austin - container days - docker 101

Container Days: Docker 101October 13

Bill MaxwellPrincipal Eng. @ Rancher Labs @cloudnautiquebill@rancher.com

#ranchermeetup

Agenda

Docker IntroContainer BasicsBuildingStorageNetworking

STOPDocker Install Time

https://docs.docker.com/engine/installation/

VM vs Containers

Note: Containers ≠ microservices

…but containers are a good way of packaging and delivering microservices

[PS: you can still use VMs]

Our Goal: A Production Container Service

Develop Build Containerize Test Deploy/Upgrade Operate

Runtimes

runClxc/lxd

openVZ

rktdocker

Docker ContainersMantra: Build once, run anywhere

• A clean and portable runtime environment for your application (or service)• No worries about missing dependencies, packages, etc during subsequent

deployments• Automate testing, integration, and packaging…anything you can script• Reduce concerns around compatibility on different platforms (either your own,

or your customers• Instant replay and reset of image snapshots

Docker containers are helping organizations achieve agility and efficiency

Docker is helping organizations achieve agility and efficiency

Improve the speed and reliability of software development organizations

Operate that software reliably at a reasonable cost

Isolation Mechanisms• Cgroups – Metering and Limiting

• Namespaces• Pid• User• Net• Mnt• Ipc• User

• Layered Copy On Write Filesystems

Docker flow

Docker file

Build Registry

Building Images

FROM alpine

RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*

CMD /bin/echo hello

Dockerfile

Base Image

Install Software

Default Command

Anatomy of an Image

Base Image

Layer 1

Layer 2

Layer 3

What Happens?• Base image is pulled from

registry.• A container is created and the

next command is executed.• The result is committed to a

layer in the image.

Demo Images/Building

Building Images Cont.FROM alpine

RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*

ADD ./script.sh /

CMD /bin/echo hello

Add a file from the local build context

ExerciseBuild a Docker image from Alpine that executes:

script.sh:#!/bin/bashecho “hello world”

Exercise Solution

#!/bin/bashecho “hello world”

FROM alpine

RUN apk add --update bash &&\ rm -rf /var/cache/apk/*

ADD ./script.sh /

CMD /script.sh

script.sh

Dockerfile $ ls ./Dockerfile script.sh

Demo Docker Push

Notes on Tags• By default Docker

uses :latest tag.

• Docker checks for image locally, then checks registry.

• Always run a versioned tag in a production system

Docker Run

docker run –d nginx

docker run –it debian bash

docker logs <container id>

See the stdout/stderr from a container:

docker exec –it <container id> /bin/bashJump inside a container with a shell:

ExerciseRun the container from previous exercise in both interactive andDetached mode.

Enter the detached container with docker exec

Docker Run From a Filesystem perspective

Base Image

Layer 1

Layer 2

Layer 3

Container 1Filesystem

Container 2Filesystem

ExerciseRun 2 containers from the same image and see that changes on the local file system do not impact the other.

Docker volumes

Base Image

Layer 1

Layer 2

Layer 3

By Default layered file systems. Keep mappingtable in memory.

AUFS doesn’t do Hard Links… good luck running Tox

Docker volumes

Base Image

Layer 1

Layer 2

Layer 3

Use a VOLUME

Dockerfile:Volume /path

Runtime:-v /path

/var/lib/dockerFilesystem

Running Container

Volume PluginsDocker plugin binaries that can mount storage and attach to containers.

Host Bind MountsDirectly mount any path on the host file system inside the container.

docker run –it –v /data:/data alpine sh

Volumes FromShare volumes between containers!

Data Container

Container 1 Container 2

Volume Exercises1. Docker volume ls2. docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql3. Docker volume ls

4. Docker volume create –name mysql-data5. docker run --name some-mysql-named-volume -e MYSQL_ROOT_PASSWORD=my-

secret-pw –d –v mysql-data:/var/lib/mysql mysql

6. mkdir ./data7. docker run --name some-mysql-host-volume -e MYSQL_ROOT_PASSWORD=my-secret-

pw –d –v $(pwd)/data:/var/lib/mysql mysql

8. Create a volume container

Docker networking• Containers run in their own

network namespace.• Port mapping to host interface

for outside accessiblity.

Interface

Docker Bridge

Container

Demo Networking ModesNoneHost

LinkingCreates Directional Link

Creates DNS / Host lookup

Creates ENV variables

Container 1 Container 2

Exposing PortsAllows traffic from outside of the Docker bridged network.

Interface

Docker Bridge

Container

Outside world

Demo LinkingSetting hostnameSetting host:ip mapping

ExerciseCreate Mysql Container and link a mysql client container to it.

Run nginx container and reach port

Pulling it all togetherLets run:

https://github.com/realpython/orchestrating-docker

Advanced TopicsNamespace sharing! Security ConsiderationsDaemon settings

Thank you!

Questions?

Contact: mpaluru@rancher.com

austin - container days - docker 101

Technology

a introduction to docker - openwriteup.com€¦ · docker...

monitoring docker-container-and-dockerized-applications

docker and the container ecosystem

docker vs. mesos unified container

郭峰 - docker...

vsphere 환경에서 docker container 실행하기

kapitel 26 windows server-container, docker und hyper-v ......

docker container security - a network view

docker - container and lightweight virtualization

docker escape technology-eng - cansecwest · how docker...

oracle® container runtime for docker - user's guide · the...

linux container & docker

docker, linux container

the docker and container ecosystem

docker + app container = ocp

docker container introduction

docker & container as a service (caas)

docker and container technology []

docker container und microsoft azure

docker - the linux container