an introduction to · 2018-12-05 · 2015/06open container initiative (by docker) thomas calmant -...
TRANSCRIPT
![Page 1: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/1.jpg)
Thomas Calmant INRIA Grenoble Rhone-Alpes SED/Tyrex February 2018
An Introduction to
![Page 2: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/2.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 2
1A bit of context
![Page 3: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/3.jpg)
The big questions
For administrators and packagers:I How to ensure an application will work everywhere ?I How to avoid it messing with my system ?I How to isolate the components of my application ?
For developers:I How to ensure everybody has the same build environment ?I How to provide a sample to reproduce a bug ?
Thomas Calmant - An Introduction to Docker February 2018 – 3
![Page 4: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/4.jpg)
The big questions
For administrators and packagers:I How to ensure an application will work everywhere ?I How to avoid it messing with my system ?I How to isolate the components of my application ?
For developers:I How to ensure everybody has the same build environment ?I How to provide a sample to reproduce a bug ?
Thomas Calmant - An Introduction to Docker February 2018 – 3
![Page 5: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/5.jpg)
The Concept of ContainerConcept of Containerization from freight transport
Transport
I can be (un-)loaded/stacked efficientlyI can be loaded on ships, trains, trucks, . . .I can be handled without being opened
I OpenContainer Runtime Specification
I are tracked with an identification numberI have ISO-standard sizes (5 classes)
}I OpenContainer Image Specification
Isolation
Thomas Calmant - An Introduction to Docker February 2018 – 4
![Page 6: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/6.jpg)
The Concept of ContainerConcept of Containerization from freight transport
Transport
I can be (un-)loaded/stacked efficientlyI can be loaded on ships, trains, trucks, . . .I can be handled without being opened
I OpenContainer Runtime Specification
I are tracked with an identification numberI have ISO-standard sizes (5 classes)
}I OpenContainer Image Specification
Isolation
Thomas Calmant - An Introduction to Docker February 2018 – 4
![Page 7: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/7.jpg)
The Concept of ContainerConcept of Containerization from freight transport
Transport
I can be (un-)loaded/stacked efficientlyI can be loaded on ships, trains, trucks, . . .I can be handled without being opened
I OpenContainer Runtime Specification
I are tracked with an identification numberI have ISO-standard sizes (5 classes)
}I OpenContainer Image Specification
Isolation
Thomas Calmant - An Introduction to Docker February 2018 – 4
![Page 8: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/8.jpg)
The Concept of ContainerConcept of Containerization from freight transport
Transport
I can be (un-)loaded/stacked efficientlyI can be loaded on ships, trains, trucks, . . .I can be handled without being opened
I OpenContainer Runtime Specification
I are tracked with an identification numberI have ISO-standard sizes (5 classes)
}I OpenContainer Image Specification
Isolation
Thomas Calmant - An Introduction to Docker February 2018 – 4
![Page 9: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/9.jpg)
The Concept of ContainerConcept of Containerization from freight transport
Transport
I can be (un-)loaded/stacked efficientlyI can be loaded on ships, trains, trucks, . . .I can be handled without being opened
I OpenContainer Runtime Specification
I are tracked with an identification numberI have ISO-standard sizes (5 classes)
}I OpenContainer Image Specification
Isolation
Thomas Calmant - An Introduction to Docker February 2018 – 4
![Page 10: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/10.jpg)
Types of Virtualizations
Type I Type II
Application
Guest OS
VM DevicesVM2
Application
Guest OS
VM DevicesVM1
Host OS
DOM0Hypervisor
Host Devices
Application
Guest OS
VM DevicesVM2
Application
Guest OS
VM DevicesVM1Hypervisor
Host OS
Host Devices
I The Hypervisor is a lightweightkernel
I Examples: Xen, Hyper-V,vSphere/ESXi, . . .
I The Hypervisor runs above(partly inside) the host OS
I Examples: VirtualBox,VMWare Workstation, . . .
Thomas Calmant - An Introduction to Docker February 2018 – 5
![Page 11: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/11.jpg)
A history of Isolation
1979 chroot (Version 7 Unix)2000 jail (FreeBSD 4.0)2005 Solaris Containers: “chroot on steroids” (Solaris 10)
2008/01 cgroups: Task Control Groups (Linux Kernel 2.6.24)2008/08 LXC: Linux Containers (based on cgroups)2013/02 User Namespaces (Linux Kernel 3.8)2013/03 Docker (based on LXC),
announced in a Lightning Talk at PyCon 20132015/06 Open Container Initiative (by Docker)
Thomas Calmant - An Introduction to Docker February 2018 – 6
![Page 12: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/12.jpg)
A history of Isolation
1979 chroot (Version 7 Unix)2000 jail (FreeBSD 4.0)2005 Solaris Containers: “chroot on steroids” (Solaris 10)
2008/01 cgroups: Task Control Groups (Linux Kernel 2.6.24)2008/08 LXC: Linux Containers (based on cgroups)2013/02 User Namespaces (Linux Kernel 3.8)
2013/03 Docker (based on LXC),announced in a Lightning Talk at PyCon 2013
2015/06 Open Container Initiative (by Docker)
Thomas Calmant - An Introduction to Docker February 2018 – 6
![Page 13: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/13.jpg)
A history of Isolation
1979 chroot (Version 7 Unix)2000 jail (FreeBSD 4.0)2005 Solaris Containers: “chroot on steroids” (Solaris 10)
2008/01 cgroups: Task Control Groups (Linux Kernel 2.6.24)2008/08 LXC: Linux Containers (based on cgroups)2013/02 User Namespaces (Linux Kernel 3.8)2013/03 Docker (based on LXC),
announced in a Lightning Talk at PyCon 20132015/06 Open Container Initiative (by Docker)
Thomas Calmant - An Introduction to Docker February 2018 – 6
![Page 14: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/14.jpg)
Virtualization vs. Isolation
Type II Isolation
Application
Guest OS
VM DevicesVM2
Application
Guest OS
VM DevicesVM1Hypervisor
Host OS
Host Devices
Application
Bins/Libs
Container2
Application
Bins/Libs
Container1
Host OS Container Engine
Host Devices
I Ability to run different kernel/OSI Possibility to attach some of host
devices
I Shared Kernel, handling isolationI Kernel-handled virtual devices
(network)
Thomas Calmant - An Introduction to Docker February 2018 – 7
![Page 15: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/15.jpg)
Different targets, different advantages
VirtualizationI Best isolation from the hostI Fine tuned resource quota
I Runs any guest OSI Lots of management tools
IsolationI Good enough isolationI Benefit from kernel
optimizations & quotaI Very low footprintI Ease of use
Thomas Calmant - An Introduction to Docker February 2018 – 8
![Page 16: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/16.jpg)
Agenda
1. A bit of context
2. Playing with docker
3. Basic interaction with the host
4. Link containers together
5. Create a Docker image
6. Security
7. Scale up with Swarm
8. Miscellaneous
Thomas Calmant - An Introduction to Docker February 2018 – 9
![Page 17: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/17.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 10
2Playing with dockerBecause nothing beats thecommand line
![Page 18: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/18.jpg)
Warm up
I Check if docker works:I docker infoI docker run hello-world
I If not...I Check if docker is installedI Check if your user is in the docker group:
sudo gpasswd -a $USER docker
Thomas Calmant - An Introduction to Docker February 2018 – 11
![Page 19: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/19.jpg)
We’re ready to go!
