IPD Week - Technical Session - Understanding Docker

IPD Week - Technical Session - Understanding Docker

IPD Week - Technical Session - Understanding Docker, Herfiedhantya Bhagaskara, Associate Technical Manager
Date and time: Wednesday, December 11, 2019 1:00 pm
Bangkok Time (Bangkok, GMT+07:00)
https://cisco.webex.com/cisco/lsr.php?RCID=554d5fba35be49ca95daebf26302b888

7a75a2cc883ed99599e1b3d4a2597f58?s=128

page2me kitarotao

December 11, 2019
Tweet

Transcript

  1. 1 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Herfiedhantya Bhagaskara TFE Team Dec 2019 IPD Week Introduction to Docker
  2. 2 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Agenda Devnet Associate on Docker Introduction Container Basic Docker Commands Docker Images Docker Networking Docker Storage Docker Registry Docker in Production
  3. 3 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Devnet Associate on Docker
  4. 4 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container Multi apps in Bare metal/single host deployment downsides • Quickly gets messy • Relies on OPS team to validate changes. "Don't touch the server." • Can create conflicts between application dependencies. • Hard to isolate issues. • Hard to scale or migrate applications. • Inter-app communication hard to debug.
  5. 5 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container
  6. 6 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container
  7. 7 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container Container “… containers are just a way of isolating running processes or code without using what we know as virtual machines (VMs) or full virtualisation. “ • Package applications and dependencies. • Guarantee portability and consistency of execution. • Keep an application isolated*. • Take advantage of the isolation* offered by a VM without the overhead. *Note: Not full isolation like VM
  8. 8 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container VM Containers Utilization ****** *** Size GB MB Boot up !!!!! !
  9. 9 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container What Containers ARE NOT • Microservices. • Virtual Machines • Magic In Real World (Production) It’s not VM OR Containers HARDWARE INFRASTRUCTURE HYPERVISOR Virtual Machine Virtual Machine
  10. 10 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container • Docker is a container technology similar to Linux Containers (LXC) that… • Provides isolation for application processes from the host processes using Linux namespaces • Provides resource caps for the application using Linux cgroups • Provides industry preferred packaging model using docker images, docker index, and docker registry concepts • Provides the basis for application lifecycle management automation due to good integration with devops automation tools such as Puppet/Chef • A rich repository of certified docker base images are easily available in public as well as private docker registries to cover a variety of application use cases
  11. 11 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Introduction to Container Installing Docker • Docker can be easily installed on a wide variety of platforms (Ubuntu, Windows, Mac OS X, RHEL, CentOS and many more). • Detailed instructions are here: https://docs.docker.com/engine/installation/
  12. 12 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands run – Start a container docker run nginx pull – Download an image docker pull nginx
  13. 13 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands ps – List containers docker ps docker ps -a
  14. 14 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands ps – List containers docker ps docker stop cool_shannon stop – Stop a containers
  15. 15 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands rm – Remove a containers docker rm cool_shannon docker ps -a
  16. 16 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands images – List images docker images docker rmi nginx rmi – Remove images ! Delete all dependent containers to remove the image
  17. 17 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Please remember that Containers VM
  18. 18 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – attach and detach docker run hbhagask/simple-web-app docker run –d hbhagask/simple-web-app docker attach 43b3a
  19. 19 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – tag docker run redis docker run redis:4.0
  20. 20 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping
  21. 21 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – Interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping
  22. 22 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – PORT mapping Docker Host Web APP Docker Container 5000 IP : 172.17.0.2 IP: 192.168.100.50 8080 Web APP Docker Container 5000 IP : 172.17.0.3 8081
  23. 23 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Run – Volume mapping docker inspect cool_shannon Inspect Container
  24. 24 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Basic Docker Commands Container logs docker logs cool_shannon
  25. 25 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Images
  26. 26 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Images Dockerfile 1. Choose base Image (OS) 2. Create working directory 3. Select working directory 4. Install Python dependencies using pip 5. Copy source code to working dir 6. Run the web server using python command
  27. 27 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Images Dockerfile INSTRUCTION ARGUMENT FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"]
  28. 28 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Images Layered Architecture
  29. 29 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Images Layered Architecture
  30. 30 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking Bridge host none docker run ubuntu docker run ubuntu --network=none docker run ubuntu --network=host
  31. 31 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking Bridge docker run ubuntu Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.17.0.0/16
  32. 32 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking none docker run ubuntu --network=none Docker Host Web APP Docker Container
  33. 33 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking host docker run ubuntu --network=host Docker Host Web APP Docker Container 5000 Web APP Docker Container 5000
  34. 34 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking docker create network \ --driver bridge \ --subnet 172.18.0.0/16 myNetwork Docker Host Web APP Docker Container Web APP Docker Container Bridge User-defined networks 172.18.0.0/16 Bridge 172.17.0.0/16 docker network ls
  35. 35 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Networking Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.18.0.0/16 Embedded DNS web1 web2 172.18.0.2 172.18.0.3 it is very important to explicitly specify a name with --name for your containers otherwise I’ve noticed that it would not work Both containers must be on the user- defined network, will not work in docker default network
  36. 36 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Storage Docker File system in Linux /var/lib/Docker
  37. 37 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app2.py"] Dockerfile Dockerfile2
  38. 38 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] Dockerfile Layer 1. Base pyhton 3 Layer Layer 2. Create work dir Layer 3. Select work dir Layer 4. Copy Source Code Layer 5. Changes in pip packages Layer 6. Copy Source Code Layer 7. Expose port 5000 Layer 8. Update CMD command Read Only docker run hbhagask/app1 Layer 9. Container Layer Read Write
  39. 39 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Storage Docker volumes /var/lib/Docker docker volume create app_data docker run -v app_data:/var/lib/mysql mysql docker run -v app_data2:/var/lib/mysql mysql Storage drivers - AUFS - ZFS - BTRFS - Device Mapper - Overlay - Overlay2
  40. 40 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Registry A Docker registry is a storage and distribution system for named Docker images..
  41. 41 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Registry
  42. 42 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker Registry We can tag images that we create using username/image-name format hbhagasks/app11 Registry user name Image name
  43. 43 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Docker in Production System
  44. 44 © 2016 Cisco and/or its affiliates. All rights reserved.

    Cisco Confidential Whats Next ? Check out https://developer.cisco.com/ https://developer.cisco.com/learning/lab/docker-101/ https://docs.docker.com/
  45. None