Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker/Containers - What, Why & How

Docker/Containers - What, Why & How

A fast paced Docker introduction covering topics including windows containers and VS Code remote containers

Shahid Iqbal

October 18, 2019
Tweet

More Decks by Shahid Iqbal

Other Decks in Technology

Transcript

  1. @shahiddev
    Docker/Containers
    What, Why & How
    Shahid Iqbal
    @shahiddev
    https://linkedin.shahid.dev

    View full-size slide

  2. @shahiddev
    Who am I?
    Freelance Azure/.NET/Kubernetes hands-on consultant
    Run Docker & Kubernetes workshops
    Developer/Architect for 10+ years & Microsoft Azure MVP
    UK based but work globally
    Co-organise a .NET meetup in the UK
    @shahiddev on Twitter
    https://linkedin.shahid.dev
    https://blog.headforcloud.com

    View full-size slide

  3. @shahiddev
    Agenda
    Container background
    Benefits
    How to’s
    Windows containers
    Orchestration

    View full-size slide

  4. @shahiddev
    Assumptions
    You are very new to Docker
    or
    You have some basic knowledge but want to fill in the gaps
    This is an introductory talk ☺
    It will be fast paced – you should be equipped to go away and dive deeper.

    View full-size slide

  5. @shahiddev
    Containers aren’t really new
    Namespaces
    Virtualize system
    resources, like the
    file system or
    networking for each
    process
    Cgroups
    Limit the resources,
    such as CPU and
    memory, that each
    process can use
    Build on Linux constructs (Cgroups and Namespaces) to create processes in isolation

    View full-size slide

  6. @shahiddev
    Docker was born
    Docker took the primitives and packaged them into a
    product
    This helped lead to the widespread adoption of
    containers

    View full-size slide

  7. @shahiddev
    But what are containers…
    Think of them like lightweight VMs*
    Package an application along with all of its dependencies into a self contained image
    Generally smaller than VM images
    Fast to start (seconds) vs VM boot time
    Shared OS kernel may reduce licensing costs
    Your CI system would output containers rather than deployment binaries/packages
    *They’re not really and don’t have necessarily have the same isolation guarantees

    View full-size slide

  8. @shahiddev
    Docker vs VMs

    View full-size slide

  9. @shahiddev
    Why containers?
    Isolation – each container encapsulates it’s own dependencies
    Lightweight – share the same kernel so don’t virtualise the whole stack
    Can run many containers on a single machine
    Fast to start
    Portable – can run them anywhere that has the runtime
    Simplifies provisioning of servers – no need to install many dependencies
    No more “works on my machine”

    View full-size slide

  10. @shahiddev
    Developer workflow benefits
    Can run multiple versions of frameworks without conflicts
    Less setup required for new dev machines - quicker to onboard developer
    Front-end folks can run the backend locally if required
    Back-end folks don’t need to install NPM
    see VS Code demo later ;)

    View full-size slide

  11. @shahiddev
    Docker vs other container technologies
    Rkt*
    Katacontainers
    LXC/LXD
    *Archived by the CNCF in August 2019

    View full-size slide

  12. @shahiddev
    Open Container Initiative (OCI)
    Collaboration between Docker, CoreOs* and other companies to create an open
    standard for container image and container runtimes.
    This allows for different container formats/implementations to co-exist and work
    together
    *Acquired by RedHat who were themselves acquired by IBM

    View full-size slide

  13. @shahiddev
    Container vs Image
    Image is a blueprint/template comprised of an OS + app layers
    Container is a running instance of the image
    You can create multiple containers from the same image (i.e. multiple instances of an
    application)

    View full-size slide

  14. @shahiddev
    Images are layered
    Allows for images to be built on top of existing images
    Layers can be cached to reduce disk space and bandwidth consumption
    Layers are read-only in an image
    When you create a container from an image you get a r/w layer on top of the r/o
    layers

