introduction to docker
TRANSCRIPT
Walid AshrafResearcher , Software Developer, Instructor
about.me/WalidAshraf
INTRODUCTION TO DOCKER
Docker - Walid Ashraf
Table of ContentsWhat are Containers?
What is Docker?
Docker Architecture
A small journey under the hood
Docker Eco System
Docker - Walid Ashraf
What is Virtualization ?
Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources - Wikipedia.
It’s all about abstraction.
Docker - Walid Ashraf
What are Containers?Container virtualization or Operating System-level virtualization where the kernel of an operating system allows for multiple isolated user space instances, instead of just one – Wikipedia.
Its all about sandboxing.
Containers are also know as lightweight Virtualization.
Docker - Walid Ashraf
Docker - Walid Ashraf
What is Docker?
Docker - Walid Ashraf
What is Docker?
Docker is an open platform for developing, shipping, and running applications.
Docker combines a lightweight container virtualization platform with workflows and tooling that help you manage and deploy your applications.
With Docker you can separate your applications from your infrastructure AND treat your infrastructure like a managed application.
Docker helps you ship code faster, test faster, deploy faster, and shorten the cycle between writing code and running code.
Docker - Walid Ashraf
Docker’s architecture?
Docker - Walid Ashraf
Docker Client and Server
Docker contains a server or daemon, which, in turn, does all the work.
Docker ships with a command line client, Docker, as well as a full RESTful API.
You can run the Docker daemon and client on the same host or connect your local Docker client to a remote daemon running on another host.
Docker - Walid Ashraf
Docker Images
You can consider images to be the "source code" for your containers.
They are a layered format, using Union file systems (AUFS, BTRFS), that are built step-by-step using a series of instructions.
• Add a file.
• Run a command.
• Open a port.
They are highly portable and can be shared, stored, and updated.
Docker - Walid Ashraf
Registries
Docker stores the images you build in registries.
There are two types of registries: public and private.
• The Docker Hub also contains, at last count, over 400K image that other people have built and shared.
• Want a Docker image for an Nginx web server, the Asterisk open source PABX system, or a MySQL database? All of these are available, along with a whole lot more.
• You can also store images that you want to keep private on the Docker Hub.
• These images might include source code or other proprietary information you want to keep secure or only share with other members of your team or organization.
Docker, Inc., operates the public registry for images, called the Docker Hub.
Also you can create you own Registry behind the fire wall.
Docker - Walid Ashraf
A SMALL JOURNEY UNDER THE HOOD
Docker - Walid Ashraf
What happens when you start a container
Pulls the image (if its not there)
Allocates a filesystem and mounts a read-write layer
Start the container !!!
Allocates a network / bridge interface
Executes a process that you specify: Runs your application.
Docker - Walid Ashraf
Docker Engine and OS
Docker - Walid Ashraf
kernel namespaces
A namespace are the actual virtualization component of containers where it wraps a resource and create a fixed and abstracted system view of the underlying OS.
There are 6 Name Spaces:
• PID namespace provides isolation for the allocation of process identifiers (PIDs)
• Network namespace isolates the network interface controllers (physical or virtual), iptables firewall rules, routing tables etc.
• "UTS" namespace allows changing the hostname.
• Mount namespace allows creating a different file system layout, or making certain mount points read-only.
• IPC namespace isolates the System V inter-process communication between namespaces.
• User namespace isolates the user IDs between namespaces.
Docker - Walid Ashraf
Control Groups (Cgroups)Resource limitation
Groups can be set to not exceed a configured memory limit, which also includes the file system cache.
Prioritization Some groups may get a larger share of CPU utilization or disk I/O throughput.
Accounting Measures how much resources certain systems use, which may be used, for example, for billing purposes.
Control Freezing the groups of processes, their checkpointing and restarting
Docker - Walid Ashraf
CapabilitiesIt configures the set of operations to be executed CAP_CHOWN Make arbitrary changes to file UIDs and GIDs
Also it configures the allowed mounted devices
Docker - Walid Ashraf
THE DOCKER ECO SYSTEM
Docker - Walid Ashraf
Docker Now
Docker - Walid Ashraf
The Docker Eco SystemRegistry(Docker Hub)
Private Version (Docker Trusted Registry)
Clustering (Docker Swarm…)
Orchestration (Docker Compose…)
Docker Cloud
Universal Control Plane
https://www.mindmeister.com/fr/389671722/open-container-ecosystem-formerly-docker-ecosystem
Docker - Walid Ashraf
The Docker Quote
Develop, Ship and Run Any
Application, Anywhere
Docker - Walid Ashraf
Container, The real Write Once run Every Where
Docker - Walid Ashraf23