Thomas Calmant - An Introduction to Docker February 2018 – 12
![Page 20: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/20.jpg)
Docker on a Linux system
I On your machine:I Docker storage: /var/lib/docker
I Only root can access this folderI Contains images, volumes and containers storage
I Docker UNIX Socket: /var/run/docker.sockI Only root and the docker group can access itI Default & recommended access to the local Docker Daemon
I Docker can access remote locations:I Docker Daemon:
I Docker official registry: Docker HubI Private registries
I Docker CLII Manage a remote daemon via TCP/TLSI Manage a Docker Swarm
Thomas Calmant - An Introduction to Docker February 2018 – 13
![Page 21: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/21.jpg)
Docker on a Linux system
I On your machine:I Docker storage: /var/lib/docker
I Only root can access this folderI Contains images, volumes and containers storage
I Docker UNIX Socket: /var/run/docker.sockI Only root and the docker group can access itI Default & recommended access to the local Docker Daemon
I Docker can access remote locations:I Docker Daemon:
I Docker official registry: Docker HubI Private registries
I Docker CLII Manage a remote daemon via TCP/TLSI Manage a Docker Swarm
Thomas Calmant - An Introduction to Docker February 2018 – 13
![Page 22: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/22.jpg)
Docker on a Linux system
I On your machine:I Docker storage: /var/lib/docker
I Only root can access this folderI Contains images, volumes and containers storage
I Docker UNIX Socket: /var/run/docker.sockI Only root and the docker group can access itI Default & recommended access to the local Docker Daemon
I Docker can access remote locations:I Docker Daemon:
I Docker official registry: Docker HubI Private registries
I Docker CLII Manage a remote daemon via TCP/TLSI Manage a Docker Swarm
Thomas Calmant - An Introduction to Docker February 2018 – 13
![Page 23: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/23.jpg)
Time to work
Thomas Calmant - An Introduction to Docker February 2018 – 14
![Page 24: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/24.jpg)
Hands on: Running a container
I docker run debian
I Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debian
I -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps
-a
I Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 25: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/25.jpg)
Hands on: Running a container
I docker run debian
I Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debian
I -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps
-a
I Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 26: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/26.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debian
I -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps
-a
I Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 27: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/27.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debianI -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps
-a
I Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 28: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/28.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debianI -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps
-a
I Prints the list of active containers
I -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 29: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/29.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debianI -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps -aI Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>
I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 30: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/30.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debianI -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps -aI Prints the list of active containersI -a: also shows stopped containers
I docker rm
-f
<CID/name>I Removes a stopped container
I -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 31: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/31.jpg)
Hands on: Running a container
I docker run debianI Starts a container based on the debian imageI No stdin, so bash exits immediately (end of file)
I docker run -it --name MyContainer debianI -i: interactive mode (with stdin, stdout, stderr)I -t: with a valid TTY (screen size, coloration, . . . )I --name: Set a name to ease management (unique per host)
I docker ps -aI Prints the list of active containersI -a: also shows stopped containers
I docker rm -f <CID/name>I Removes a stopped containerI -f stops the container if necessary
Thomas Calmant - An Introduction to Docker February 2018 – 15
![Page 32: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/32.jpg)
Container life cycle
Created
Dead
Stopped Running
run
Thomas Calmant - An Introduction to Docker February 2018 – 16
![Page 33: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/33.jpg)
Container life cycle
Created
Dead
Stopped Running
run
stop
Thomas Calmant - An Introduction to Docker February 2018 – 16
![Page 34: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/34.jpg)
Container life cycle
Created
Dead
Stopped Running
run
stop
rm
Thomas Calmant - An Introduction to Docker February 2018 – 16
![Page 35: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/35.jpg)
Running inside a container
I docker run --name MyContainer -d debian sleep 60I The container is started detached (-d)
I docker exec -it MyContainer bash
I Starts a new bash process in the container
Docker Daemon
sleep 60
PID 1
Thomas Calmant - An Introduction to Docker February 2018 – 17
![Page 36: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/36.jpg)
Running inside a container
I docker run --name MyContainer -d debian sleep 60I The container is started detached (-d)
I docker exec -it MyContainer bashI Starts a new bash process in the container
Docker Daemon
sleep 60
PID 1bash
PID 7
Thomas Calmant - An Introduction to Docker February 2018 – 17
![Page 37: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/37.jpg)
Container life cycle (continued)
Created
Dead
Stopped Running Paused
run
stop
rm
Thomas Calmant - An Introduction to Docker February 2018 – 18
![Page 38: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/38.jpg)
Container life cycle (continued)
Created
Dead
Stopped Running Paused
run
stop
killrm
Thomas Calmant - An Introduction to Docker February 2018 – 18
![Page 39: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/39.jpg)
Container life cycle (continued)
Created
Dead
Stopped Running Paused
run
stop
killrm
create start
Thomas Calmant - An Introduction to Docker February 2018 – 18
![Page 40: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/40.jpg)
Container life cycle (continued)
Created
Dead
Stopped Running Paused
run
stop
killrm
create start pause
unpause
Thomas Calmant - An Introduction to Docker February 2018 – 18
![Page 41: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/41.jpg)
A word on life cycle
I Container file system is set up before the initial state(created)
I It is cleaned up when going to the Dead state (with rm)I It is persistent across stop/start/pause operations
I The kill command sends a SIGKILL to the containedexecutable
I When running without a TTY, signals aren’t forwardedI They are handled by the docker command, not by the
contained executableI A SIGINT will therefore end the container with a SIGKILL
Thomas Calmant - An Introduction to Docker February 2018 – 19
![Page 42: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/42.jpg)
Docker Registry: local cache and registry
docker run debian ...
Docker Daemon
Docker Hub Registry
Check
Thomas Calmant - An Introduction to Docker February 2018 – 20
![Page 43: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/43.jpg)
Docker Registry: local cache and registry
docker run debian ...
Docker Daemon
Docker Hub Registry
Search
Thomas Calmant - An Introduction to Docker February 2018 – 20
![Page 44: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/44.jpg)
Docker Registry: local cache and registry
docker run debian ...
Docker Daemon
Docker Hub Registry
Search
Download
Thomas Calmant - An Introduction to Docker February 2018 – 20
![Page 45: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/45.jpg)
Docker Registry: local cache and registry
docker run debian ...
