a introduction to docker - openwriteup.com€¦ · docker commit pull a new container image docker...
TRANSCRIPT
A introduction to Docker
Amit
Dev and Ops Challenges
● Dev Environment
● Code migration to staging
● Dependency issues
● Conflicts and time issue
● Frequent code changes and new build
● Redeployment frequency
● Steps automation
Solution
● Use Virtualization
● Create standard template as per dev requirement
● Move to Docker
– Question: What is docker???
– Docker is an amazing technology and it just simplifies both workflows and communication.
– Docker help devs to create an image with all the dependency and bundled it and send for ops testing
– Easy to build
– Easy to deploy
– Maintaining change set is quite easy
– Maintaining images and comparison across releases is easy
Docker Image Flow
Code changes and push images
Ship to Repository
Perform testing
Testing team deploy image
Push to staging
●
● Developers build the Docker image and ship it to the registry.
● Operations engineers provide configuration details to the container and provision resources.
● Developers trigger deployment.
● Dependency issues resolved
● Testing and redeployment become easier
Docker Workflow
● Pull a base image● Run a container,extend and commit● Part 2 results in a new image● Push image to remote repository● Pull extended image to extended environment
and run as container●
Docker Commit● Pull a new container image
docker pull rhel7:latest
docker run rhel7:latest /bin/bash
● Modify the container:
touch testfile.sh
● Commit the container image
docker commit 1fc66a69a3d2 -t amit23comp/openwriteup:1.0.0
● Docker login to hub.docker.com
[root@localhost amit]# docker login
Username (amit23comp):
Password:
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded
….
[root@localhost amit]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
amit23comp/openwriteup 1.0.0 ffe2bf92f0aa 47 minutes ago 193 MB
docker tag amit23comp/openwriteup:1.0.0 hub.docker.com:5000/amit23comp/openwriteup'
$ docker commit c16378f943fe rhel-httpd
Now, push the image to the registry using the image ID. In this example the registry is on host named registry-host and listening on port 5000. To do this, tag the image with the host name or IP address, and the port of the registry:
$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd$ docker push registry-host:5000/myadmin/rhel-httpd
[root@localhost amit]# docker push hub.docker.com:5000/amit23comp/openwriteupThe push refers to a repository [hub.docker.com:5000/amit23comp/openwriteup]
Docker Registry
● Docker hub
https://hub.docker.com
● Create a Docker hub account
https://hub.docker.com/account/signup
[root@localhost amit]# docker login
Username: amit*****
Password:
Email: [email protected]
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded
●
●
Docker file
Dockerfile
Image
Container
Docker hub
Build
Run
StopStart
Restart
Commit
Push
Pull
Image
● Image are read only
● Its contains multi layer
● Push and pull image from registry
● Container are read -write
● When we install and commit, its create a new image.
● This way its create a new layer for it
● Understanding the image layer and cache
● Minimize the image layer and maximize the image cache
Docker file continue..
explanation
● Host kernel : Its linux kernel, which is shared across all the containers
● Image: It can be any linux flavor : In above pic its a debian image. Its a readonly. Its persistent
● Container: Next layer in the pic is container, Its writable. We have added a editor in the container. “ Add emacs”. Since container is writable, but non-persistent.
● We have committed the image, and its become the new image, its a readonly.
● We can pull and push the image to the repo.
● From the repo we can pull the image and it become container and its writable.
● Image is readonly and containers are writeable.
● Once its committed we can not remove from image, we can remove from container
Layers benefit in docker file
Docker build
● docker build
This command will create image from the docker file
● docker build -t openwriteup/java:1.0.0 .
Above command will build the image from the docker file, we need to specify the dockerfile path. In above command we have mentioned the “.” at end of the command, its means dockerfile is located in current working directory
● “ -t “ option is for tagging, it tag the new image with followed by the version.
● Docker file syntax:
Instruction ----> argument
Each instruction commits create a new layer in the image
Docker file : example
# pull base image
FROM fedora:latest
RUN \
yum update && \
yum install java
# We are chaining the RUN command, so in the single command we are creating #one layer. Its create only one layer, so its chaining will help, we can avoid multiple #layer
#define default command
CMD [“java”]
Another example
#Download image with java 8
FROM dockerfile/java:oracle-java8
MAINTAINER Openwriteup
#Install MAVEN into the image
RUN apt-get update && \
echo '--->Install maven”\
apt-get install -y maven
#Create a working directory code
WORKDIR /code
#openport
EXPOSE 8080
Build image practice
● Avoid installing unnecessary packages: In order to reduce the complexity,dependencies,filesize and build size
● Run only one process per container:Decoupling application into multiple container makes it much easier to scale horizontally and reuse containers
● Minimize number of layers: Chained the instruction
RUN apt-get update && apt-get install -y \
git \
gcc \
emacs
● Build cache :During docker build we should use it.I
Docker file Command
● FROM
● RUN
● CMD
● EXPOSE
● ENV
● ENTRYPOINT
● COPY
● ADD
● WORKDIR
Difference between commands● Entrypoint and CMD
CMD [“mvn”,”exec:java”]
ENTRYPOINT[“mvn”], now “exec:java” needs to be passed as argument for docker run command.
● CMD simply sets a command to run in the image if no arguments are passed to docker run, if arguments are passed to docker run then the command is overridden.
● If docker files uses only ENTRYPOINT,the argument passed to docker run will always passed to entrypoint.
● If docker files declares both ENTRYPOINT AND CMD, and no arguments are passed to docker run ,then the argument to CMD will be passed to declared entrypoint
● COPY and ADD
CACHE:
If we make any change in image, Unchanged layers will be treated as cached and speeds everything up. As a result only new layers will only take time.
Image building
● As above pic, we can see
“Removing container...”
● For each layer building, docker build create a container and create layer inside that, and removing that container after commit.
● Again same point: Container a writable and images are read only
● Docker images will list
docker image
Some docker commands
● Specify the name of container
docker run –name <openwriteup>
● Run dameonised container:
docker run -d –name <openwriteup>
● Specify port number in the command
docker run -d -p 8080:8080
● Kill container
docker rm <container id>
● Container use and reuse: Vanished it once done, its not for storing.
….
● Run interactive
docker run -d -p 8080:8080 -t -i <image id> --name <name of container>
● Docker attach
docker attach <container name or id>
● Find the ip of container
docker inspect -format '{{.NetworkSettings.IPAddress}} <container id>
[root@localhost amit]# docker inspect --format '{{.NetworkSettings.IPAddress}}' 1fc66a69a3
172.17.0.2
● Chroot :Its spawn the container, Its create a filesystem inside the linux system. Its provides the kind of JAIL. Chroot file system jail
● Namespace: Process resource management and virtualization. Provide network stack ,memory,process isolation
● Cgroups: Control group inside the name, control the amount of memory and cpu utilization.
● Systemd: Guaranty of service. Management of process
● Lxc /docker containers