    View full-size slide

  15. @shahiddev
    Image layers

    View full-size slide

  16. @shahiddev
    State within a container
    Can write to the “local” filesystem
    Changes will be lost when the container is removed
    If you need to write to local file system - use Volumes

    View full-size slide

  17. @shahiddev
    Volumes
    Volumes allow for container state to exist beyond the lifetime of a container
    State can be shared between multiple containers
    Volumes can be mounted as read/write, readonly or temporary
    Can load folder from local machine into container so you can share state between
    local machine and a container

    View full-size slide

  18. @shahiddev
    Container based application workflow
    Container Host
    Developer
    machine

    View full-size slide

  19. @shahiddev
    Building images

    View full-size slide

  20. @shahiddev
    Getting started
    Use Docker desktop on Windows or Mac
    Installs the Docker engine and CLI
    Free community edition
    https://www.docker.com/products/docker-desktop

    View full-size slide

  21. @shahiddev
    Docker file basics
    Text file describes steps to build container
    Typically each line of file creates a new layer
    By convention called dockerfile (with no extension) in root of project
    Order of statements is important

    View full-size slide

  22. @shahiddev
    FROM mcr.microsoft.com/dotnet/core/sdk:3.0 AS build-env
    WORKDIR /app
    # Copy csproj and restore as distinct layers
    COPY *.csproj ./
    RUN dotnet restore
    # Copy everything else and build
    COPY . ./
    RUN dotnet publish -c Release -o out
    # Build runtime image
    FROM mcr.microsoft.com/dotnet/core/runtime:3.0
    WORKDIR /app
    COPY --from=build-env /app/out .
    ENTRYPOINT ["dotnet", "hello-docker.dll"]

    View full-size slide

  23. @shahiddev
    Building docker images
    Docker build –t
    E.g.
    Docker build –t k8s:1.0 .

    View full-size slide

  24. @shahiddev
    Tags
    Tags are a combination of the name of the image + version
    :
    E.g.
    mcr.microsoft.com/dotnet/core/runtime:3.0
    Can create/use images without the : portion, this the “latest” tag

    View full-size slide

  25. @shahiddev
    Tags
    Avoid running “latest” tag in any production scenario
    Tag names need to factor in code changes + changes in underlying base images
    Build-id is good tag candidate
    - Allows for tracking back to specific CI build

    View full-size slide

  26. @shahiddev
    Running docker images
    Docker run
    Many parameters to change behaviour
    --name Allows you to specify a name for the container
    -d Detached/Daemon mode
    -p: Maps local port to container port

    View full-size slide

  27. @shahiddev
    Pushing images to a registry
    Docker push
    Ensure you’re logged in to correct registry
    Ensure you’re image is tagged *//:
    E.g.
    Docker tag k8s:1.0 shahiddev/k8s:1.0
    Docker push shahiddev/k8s:1.0
    *If you’re pushing to DockerHub you don’t need the registry portion

    View full-size slide

  28. @shahiddev
    Container registries
    Repository for hosting your container images
    Private or public repositories
    Most support building container images
    DockerHub – default registry used by tooling
    Container registries from cloud providers – Azure Container Registry

    View full-size slide

  29. @shahiddev
    DEMO
    Container basics

    View full-size slide

  30. @shahiddev
    Windows containers
    Use familiar Docker tooling and commands to create and run containers
    Windows containers can only run on Windows
    “Docker-rise” full .NET framework applications
    License savings by running multiple Windows containers on a single server
    Image sizes can be substantially larger than Linux containers

    View full-size slide

  31. @shahiddev
    Windows containers

    View full-size slide

  32. @shahiddev
    Windows containers OS options
    Physical Machine/VM
    Windows Server 2016+ Windows 10 Pro/Enterprise*
    Host OS
    Windows Server
    Core
    Nano Server
    Windows Server
    Core
    Nano Server
    Guest OS
    *dev purposes only

