Slide 1

Slide 1 text

Docker: Contain All The Things

Slide 2

Slide 2 text

Proprietary and Confidential •Community Engineer at Engine Yard •Author of Zend PHP 5 Certification Study Guide, Sitepoints PHP Anthology: 101 Essential Tips, Tricks & Hacks & PHP Master: Write Cutting Edge Code •A contributor to Zend Framework 1 & 2, phpdoc, & PHP internals • Original creator of PHAR/PHP_Archive •@dshafik Davey Shafik

Slide 3

Slide 3 text

Let’s start a conversation about mental health in tech mhprompt.org

Slide 4

Slide 4 text

What is Docker?

Slide 5

Slide 5 text

Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on premise, public cloud, private cloud, bare metal, etc. “ ” Source: 451 Research (Emphasis Mine)

Slide 6

Slide 6 text

[Docker] automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating- system-level virtualization on Linux. “ ” Source: Wikipedia

Slide 7

Slide 7 text

• Docker is not the container technology • Docker is an abstraction and automation framework for deploying applications on Linux containers (LXC) • Provides process isolation (sandboxing) • Does not require a virtualized environment, runs on the host OS What is Docker?

Slide 8

Slide 8 text

What is Docker?

Slide 9

Slide 9 text

What is Docker? Server (Real or Virtual)

Slide 10

Slide 10 text

What is Docker? Host OS (Linux) Server (Real or Virtual)

Slide 11

Slide 11 text

What is Docker? Host OS (Linux) Server (Real or Virtual) Docker Daemon

Slide 12

Slide 12 text

Container What is Docker? Host OS (Linux) Server (Real or Virtual) Docker Daemon binaries/libs Container binaries/libs Container binaries/libs Container binaries/libs

Slide 13

Slide 13 text

• boot2docker • Lightweight Linux distro for running Docker in a VM • 27MB Docker on Mac OS X/Windows

Slide 14

Slide 14 text

Docker Images Like an Onion: It has Layers

Slide 15

Slide 15 text

UnionFS: Layered Images readonly {

Slide 16

Slide 16 text

• You can build an image from scratch: don’t • Extend from a base image – Ubuntu, Debian – CentOS, RHEL, Fedora – ArchLinux – OpenSUSE – Gentoo – CoreOS Extending Images

Slide 17

Slide 17 text

CoreOS

Slide 18

Slide 18 text

• Minimal Distro (based on Gentoo) • Automatic Updates (Atomic + Rollbacks) • Container Support • Cluster Management (fleet) • Service Discovery (etcd) • Everything is a service, accessed via an API CoreOS

Slide 19

Slide 19 text

• Manages Container • Systemd for the cluster • Schedules tasks automatically • Resolving conflicts • Automatically handles machine failure Fleet

Slide 20

Slide 20 text

• Key-Value Store • Handles service discovery • Configuration Storage • Guaranteed Consistency – Useful for implementing things like distributed locking etcd

Slide 21

Slide 21 text

• Flannel: Container Networking Layer • Rkt: CoreOS backed container format (alternative to Docker) • Locksmith: Reboot Manager, allows you to smartly reboot segments of a cluster and ensure zero interruptions • Many more… Other Tools

Slide 22

Slide 22 text

Building an Image

Slide 23

Slide 23 text

• Create a Dockerfile • Have Docker Hub build it for you by linking to a Github/Bitbucket repo • Build it locally • Build it on deploy with Deis Building an Image

Slide 24

Slide 24 text

Docker Hub

Slide 25

Slide 25 text

• Github for Docker Images – Sign up with Github (or with bespoke credentials) – Supports organizations – Private images (one free) – Automatic builds on push to Github/Bitbucket – Images: / Docker Hub

Slide 26

Slide 26 text

Proprietary and Confidential FROM ubuntu:wily MAINTAINER Davey Shafik RUN apt-get update -qq RUN apt-get install -q -y memcached CMD ["memcached", "-u", "daemon"] EXPOSE 11211 Dockerfile Example: memcached

Slide 27

Slide 27 text

• Must start with FROM (first non-comment), defines the base image • Creates images after each step as required • Caches and will re-use any step that it can • The container will continue running for as long as the CMD is running the foreground. Will only run the last CMD • With Deis, you may only EXPOSE one port Dockerfile Example: memcached

