Introduction to containers and Docker By Santiago Lizardo 

2 2 whoami Santiago Lizardo • Manager • Software engineer at heart • +4 years at SolarWinds  We want YOU! https://solarwinds.jobs/gbr/jobs/ • Some years playing with Docker... 

Introduction to containers and Docker Agenda • History • Using Docker containers  Demo: Hello world, Ubuntu, MySQL, Apache • Building Docker images  Demo: Creation of “solarwinds/webapp” image containining Apache + PHP + MySQL connector • Multi-container apps with Docker  Demo: MySQL + “solarwinds/webapp” Bonus content • Docker under the hood 

History 4 

5 5 In the beginning there was only darkness… 

6 In the beginning there was only darkness… 

7 In the beginning there was only darkness… 

8 8 

9 9 

10 10 

11 11 

12 12 

13 13 PHP 5.6 PHP 7.2 

14 14 PHP 5.6 PHP 7.2 

15 System diversity matrix 

16 Transportation metaphor matrix 

17 Invention of the shipping container 

18 Transportation metaphor applied to software distribution 

19 Docker history 

20 Docker alternatives 

Docker popularity stats Since it started in March 2013... 

22 Docker and Kubernetes trends https://trends.google.com/trends/explore?date=today%205-y&q=docker,kubernetes,xen,virtualbox,vmware 

23 Docker elevator pitch Docker is an open platform for developing, shipping, and running applications. Docker allows you to package an application with all of its dependencies into a standardized unit for software development. 

Docker containers 24 

25 

26 What is a container? • Standardized packaging for software and dependencies • Isolate apps from each other • Share the same OS kernel • Works for all major Linux distributions • Containers native to Windows Server 2016 

27 Docker vs virtualization • Lighter than virtual machines  Size of docker images are very small  Containers have less startup time  More efficiency without the OS overhead We can run more docker containers than VMs on a same box •Deploying and scaling is relatively easy 

28 What is a container? 

29 Worries 

30 Key benefits of Docker containers Devs  Predictability: Build once, run anywhere o Consistent between environments  Portable: Bundled dependencies  Isolation: No application clashing  Scriptable  Efficiency: o Setup dev environments in seconds  Testability o Images are snapshots o Automation o Integration o Packaing  Continuous integration Ops  Flexibility: Configure once, run anything  Consistency: Identical environments o Test, staging, production, …  Efficiency: o Better resources (disk, CPU, RAM) utilisation – compared to VMs- o Faster restarts and deployments  Easy to scale 

31 Basic terminology Image The basis of a Docker container. The content at rest Container The image when it's running. The standard unit for app service Engine The software that executes commands for containers. Networking and volumes are part of the Engine. Can be clustered together. Registry Stores, distributes and manages Docker images Control panel Management plane for container and cluster orchestration 

32 Docker volumes 

33 Docker volumes • Volumes mount a directory on the host into the container at a specific location $ docker volume create world_volume world_volume $ docker run -d -v world_volume :/world busybox ls /world • Can be used to share (and persist) data between containers • Directory persists after the container is deleted • Unless you explicitly delete it • Can be created in a Dockerfile or via CLI 

34 34 Basic information Version Info Stats Help (help run) Running Run • Interactive mode • Detached • Port mapping • Volume mapping Inspecting Logs Port Inspect (--format ) Top container ls Image ls (-all) Stopping stop (SIGTERM + SIGKILL) kill (SIGKILL) container rm 

Docker images 35 

36 Base images and commits • Connect to the box • Make changes • Commit docker pull nginx docker run --name nginx-template-base -p 8080:80 -e TERM=xterm -d nginx docker exec -it CONTAINER_ID bash $ apt-get install nano $ exit docker commit CONTAINER_ID nginx-template - Better use Dockerfile 

37 Dockerfile • Instructions on how to build a Docker image • Similar to native commands • It can be version controlled 

38 Dockerfile (windows) 

39 Docker layers 

40 Docker layers 

41 Copy on Write • Super efficient:  Sub second instantiation times for containers  New container can take <1 Mb of space • Containers appears to be a copy of the original image • But, it is really just a link to the original shared image • If someone writes a change to the file system, a copy of the affected file/directory is “copied up” 

42 Dockerfile commands •FROM — set base image •RUN — execute command in container •ENV — set environment variable •WORKDIR — set working directory •COPY – Copies files from host to image •VOLUME — create mount-point for a volume •CMD — set executable for container 

43 43 Registries Pull Push Building Build –t . Tagging Tag sourcetag targettag Removing image rm 

Demo: 

Multi-container apps with Docker 45 

46 Multi-container apps Without compose • Build and run one container at a time • Manually connect containers together • Must be careful with dependencies and startup order With compose • Define multi container app in compose.yml file • Single command to deploy entire app • Handles container dependencies • Works with Docker Swarm, Networking, Volumes, Universal Control Plane 

47 Multi-container apps 

Docker under the hood 48 

49 49 Technology behind Docker • Linux x86-64 • Go language • Client - Server (deamon) architecture • Union file systems (UnionFS: AUFS, btrfs, vfs etc) • Namespaces (pid, net, ipc, mnt, uts) • Control Groups (cgroups) • Container format (libcontainer) 

50 50 •High level: a lightweight VM •Own process space •Own network interface •Can run stuff as root •Can have its own /sbin/init (different from host) <> •Low level: chroot on steroids •Can also not have its own /sbin/init •Container = isolated processes •Share kernel with host <> 

51 Technology behind Docker • Control groups  Key component of Linux Containers  Implement resource accounting and limiting  Ensure each container gets its fair share of memory, CPU, disk I/O  Cgroup ensures a single container cannot bring the system down by exhausting resources • Union file systems  Layered file system so you can have a read only part and a write part, and merge those together  Docker images made up with are layers 

52 Technology behind Docker • Namespaces  It helps to create isolated workspace for each process  Namespaces are created every time you run a container • SELinux  SELinux provides secure separation of containers by applying SELinux policy and label 

Q&A