Mod 1

Docker
Fundamentals
Day 1
Course Content – Day 1
◦ Introducing Docker
◦ Containerization Fundamentals
◦ Installation and Configuration
◦ Introduction to Docker Client
◦ Docker networking
◦ Creating Images through Docker Server
Introducing Docker
DOCKER HISTORY
◦ Docker Inc. was founded by Solomon Hykes and Sebastien Pahl during the Y Combinator Summer 2010
startup incubator group and launched in 2011
◦ Hykes started the Docker project in France as an internal project within dotCloud, a platform-as-a-service
company
◦ A PAAS provider project
◦ Initial commit January 18, 2013
◦ Docker 0.1.0 released March 25, 2013
◦ At the time, it used LXC as its default execution environment
◦ One year later, with the release of version 0.9, Docker replaced LXC with its own component, which was
written in the Go programming language
◦ 18,600+ github stars, 3800+ forks, 740 Contributors…. and growing
◦ SOURCE: Wikipedia
What is Docker ?
◦ Open platform for developers and sysadmins to build, ship and run distributed applications
◦ Can run on popular 64-bit Linux distributions with kernel 3.8 or later
◦ Latest development allows docker to be adapted by Windows Platform
◦ Supported by several cloud platforms including Amazon EC2, Google Compute Engine, Rackspace, Azure.
Features….
◦ Light-Weight
o Minimal overhead (cpu/io/network)
o Based on Linux containers
o Uses layered filesystem to save space (AUFS/LVM)
o Uses a copy-on-write filesystem to track changes
Features….
◦ Portable
o Can run on any Linux system
o Raspberry pi support.
o Support for other operating systems (Solaris, OSX, Windows)
Features….
◦ Self-sufficient
o A Docker container contains everything it needs to run
o Minimal Base OS
o Libraries and frameworks
o Application code
o A docker container should be able to run anywhere that Docker can run
The Challenge……
Cargo Transport Pre-1960……
Solution: Intermodal Shipping Container……
Docker is a Container System for Code……
Why it Works: Separation of Concerns……
Docker Architecture……
Docker Engine
– CLI
– Docker Daemon
– Docker Registry
• Docker Hub
– Cloud service
• Share Applications
• Automate workflows
• Assemble apps from components
• Docker images
• Docker containers
Docker images……
◦ NOT A VHD
◦ NOT A FILESYSTEM
◦ uses a Union File System
◦ do not have state
◦ Basically a tar file
◦ Has a hierarchy
• Arbitrary depth
• Fits into the Docker Registry
Docker Containers...
Units of software delivery (ship it!)
● run everywhere
– regardless of kernel version
– regardless of host distro
– (but container and host architecture must match*)
● run anything
– if it can run on the host, it can run in the container
– i.e., if it can run on a Linux kernel, it can run in any Linux
How does Docker work ?
◦ You can build Docker images that hold your applications
◦ You can create Docker containers from those Docker images to run your applications.
◦ You can share those Docker images via Docker Hub or your own registry
Virtual Machine Versus Container……
Virtual Machine Versus Container……
Docker Container Lifecycle ……
The Life of a Container
– Conception
• BUILD an Image from a Dockerfile
– Birth
• RUN (create+start) a container
– Reproduction
• COMMIT (persist) a container to a new image
• RUN a new container from an image
– Sleep
• KILL a running container
– Wake
• START a stopped container
– Death
• RM (delete) a stopped container
• Extinction
– RMI a container image (delete image)
SUMMARY
◦ Easy to build, run & share containers
◦ Rapidly expanding ecosystem
◦ Better performance vs.VMs
◦ Layered file system gives us git-like control of images
◦ Reduces complexity of system builds
◦ Red Hat - Project Atomic Host, and certifications - containerized applications, Geard and OpenShift.
◦ Google is expected to tightly integrate containers with its IaaS and PaaS offerings.