Docker Daemon
Container xxx
Docker Hub Registry
Load
Thomas Calmant - An Introduction to Docker February 2018 – 20
![Page 46: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/46.jpg)
A journey through Docker Commands (1/6)
Step 1 Start a new container:docker run -it ubuntu bash
Step 2 Create a file in the container:echo "Hello, World" > /root/greetings.txt
Step 3 Print the hostname of the container (its ID):hostname
Step 4 Detach from the container:Press Ctrl+P, Ctrl+Q
Step 5 Keep track the Container ID:CID="ID_obtained_in_step_3"
Thomas Calmant - An Introduction to Docker February 2018 – 21
![Page 47: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/47.jpg)
A journey through Docker Commands (1/6)
Step 1 Start a new container:docker run -it ubuntu bash
Step 2 Create a file in the container:echo "Hello, World" > /root/greetings.txt
Step 3 Print the hostname of the container (its ID):hostname
Step 4 Detach from the container:Press Ctrl+P, Ctrl+Q
Step 5 Keep track the Container ID:CID="ID_obtained_in_step_3"
Thomas Calmant - An Introduction to Docker February 2018 – 21
![Page 48: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/48.jpg)
A journey through Docker Commands (1/6)
Step 1 Start a new container:docker run -it ubuntu bash
Step 2 Create a file in the container:echo "Hello, World" > /root/greetings.txt
Step 3 Print the hostname of the container (its ID):hostname
Step 4 Detach from the container:Press Ctrl+P, Ctrl+Q
Step 5 Keep track the Container ID:CID="ID_obtained_in_step_3"
Thomas Calmant - An Introduction to Docker February 2018 – 21
![Page 49: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/49.jpg)
A journey through Docker Commands (1/6)
Step 1 Start a new container:docker run -it ubuntu bash
Step 2 Create a file in the container:echo "Hello, World" > /root/greetings.txt
Step 3 Print the hostname of the container (its ID):hostname
Step 4 Detach from the container:Press Ctrl+P, Ctrl+Q
Step 5 Keep track the Container ID:CID="ID_obtained_in_step_3"
Thomas Calmant - An Introduction to Docker February 2018 – 21
![Page 50: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/50.jpg)
A journey through Docker Commands (2/6)
Step 6 Copy the file from the container:docker cp ${CID}:/root/greetings.txt
${HOME}/greetings.txt↪→
Step 7 Edit/create a file on the host:echo "Hello from host" > ${HOME}/host.txt
Step 8 Send the file to the containerdocker cp ${HOME}/host.txt ${CID}:/root/host.txt
Thomas Calmant - An Introduction to Docker February 2018 – 22
![Page 51: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/51.jpg)
A journey through Docker Commands (2/6)
Step 6 Copy the file from the container:docker cp ${CID}:/root/greetings.txt
${HOME}/greetings.txt↪→
Step 7 Edit/create a file on the host:echo "Hello from host" > ${HOME}/host.txt
Step 8 Send the file to the containerdocker cp ${HOME}/host.txt ${CID}:/root/host.txt
Thomas Calmant - An Introduction to Docker February 2018 – 22
![Page 52: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/52.jpg)
A journey through Docker Commands (2/6)
Step 6 Copy the file from the container:docker cp ${CID}:/root/greetings.txt
${HOME}/greetings.txt↪→
Step 7 Edit/create a file on the host:echo "Hello from host" > ${HOME}/host.txt
Step 8 Send the file to the containerdocker cp ${HOME}/host.txt ${CID}:/root/host.txt
Thomas Calmant - An Introduction to Docker February 2018 – 22
![Page 53: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/53.jpg)
A journey through Docker Commands (3/6)
Step 9 Reconnect the container:docker attach $CID
Step 10 Check the new file:cat /root/host.txt
Step 11 Edit a file inside the container:echo "toto=1" >> /etc/sysctl.conf
Step 12 Re-detach the container
Thomas Calmant - An Introduction to Docker February 2018 – 23
![Page 54: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/54.jpg)
A journey through Docker Commands (3/6)
Step 9 Reconnect the container:docker attach $CID
Step 10 Check the new file:cat /root/host.txt
Step 11 Edit a file inside the container:echo "toto=1" >> /etc/sysctl.conf
Step 12 Re-detach the container
Thomas Calmant - An Introduction to Docker February 2018 – 23
![Page 55: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/55.jpg)
A journey through Docker Commands (4/6)
Step 13 List the modified files:docker diff $CID
Step 14 Look what has been written to stdout/stderr:docker logs $CID
Step 15 Export the content:docker export --output content.tar $CID
Thomas Calmant - An Introduction to Docker February 2018 – 24
![Page 56: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/56.jpg)
A journey through Docker Commands (4/6)
Step 13 List the modified files:docker diff $CID
Step 14 Look what has been written to stdout/stderr:docker logs $CID
Step 15 Export the content:docker export --output content.tar $CID
Thomas Calmant - An Introduction to Docker February 2018 – 24
![Page 57: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/57.jpg)
A journey through Docker Commands (4/6)
Step 13 List the modified files:docker diff $CID
Step 14 Look what has been written to stdout/stderr:docker logs $CID
Step 15 Export the content:docker export --output content.tar $CID
Thomas Calmant - An Introduction to Docker February 2018 – 24
![Page 58: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/58.jpg)
A journey through Docker Commands (5/6)
Step 16 Execute a detached process:docker exec -d $CID sleep 1h
Step 17 View running processes:docker exec $CID ps aux
docker top $CID
aux
Step 18 Execute an interactive process:docker exec -it $CID bash
Thomas Calmant - An Introduction to Docker February 2018 – 25
![Page 59: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/59.jpg)
A journey through Docker Commands (5/6)
Step 16 Execute a detached process:docker exec -d $CID sleep 1h
Step 17 View running processes:docker exec $CID ps aux
docker top $CID
aux
Step 18 Execute an interactive process:docker exec -it $CID bash
Thomas Calmant - An Introduction to Docker February 2018 – 25
![Page 60: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/60.jpg)
A journey through Docker Commands (5/6)
Step 16 Execute a detached process:docker exec -d $CID sleep 1h
Step 17 View running processes:docker exec $CID ps aux
docker top $CID
aux
Step 18 Execute an interactive process:docker exec -it $CID bash
Thomas Calmant - An Introduction to Docker February 2018 – 25
![Page 61: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/61.jpg)
A journey through Docker Commands (5/6)
Step 16 Execute a detached process:docker exec -d $CID sleep 1h
Step 17 View running processes:docker exec $CID ps aux
docker top $CID aux
Step 18 Execute an interactive process:docker exec -it $CID bash
Thomas Calmant - An Introduction to Docker February 2018 – 25
![Page 62: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/62.jpg)
A journey through Docker Commands (5/6)
Step 16 Execute a detached process:docker exec -d $CID sleep 1h
Step 17 View running processes:docker exec $CID ps aux
docker top $CID aux
Step 18 Execute an interactive process:docker exec -it $CID bash
Thomas Calmant - An Introduction to Docker February 2018 – 25
![Page 63: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/63.jpg)
A journey through Docker Commands (6/6)
Step 19 Stop the container (from the host):docker stop $CID
Step 20 See reclaimable space:docker system df
Step 21 Clean up:docker container prune
docker volume prune
docker image prune
I docker system prune
Thomas Calmant - An Introduction to Docker February 2018 – 26
![Page 64: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/64.jpg)
A journey through Docker Commands (6/6)
Step 19 Stop the container (from the host):docker stop $CID
Step 20 See reclaimable space:docker system df
Step 21 Clean up:docker container prune
docker volume prune
docker image prune
I docker system prune
Thomas Calmant - An Introduction to Docker February 2018 – 26
![Page 65: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/65.jpg)
A journey through Docker Commands (6/6)
Step 19 Stop the container (from the host):docker stop $CID
Step 20 See reclaimable space:docker system df
Step 21 Clean up:docker container prune
docker volume prune
docker image prune
I docker system prune
Thomas Calmant - An Introduction to Docker February 2018 – 26
![Page 66: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/66.jpg)
A journey through Docker Commands (6/6)
Step 19 Stop the container (from the host):docker stop $CID
Step 20 See reclaimable space:docker system df
Step 21 Clean up:docker container prune
docker volume prune
docker image prune
I docker system prune
Thomas Calmant - An Introduction to Docker February 2018 – 26
![Page 67: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/67.jpg)
Last but not least
Step 22 Run a container and wait for it to finish:CID=$(docker run --rm -d debian sleep 10)
docker wait $CID
Thomas Calmant - An Introduction to Docker February 2018 – 27
![Page 68: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/68.jpg)
Before we go...
