IPD Week - Technical Session - Understanding Docker

1 © 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential Herfiedhantya Bhagaskara TFE Team Dec 2019 IPD Week Introduction to Docker

Cisco Confidential Agenda Devnet Associate on Docker Introduction Container Basic Docker Commands Docker Images Docker Networking Docker Storage Docker Registry Docker in Production

Cisco Confidential Devnet Associate on Docker

Cisco Confidential Introduction to Container Multi apps in Bare metal/single host deployment downsides • Quickly gets messy • Relies on OPS team to validate changes. "Don't touch the server." • Can create conflicts between application dependencies. • Hard to isolate issues. • Hard to scale or migrate applications. • Inter-app communication hard to debug.

Cisco Confidential Introduction to Container

Cisco Confidential Introduction to Container Container “… containers are just a way of isolating running processes or code without using what we know as virtual machines (VMs) or full virtualisation. “ • Package applications and dependencies. • Guarantee portability and consistency of execution. • Keep an application isolated*. • Take advantage of the isolation* offered by a VM without the overhead. *Note: Not full isolation like VM

Cisco Confidential Introduction to Container VM Containers Utilization ****** *** Size GB MB Boot up !!!!! !

Cisco Confidential Introduction to Container What Containers ARE NOT • Microservices. • Virtual Machines • Magic In Real World (Production) It’s not VM OR Containers HARDWARE INFRASTRUCTURE HYPERVISOR Virtual Machine Virtual Machine

Cisco Confidential Introduction to Container • Docker is a container technology similar to Linux Containers (LXC) that… • Provides isolation for application processes from the host processes using Linux namespaces • Provides resource caps for the application using Linux cgroups • Provides industry preferred packaging model using docker images, docker index, and docker registry concepts • Provides the basis for application lifecycle management automation due to good integration with devops automation tools such as Puppet/Chef • A rich repository of certified docker base images are easily available in public as well as private docker registries to cover a variety of application use cases

Cisco Confidential Introduction to Container Installing Docker • Docker can be easily installed on a wide variety of platforms (Ubuntu, Windows, Mac OS X, RHEL, CentOS and many more). • Detailed instructions are here: https://docs.docker.com/engine/installation/

Cisco Confidential Basic Docker Commands run – Start a container docker run nginx pull – Download an image docker pull nginx

Cisco Confidential Basic Docker Commands ps – List containers docker ps docker ps -a

Cisco Confidential Basic Docker Commands ps – List containers docker ps docker stop cool_shannon stop – Stop a containers

Cisco Confidential Basic Docker Commands rm – Remove a containers docker rm cool_shannon docker ps -a

Cisco Confidential Basic Docker Commands images – List images docker images docker rmi nginx rmi – Remove images ! Delete all dependent containers to remove the image

Cisco Confidential Basic Docker Commands Please remember that Containers VM

Cisco Confidential Basic Docker Commands Run – attach and detach docker run hbhagask/simple-web-app docker run –d hbhagask/simple-web-app docker attach 43b3a

Cisco Confidential Basic Docker Commands Run – tag docker run redis docker run redis:4.0

Cisco Confidential Basic Docker Commands Run – interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping

Cisco Confidential Basic Docker Commands Run – Interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping

Cisco Confidential Basic Docker Commands Run – PORT mapping Docker Host Web APP Docker Container 5000 IP : 172.17.0.2 IP: 192.168.100.50 8080 Web APP Docker Container 5000 IP : 172.17.0.3 8081

Cisco Confidential Basic Docker Commands Run – Volume mapping docker inspect cool_shannon Inspect Container

Cisco Confidential Basic Docker Commands Container logs docker logs cool_shannon

Cisco Confidential Docker Images

Cisco Confidential Docker Images Dockerfile 1. Choose base Image (OS) 2. Create working directory 3. Select working directory 4. Install Python dependencies using pip 5. Copy source code to working dir 6. Run the web server using python command

Cisco Confidential Docker Images Dockerfile INSTRUCTION ARGUMENT FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"]

Cisco Confidential Docker Images Layered Architecture

Cisco Confidential Docker Networking Bridge host none docker run ubuntu docker run ubuntu --network=none docker run ubuntu --network=host

Cisco Confidential Docker Networking Bridge docker run ubuntu Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.17.0.0/16

Cisco Confidential Docker Networking none docker run ubuntu --network=none Docker Host Web APP Docker Container

Cisco Confidential Docker Networking host docker run ubuntu --network=host Docker Host Web APP Docker Container 5000 Web APP Docker Container 5000

Cisco Confidential Docker Networking docker create network \ --driver bridge \ --subnet 172.18.0.0/16 myNetwork Docker Host Web APP Docker Container Web APP Docker Container Bridge User-defined networks 172.18.0.0/16 Bridge 172.17.0.0/16 docker network ls

Cisco Confidential Docker Networking Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.18.0.0/16 Embedded DNS web1 web2 172.18.0.2 172.18.0.3 it is very important to explicitly specify a name with --name for your containers otherwise I’ve noticed that it would not work Both containers must be on the user- defined network, will not work in docker default network

Cisco Confidential Docker Storage Docker File system in Linux /var/lib/Docker

Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app2.py"] Dockerfile Dockerfile2

Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] Dockerfile Layer 1. Base pyhton 3 Layer Layer 2. Create work dir Layer 3. Select work dir Layer 4. Copy Source Code Layer 5. Changes in pip packages Layer 6. Copy Source Code Layer 7. Expose port 5000 Layer 8. Update CMD command Read Only docker run hbhagask/app1 Layer 9. Container Layer Read Write

Cisco Confidential Docker Storage Docker volumes /var/lib/Docker docker volume create app_data docker run -v app_data:/var/lib/mysql mysql docker run -v app_data2:/var/lib/mysql mysql Storage drivers - AUFS - ZFS - BTRFS - Device Mapper - Overlay - Overlay2

Cisco Confidential Docker Registry A Docker registry is a storage and distribution system for named Docker images..

Cisco Confidential Docker Registry

Cisco Confidential Docker Registry We can tag images that we create using username/image-name format hbhagasks/app11 Registry user name Image name

Cisco Confidential Docker in Production System

Cisco Confidential Whats Next ? Check out https://developer.cisco.com/ https://developer.cisco.com/learning/lab/docker-101/ https://docs.docker.com/

IPD Week - Technical Session - Understanding Do...

IPD Week - Technical Session - Understanding Docker

More Decks by page2me kitarotao

Other Decks in Technology

Featured

Transcript