Introduction to containers and Docker

Transcript

1. Introduction to containers and Docker By Santiago Lizardo

2. 2 2 whoami Santiago Lizardo • Manager • Software engineer

   at heart • +4 years at SolarWinds  We want YOU! https://solarwinds.jobs/gbr/jobs/ • Some years playing with Docker...

3. Introduction to containers and Docker Agenda • History • Using

   Docker containers  Demo: Hello world, Ubuntu, MySQL, Apache • Building Docker images  Demo: Creation of “solarwinds/webapp” image containining Apache + PHP + MySQL connector • Multi-container apps with Docker  Demo: MySQL + “solarwinds/webapp” Bonus content • Docker under the hood

4. History 4

5. 5 5 In the beginning there was only darkness…

6. 6 In the beginning there was only darkness…

7. 7 In the beginning there was only darkness…

8. 8 8

9. 9 9

10. 10 10

11. 11 11

12. 12 12

13. 13 13 PHP 5.6 PHP 7.2

14. 14 14 PHP 5.6 PHP 7.2

15. 15 System diversity matrix

16. 16 Transportation metaphor matrix

17. 17 Invention of the shipping container

18. 18 Transportation metaphor applied to software distribution

19. 19 Docker history

20. 20 Docker alternatives

21. Docker popularity stats Since it started in March 2013...

22. 22 Docker and Kubernetes trends https://trends.google.com/trends/explore?date=today%205-y&q=docker,kubernetes,xen,virtualbox,vmware

23. 23 Docker elevator pitch Docker is an open platform for

    developing, shipping, and running applications. Docker allows you to package an application with all of its dependencies into a standardized unit for software development.

24. Docker containers 24

25. 25

26. 26 What is a container? • Standardized packaging for software

    and dependencies • Isolate apps from each other • Share the same OS kernel • Works for all major Linux distributions • Containers native to Windows Server 2016

27. 27 Docker vs virtualization • Lighter than virtual machines 

    Size of docker images are very small  Containers have less startup time  More efficiency without the OS overhead We can run more docker containers than VMs on a same box •Deploying and scaling is relatively easy

28. 28 What is a container?

29. 29 Worries

30. 30 Key benefits of Docker containers Devs  Predictability: Build

    once, run anywhere o Consistent between environments  Portable: Bundled dependencies  Isolation: No application clashing  Scriptable  Efficiency: o Setup dev environments in seconds  Testability o Images are snapshots o Automation o Integration o Packaing  Continuous integration Ops  Flexibility: Configure once, run anything  Consistency: Identical environments o Test, staging, production, …  Efficiency: o Better resources (disk, CPU, RAM) utilisation – compared to VMs- o Faster restarts and deployments  Easy to scale

31. 31 Basic terminology Image The basis of a Docker container.

    The content at rest Container The image when it's running. The standard unit for app service Engine The software that executes commands for containers. Networking and volumes are part of the Engine. Can be clustered together. Registry Stores, distributes and manages Docker images Control panel Management plane for container and cluster orchestration

32. 32 Docker volumes

33. 33 Docker volumes • Volumes mount a directory on the

    host into the container at a specific location $ docker volume create world_volume world_volume $ docker run -d -v world_volume :/world busybox ls /world • Can be used to share (and persist) data between containers • Directory persists after the container is deleted • Unless you explicitly delete it • Can be created in a Dockerfile or via CLI

34. 34 34 Basic information Version Info Stats Help (help run)

    Running Run • Interactive mode • Detached • Port mapping • Volume mapping Inspecting Logs Port Inspect (--format <string>) Top <instance> container ls Image ls (-all) Stopping stop (SIGTERM + SIGKILL) <instance> kill (SIGKILL) <instance> container rm <instance>

35. Docker images 35

36. 36 Base images and commits • Connect to the box

    • Make changes • Commit docker pull nginx docker run --name nginx-template-base -p 8080:80 -e TERM=xterm -d nginx docker exec -it CONTAINER_ID bash $ apt-get install nano $ exit docker commit CONTAINER_ID nginx-template - Better use Dockerfile

37. 37 Dockerfile • Instructions on how to build a Docker

    image • Similar to native commands • It can be version controlled

38. 38 Dockerfile (windows)

39. 39 Docker layers

40. 40 Docker layers

41. 41 Copy on Write • Super efficient:  Sub second

    instantiation times for containers  New container can take <1 Mb of space • Containers appears to be a copy of the original image • But, it is really just a link to the original shared image • If someone writes a change to the file system, a copy of the affected file/directory is “copied up”

42. 42 Dockerfile commands •FROM — set base image •RUN — execute command in container

    •ENV — set environment variable •WORKDIR — set working directory •COPY – Copies files from host to image •VOLUME — create mount-point for a volume •CMD — set executable for container

43. 43 43 Registries Pull Push Building Build –t <name> .

    Tagging Tag sourcetag targettag Removing image rm <image>

44. Demo:

45. Multi-container apps with Docker 45

46. 46 Multi-container apps Without compose • Build and run one

    container at a time • Manually connect containers together • Must be careful with dependencies and startup order With compose • Define multi container app in compose.yml file • Single command to deploy entire app • Handles container dependencies • Works with Docker Swarm, Networking, Volumes, Universal Control Plane

47. 47 Multi-container apps

48. Docker under the hood 48

49. 49 49 Technology behind Docker • Linux x86-64 • Go

    language • Client - Server (deamon) architecture • Union file systems (UnionFS: AUFS, btrfs, vfs etc) • Namespaces (pid, net, ipc, mnt, uts) • Control Groups (cgroups) • Container format (libcontainer)

50. 50 50 •High level: a lightweight VM •Own process space

    •Own network interface •Can run stuff as root •Can have its own /sbin/init (different from host) <<machine container>> •Low level: chroot on steroids •Can also not have its own /sbin/init •Container = isolated processes •Share kernel with host <<application container>>

51. 51 Technology behind Docker • Control groups  Key component

    of Linux Containers  Implement resource accounting and limiting  Ensure each container gets its fair share of memory, CPU, disk I/O  Cgroup ensures a single container cannot bring the system down by exhausting resources • Union file systems  Layered file system so you can have a read only part and a write part, and merge those together  Docker images made up with are layers

52. 52 Technology behind Docker • Namespaces  It helps to

    create isolated workspace for each process  Namespaces are created every time you run a container • SELinux  SELinux provides secure separation of containers by applying SELinux policy and label

53. Q&A