Docker/Containers - What, Why & How

Docker/Containers - What, Why & How

A fast paced Docker introduction covering topics including windows containers and VS Code remote containers

3afba4357cdeb0055d2d6cc5e2216d8b?s=128

Shahid Iqbal

October 18, 2019
Tweet

Transcript

  1. @shahiddev Docker/Containers What, Why & How Shahid Iqbal @shahiddev https://linkedin.shahid.dev

  2. @shahiddev Who am I? Freelance Azure/.NET/Kubernetes hands-on consultant Run Docker

    & Kubernetes workshops Developer/Architect for 10+ years & Microsoft Azure MVP UK based but work globally Co-organise a .NET meetup in the UK @shahiddev on Twitter https://linkedin.shahid.dev https://blog.headforcloud.com
  3. @shahiddev Agenda Container background Benefits How to’s Windows containers Orchestration

  4. @shahiddev Assumptions You are very new to Docker or You

    have some basic knowledge but want to fill in the gaps This is an introductory talk ☺ It will be fast paced – you should be equipped to go away and dive deeper.
  5. @shahiddev Containers aren’t really new Namespaces Virtualize system resources, like

    the file system or networking for each process Cgroups Limit the resources, such as CPU and memory, that each process can use Build on Linux constructs (Cgroups and Namespaces) to create processes in isolation
  6. @shahiddev Docker was born Docker took the primitives and packaged

    them into a product This helped lead to the widespread adoption of containers
  7. @shahiddev But what are containers… Think of them like lightweight

    VMs* Package an application along with all of its dependencies into a self contained image Generally smaller than VM images Fast to start (seconds) vs VM boot time Shared OS kernel may reduce licensing costs Your CI system would output containers rather than deployment binaries/packages *They’re not really and don’t have necessarily have the same isolation guarantees
  8. @shahiddev Docker vs VMs

  9. @shahiddev Why containers? Isolation – each container encapsulates it’s own

    dependencies Lightweight – share the same kernel so don’t virtualise the whole stack Can run many containers on a single machine Fast to start Portable – can run them anywhere that has the runtime Simplifies provisioning of servers – no need to install many dependencies No more “works on my machine”
  10. @shahiddev Developer workflow benefits Can run multiple versions of frameworks

    without conflicts Less setup required for new dev machines - quicker to onboard developer Front-end folks can run the backend locally if required Back-end folks don’t need to install NPM see VS Code demo later ;)
  11. @shahiddev Docker vs other container technologies Rkt* Katacontainers LXC/LXD *Archived

    by the CNCF in August 2019
  12. @shahiddev Open Container Initiative (OCI) Collaboration between Docker, CoreOs* and

    other companies to create an open standard for container image and container runtimes. This allows for different container formats/implementations to co-exist and work together *Acquired by RedHat who were themselves acquired by IBM
  13. @shahiddev Container vs Image Image is a blueprint/template comprised of

    an OS + app layers Container is a running instance of the image You can create multiple containers from the same image (i.e. multiple instances of an application)
  14. @shahiddev Images are layered Allows for images to be built

    on top of existing images Layers can be cached to reduce disk space and bandwidth consumption Layers are read-only in an image When you create a container from an image you get a r/w layer on top of the r/o layers
  15. @shahiddev Image layers

  16. @shahiddev State within a container Can write to the “local”

    filesystem Changes will be lost when the container is removed If you need to write to local file system - use Volumes
  17. @shahiddev Volumes Volumes allow for container state to exist beyond

    the lifetime of a container State can be shared between multiple containers Volumes can be mounted as read/write, readonly or temporary Can load folder from local machine into container so you can share state between local machine and a container
  18. @shahiddev Container based application workflow Container Host Developer machine

  19. @shahiddev Building images

  20. @shahiddev Getting started Use Docker desktop on Windows or Mac

    Installs the Docker engine and CLI Free community edition https://www.docker.com/products/docker-desktop
  21. @shahiddev Docker file basics Text file describes steps to build

    container Typically each line of file creates a new layer By convention called dockerfile (with no extension) in root of project Order of statements is important
  22. @shahiddev FROM mcr.microsoft.com/dotnet/core/sdk:3.0 AS build-env WORKDIR /app # Copy csproj

    and restore as distinct layers COPY *.csproj ./ RUN dotnet restore # Copy everything else and build COPY . ./ RUN dotnet publish -c Release -o out # Build runtime image FROM mcr.microsoft.com/dotnet/core/runtime:3.0 WORKDIR /app COPY --from=build-env /app/out . ENTRYPOINT ["dotnet", "hello-docker.dll"]
  23. @shahiddev Building docker images Docker build –t <tag> <docker file>

