Docker: Contain All The Things

Transcript

1. Docker: Contain All The Things

2. Proprietary and Confidential •Community Engineer at Engine Yard •Author of

   Zend PHP 5 Certification Study Guide, Sitepoints PHP Anthology: 101 Essential Tips, Tricks & Hacks & PHP Master: Write Cutting Edge Code •A contributor to Zend Framework 1 & 2, phpdoc, & PHP internals • Original creator of PHAR/PHP_Archive •@dshafik Davey Shafik

3. Let’s start a conversation about mental health in tech mhprompt.org

4. What is Docker?

5. Docker is a tool that can package an application and

   its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on premise, public cloud, private cloud, bare metal, etc. “ ” Source: 451 Research (Emphasis Mine)

6. [Docker] automates the deployment of applications inside software containers, by

   providing an additional layer of abstraction and automation of operating- system-level virtualization on Linux. “ ” Source: Wikipedia

7. • Docker is not the container technology • Docker is

   an abstraction and automation framework for deploying applications on Linux containers (LXC) • Provides process isolation (sandboxing) • Does not require a virtualized environment, runs on the host OS What is Docker?

8. What is Docker?

9. What is Docker? Server (Real or Virtual)

10. What is Docker? Host OS (Linux) Server (Real or Virtual)

11. What is Docker? Host OS (Linux) Server (Real or Virtual)

    Docker Daemon

12. Container What is Docker? Host OS (Linux) Server (Real or

    Virtual) Docker Daemon binaries/libs Container binaries/libs Container binaries/libs Container binaries/libs

13. • boot2docker • Lightweight Linux distro for running Docker in

    a VM • 27MB Docker on Mac OS X/Windows

14. Docker Images Like an Onion: It has Layers

15. UnionFS: Layered Images readonly {

16. • You can build an image from scratch: don’t •

    Extend from a base image – Ubuntu, Debian – CentOS, RHEL, Fedora – ArchLinux – OpenSUSE – Gentoo – CoreOS Extending Images

17. CoreOS

18. • Minimal Distro (based on Gentoo) • Automatic Updates (Atomic

    + Rollbacks) • Container Support • Cluster Management (fleet) • Service Discovery (etcd) • Everything is a service, accessed via an API CoreOS

19. • Manages Container • Systemd for the cluster • Schedules

    tasks automatically • Resolving conflicts • Automatically handles machine failure Fleet

20. • Key-Value Store • Handles service discovery • Configuration Storage

    • Guaranteed Consistency – Useful for implementing things like distributed locking etcd

21. • Flannel: Container Networking Layer • Rkt: CoreOS backed container

    format (alternative to Docker) • Locksmith: Reboot Manager, allows you to smartly reboot segments of a cluster and ensure zero interruptions • Many more… Other Tools

22. Building an Image

23. • Create a Dockerfile • Have Docker Hub build it

    for you by linking to a Github/Bitbucket repo • Build it locally • Build it on deploy with Deis Building an Image

24. Docker Hub

25. • Github for Docker Images – Sign up with Github

    (or with bespoke credentials) – Supports organizations – Private images (one free) – Automatic builds on push to Github/Bitbucket – Images: <username or organization>/<image> Docker Hub

26. Proprietary and Confidential FROM ubuntu:wily MAINTAINER Davey Shafik <[email protected]> RUN

    apt-get update -qq RUN apt-get install -q -y memcached CMD ["memcached", "-u", "daemon"] EXPOSE 11211 Dockerfile Example: memcached

27. • Must start with FROM (first non-comment), defines the base

    image • Creates images after each step as required • Caches and will re-use any step that it can • The container will continue running for as long as the CMD is running the foreground. Will only run the last CMD • With Deis, you may only EXPOSE one port Dockerfile Example: memcached

28. Demo

29. None
30. None

31. Build Context

32. • The entire CWD is available to the Dockerfile: This

    is the build Context • Use .dockerignore file to ignore files in the CWD. Users Go’s filepath.Match pattern matching • Use WORKDIR to change CWD • Use ADD to add additional files, directories, or remote files o ADD <src> <dest> o # Required for paths with whitespace
 ADD ["src", “dest”] o Supports wildcards Context