Let Docker download images in background(this can last some minutes)
docker pull debian:9.0
docker pull registry:2
docker pull nginx
docker pull hyper/docker-registry-web
Thomas Calmant - An Introduction to Docker February 2018 – 28
![Page 69: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/69.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 29
3Basic interaction withthe hostNetwork & Files
![Page 70: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/70.jpg)
Docker default network configuration - none
none No network stack but loopback
eth0
eth1
loopback
Docker Daemon
Container xxx
loopback
Thomas Calmant - An Introduction to Docker February 2018 – 30
![Page 71: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/71.jpg)
Docker default network configuration - host
host Host’s network interfaces
eth0
eth1
loopback
Docker Daemon
Container xxx
loopbacketh0
eth1
Thomas Calmant - An Introduction to Docker February 2018 – 31
![Page 72: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/72.jpg)
Docker default network configuration - bridge
bridge Virtual switch handled by Docker (default behavior)
eth0
eth1
loopback
Docker Daemon
Container xxx
loopbacketh0
bridge
Thomas Calmant - An Introduction to Docker February 2018 – 32
![Page 73: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/73.jpg)
Docker networks - all configurations
I Default networks:none No network stack but loopbackhost Host’s network interfaces
bridge Virtual switch handled by Docker (default)overlay A bridge network across hosts (Swarm only)
I Custom networks:I docker network create -d bridge my-netI Only of type bridge, overlay or from a plugged-in type
I Multiple networks can be attached to a container
Thomas Calmant - An Introduction to Docker February 2018 – 33
![Page 74: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/74.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addr
I Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addr
I Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 75: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/75.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it --network bridge debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addr
I Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addr
I Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 76: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/76.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it --network bridge debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addr
I Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addr
I Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 77: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/77.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it --network bridge debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addr
I Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addr
I Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 78: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/78.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it --network bridge debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addrI Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addr
I Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 79: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/79.jpg)
Docker networks - command setup
I Run a debian image with a specific network:I docker run --rm -it --network bridge debian ip addr
I Loopback and private IPI Access to external network (through the bridge to host’s networks)
I docker run --rm -it --network host debian ip addrI Loopback and host’s IPsI Direct access to host’s network interfaces
I docker run --rm -it --network none debian ip addrI Loopback onlyI No access to the outside world nor to the host
Thomas Calmant - An Introduction to Docker February 2018 – 34
![Page 80: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/80.jpg)
Publish a port: command line
I -p, --publish: gives access to a container port from theoutside-p CC Host random port ⇒ Container port CC-p HH:CC Host port HH ⇒ Container port CC-p IP:HH:CC Same, but bound to host address IP
I --expose: defines a port to exposeI i.e. made accessible by other containersI useful if Inter-Container-Communications (ICC) are disabledI equivalent to the EXPOSE Dockerfile command
Thomas Calmant - An Introduction to Docker February 2018 – 35
![Page 81: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/81.jpg)
Publish a port: command line
I -p, --publish: gives access to a container port from theoutside-p CC Host random port ⇒ Container port CC-p HH:CC Host port HH ⇒ Container port CC-p IP:HH:CC Same, but bound to host address IP
I --expose: defines a port to exposeI i.e. made accessible by other containersI useful if Inter-Container-Communications (ICC) are disabledI equivalent to the EXPOSE Dockerfile command
Thomas Calmant - An Introduction to Docker February 2018 – 35
![Page 82: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/82.jpg)
Publish a port: example
I Run an nginx image:docker run --rm -it -p 8080:80 nginx
I Server available on http://localhost:8080/I Also from the host interfaces, if the firewall allows it
Thomas Calmant - An Introduction to Docker February 2018 – 36
![Page 83: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/83.jpg)
Publish a port: example
I Run an nginx image:docker run --rm -it -p 8080:80 nginx
I Server available on http://localhost:8080/I Also from the host interfaces, if the firewall allows it
Thomas Calmant - An Introduction to Docker February 2018 – 36
![Page 84: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/84.jpg)
Publish a port: example
I Run an nginx image:docker run --rm -it -p 8080:80 nginx
I Server available on http://localhost:8080/I Also from the host interfaces, if the firewall allows it
Welcome to nginx!If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.
For online documentation and support please refer to nginx.org.Commercial support is available at nginx.com.
Thank you for using nginx.
http://localhost:8080/
Figure: nginx is up & running
Thomas Calmant - An Introduction to Docker February 2018 – 36
![Page 85: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/85.jpg)
Docker volumes
I Kinds of volumes:
Bound volume A host directory/file is mounted in thecontainer
Data volume Stored on host, in /var/lib/docker/...
Named volume Volume created a priori, with docker volume
create
I Volume drivers: plug-ins to support new kinds of volumesI NetShare.io (NFS, CIFS, SMB), Nvidia, . . .
Thomas Calmant - An Introduction to Docker February 2018 – 37
![Page 86: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/86.jpg)
Docker volumes
I Kinds of volumes:
Bound volume A host directory/file is mounted in thecontainer
Data volume Stored on host, in /var/lib/docker/...
Named volume Volume created a priori, with docker volume
create
I Volume drivers: plug-ins to support new kinds of volumesI NetShare.io (NFS, CIFS, SMB), Nvidia, . . .
Thomas Calmant - An Introduction to Docker February 2018 – 37
![Page 87: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/87.jpg)
Docker volumes: command line
I --volume-driver: the volume driver to use for thiscommand line
I Only one driver can be set per command line
I -v, --volume: defines a new volumeI docker run -v /path ...
I Creates a data volume for the /path folderI docker run -v /host/path:/path ...
I Mounts a bound volume to /pathI Most drivers also support a final :ro flag, to bind a read-only
volume:docker run -v /host/path:/path:ro ...
Thomas Calmant - An Introduction to Docker February 2018 – 38
![Page 88: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/88.jpg)
Docker volumes: command line
I --volume-driver: the volume driver to use for thiscommand line
I Only one driver can be set per command line
I -v, --volume: defines a new volume
I docker run -v /path ...I Creates a data volume for the /path folder
I docker run -v /host/path:/path ...I Mounts a bound volume to /pathI Most drivers also support a final :ro flag, to bind a read-only
volume:docker run -v /host/path:/path:ro ...
Thomas Calmant - An Introduction to Docker February 2018 – 38
![Page 89: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/89.jpg)
Docker volumes: command line
I --volume-driver: the volume driver to use for thiscommand line
I Only one driver can be set per command line
I -v, --volume: defines a new volumeI docker run -v /path ...
I Creates a data volume for the /path folder
I docker run -v /host/path:/path ...I Mounts a bound volume to /pathI Most drivers also support a final :ro flag, to bind a read-only
volume:docker run -v /host/path:/path:ro ...
Thomas Calmant - An Introduction to Docker February 2018 – 38
![Page 90: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/90.jpg)
Docker volumes: command line
I --volume-driver: the volume driver to use for thiscommand line
I Only one driver can be set per command line
I -v, --volume: defines a new volumeI docker run -v /path ...
I Creates a data volume for the /path folderI docker run -v /host/path:/path ...
I Mounts a bound volume to /pathI Most drivers also support a final :ro flag, to bind a read-only
volume:docker run -v /host/path:/path:ro ...