    E.g. Docker build –t k8s:1.0 .
  24. @shahiddev Tags Tags are a combination of the name of

    the image + version <image name>:<version> E.g. mcr.microsoft.com/dotnet/core/runtime:3.0 Can create/use images without the :<version> portion, this the “latest” tag
  25. @shahiddev Tags Avoid running “latest” tag in any production scenario

    Tag names need to factor in code changes + changes in underlying base images Build-id is good tag candidate - Allows for tracking back to specific CI build
  26. @shahiddev Running docker images Docker run <imagename> Many parameters to

    change behaviour --name Allows you to specify a name for the container -d Detached/Daemon mode -p<port>:<port> Maps local port to container port …
  27. @shahiddev Pushing images to a registry Docker push <imagename> Ensure

    you’re logged in to correct registry Ensure you’re image is tagged <registry>*/<repository name>/<image>:<version> E.g. Docker tag k8s:1.0 shahiddev/k8s:1.0 Docker push shahiddev/k8s:1.0 *If you’re pushing to DockerHub you don’t need the registry portion
  28. @shahiddev Container registries Repository for hosting your container images Private

    or public repositories Most support building container images DockerHub – default registry used by tooling Container registries from cloud providers – Azure Container Registry
  29. @shahiddev DEMO Container basics

  30. @shahiddev Windows containers Use familiar Docker tooling and commands to

    create and run containers Windows containers can only run on Windows “Docker-rise” full .NET framework applications License savings by running multiple Windows containers on a single server Image sizes can be substantially larger than Linux containers
  31. @shahiddev Windows containers

  32. @shahiddev Windows containers OS options Physical Machine/VM Windows Server 2016+

    Windows 10 Pro/Enterprise* Host OS Windows Server Core Nano Server Windows Server Core Nano Server Guest OS *dev purposes only
  33. @shahiddev Windows server guest OS decisions Nano Server -> New

    applications/services o Smaller image o 64bit only o No full .NET framework Windows Server Core -> Existing/legacy applications o Full .NET framework o Webforms/COM interop etc
  34. @shahiddev Hyper-v containers Reminder – containers don’t give the same

    level of isolation as VMs Regulatory requirements may mandate hypervisor level isolation Running other peoples code – want an extra level of protection Windows containers can run in 2 modes
  35. @shahiddev Hyper-v containers

  36. @shahiddev Hyper-v containers Same container image Add "- -isolation=hyperv" flag

    to the Docker run command
  37. @shahiddev Hyper-v container downsides Containers running with hyper-v isolation incur

    an additional Windows license Container start up times are slower (by a few seconds) Container overhead is higher Still much faster and less resource intensive than full VMs
  38. @shahiddev VS Code Remote - Containers Development “inside” a container

    Don’t need to have tools/sdks installed on local machine Can work with a remote Docker host *Windows containers not currently supported 
  39. @shahiddev VS Code Remote - Containers

  40. @shahiddev Running containers in the cloud Spin up VM and

    run containers on VM Use PaaS service to run container – Azure App Service for containers, ECS Serverless container platform – Azure Container Instances, AWS Fargate Orchestration platform – Docker Swarm, Kubernetes
  41. @shahiddev Serverless container platform Azure Container Instances No need to

    provision servers first Pay per second for running containers Recent price cuts – cost is similar to small VMs/PaaS sku
  42. @shahiddev DEMO VS Code remote containers Containers in the cloud

    Windows containers
  43. @shahiddev Orchestration Running multiple containers

  44. @shahiddev How to manage multiple containers Single server Cluster of

    servers
  45. @shahiddev Docker Compose Declarative YAML file to describe containers you

    want to run Containers are spun up and removed as a single unit Volumes and networks are composed with containers to provide architecture Great for some developer workflows to co-ordinate creation of containers for testing/developing
  46. @shahiddev Docker Swarm Docker’s answer to managing containers across a

    number of servers Easy to get started with but largely overtaken by Kubernetes
  47. @shahiddev Kubernetes Open source container orchestrator Helps you run container

    based applications across multiple servers Provides many features you’d expect in a application platform Autoscaling Resilient applications Rolling deployments
  48. @shahiddev DEMO Orchestration - Kubernetes

  49. @shahiddev Summary Containers can dramatically simplify your deployment workflow. Managing

    legacy applications by using containers can provide a consistent approach for old and new applications Windows containers may give cost savings by reducing the number of Windows Server licenses required to run many smaller apps. May not need to go to full fledged orchestration (Kubernetes) – there is a significant organisational cost, training, knowledge to run Kubernetes. Security is an important factor – please don’t ignore
  50. @shahiddev Useful resources http://www.katacoda.com https://bit.ly/k8s-ndc

  51. @shahiddev Thank you! Shahid Iqbal @shahiddev on Twitter https://linkedin.shahid.dev https://blog.headforcloud.com

    Slides: https://bit.ly/shahiddev-docker