developing, shipping, and running applications. Docker allows you to package an application with all of its dependencies into a standardized unit for software development.
and dependencies • Isolate apps from each other • Share the same OS kernel • Works for all major Linux distributions • Containers native to Windows Server 2016
Size of docker images are very small Containers have less startup time More efficiency without the OS overhead We can run more docker containers than VMs on a same box •Deploying and scaling is relatively easy
once, run anywhere o Consistent between environments Portable: Bundled dependencies Isolation: No application clashing Scriptable Efficiency: o Setup dev environments in seconds Testability o Images are snapshots o Automation o Integration o Packaing Continuous integration Ops Flexibility: Configure once, run anything Consistency: Identical environments o Test, staging, production, … Efficiency: o Better resources (disk, CPU, RAM) utilisation – compared to VMs- o Faster restarts and deployments Easy to scale
The content at rest Container The image when it's running. The standard unit for app service Engine The software that executes commands for containers. Networking and volumes are part of the Engine. Can be clustered together. Registry Stores, distributes and manages Docker images Control panel Management plane for container and cluster orchestration
host into the container at a specific location $ docker volume create world_volume world_volume $ docker run -d -v world_volume :/world busybox ls /world • Can be used to share (and persist) data between containers • Directory persists after the container is deleted • Unless you explicitly delete it • Can be created in a Dockerfile or via CLI
instantiation times for containers New container can take <1 Mb of space • Containers appears to be a copy of the original image • But, it is really just a link to the original shared image • If someone writes a change to the file system, a copy of the affected file/directory is “copied up”
•ENV — set environment variable •WORKDIR — set working directory •COPY – Copies files from host to image •VOLUME — create mount-point for a volume •CMD — set executable for container
container at a time • Manually connect containers together • Must be careful with dependencies and startup order With compose • Define multi container app in compose.yml file • Single command to deploy entire app • Handles container dependencies • Works with Docker Swarm, Networking, Volumes, Universal Control Plane
language • Client - Server (deamon) architecture • Union file systems (UnionFS: AUFS, btrfs, vfs etc) • Namespaces (pid, net, ipc, mnt, uts) • Control Groups (cgroups) • Container format (libcontainer)
•Own network interface •Can run stuff as root •Can have its own /sbin/init (different from host) <<machine container>> •Low level: chroot on steroids •Can also not have its own /sbin/init •Container = isolated processes •Share kernel with host <<application container>>
of Linux Containers Implement resource accounting and limiting Ensure each container gets its fair share of memory, CPU, disk I/O Cgroup ensures a single container cannot bring the system down by exhausting resources • Union file systems Layered file system so you can have a read only part and a write part, and merge those together Docker images made up with are layers
create isolated workspace for each process Namespaces are created every time you run a container • SELinux SELinux provides secure separation of containers by applying SELinux policy and label
santi
kenichirokimura
manarobot
maimyyym
ryysud
yuhta28
nakamuuu
doradora09
infiniteloop_inc
foursue
qsona
mitsuzono
emiki
chriscoyier
jlugia
aki_iinuma
jacobian
jonrohan
swwweet
tanoku
dotmariusz
ufuk
pedronauck
mza
lauravandoore
