1 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Herfiedhantya Bhagaskara TFE Team Dec 2019 IPD Week Introduction to Docker 

2 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Agenda Devnet Associate on Docker Introduction Container Basic Docker Commands Docker Images Docker Networking Docker Storage Docker Registry Docker in Production 

3 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Devnet Associate on Docker 

4 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container Multi apps in Bare metal/single host deployment downsides • Quickly gets messy • Relies on OPS team to validate changes. "Don't touch the server." • Can create conflicts between application dependencies. • Hard to isolate issues. • Hard to scale or migrate applications. • Inter-app communication hard to debug. 

5 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container 

6 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container 

7 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container Container “… containers are just a way of isolating running processes or code without using what we know as virtual machines (VMs) or full virtualisation. “ • Package applications and dependencies. • Guarantee portability and consistency of execution. • Keep an application isolated*. • Take advantage of the isolation* offered by a VM without the overhead. *Note: Not full isolation like VM 

8 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container VM Containers Utilization ****** *** Size GB MB Boot up !!!!! ! 

9 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container What Containers ARE NOT • Microservices. • Virtual Machines • Magic In Real World (Production) It’s not VM OR Containers HARDWARE INFRASTRUCTURE HYPERVISOR Virtual Machine Virtual Machine 

10 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container • Docker is a container technology similar to Linux Containers (LXC) that… • Provides isolation for application processes from the host processes using Linux namespaces • Provides resource caps for the application using Linux cgroups • Provides industry preferred packaging model using docker images, docker index, and docker registry concepts • Provides the basis for application lifecycle management automation due to good integration with devops automation tools such as Puppet/Chef • A rich repository of certified docker base images are easily available in public as well as private docker registries to cover a variety of application use cases 

11 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Introduction to Container Installing Docker • Docker can be easily installed on a wide variety of platforms (Ubuntu, Windows, Mac OS X, RHEL, CentOS and many more). • Detailed instructions are here: https://docs.docker.com/engine/installation/ 

12 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands run – Start a container docker run nginx pull – Download an image docker pull nginx 

13 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands ps – List containers docker ps docker ps -a 

14 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands ps – List containers docker ps docker stop cool_shannon stop – Stop a containers 

15 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands rm – Remove a containers docker rm cool_shannon docker ps -a 

16 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands images – List images docker images docker rmi nginx rmi – Remove images ! Delete all dependent containers to remove the image 

17 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Please remember that Containers VM 

18 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – attach and detach docker run hbhagask/simple-web-app docker run –d hbhagask/simple-web-app docker attach 43b3a 

19 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – tag docker run redis docker run redis:4.0 

20 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping 

21 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – Interactive mode docker run -it ubuntu bash docker run -p 8080:5000 hbhagask/simple-web-app Run – PORT mapping 

22 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – PORT mapping Docker Host Web APP Docker Container 5000 IP : 172.17.0.2 IP: 192.168.100.50 8080 Web APP Docker Container 5000 IP : 172.17.0.3 8081 

23 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Run – Volume mapping docker inspect cool_shannon Inspect Container 

24 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Basic Docker Commands Container logs docker logs cool_shannon 

25 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Images 

26 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Images Dockerfile 1. Choose base Image (OS) 2. Create working directory 3. Select working directory 4. Install Python dependencies using pip 5. Copy source code to working dir 6. Run the web server using python command 

27 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Images Dockerfile INSTRUCTION ARGUMENT FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] 

28 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Images Layered Architecture 

29 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Images Layered Architecture 

30 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking Bridge host none docker run ubuntu docker run ubuntu --network=none docker run ubuntu --network=host 

31 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking Bridge docker run ubuntu Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.17.0.0/16 

32 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking none docker run ubuntu --network=none Docker Host Web APP Docker Container 

33 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking host docker run ubuntu --network=host Docker Host Web APP Docker Container 5000 Web APP Docker Container 5000 

34 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking docker create network \ --driver bridge \ --subnet 172.18.0.0/16 myNetwork Docker Host Web APP Docker Container Web APP Docker Container Bridge User-defined networks 172.18.0.0/16 Bridge 172.17.0.0/16 docker network ls 

35 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Networking Docker Host Web APP Docker Container Web APP Docker Container Bridge 172.18.0.0/16 Embedded DNS web1 web2 172.18.0.2 172.18.0.3 it is very important to explicitly specify a name with --name for your containers otherwise I’ve noticed that it would not work Both containers must be on the user- defined network, will not work in docker default network 

36 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Storage Docker File system in Linux /var/lib/Docker 

37 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app2.py"] Dockerfile Dockerfile2 

38 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Storage FROM python:3 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY requirements.txt /usr/src/app/ RUN pip install --no-cache-dir -r requirements.txt COPY . /usr/src/app EXPOSE 5000 CMD ["python", "./app.py"] Dockerfile Layer 1. Base pyhton 3 Layer Layer 2. Create work dir Layer 3. Select work dir Layer 4. Copy Source Code Layer 5. Changes in pip packages Layer 6. Copy Source Code Layer 7. Expose port 5000 Layer 8. Update CMD command Read Only docker run hbhagask/app1 Layer 9. Container Layer Read Write 

39 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Storage Docker volumes /var/lib/Docker docker volume create app_data docker run -v app_data:/var/lib/mysql mysql docker run -v app_data2:/var/lib/mysql mysql Storage drivers - AUFS - ZFS - BTRFS - Device Mapper - Overlay - Overlay2 

40 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Registry A Docker registry is a storage and distribution system for named Docker images.. 

41 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Registry 

42 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker Registry We can tag images that we create using username/image-name format hbhagasks/app11 Registry user name Image name 

43 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Docker in Production System 

44 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Whats Next ? Check out https://developer.cisco.com/ https://developer.cisco.com/learning/lab/docker-101/ https://docs.docker.com/ 

No content