Thomas Calmant - An Introduction to Docker February 2018 – 38
![Page 91: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/91.jpg)
Docker volumes: example
On the host, in a new folder:
I Create a simple HTML page: ./www/index.html
<html>
<body><h1>Hello World, from Docker</h1></body>
</html>
I Create an nginx configuration: ./site.conf
server {
listen 80;
root /www;
autoindex on;
}
I Source files available on :http://sed.inrialpes.fr/docker-tuto/index_docker.html
Thomas Calmant - An Introduction to Docker February 2018 – 39
![Page 92: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/92.jpg)
Docker volumes: example
I Run the container with the following volumes:I ./site.conf ⇒ /etc/nginx/conf.d/default.confI ./www/ ⇒ /www
docker run --rm \-p 8080:80 \-v $(pwd)/site.conf:/etc/nginx/conf.d/default.conf \-v $(pwd)/www:/www \nginx
Thomas Calmant - An Introduction to Docker February 2018 – 40
![Page 93: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/93.jpg)
Docker volumes: example
I Run the container with the following volumes:I ./site.conf ⇒ /etc/nginx/conf.d/default.confI ./www/ ⇒ /www
docker run --rm \-p 8080:80 \-v $(pwd)/site.conf:/etc/nginx/conf.d/default.conf \-v $(pwd)/www:/www \nginx
Thomas Calmant - An Introduction to Docker February 2018 – 40
![Page 94: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/94.jpg)
Docker volumes: plug-ins
I Example: the NetShare.io plug-inI Plug-in to be installed separately;
see http://netshare.containx.io/I Gives access to NFS & CIFS shared folders as volumes
I docker run \--volume-driver nfs \-v nfs-server/shared/path:/path ...
I Note the lack of column “:” after the server nameI No other kind of volume can be mounted on this line, unlike
other NetShare volumes
Thomas Calmant - An Introduction to Docker February 2018 – 41
![Page 95: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/95.jpg)
Docker volumes: command line
How to use multiple volume drivers at once ?
Solution: create a named volumeI docker volume create -d nfs --name shared-data \
-o share=nfs-server:/shared/pathI Note the share= format, equivalent to fstab options
I docker run -v shared-data:/path ...I No need for the --volume-driver option
Thomas Calmant - An Introduction to Docker February 2018 – 42
![Page 96: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/96.jpg)
Docker volumes: command line
How to use multiple volume drivers at once ?
Solution: create a named volumeI docker volume create -d nfs --name shared-data \
-o share=nfs-server:/shared/pathI Note the share= format, equivalent to fstab options
I docker run -v shared-data:/path ...I No need for the --volume-driver option
Thomas Calmant - An Introduction to Docker February 2018 – 42
![Page 97: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/97.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 43
4Link containers togetherUnity makes strength
![Page 98: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/98.jpg)
Expose, Links & Networks
I Expose (Dockerfile or run argument)I Defines ports accessible by other containers, even without ICC
I Links (run argument, composition)I Indicates Docker that a container can communicate with
anotherI Allows to give a network alias to access the container
I NetworksI All containers of a network can communicateI No port restriction inside the network
Thomas Calmant - An Introduction to Docker February 2018 – 44
![Page 99: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/99.jpg)
Compositions: Docker Compose
I A Python script to manage sets of containersI The standalone version is recommended, see
https://docs.docker.com/compose/installI pip install docker-compose on recent OSes
I Same capabilities as the run commandI Compositions written in YAML format
Thomas Calmant - An Introduction to Docker February 2018 – 45
![Page 100: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/100.jpg)
Sample composition
version: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:/etc/nginx/conf.d/default.conf
- ./www:/www
database:
image: mysql
Thomas Calmant - An Introduction to Docker February 2018 – 46
![Page 101: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/101.jpg)
Principles
file.yml
file.yml
Docker Daemonversion: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:[...]/default.conf
- ./www:/www
database:
image: mysql
I docker-compose up -d
I docker-compose stop
I docker-compose down
Thomas Calmant - An Introduction to Docker February 2018 – 47
![Page 102: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/102.jpg)
Principles
file.yml
file.yml
docker-compose up
Docker Daemonversion: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:[...]/default.conf
- ./www:/www
database:
image: mysql
I docker-compose up -d
I docker-compose stop
I docker-compose down
Thomas Calmant - An Introduction to Docker February 2018 – 47
![Page 103: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/103.jpg)
Principles
file.yml
file.yml
Docker Daemon
web
database
version: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:[...]/default.conf
- ./www:/www
database:
image: mysql
I docker-compose up -d
I docker-compose stop
I docker-compose down
Thomas Calmant - An Introduction to Docker February 2018 – 47
![Page 104: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/104.jpg)
Principles
file.yml
file.yml
Docker Daemon
web
database
version: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:[...]/default.conf
- ./www:/www
database:
image: mysql
I docker-compose up -d
I docker-compose stop
I docker-compose down
Thomas Calmant - An Introduction to Docker February 2018 – 47
![Page 105: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/105.jpg)
Principles
file.yml
file.yml
Docker Daemonversion: "3"
services:
web:
image: nginx
ports:
- "8080:80"
links:
- database:auth_db
volumes:
- ./site.conf:[...]/default.conf
- ./www:/www
database:
image: mysql
I docker-compose up -d
I docker-compose stop
I docker-compose down
Thomas Calmant - An Introduction to Docker February 2018 – 47
![Page 106: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/106.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 48
5Create a Docker imageBring your own container
![Page 107: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/107.jpg)
PrinciplesDockerfile File describing how the image is builtdocker build Command line to build the Dockerfile
Local cache Local image storedocker push Command line to send the image to a registryDocker registry Image store (public or private)
Dockerfile
Local cacheDocker registry
docker build docker push
Thomas Calmant - An Introduction to Docker February 2018 – 49
![Page 108: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/108.jpg)
Dockerfile: first example
I Objective:I Provide a SOCKS5 proxy found on Gist
I Required environment:
I Debian 9.0 (as it provides Python 3.4)I Python 3.4+
I wget to download the socks5.py script
I Dockerfile available at:http://sed.inrialpes.fr/docker-tuto/index_docker.html
Thomas Calmant - An Introduction to Docker February 2018 – 50
![Page 109: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/109.jpg)
Dockerfile: first example
I Objective:I Provide a SOCKS5 proxy found on Gist
I Required environment:
I Debian 9.0 (as it provides Python 3.4)
I Python 3.4+I wget to download the socks5.py script
I Dockerfile available at:http://sed.inrialpes.fr/docker-tuto/index_docker.html
Thomas Calmant - An Introduction to Docker February 2018 – 50
![Page 110: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/110.jpg)
Dockerfile: first example
I Objective:I Provide a SOCKS5 proxy found on Gist
I Required environment:I Debian 9.0 (as it provides Python 3.4)I Python 3.4+I wget to download the socks5.py script
I Dockerfile available at:http://sed.inrialpes.fr/docker-tuto/index_docker.html
Thomas Calmant - An Introduction to Docker February 2018 – 50
![Page 111: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/111.jpg)
Dockerfile: first example
I Objective:I Provide a SOCKS5 proxy found on Gist
I Required environment:I Debian 9.0 (as it provides Python 3.4)I Python 3.4+I wget to download the socks5.py script
I Dockerfile available at:http://sed.inrialpes.fr/docker-tuto/index_docker.html
Thomas Calmant - An Introduction to Docker February 2018 – 50
![Page 112: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/112.jpg)
Dockerfile: first exampleFROM debian:9.0
Parent imageName: Debian (official)
Tag: 9.0
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 113: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/113.jpg)
Dockerfile: first exampleFROM debian:9.0LABEL maintainer "[email protected]" Meta information
I Maintainer, version, . . .I Visible in docker inspect
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 114: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/114.jpg)
Dockerfile: first exampleFROM debian:9.0LABEL maintainer "[email protected]"
# Ensure a sane environment
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
Environment variablesI Set for the whole containerI Can’t reference current line
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 115: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/115.jpg)
Dockerfile: first exampleFROM debian:9.0LABEL maintainer "[email protected]"
# Ensure a sane environment
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
# Update the image & install some tools
RUN apt-get update --fix-missing && \
apt-get -y dist-upgrade && \
apt-get install -y \
ca-certificates wget python3 && \
apt-get clean
Dependencies setupI Update the system firstI Install only what’s necessaryI Regroup install commandsI Clean up caches immediately
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 116: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/116.jpg)
Dockerfile: first exampleFROM debian:9.0LABEL maintainer "[email protected]"
# Ensure a sane environment
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
# Update the image & install some tools
RUN apt-get update --fix-missing && \
apt-get -y dist-upgrade && \
apt-get install -y \
ca-certificates wget python3 && \
apt-get clean
# Download the SOCKS5 server & set it executable
RUN wget -O /opt/socks5.py \
https://[...]/socks5.py && \
chmod +x /opt/socks5.py && \
sync
Software setupI Avoid keeping temporary filesI Decompress while downloadingI Clean up immediately
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 117: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/117.jpg)
Dockerfile: first exampleFROM debian:9.0LABEL maintainer "[email protected]"
# Ensure a sane environment
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
# Update the image & install some tools
RUN apt-get update --fix-missing && \
apt-get -y dist-upgrade && \
apt-get install -y \
ca-certificates wget python3 && \
apt-get clean
# Download the SOCKS5 server & set it executable
RUN wget -O /opt/socks5.py \
https://[...]/socks5.py && \
chmod +x /opt/socks5.py && \
sync
# Set the default entry point & arguments
ENTRYPOINT ["/usr/bin/python3", "/opt/socks5.py"]
CMD ["-p", "1080"]
Behavior setupI Set default program and
arguments
Thomas Calmant - An Introduction to Docker February 2018 – 51
![Page 118: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/118.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the imageI context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 119: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/119.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the imageI context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 120: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/120.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the image
I context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 121: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/121.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the imageI context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 122: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/122.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the imageI context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 123: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/123.jpg)
Dockerfile: Build an image
Step 1 Download the Dockerfile:http://sed.inrialpes.fr/docker-tuto/socks5/Dockerfile
Step 2 Build the image:docker build -t aubergiste .
