Introduction To Docker And Docker Compose

DevOps and DigitalOcean meetup, Bangalore

whoami● Lalatendu Mohanty

● @lalatenduM on Twitter

● Software Engineer at Red Hat

● lalatendu.org

Docker

What we want?● Scalability, maintainability, Agility, Portability.

● DevOps tools.

● Improved resource utilization.

● A continuum of abstraction levels.

Linux Containers● Use Linux kernel isolation features to give a VM like environment.

● Process isolation /Sandboxing.

● Example: Lxc, lmctfy, Docker, Rkt

Docker● An easy to use Linux container technology.

● Docker image format.

● It helps in application packaging and delivery.

Docker is a tool that can package an application and its dependencies in a virtual

container that can run on any Linux server. This helps enable flexibility and portability

on where the application can run, whether on premises, public cloud, private cloud,

bare metal, etc. (Wikipedia)

Docker Vs VirtualizationPositive expects of Docker:

● Lighter than Virtual machines.

● Size of docker images are very small compared

● We can run more docker containers on a reasonably sized host.

● Deploying and scaling is relatively easy.

● Containers have less startup time.

Docker Vs VirtualizationDownside:

● Containers share a single kernel on a host.

● Less secure.

● You might need to redesign your application to take benefits.

Technologies behind docker● Control groups:

○ Control Groups are another key component of Linux Containers

○ With Cgroup we can implement resource accounting and limiting.

○ Ensure that each container gets its fair share of memory, CPU, disk I/O.

○ Thanks to Cgroup, we can make sure that single container cannot bring the system down by

exhausting resources.

● Union file systems:

○ Layered file system so you can have a read only part and a write part, and merge those together.

○ Docker images made up with are layers.

Technologies behind dockerNamespaces

● It helps to create isolated workspace for each process.

● When you run a container, Docker creates a set of namespaces for that container.

SELinux

● SELinux provides secure separation of containers by applying SELinux policy and

labels.

Technologies behind dockerCapabilities:

● By default Docker drops all capabilities except those needed.

● "root" within a container has much less privileges than the real "root".

● The best practice for users would be to remove all capabilities except those

explicitly required for their processes.

● Even if an intruder manages to escalate to root within a container, it will be much

harder to do serious damage, or to escalate to the host

Components● Docker Images

● Docker containers

● Docker Hub

● Docker Registry

● Docker daemon

● Docker client.

Docker Components

Dockerfiles● Dockerfile is a text document that contains all the commands a user could call on

the command line to assemble an image.

● docker build can build images using Dockerfile.

● https://github.com/fedora-cloud/Fedora-Dockerfiles

DemoLink to workshop: http://bit.ly/1Ubah8o

Docker Compose

Let's talk about real life applications first!● One application consists of multiple containers.

● One container is dependent on another.

● Mutual dependency/ startup order.

● Process involves building containers and then deploy them

● Long docker run commands

● Complexity is proportional to the number of containers involved.

But it is supposed to make our life easy, isn’t it?

Docker Compose● Tool for defining and running multi-container Docker application.

● It is a YML file.

● Compose contains information about how to build the containers and deploy

containers.

● Integrated with Docker Swarm.

● Competes with Kubernetes.

Example● https://docs.docker.com/compose/wordpress/

● https://github.com/docker/example-voting-app

Demo

Questions?

References● https://docs.docker.com/compose/overview/

● https://docs.docker.com/compose/startup-order/

● https://docs.docker.com/compose/compose-file/