introduction to docker

23
Walid Ashraf Researcher , Software Developer, Instructor about.me/WalidAshraf INTRODUCTION TO DOCKER

Upload: walid-ashraf

Post on 10-Jan-2017

85 views

Category:

Technology


0 download

TRANSCRIPT

Walid AshrafResearcher , Software Developer, Instructor

about.me/WalidAshraf

INTRODUCTION TO DOCKER

Docker - Walid Ashraf

Table of ContentsWhat are Containers?

What is Docker?

Docker Architecture

A small journey under the hood

Docker Eco System

Docker - Walid Ashraf

What is Virtualization ?

Virtualization refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources - Wikipedia.

It’s all about abstraction.

Docker - Walid Ashraf

What are Containers?Container virtualization or Operating System-level virtualization where the kernel of an operating system allows for multiple isolated user space instances, instead of just one – Wikipedia.

Its all about sandboxing.

Containers are also know as lightweight Virtualization.

Docker - Walid Ashraf

Docker - Walid Ashraf

What is Docker?

Docker - Walid Ashraf

What is Docker?

Docker is an open platform for developing, shipping, and running applications.

Docker combines a lightweight container virtualization platform with workflows and tooling that help you manage and deploy your applications.

With Docker you can separate your applications from your infrastructure AND treat your infrastructure like a managed application.

Docker helps you ship code faster, test faster, deploy faster, and shorten the cycle between writing code and running code.

Docker - Walid Ashraf

Docker’s architecture?

Docker - Walid Ashraf

Docker Client and Server

Docker contains a server or daemon, which, in turn, does all the work.

Docker ships with a command line client, Docker, as well as a full RESTful API.

You can run the Docker daemon and client on the same host or connect your local Docker client to a remote daemon running on another host.

Docker - Walid Ashraf

Docker Images

You can consider images to be the "source code" for your containers.

They are a layered format, using Union file systems (AUFS, BTRFS), that are built step-by-step using a series of instructions.

• Add a file.

• Run a command.

• Open a port.

They are highly portable and can be shared, stored, and updated.

Docker - Walid Ashraf

Registries

Docker stores the images you build in registries.

There are two types of registries: public and private.

• The Docker Hub also contains, at last count, over 400K image that other people have built and shared.

• Want a Docker image for an Nginx web server, the Asterisk open source PABX system, or a MySQL database? All of these are available, along with a whole lot more.

• You can also store images that you want to keep private on the Docker Hub.

• These images might include source code or other proprietary information you want to keep secure or only share with other members of your team or organization.

Docker, Inc., operates the public registry for images, called the Docker Hub.

Also you can create you own Registry behind the fire wall.

Docker - Walid Ashraf

A SMALL JOURNEY UNDER THE HOOD

Docker - Walid Ashraf

What happens when you start a container

Pulls the image (if its not there)

Allocates a filesystem and mounts a read-write layer

Start the container !!!

Allocates a network / bridge interface

Executes a process that you specify: Runs your application.

Docker - Walid Ashraf

Docker Engine and OS

Docker - Walid Ashraf

kernel namespaces

A namespace are the actual virtualization component of containers where it wraps a resource and create a fixed and abstracted system view of the underlying OS.

There are 6 Name Spaces:

• PID namespace provides isolation for the allocation of process identifiers (PIDs)

• Network namespace isolates the network interface controllers (physical or virtual), iptables firewall rules, routing tables etc.

• "UTS" namespace allows changing the hostname.

• Mount namespace allows creating a different file system layout, or making certain mount points read-only.

• IPC namespace isolates the System V inter-process communication between namespaces.

• User namespace isolates the user IDs between namespaces.

Docker - Walid Ashraf

Control Groups (Cgroups)Resource limitation

Groups can be set to not exceed a configured memory limit, which also includes the file system cache.

Prioritization Some groups may get a larger share of CPU utilization or disk I/O throughput.

Accounting Measures how much resources certain systems use, which may be used, for example, for billing purposes.

Control Freezing the groups of processes, their checkpointing and restarting

Docker - Walid Ashraf

CapabilitiesIt configures the set of operations to be executed CAP_CHOWN Make arbitrary changes to file UIDs and GIDs

Also it configures the allowed mounted devices

Docker - Walid Ashraf

THE DOCKER ECO SYSTEM

Docker - Walid Ashraf

Docker Now

Docker - Walid Ashraf

The Docker Eco SystemRegistry(Docker Hub)

Private Version (Docker Trusted Registry)

Clustering (Docker Swarm…)

Orchestration (Docker Compose…)

Docker Cloud

Universal Control Plane

https://www.mindmeister.com/fr/389671722/open-container-ecosystem-formerly-docker-ecosystem

Docker - Walid Ashraf

The Docker Quote

Develop, Ship and Run Any

Application, Anywhere

Docker - Walid Ashraf

Container, The real Write Once run Every Where

Docker - Walid Ashraf23