I tag (name) of the imageI context: folder where to find files referenced in Dockerfile
Step 3 Run it:docker run --rm -it -p 1080:1080 aubergiste
Step 4 Give it a parameter:docker run --rm -it aubergiste --help
Thomas Calmant - An Introduction to Docker February 2018 – 52
![Page 124: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/124.jpg)
Dockerfile: Basic instructions
DescriptionFROM Parent imageLABEL Metadata to describe the image
ARG Variable to be given at build time
InstructionsENV Sets environment variablesRUN Executes shell commands
SHELL Sets the shell executing RUN commandsWORKDIR Sets the working directory
BehaviorENTRYPOINT Sets the command line to execute ($SHELL by default)
CMD Sets the default arguments for the entry point
Thomas Calmant - An Introduction to Docker February 2018 – 53
![Page 125: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/125.jpg)
Dockerfile: More instructions
FilesCOPY Copies/Downloads a file to the image (recommended)ADD Copies/Downloads and auto-decompresses a file
VOLUME Declares a folder as a data volume
NetworkEXPOSE Declares ports to expose to other containers
User managementUSER Switches to the given user.
The user must have been created with useradd
Thomas Calmant - An Introduction to Docker February 2018 – 54
![Page 126: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/126.jpg)
Dockerfile: Change userFROM debian:9.0
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
Initial layersI Shared with the previous image
Thomas Calmant - An Introduction to Docker February 2018 – 55
![Page 127: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/127.jpg)
Dockerfile: Change userFROM debian:9.0
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
ARG user=karadoc
ARG home=/kaamelott/kitchen
Build argumentsI With a default value
Thomas Calmant - An Introduction to Docker February 2018 – 55
![Page 128: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/128.jpg)
Dockerfile: Change userFROM debian:9.0
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
ARG user=karadoc
ARG home=/kaamelott/kitchen
# Create the user and its directory
RUN mkdir -p $home &&\
useradd $user --home-dir $home && \
chown -R $user: $home
Create the user and its directory
Thomas Calmant - An Introduction to Docker February 2018 – 55
![Page 129: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/129.jpg)
Dockerfile: Change userFROM debian:9.0
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
ARG user=karadoc
ARG home=/kaamelott/kitchen
# Create the user and its directory
RUN mkdir -p $home &&\
useradd $user --home-dir $home && \
chown -R $user: $home
# Switch to the new user
USER $user
Switch to the new userI only a new USER command can
switch back to root
Thomas Calmant - An Introduction to Docker February 2018 – 55
![Page 130: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/130.jpg)
Dockerfile: Change userFROM debian:9.0
ENV LANG=C.UTF-8 \
LC_ALL=C.UTF-8 \
DEBIAN_FRONTEND=noninteractive
ARG user=karadoc
ARG home=/kaamelott/kitchen
# Create the user and its directory
RUN mkdir -p $home &&\
useradd $user --home-dir $home && \
chown -R $user: $home
# Switch to the new user
USER $user
# Change working directory
WORKDIR $home
RUN echo "alias ll=’ls -l’" > ~/.bashrc
Run commands with the new user
Thomas Calmant - An Introduction to Docker February 2018 – 55
![Page 131: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/131.jpg)
Docker images in a nutshell
I Stored as layers of modificationsI Layers are shared between images
I Named in the <name>:<tag> formatI Default tag : latestI The name can be prefixed by the address of a custom registry
I Stored in a Docker RegistryI Either the official Docker Hub (hub.docker.com)I or a private instance of the registry imageI or a compatible registry (Nexus plugin, . . . )
Thomas Calmant - An Introduction to Docker February 2018 – 56
![Page 132: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/132.jpg)
Docker images in a nutshell
I Stored as layers of modificationsI Layers are shared between images
I Named in the <name>:<tag> formatI Default tag : latestI The name can be prefixed by the address of a custom registry
I Stored in a Docker RegistryI Either the official Docker Hub (hub.docker.com)I or a private instance of the registry imageI or a compatible registry (Nexus plugin, . . . )
Thomas Calmant - An Introduction to Docker February 2018 – 56
![Page 133: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/133.jpg)
Docker images in a nutshell
I Stored as layers of modificationsI Layers are shared between images
I Named in the <name>:<tag> formatI Default tag : latestI The name can be prefixed by the address of a custom registry
I Stored in a Docker RegistryI Either the official Docker Hub (hub.docker.com)I or a private instance of the registry imageI or a compatible registry (Nexus plugin, . . . )
Thomas Calmant - An Introduction to Docker February 2018 – 56
![Page 134: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/134.jpg)
Docker images in a nutshell
I Local cache: /var/lib/docker/<driver>
I Available drivers:Overlay2 Replaces AUFS on Debian
AUFS Historic, fallback on Debian flavorDevice Mapper Historic, default on Red Hat flavor
BTRFS Default on Suse, could replace Device MapperZFS “Not recommended [...] unless you have substantial
experience with ZFS on Linux”I Configuration:
I storage-driver in /etc/docker/daemon.json
Thomas Calmant - An Introduction to Docker February 2018 – 57
![Page 135: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/135.jpg)
Docker Registry: where images are found
I Official registry: hub.docker.comI Private registries
I based on the official registry imageI implement the registry REST API (Nexus plugin, . . . )
I Registries must provide a valid certificateI self-signed certificates should be stored in
/etc/docker/certs.d/<registry>/ca.crt to be fullyaccepted
I User authentication using docker login and docker
logout
Thomas Calmant - An Introduction to Docker February 2018 – 58
![Page 136: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/136.jpg)
Docker Registry: where images are found
I Official registry: hub.docker.comI Private registries
I based on the official registry imageI implement the registry REST API (Nexus plugin, . . . )
I Registries must provide a valid certificateI self-signed certificates should be stored in
/etc/docker/certs.d/<registry>/ca.crt to be fullyaccepted
I User authentication using docker login and docker
logout
Thomas Calmant - An Introduction to Docker February 2018 – 58
![Page 137: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/137.jpg)
Setup a Docker registry
Step 1 Download the composition setup at:http://sed.inrialpes.fr/docker-tuto/index_docker.html
Step 2 Decompress the file and run the composition:docker-compose up -d
(download can take a while)Step 3 Wait for the server to come up: https://localhost
Thomas Calmant - An Introduction to Docker February 2018 – 59
![Page 138: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/138.jpg)
Docker image: commands
Step 4 Build an image:docker build -t aubergiste:1.0 .
