virtualization, containers, docker and scalable container management services

Abhishek Chawla & Aneesh Devasthale Software Engineers

LimeTray!

17th December MeetUp

Session Agenda

1.Introduction to the concept of virtualization and software containers

2.Understanding Docker as a software containerization platform3.Scalable container management services

a. Overview of AWS ECR and ECSb. Overview of kubernetes

4.Scaling Dockerized applications at LimeTray! With Kubernetes 5.Q&A6.Problem Statement

Key Takeaways

1.How to run multiple isolated applications on a single host.

2.Run Docker containers on your local machine.

3.Learn about container orchestration platforms

4.Learn about deploying and managing microservices in production.

What is virtualization in computing?

• Technology that transforms hardware into software upon which other software runs.

Types of Virtualizations

• Hardware Virtualization

• Server virtualization

• Software Virtualization

• Operating System level virtualization

Hardware virtualization

• Art of running multiple operating systems (guests) in same machine (host) completely isolated from each other.

• Each guest operating system runs on its own ‘virtual machine’ controlled via Hypervisor.

• Each virtual machine has its own kernel.

• Hypervisor - Manages these virtual machines in host operating system by allocating hardware resources to them thereby allowing you to have several virtual machines all working optimally on a single piece of computer hardware.

• Example hypervisors: Oracle VirtualBox, Vmware Workstation

CPU MEMORY STORAGE NIC

HYPERVISOR

VM VM VM VM

OS OS OS OSkernel kernel kernel kernel

Hardware Virtualization Architecture

Applications Applications Applications Applications

Operating system level virtualization

• Virtualization is provided by the host Operating System• Doesn’t use external hypervisor at all• OS kernel itself performs all the functionalities of a fully

virtualized hypervisor by allowing existence of multiple user space instances called as software containers.

• Examples : Linux Containers, Docker

Introduction to Software Containers

• A lightweight virtual machine• Illusion of running multiple operating systems on a single

machine sharing same host kernel• A linux container is itself a process in host operating system• Makes use of namespace isolation and cgroups

Container versus virtual machine1.Lightweight and fast : Occupies much less memory compared to

host VM’s.2.Hardware resources like CPU and memory are shared between

host machine and container3.Density - can install many more containers on host machine

compared to VM’s. 4.Much faster startup and shutdown since the kernel and hardware

resources are shared

APP1 APP2

What is Docker?

• Software containerization platform

• An extension of LXC’s capabilities

• Platform for packaging and running applications inside software containers

Advantages and use cases

• Simplifies distribution, shipping and deployment of applications

• Build once, run anywhere

• No worries of missing dependencies, installing and configuring the application during subsequent deployments

• Each application runs in its own isolated container, thereby allowing running of multiple/similar versions of same app/library in same host machine

• Easier to scale applications, application already packed and installed, just run it

• Easier to run you application as a failsafe long running service

Docker’s Architecture

• Client-Server Architecture• Client - Communicates with docker host, gives it instructions

to build, run and distribute your applications• Host - Communicates with clients via REST, Socket.• Registry - A library of docker images, can be locally or

publically hosted.

Docker’s Architecture

Docker images and layers• Immutable snapshot of application installed in Linux based OS or Linux based OS itself.

• Can be built from scratch

• Can be downloaded via any Docker Registry

• Can be easily extended

• Every image extends a base image ex: ubuntu, centos, alpine ..

• Instructions to create an image are described in ‘Dockerfile’

• It's the docker images which make distribution and shipping of Dockerized applications a breeze

Docker images and layers

• Can be distributed via publically/privately hosted docker registry

• Each image consists of series of layers

• New layer built on every application update

• Layering makes it easier to distributes updates to a dockerized application since only updated layer is transferred over the network

Docker Containers

• Runnable instance of an image, created when images are started with ‘run’ command

• if an image is a class, then a container is an instance of a class, a runtime object

• Image defines container’s contents and configuration details

• Containers can be started, stopped or deleted anytime

• Runs in complete isolation

Docker Containers

• Running containers add a read/write layer on top of the image

• Can enter into container using docker client API’s

• The persistence state of the container can be committed into a new image and is retained even after the container is stopped

• Committing a container’s state creates a new image by adding an extra layer to the existing image

Docker Registries

• Stored Docker images

• Can be publically or privately hosted

• Docker images can be pulled or pushed to/from these registries

• Popular Hosted Registries : Docker Hub, AWS ECR, google container registry, Azure container registry

Docker Volumes• Data directory which can be initialized within the container• Can be initialized via image at runtime or configured in Dockerfile• Data volume is shared with the host machine in /var/lib/docker/volumes

directory• Any change in data directory within the container is reflected in real-time

in the host machine and vice versa• Can also mount a directory from your Docker engine’s host into a

container• This helps data volumes to be shared among multiple containers

simultaneously• Persist even if container is deleted

The Dockerfile• Contains instructions for building docker images

• FROM - specifies base image

• RUN - Executes the command in new layer on top of current image and commits the result, examples :

• RUN mkdir /test, RUN apt-get update

• yum update && yum install wget -y && \

• yum -y install initscripts && yum clean all

• WORKDIR : Specifies the working directory for RUN, CMD, ENTRYPOINT, COPY and ADD instructions

The Dockerfile• COPY - copies specified contents from host to docker image filesystem at specified path, example:

• COPY temp/test.txt /opt

• CMD - commands to be executed at the start of the container, can be overridden at the time of container start, examples:

• CMD java -jar test.jar

• CMD [“java”,”-jar”,”test.jar”]

• CMD ./script.sh

• EXPOSE - exposes the local container port on which the container will listen for connections, example: EXPOSE 8080

The Dockerfile• ENTRYPOINT - commands to be executed at the start of the container, cannot be overridden at the

time of container start, examples:

• ENTRYPOINT java -jar test.jar

• ENTRYPOINT [“java”,”-jar”,”test.jar”]

• ENTRYPOINT ./script.sh

• Best practice - use ENTRYPOINT to set image’s main command and CMD to set default flags

• VOLUME - creates a mount point in the container mapped to the host directory, example VOLUME /data/db

Essential commands

• $ docker images

• Lists existing images on the host

• $ docker run -it <imageId/image tag>

• Run the image in a new container in interactive mode (enters into container)

• $ docker exec -it <containerId/name> /bin/bash

• Enters into container

Essential commands

• $ docker ps -a

• Lists existing containers with details on the host

• $ docker start <containerId/name>

• Starts a stopped container

• $ docker stop <containerId/name>.

