defines the base

    image • Creates images after each step as required • Caches and will re-use any step that it can • The container will continue running for as long as the CMD is running the foreground. Will only run the last CMD • With Deis, you may only EXPOSE one port Dockerfile Example: memcached
  28. Demo

  29. None
  30. None
  31. Build Context

  32. • The entire CWD is available to the Dockerfile: This

    is the build Context • Use .dockerignore file to ignore files in the CWD. Users Go’s filepath.Match pattern matching • Use WORKDIR to change CWD • Use ADD to add additional files, directories, or remote files o ADD <src> <dest> o # Required for paths with whitespace
 ADD ["src", “dest”] o Supports wildcards Context
  33. Running Commands

  34. • RUN: Run commands to build the final container image

    • CMD: The default process, or arguments the container is going to run when run – ENTRYPOINT: A default command to which default arguments from CMD, or those passed in via docker run, are passed. • Relative to the WORKDIR • Runs as root unless changed with USER Running Commands
  35. • All three take two forms (at least): – exec

    form: [“executable”, “param1”, “param…”] – shell form: command param1 param… • CMD also takes just arguments to pass to the ENTRYPOINT: – [“param1”, “param…”] • exec and param form do not perform shell interpolation of params (e.g. $USER or `hostname`) Running Commands
  36. Proprietary and Confidential RUN apt-get install -y memcached RUN [“apt-get”,

    “install”, “-y”, “memcached”] # This is NOT the same: 
 RUN [“apt-get”, “install -y memcached”] Running Commands: RUN
  37. Proprietary and Confidential CMD memcached -u daemon CMD [“memcached”, “-u”,

    “daemon”] Running Commands: CMD
  38. Proprietary and Confidential ENTRYPOINT memcached CMD [“-u”, “daemon”] ENTRYPOINT memcached

    $ docker run -u daemon $ docker exec -u daemon -p 11212 Running Commands: ENTRYPOINT
  39. Deferred Commands

  40. • Commands to run when using the image as the

    base for another image • Allows you to call any other Dockerfile instruction (some may not make sense however) • For example: the base ubuntu image could ensure that apt-get update is always run whenever you build upon that base image. – ONBUILD RUN apt-get update -qq Deferred Commands
  41. Copying Files

  42. • Similar to ADD but instead of adding files to

    the context, it copies it from the context into the resulting image • Two syntaxes: – COPY <src> <dest> – COPY [“src”, “dest”] • Supports wildcards • Relative to the WORKDIR Copying Files
  43. Sharing Files

  44. • Volumes create a mount point within the container •

    Volumes are shared with the host, or other containers • Set at runtime • Files created within the VOLUME path prior to running are copied over to the mounted share at runtime Sharing Files
  45. Meta-data

  46. • Associate meta-data using LABEL • Each LABEL creates a

    new image! •LABEL version=“1.0” •Read meta-data using docker inspect Meta-data
  47. Running a Container

  48. Demo

  49. • docker run -d -p 11211:11211 dshafik/memcached o -d: daemonizes

    the container o -p: bind container and host port o <image>: the image to launch • docker ps: shows currently running containers • telnet <host> 11211: telnet to the mecached daemon • docker stop <hash or name>: stop the container Demo
  50. None
  51. Ports

  52. • EXPOSE: In the Dockerfile • --expose with docker run

    (useful for with custom run commands) • Bind to host: o -p: bind host port to container port: -p <host>:<container> o -P: bind all exposed ports to a random ports on the host – Find ports: docker port <container> <container port> Ports
  53. Linking Containers

  54. • Intra-Container Communication (TCP and/or UDP) • Linked by container

    name • Sets ENVironment variables and • Updates /etc/hosts file • Doesn’t require ports be exposed to the outside (e.g. using -p or -P) Linking Containers
  55. Proprietary and Confidential $ docker run -d -P --name <name>

    <image> $ docker run -d -P --link <name>:<alias> <image> Linking Containers
  56. • Exposes all ENV vars from source container • Creates

    ENV vars: - <alias>_PORT_<port>_<protocol>_ADDR = <IP> - <alias>_PORT_<port>_<protocol>_PORT=<port> - <alias>_PORT_<port>_<protocol>_PROTO=<protocol> - <alias>_PORT=<first EXPOSEd port> - <alias>_ENV_<environment vars> = <value> • Add <alias> to hosts file: ping <alias>: <container IP> Linking Containers
  57. Sharing Images

  58. • Using docker hub – docker push <image> – docker

    pull <image> • Without docker hub – docker save -o <image>.tar <image> – docker load -i <image>.tar Sharing Images
  59. Let’s build some stuff!