Step 5 Tag it as latest:docker tag aubergiste:1.0 aubergiste
Step 6 See the content of the local cache:docker images
Thomas Calmant - An Introduction to Docker February 2018 – 60
![Page 139: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/139.jpg)
Docker image: commands
Step 4 Build an image:docker build -t aubergiste:1.0 .
Step 5 Tag it as latest:docker tag aubergiste:1.0 aubergiste
Step 6 See the content of the local cache:docker images
Thomas Calmant - An Introduction to Docker February 2018 – 60
![Page 140: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/140.jpg)
Docker image: commands
Step 4 Build an image:docker build -t aubergiste:1.0 .
Step 5 Tag it as latest:docker tag aubergiste:1.0 aubergiste
Step 6 See the content of the local cache:docker images
Thomas Calmant - An Introduction to Docker February 2018 – 60
![Page 141: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/141.jpg)
Docker image: commands
Step 7 Tag the image for a private registry:docker tag aubergiste localhost/aubergiste
Step 8 Upload it:docker push localhost/aubergiste
Step 9 Remove the local reference:docker rmi aubergiste
Thomas Calmant - An Introduction to Docker February 2018 – 61
![Page 142: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/142.jpg)
Docker image: commands
Step 7 Tag the image for a private registry:docker tag aubergiste localhost/aubergiste
Step 8 Upload it:docker push localhost/aubergiste
Step 9 Remove the local reference:docker rmi aubergiste
Thomas Calmant - An Introduction to Docker February 2018 – 61
![Page 143: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/143.jpg)
What about docker commit?
I Principle: save the current state of a container as a imageI Some use cases:
I when an application setup is interactiveI when the setup comes from a volumeI when the setup is large (10GB+)
I Usage:docker commit ${CID} <image>:<tag>
Thomas Calmant - An Introduction to Docker February 2018 – 62
![Page 144: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/144.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 63
6Security(kind of)
![Page 145: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/145.jpg)
What Docker is about
I Docker isolates processes from the host
I Untrusted applications should be executed with high isolationI Avoid loosing the leash:
I Avoid --privilegedI Don’t add capabilities to the containerI Don’t disable namespaces
I Docker doesn’t isolate the user from the hostI A user in the docker is root on the machineI Not suitable for children (and untrusted users)
I “With Great Power Comes Great Responsibility”
docker run --rm -it -v /:/mnt/host debian
Thomas Calmant - An Introduction to Docker February 2018 – 64
![Page 146: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/146.jpg)
What Docker is about
I Docker isolates processes from the hostI Untrusted applications should be executed with high isolation
I Avoid loosing the leash:I Avoid --privilegedI Don’t add capabilities to the containerI Don’t disable namespaces
I Docker doesn’t isolate the user from the hostI A user in the docker is root on the machineI Not suitable for children (and untrusted users)
I “With Great Power Comes Great Responsibility”
docker run --rm -it -v /:/mnt/host debian
Thomas Calmant - An Introduction to Docker February 2018 – 64
![Page 147: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/147.jpg)
What Docker is about
I Docker isolates processes from the hostI Untrusted applications should be executed with high isolationI Avoid loosing the leash:
I Avoid --privilegedI Don’t add capabilities to the containerI Don’t disable namespaces
I Docker doesn’t isolate the user from the hostI A user in the docker is root on the machineI Not suitable for children (and untrusted users)
I “With Great Power Comes Great Responsibility”
docker run --rm -it -v /:/mnt/host debian
Thomas Calmant - An Introduction to Docker February 2018 – 64
![Page 148: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/148.jpg)
What Docker is about
I Docker isolates processes from the hostI Untrusted applications should be executed with high isolationI Avoid loosing the leash:
I Avoid --privilegedI Don’t add capabilities to the containerI Don’t disable namespaces
I Docker doesn’t isolate the user from the hostI A user in the docker is root on the machineI Not suitable for children (and untrusted users)
I “With Great Power Comes Great Responsibility”
docker run --rm -it -v /:/mnt/host debian
Thomas Calmant - An Introduction to Docker February 2018 – 64
![Page 149: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/149.jpg)
What Docker is about
I Docker isolates processes from the hostI Untrusted applications should be executed with high isolationI Avoid loosing the leash:
I Avoid --privilegedI Don’t add capabilities to the containerI Don’t disable namespaces
I Docker doesn’t isolate the user from the hostI A user in the docker is root on the machineI Not suitable for children (and untrusted users)
I “With Great Power Comes Great Responsibility”
docker run --rm -it -v /:/mnt/host debian
Thomas Calmant - An Introduction to Docker February 2018 – 64
![Page 150: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/150.jpg)
User namespace remap
I All actions from the container are seen as subuser’s onesI Privileged mode is disabledI Configure the daemon: /etc/docker/daemon.conf
I Activate User Namespace Remap: userns-remap: default
I Or, with a given sub user:I The user must exist in /etc/passwdI Configure the daemon: userns-remap: bohortI Set the /etc/subuid: bohort:100000:65536I Set the /etc/subgid: bohort:100000:65536
Thomas Calmant - An Introduction to Docker February 2018 – 65
![Page 151: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/151.jpg)
Why not?
I docker run -it -d
--privileged --net=host
-v /:/host
-v /dev:/dev -v /run:/run
-e sysimage=/host
debian
I Inside the container:I nsenter --mount=$sysimage/proc/1/ns/mnt --
/bin/bash↪→
Thomas Calmant - An Introduction to Docker February 2018 – 66
![Page 152: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/152.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 67
7Scale up with Swarm
![Page 153: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/153.jpg)
What is Docker Swarm ?
I Docker on a multi-host clusterI Based on overlay networks
(linking local bridge networks)
I Adds the concept of serviceI Containers replicated or not on multiple machinesI Restarted automaticallyI Migrated on host failure
I At least one manager, no limit on workersI Managers act like workersI All nodes keep track of the Swarm state: the Swarm can fully
restart if at least one node stays aliveI swarm commands can only be run on managers
Thomas Calmant - An Introduction to Docker February 2018 – 68
![Page 154: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/154.jpg)
What is Docker Swarm ?
I Docker on a multi-host clusterI Based on overlay networks
(linking local bridge networks)I Adds the concept of service
I Containers replicated or not on multiple machinesI Restarted automaticallyI Migrated on host failure
I At least one manager, no limit on workersI Managers act like workersI All nodes keep track of the Swarm state: the Swarm can fully
restart if at least one node stays aliveI swarm commands can only be run on managers
Thomas Calmant - An Introduction to Docker February 2018 – 68
![Page 155: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/155.jpg)
What is Docker Swarm ?