Slide 28

Slide 28 text

Demo

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

Build Context

Slide 32

Slide 32 text

• The entire CWD is available to the Dockerfile: This is the build Context • Use .dockerignore file to ignore files in the CWD. Users Go’s filepath.Match pattern matching • Use WORKDIR to change CWD • Use ADD to add additional files, directories, or remote files o ADD o # Required for paths with whitespace
 ADD ["src", “dest”] o Supports wildcards Context

Slide 33

Slide 33 text

Running Commands

Slide 34

Slide 34 text

• RUN: Run commands to build the final container image • CMD: The default process, or arguments the container is going to run when run – ENTRYPOINT: A default command to which default arguments from CMD, or those passed in via docker run, are passed. • Relative to the WORKDIR • Runs as root unless changed with USER Running Commands

Slide 35

Slide 35 text

• All three take two forms (at least): – exec form: [“executable”, “param1”, “param…”] – shell form: command param1 param… • CMD also takes just arguments to pass to the ENTRYPOINT: – [“param1”, “param…”] • exec and param form do not perform shell interpolation of params (e.g. $USER or `hostname`) Running Commands

Slide 36

Slide 36 text

Proprietary and Confidential RUN apt-get install -y memcached RUN [“apt-get”, “install”, “-y”, “memcached”] # This is NOT the same: 
 RUN [“apt-get”, “install -y memcached”] Running Commands: RUN

Slide 37

Slide 37 text

Proprietary and Confidential CMD memcached -u daemon CMD [“memcached”, “-u”, “daemon”] Running Commands: CMD

Slide 38

Slide 38 text

Proprietary and Confidential ENTRYPOINT memcached CMD [“-u”, “daemon”] ENTRYPOINT memcached $ docker run -u daemon $ docker exec -u daemon -p 11212 Running Commands: ENTRYPOINT

Slide 39

Slide 39 text

Deferred Commands

Slide 40

Slide 40 text

• Commands to run when using the image as the base for another image • Allows you to call any other Dockerfile instruction (some may not make sense however) • For example: the base ubuntu image could ensure that apt-get update is always run whenever you build upon that base image. – ONBUILD RUN apt-get update -qq Deferred Commands

Slide 41

Slide 41 text

Copying Files

Slide 42

Slide 42 text

• Similar to ADD but instead of adding files to the context, it copies it from the context into the resulting image • Two syntaxes: – COPY – COPY [“src”, “dest”] • Supports wildcards • Relative to the WORKDIR Copying Files

Slide 43

Slide 43 text

Sharing Files

Slide 44

Slide 44 text

• Volumes create a mount point within the container • Volumes are shared with the host, or other containers • Set at runtime • Files created within the VOLUME path prior to running are copied over to the mounted share at runtime Sharing Files

Slide 45

Slide 45 text

Meta-data

Slide 46

Slide 46 text

• Associate meta-data using LABEL • Each LABEL creates a new image! •LABEL version=“1.0” •Read meta-data using docker inspect Meta-data

Slide 47

Slide 47 text

Running a Container

Slide 48

Slide 48 text

Demo

Slide 49

Slide 49 text

• docker run -d -p 11211:11211 dshafik/memcached o -d: daemonizes the container o -p: bind container and host port o : the image to launch • docker ps: shows currently running containers • telnet 11211: telnet to the mecached daemon • docker stop : stop the container Demo

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

Ports

Slide 52

Slide 52 text

• EXPOSE: In the Dockerfile • --expose with docker run (useful for with custom run commands) • Bind to host: o -p: bind host port to container port: -p : o -P: bind all exposed ports to a random ports on the host – Find ports: docker port Ports

Slide 53

Slide 53 text

Linking Containers

Slide 54

Slide 54 text

• Intra-Container Communication (TCP and/or UDP) • Linked by container name • Sets ENVironment variables and • Updates /etc/hosts file • Doesn’t require ports be exposed to the outside (e.g. using -p or -P) Linking Containers

Slide 55

Slide 55 text

Proprietary and Confidential $ docker run -d -P --name $ docker run -d -P --link : Linking Containers

Slide 56

Slide 56 text

• Exposes all ENV vars from source container • Creates ENV vars: - _PORT___ADDR = - _PORT___PORT= - _PORT___PROTO= - _PORT= - _ENV_ = • Add to hosts file: ping : Linking Containers

Slide 57

Slide 57 text

Sharing Images

Slide 58

Slide 58 text

• Using docker hub – docker push – docker pull • Without docker hub – docker save -o .tar – docker load -i .tar Sharing Images

Slide 59

Slide 59 text

Let’s build some stuff!