33. Running Commands

34. • RUN: Run commands to build the final container image

    • CMD: The default process, or arguments the container is going to run when run – ENTRYPOINT: A default command to which default arguments from CMD, or those passed in via docker run, are passed. • Relative to the WORKDIR • Runs as root unless changed with USER Running Commands

35. • All three take two forms (at least): – exec

    form: [“executable”, “param1”, “param…”] – shell form: command param1 param… • CMD also takes just arguments to pass to the ENTRYPOINT: – [“param1”, “param…”] • exec and param form do not perform shell interpolation of params (e.g. $USER or `hostname`) Running Commands

36. Proprietary and Confidential RUN apt-get install -y memcached RUN [“apt-get”,

    “install”, “-y”, “memcached”] # This is NOT the same: 
 RUN [“apt-get”, “install -y memcached”] Running Commands: RUN

37. Proprietary and Confidential CMD memcached -u daemon CMD [“memcached”, “-u”,

    “daemon”] Running Commands: CMD

38. Proprietary and Confidential ENTRYPOINT memcached CMD [“-u”, “daemon”] ENTRYPOINT memcached

    $ docker run -u daemon $ docker exec -u daemon -p 11212 Running Commands: ENTRYPOINT

39. Deferred Commands

40. • Commands to run when using the image as the

    base for another image • Allows you to call any other Dockerfile instruction (some may not make sense however) • For example: the base ubuntu image could ensure that apt-get update is always run whenever you build upon that base image. – ONBUILD RUN apt-get update -qq Deferred Commands

41. Copying Files

42. • Similar to ADD but instead of adding files to

    the context, it copies it from the context into the resulting image • Two syntaxes: – COPY <src> <dest> – COPY [“src”, “dest”] • Supports wildcards • Relative to the WORKDIR Copying Files

43. Sharing Files

44. • Volumes create a mount point within the container •

    Volumes are shared with the host, or other containers • Set at runtime • Files created within the VOLUME path prior to running are copied over to the mounted share at runtime Sharing Files

45. Meta-data

46. • Associate meta-data using LABEL • Each LABEL creates a

    new image! •LABEL version=“1.0” •Read meta-data using docker inspect Meta-data

47. Running a Container

48. Demo

49. • docker run -d -p 11211:11211 dshafik/memcached o -d: daemonizes

    the container o -p: bind container and host port o <image>: the image to launch • docker ps: shows currently running containers • telnet <host> 11211: telnet to the mecached daemon • docker stop <hash or name>: stop the container Demo
50. None

51. Ports

52. • EXPOSE: In the Dockerfile • --expose with docker run

    (useful for with custom run commands) • Bind to host: o -p: bind host port to container port: -p <host>:<container> o -P: bind all exposed ports to a random ports on the host – Find ports: docker port <container> <container port> Ports

53. Linking Containers

54. • Intra-Container Communication (TCP and/or UDP) • Linked by container

    name • Sets ENVironment variables and • Updates /etc/hosts file • Doesn’t require ports be exposed to the outside (e.g. using -p or -P) Linking Containers

55. Proprietary and Confidential $ docker run -d -P --name <name>

    <image> $ docker run -d -P --link <name>:<alias> <image> Linking Containers

56. • Exposes all ENV vars from source container • Creates

    ENV vars: - <alias>_PORT_<port>_<protocol>_ADDR = <IP> - <alias>_PORT_<port>_<protocol>_PORT=<port> - <alias>_PORT_<port>_<protocol>_PROTO=<protocol> - <alias>_PORT=<first EXPOSEd port> - <alias>_ENV_<environment vars> = <value> • Add <alias> to hosts file: ping <alias>: <container IP> Linking Containers

57. Sharing Images

58. • Using docker hub – docker push <image> – docker

    pull <image> • Without docker hub – docker save -o <image>.tar <image> – docker load -i <image>.tar Sharing Images

59. Let’s build some stuff!