I Docker on a multi-host clusterI Based on overlay networks
(linking local bridge networks)I Adds the concept of service
I Containers replicated or not on multiple machinesI Restarted automaticallyI Migrated on host failure
I At least one manager, no limit on workersI Managers act like workersI All nodes keep track of the Swarm state: the Swarm can fully
restart if at least one node stays aliveI swarm commands can only be run on managers
Thomas Calmant - An Introduction to Docker February 2018 – 68
![Page 156: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/156.jpg)
Setup a Swarm
I On the first manager host (swarm leader):I docker swarm initI docker swarm join-token managerI docker swarm join-token worker
I On other hosts (swarm nodes):I docker swarm join --token SWMTKN-...\
<manager-IP>:2377
Thomas Calmant - An Introduction to Docker February 2018 – 69
![Page 157: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/157.jpg)
Nodes Handling
I Nodes inspection:I docker node lsI docker node inspect <node>I docker node ps <node>I docker node rm <node>
I Node mode switch:I docker node promote <node>I docker node demote <node>
Thomas Calmant - An Introduction to Docker February 2018 – 70
![Page 158: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/158.jpg)
Nodes Handling
I Nodes inspection:I docker node lsI docker node inspect <node>I docker node ps <node>I docker node rm <node>
I Node mode switch:I docker node promote <node>I docker node demote <node>
Thomas Calmant - An Introduction to Docker February 2018 – 70
![Page 159: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/159.jpg)
Define a service
I Similar capabilities as the run commandI Useful commands:
I docker service create ...I docker service lsI docker service ps <service>I docker service rm <service>
I Sample:docker service create --name postgres \
--env POSTGRES_PASSWORD="toto" \
--env POSTGRES_USER=hive \
--env POSTGRES_DB=metastore \
postgres:9.5
Thomas Calmant - An Introduction to Docker February 2018 – 71
![Page 160: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/160.jpg)
Define a service
I Similar capabilities as the run commandI Useful commands:
I docker service create ...I docker service lsI docker service ps <service>I docker service rm <service>
I Sample:docker service create --name postgres \
--env POSTGRES_PASSWORD="toto" \
--env POSTGRES_USER=hive \
--env POSTGRES_DB=metastore \
postgres:9.5
Thomas Calmant - An Introduction to Docker February 2018 – 71
![Page 161: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/161.jpg)
Docker Swarm: StacksI Compatible with docker-compose V3 files
I With some limitations: no links (mandatory use of networks)I And some new capabilities: deploy configuration
I docker deploy --compose-file ./hdfs stack.yml hdfs
version: ’3’
services:
namenode:
image: registry/hdfs-namenode
env_file: ./hadoop.env
environment:
CLUSTER_NAME: tyrex
ports:
- "8020:8020"
- "50070:50070"
networks:
- tls-net
volumes:
- /local/namenode:/dfs/name
deploy:
placement:
constraints:
- node.hostname == realhost
datanode:
image: registry/hdfs-datanode
env_file: ./hadoop.env
networks:
- tls-net
volumes:
- /local/datanode:/dfs/data
deploy:
mode: global
networks:
tls-net:
external: true
Thomas Calmant - An Introduction to Docker February 2018 – 72
![Page 162: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/162.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 73
8Miscellaneous
![Page 163: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/163.jpg)
Moby project
libnetwork
composeruncgrpc
linuxkitregistrynotaryinfrakit
swarmkitcontainerd
Moby Project
Docker CE Docker EE
Thomas Calmant - An Introduction to Docker February 2018 – 74
![Page 164: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/164.jpg)
Docker on Nvidia
I Requires a working CUDA installation on the hostI Requires the CUDA driver and libraries in each containerI Provides a special volume allowing access to the GPUs
I The nvidia-docker command wraps the docker one toalways add this volume
I Other volumes must be attached using a Named Volume
Thomas Calmant - An Introduction to Docker February 2018 – 75
![Page 165: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/165.jpg)
Docker on ARM
I Same Docker release as desktopI Only works with arm images
I Most are from armhf on the Docker HubI https://hub.docker.com/u/armhf/
I Sample usage on a Raspberry Pi:I http://blog.alexellis.io/
getting-started-with-docker-on-raspberry-pi/
Thomas Calmant - An Introduction to Docker February 2018 – 76
![Page 166: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/166.jpg)
Docker on Windows
I Requires Windows 10 Pro or Windows Server 2016I with the “Containers” and “Hyper-V” features
I Two base images are available:I microsoft/windowsservercoreI microsoft/nanoserver (for 64 bits apps only)
I Isolation based on processes or Hyper-VI docker info:
[...]
Server Version: 17.03.1-ce
Storage Driver: windowsfilter
Plugins:
Network: l2bridge l2tunnel nat null overlay transparent
Default Isolation: hyperv
Kernel Version: 10.0 14393 (14393.953...)
Docker Root Dir: C:\ProgramData\Docker
[...]
Thomas Calmant - An Introduction to Docker February 2018 – 77
![Page 167: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/167.jpg)
Docker on Windows
FROM microsoft/windowsservercore
SHELL ["powershell", "-Command", "$ErrorActionPreference = ’Stop’;"]
# Install Python
RUN (new-object System.Net.WebClient).Downloadfile( \
’https://www.python.org/ftp/python/3.5.3/python-3.5.3.exe’, \
’C:\python-setup.exe’)
RUN start-process -filepath C:\python-setup.exe -passthru -wait \
-argumentlist ’/quiet InstallAllUsers=1 TargetDir=C:\Python35 ’ \
’CompileAll=1 PrependPath=1 Shortcuts=0 Include_tcltk=0’
RUN del C:\python-setup.exe
# Update environment
ENV PYTHONIOENCODING=utf-8:replace PYTHON_HOME="c:\Python35"
ENV PATH="${PYTHON_HOME};${PYTHON_HOME}\Scripts;C:\Windows\System32;${PATH}"
# Install requirements
RUN python -m pip install --upgrade pip
Thomas Calmant - An Introduction to Docker February 2018 – 78
![Page 168: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/168.jpg)
Thanks for your attention
Credits:I CommitStripI LaurelI xkcd
Thomas [email protected]
SED/TyrexMontbonnot-Saint-Martin
![Page 169: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/169.jpg)
Thomas Calmant - An Introduction to Docker February 2018 – 80
![Page 170: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/170.jpg)
Bearded man’s cheat sheet
I A posteriori port forwarding:I docker exec <CID> ip addr | grep 172.I iptables -t nat -A DOCKER -p tcp --dport 9000
-j DNAT --to-destination <CIP>:8080
Thomas Calmant - An Introduction to Docker February 2018 – 81
![Page 171: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/171.jpg)
A word about rkt
I Started in 2014 to “fix” some Docker flawsI Aims security (versus usability)
I No central root daemonI Compatible with the OpenContainer specification
I . . . so with Docker imagesI Same conflict as “vim vs. emacs” or “etcd vs. consul”
Thomas Calmant - An Introduction to Docker February 2018 – 82
![Page 172: An Introduction to · 2018-12-05 · 2015/06Open Container Initiative (by Docker) Thomas Calmant - An Introduction to DockerFebruary 2018 – 6. Virtualization vs. Isolation Type](https://reader034.vdocuments.us/reader034/viewer/2022043007/5f937c18ece3e63c8d06f0f8/html5/thumbnails/172.jpg)
Docker’s Ecosystem
...
Docker EE
Docker, Inc
Docker CE
moby
libnetwork
swarmkit
...
Thomas Calmant - An Introduction to Docker February 2018 – 83