DOCKER 101Raju Gandhi

RAJU GANDHI! " # @LOOSELYTYPED CTO - INTEGRALLIS SOFTWARE

WHY?

BUILD ONCE, RUN ANYWHERE

Image

Registry

Container

pullpush

commit run

WHY?

- Local application development and testing

- Team (and OSS) collaboration

- Ci/Cd

CONTAINERS?

CGROUPS

NAMESPACES

JAILS

CONTAINERS

- A container is a lightweight virtual runtime*

- Share the host kernel

- CPU/Memory/Network/File system isolation

- Own their on hostname, users, networking stack

NAMESPACES

“What you can see”

NAMESPACES

• Isolation of • Users • Filesystem • Process trees • Network • IPC

CGROUPS

“What you can use”

CGROUPS

• Limiting/Metering/ACL • CPU • Memory • I/O • Network • Device permissions

VM? CONTAINERS?

Server

Host OS

Hypervisor

Guest OS

Libs

App A

Guest OS

Libs

App A*

Guest OS

Libs

App B

VM

Server

Host OS

Docker Engine

Libs

Libs

App A

App A*

App A

App A*

App A

App A*

Server

Host OS

Hypervisor

Guest OS

Libs

App A

Guest OS

Libs

App A*

Guest OS

Libs

App B

VM

Container

Libs

Libs

Libs

Libs

TERMINOLOGY

TERMINOLOGY

- Docker Engine

- Docker client

- Dockerfile

- Docker Machine

- Docker Compose

- Docker Stack

- Docker Swarm

- Docker Hub

INSTALLATION

INSTALLATION

https://www.docker.com/products/overview

WORKFLOW

client

Dockerfile

Image Registry

Container

build

push

run create start

pull

Modifies

commit

docker engine

WHAT IS A CONTAINER?

Host OS (Kernel)

Base Image

Writeable layer

your changes

Image

Container

Host OS (Kernel)

Base Image

New Layer

commit

Image

Host OS (Kernel)

Base Image

New Layer

Image

run

Writeable layer Container

NETWORK

Logical Host Interface

Docker Bridge

Container

docker run -it --net none --rm alpine /bin/sh

Logical Host Interface

Docker Bridge

Container

docker run -it --rm alpine /bin/sh

Container Interface

Logical Host Interface

Docker Bridge

Container

docker run -it --rm -p 8080:8080 alpine /bin/sh

Container Interface

VOLUME

Host filesystem

Container

docker run -it --rm ubuntu /bin/bash

Docker managed space

Host filesystem

Container

docker run -it -v /host/path:/tmp ubuntu /bin/bash

Docker managed space

DOCKER COMPOSE

DOCKER COMPOSE

• A system is usually made up of multiple containers • Containers depend on each other

• Orchestration • Single host

DOCKER COMPOSE

• Define multi-container applications in a single file • Supports scaling, healing • Single host

serviceB

serviceA

db

Dockerfile

docker-compose.yml

config

Dockerfile

config

Dockerfile

config

depends_on

CONS

CONS

- Orchestration/composition tooling still rudimentary

- Native Docker implementations still buggy

- Most existing monitoring/logging are host centric, not process centric

THANKS!!

Blank Page