• Stops a running container

Essential commands

• docker commit <containerId/name> repository:tag_name

• create a new image from existing image

• docker run -it <imageId/image tag> cmd

• Run docker image with a command

• docker rmi <imageName/repo:tag>

• Remove image

Essential commands

• Docker rm <containerId>

• Removes the container

• docker tag <imageID> abhidtu/dockertest:latest

• Tags the image

• docker login

• Login to dockerhub with your credentials

• docker push abhidtu/dockertest

• Push the local image a hosted registry

Essential commands

• docker pull abhidtu/dockertest

• Push the image from a hosted registry

• docker run -it -p host port:container port <imageId/image tag>

• Maps host port to container port

• Docker inspect <containerId/name>

• Lists down container details

Essential commands

• Docker run -it -v /temp <imageName/repo:tag>

• Mounts /temp directory inside the container, maps to host directory in var/lib/docker/volumes

• Docker run -it -v /home/uname/temp:temp <imageName/repo:tag>

• Mounts /temp directory inside the container, maps to host directory /home/uname/temp

Building custom Docker images

Docker build -t <yourImageTag> <path to Dockerfile> - builds the docker image with specified tag using instructions from Dockerfile in same directory.

Builds images in layers and uses local cache if layer already exists

Running images in Docker containers

• Docker run <imageId/reop:tag> runs the image in a new container.

• Containers can be stopped, killed, started anytime

Pushing and pulling images from Docker Hub

• Steps to push/pull images from Docker Hub

• Docker login

• Docker push

• Docker pull

Scalable Container Management Services

1.Amazon ECS2.Kubernetes3.Docker Swarm 4.Azure Container Service

Amazon Elastic Container Registry

• Fully managed docker container registry

• Integrated with Amazon ECS

• eliminates the need to operate your own container repositories

• Repositories hosted in a scalable and highly available architecture

• Pay only for the data stored in repositories and transferred to internet

Amazon Elastic Container Service

• Highly scalable and fast container management service

• Easily deploy and scale Docker containers on cluster of EC2 instances

• Supports auto-scaling

• Create Task definitions using hosted Docker images

• Runt tasks or create services from this task definition to run on EC2 cluster

• Start service via aws console or aws-cli

Monolith to 40 Microservices in 3 monthsWith AWS and Kubernetes at LimeTray

• What We Do?

• Get restaurant's online.

• Provide them tools to engage better with their business.

• Help them operate as efficiently as possible.

Some of our clients

Our Tech Stack Looked Like...

• A PHP monolith application, supported by a few external services.

• Scaling was tough.

• Low release velocity.

• Bad developer experience.

• Bad QA experience.

Microservices to the rescue

• Define service boundaries based on business domains.

• Isolated databases.

• Independent deployments.

• Establish a few standards without compromising on developer freedom.

Kubernetes to the rescue

• Production-Grade Container Orchestration System by Google.

• Automates deployment, scaling, and management of containerized applications.

Kubernetes Architecture

• Master: Runs control plane

• Minions: Run your application containers

Kubernetes objects

• Services

• Deployments

• Replica Sets

• Pods

Challenges in the microservice world

• Environments

• Config

• Service discovery and networking

• Access

• Auto Scaling

• Automation

• Logging and Monitoring

Environments

• Have at least 3 isolated different environments.

• We called them test, staging and production.

• Kubernetes namespaces + different clusters.Everybody has a testing environment. Some people are lucky enough enough to have a totally separate environment to run production in.

Config

• Manage environment specific configuration

• Keep config independent of application.

• Combination of environment variables + Secrets

Service Discovery & Networking

• Communication via HTTP APIs and Pub/Sub.

• Inter-service communication should not leak across environment boundaries.

• Painless as possible for developers to write code that utilize other services.

• KubeDNS: Use DNS Service’s IP to resolve DNS names.

Access Control

• Wanted an easy way to expose web based applications on the internet. - LTProxy

• At the same time, restrict access to internal core services.

• Service Types: ClusterIP / LoadBalancer

• Ingress via Nginx+KubeLego for automating SSL cert generation.

Horizontal autoscaling

Launch instances basis CPU usage/load.

Automatically scale down when load goes down.

Alerts on autoscaling: lime-bot

Automation

• Set up a Jenkins Pipeline to automate deployments via Github webhooks.

• Versioned Docker image to ensure that the same code runs on all 3 envs.

Logging and Monitoring

• Elasticsearch + Kibana for application logs.

• Log collection via Fluentd

• Heapster + InfluxDB + Grafana for monitoring

We’re Hiring!

Liked what we do?Come join us to be a part of more interesting

challenges!limetray.com/careers

Q&A

Problem Statement

1. Create a RESTful web API which prints 'hello' in the language and framework of your choice

2. Write the Dockerfile for this project, build the image and push it to AWS ECR

3. Create an ECS task with this image

4. Create an ECS optimized EC2 cluster

5. Deploy this task on the cluster as a service

6. Test the API