    View full-size slide

  33. @shahiddev
    Windows server guest OS decisions
    Nano Server -> New applications/services
    o Smaller image
    o 64bit only
    o No full .NET framework
    Windows Server Core -> Existing/legacy applications
    o Full .NET framework
    o Webforms/COM interop etc

    View full-size slide

  34. @shahiddev
    Hyper-v containers
    Reminder – containers don’t give the same level of isolation as VMs
    Regulatory requirements may mandate hypervisor level isolation
    Running other peoples code – want an extra level of protection
    Windows containers can run in 2 modes

    View full-size slide

  35. @shahiddev
    Hyper-v containers

    View full-size slide

  36. @shahiddev
    Hyper-v containers
    Same container image
    Add "- -isolation=hyperv" flag to the Docker run command

    View full-size slide

  37. @shahiddev
    Hyper-v container downsides
    Containers running with hyper-v isolation incur an additional Windows license
    Container start up times are slower (by a few seconds)
    Container overhead is higher
    Still much faster and less resource intensive than full VMs

    View full-size slide

  38. @shahiddev
    VS Code Remote - Containers
    Development “inside” a container
    Don’t need to have tools/sdks installed on local machine
    Can work with a remote Docker host
    *Windows containers not currently supported 

    View full-size slide

  39. @shahiddev
    VS Code Remote - Containers

    View full-size slide

  40. @shahiddev
    Running containers in the cloud
    Spin up VM and run containers on VM
    Use PaaS service to run container – Azure App Service for containers, ECS
    Serverless container platform – Azure Container Instances, AWS Fargate
    Orchestration platform – Docker Swarm, Kubernetes

    View full-size slide

  41. @shahiddev
    Serverless container platform
    Azure Container Instances
    No need to provision servers first
    Pay per second for running containers
    Recent price cuts – cost is similar to small VMs/PaaS sku

    View full-size slide

  42. @shahiddev
    DEMO
    VS Code remote containers
    Containers in the cloud
    Windows containers

    View full-size slide

  43. @shahiddev
    Orchestration Running multiple
    containers

    View full-size slide

  44. @shahiddev
    How to manage multiple containers
    Single server Cluster of servers

    View full-size slide

  45. @shahiddev
    Docker Compose
    Declarative YAML file to describe containers you want to run
    Containers are spun up and removed as a single unit
    Volumes and networks are composed with containers to provide architecture
    Great for some developer workflows to co-ordinate creation of containers for
    testing/developing

    View full-size slide

  46. @shahiddev
    Docker Swarm
    Docker’s answer to managing containers across a number of servers
    Easy to get started with but largely overtaken by Kubernetes

    View full-size slide

  47. @shahiddev
    Kubernetes
    Open source container orchestrator
    Helps you run container based applications across multiple servers
    Provides many features you’d expect in a application platform
    Autoscaling
    Resilient applications
    Rolling deployments

    View full-size slide

  48. @shahiddev
    DEMO
    Orchestration - Kubernetes

    View full-size slide

  49. @shahiddev
    Summary
    Containers can dramatically simplify your deployment workflow.
    Managing legacy applications by using containers can provide a consistent approach
    for old and new applications
    Windows containers may give cost savings by reducing the number of Windows
    Server licenses required to run many smaller apps.
    May not need to go to full fledged orchestration (Kubernetes) – there is a significant
    organisational cost, training, knowledge to run Kubernetes.
    Security is an important factor – please don’t ignore

    View full-size slide

  50. @shahiddev
    Useful resources
    http://www.katacoda.com
    https://bit.ly/k8s-ndc

    View full-size slide

  51. @shahiddev
    Thank you!
    Shahid Iqbal
    @shahiddev on Twitter
    https://linkedin.shahid.dev
    https://blog.headforcloud.com
    Slides:
    https://bit.ly/shahiddev-docker

    View full-size slide