Intro To Docker

INTRO TO DOCKER
ACT-W 2017
jessica lucci // @luccacabra

OVERVIEW
● What is Docker?
● What are … ?
○ Images
○ Layers
○ Dockerfiles
○ Containers
○ Registries
● How do I build effective images?
● How do I deploy containers?

WHAT IS DOCKER
“an open platform for developing, shipping and running applications”

Images
“read-only template with instructions for creating a Docker container”

Dockerfile // Part 1
list of directives that provide instructions on how to build an image;
each directive creates a unionFS layer
https://docs.docker.com/engine/reference/builder/

FROM LABEL
RUN CMD
EXPOSE ENV
ADD or COPY ENTRYPOINT
VOLUME USER
WORKDIR ONBUILD

● Order matters
○ Every diff is unique
● Size matters
○ large docker images == bad docker images
● Put least likely to change directives at top of file
● Clean up after commands
○ e.g., `rm -rf /var/lib/apt/lists/*`
● Combine similar commands
○ e.g., `RUN yum install epel; RUN yum install docker -> RUN yum install epel docker`
● Layer “state” resets at each new layer
● Use least privilege
○ Root by default

index.js
const express = require('express')
const app = express()
app.get('/', function (req, res) {
res.send('Hello World!')
})
app.listen(3000, function () {
console.log('Example app listening on port 3000!')
})

package.json
{
"name": "docker-demo-app",
"version": "1.0.0",
"description": "intro to docker workshop demo app",
"main": "index.js",
"dependencies": {
"express": "^4.15.3"
}
}

docker build
● Build context
○ Remote context
■ docker build URL
○ Single file
■ docker build - < file
● Common options
○ -t <name>
○ --build-arg <build time arguments>
○ -f <dockerfile name>

docker.registry.com:5000/happy/image:1.0
registry:port
repository
tag
Image Name

docker build
docker build -t docker-demo-app .

Containers
“runnable instance of an image”
or, programmatically created isolated environments that allow you to easily create
and reproduce the same functionality across multiple systems and platforms

docker run
● OPTIONS
○ -d <detach>
○ -v <host volume:container volume>
○ -p <host port:container port>
○ -e/--env/--env-file < environment variables>
○ --name <container name>
● IMAGE
○ Image name
● COMMAND
○ Override entrypoint
● ARG…
○ Runtime arguments

docker run
docker run --name docker-demo-app -d -p 127.0.0.1:3000:3000
docker-demo-app

Layers
● Each layer is an instruction in a Dockerfile
● Each layer is only a diff of the layer before it
● All layers except last are read-only
○ Last layer is copy on write

Layers
docker image history docker-demo-app

Layers - Images
“read-only template with instructions for creating a Docker container”

Layers
“When you create a new container, you add a new writable
layer on top of the underlying layers. ... All changes made to the
running container, such as writing new files, modifying existing
files, and deleting files, are written to this thin writable container
layer”

Containers
● “runnable instance of an image”
○ or, programmatically created isolated environments that allow you to easily
create and reproduce the same functionality across multiple systems and
platforms
● 3 main components
○ Namespaces
○ Control groups
○ Union filesystems

Containers - UnionFS
“a union mount for other file systems [that] allows files and directories of
separate file systems, known as branches, to be transparently overlaid, forming
a single coherent file system”

Containers - namespaces
“wraps a global system resource in an abstraction that makes it appear to the
processes within the namespace that they have their own isolated instance of
the global resource”

Process 1
user
Process 2user/p2
user/p1

$ export CPID=$(docker inspect docker-demo-app --format
'{{.State.Pid}}, {{.ID}}' | awk -F , '{print $1}')
$ ls -al /proc/$CPID/ns

Containers - cgroups
“a Linux kernel feature that allows processes to be organized into hierarchical
groups whose usage of various types of resources can then be limited and
monitored”

Containers - CGroups
$ docker rm -f docker-demo-app
$ docker run --name docker-demo-app -d -p 127.0.0.1:3000:3000 -m
500M docker-demo-app
$ export CPID=$(docker inspect docker-demo-app --format
$ ps -o cgroup $CPID
$ export HASH=$(docker inspect docker-demo-app --format
$ cat /sys/fs/cgroup/memory/docker/$HASH/memory.limit_in_bytes

Containers - CGroups
$ docker run -d --name 'low-prio' --cpuset-cpus=0 --cpu-shares=20
busybox md5sum /dev/urandom
$ docker run -d --name 'high-prio' --cpuset-cpus=0 --cpu-shares=80
busybox md5sum /dev/urandom
$ top
$ docker rm -f high-prio low-prio

Registry
● Public v. Private
● API v2 Spec
○ Managed via docker client
● Account set-up

docker push
docker push <username>/docker-demo-app

Container Orchestration & Management
“Manage applications across distributed environment”
Swarm
Kubernetes
Mesos

Sauce
● https://www.cloudsigma.com/manage-docker-resources-with-cgroups/
● http://man7.org/linux/man-pages/man7/cgroups.7.html
● http://man7.org/linux/man-pages/man7/namespaces.7.html
● https://en.wikipedia.org/wiki/Namespace
● https://en.wikipedia.org/wiki/UnionFS
● https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#images-and-layers
● https://nodejs.org/en/docs/guides/nodejs-docker-webapp/
● http://expressjs.com/en/starter/hello-world.html

Intro To Docker

More Related Content

Intro To Docker