Containerization
Fundamentals
What is a Container
◦ A container is a unit of software which packages up all the code, along with its dependencies, so that it
can run quickly, independently, and reliably in any computing environment, including local machine,
physical data centers, and public and private cloud infrastructures
◦ Each container has a container image, which is a standalone, lightweight, executable package that includes
all the essentials to run the containerized application, this includes the code, runtime, system tools, and
system libraries
◦ Containers can be used to run both Linux and Windows-based applications. The software inside a
container is isolated from the environment, allowing them to perform consistently, regardless of what
environment it is running in.
The Benefits of Containerization
◦ Since the average size of containers is much smaller than VMs, the server can host more containers.
◦ Containers require fewer resources to run, allowing you to add more computational workload to the
same server.
◦ Containers provide isolation, allowing you to run your development instances and your test instances on
the same hardware without issue.
◦ Containers are much quicker to develop, test, and deploy your applications and services.
◦ Containerization is a cost-effective solution due to the lower requirement of resources, which reduces
operating costs.
◦ Containers are portable, this means you can test and debug them on any environment including local,
test server, or production environment.
◦ Containerization is a good option for microservices, continuous deployment, and DevOps.
The Limitations of Containerization
◦ Since containers share an OS Kernel, if the OS were to encounter a vulnerability, then it would potentially
affect all the containers that are rooted to the OS.
◦ VMs, on the other hand, only share the hypervisor, which has little functionality and is less prone to attacks.
◦ That said, most OS providers regularly conduct reviews and audits on their systems to iron out any flaws.
◦ The other disadvantage of sharing an OS kernel is lack of flexibility. Even though containers can operate in a
multitude of environments, if you want to run an entire container orchestration using multiple operating
systems, you will have to start a new server for each operating system.
◦ With VMs, you can have various OSs sitting next to each other on the same server.
◦ Running an application based on a handful of containers is pretty straightforward. However, if you are running a
complex enterprise application with containers, then you will have to look after many containers, perhaps in
the hundreds or even thousands.
◦ Looking after a large number of containers can be very overwhelming, which is why you need access to several
tools to help you manage your containers efficiently and effectively.
Container Orchestration: How Are
Containers Managed?
◦ As mentioned in the previous section, you will need some tools to help you manage your containers.
◦ The container technology market has rapidly evolved in recent years, so there are a plethora of options
for you to choose from.
◦ Below, we highlight the main tools which have proven to be popular with the container development
community.
◦ Docker
◦ Kubernetes
◦ Docker Swarm
◦ Jenkins
◦ Openshift
◦ BoxOps
Installation &
Configuration
Docker on Windows
◦ Two types of Container: Linux Container and Windows Container
◦ Linux container still the default
◦ Docker for windows : only for Windows 10 Pro/Ent
◦ Windows Server 2016/2019
◦ Windows 10 runs Docker Desktop
◦ Windows Server run Native docker binary [ enabled as Features ]
Docker for Windows 10: Setup
◦ Install Docker CE for Windows ( requires hub.docker.com account [ free ] )
◦ Tweak Docker for Windows settings
◦ Pull a container and run to verify installation
Docker for Windows 10: Steps
◦ A) Make sure its Windows 10 Ent/Pro
◦ B) Login to hub.docker.com ( create an account if you don’t have one )
◦ C) Download Docker [ download the edge release ]
◦ https://hub.docker.com/editions/community/docker-ce-desktop-windows
◦ D) Install docker and deselect run Use Windows Container [ can change after installation ]
Windows 10 build 1909 – Workaround
◦ Open "Window Security"
◦ Open "App & Browser control"
◦ Click "Exploit protection settings" at the bottom
◦ Switch to "Program settings" tab
◦ Locate "C:\WINDOWS\System32\vmcompute.exe" in the list and expand it
◦ Click "Edit"
◦ Scroll down to "Code flow guard (CFG)" and uncheck "Override system settings“
◦ reboot
Practice – Docker Desktop Installation
◦ Demo
◦ Installation
◦ Verify
◦ docker version
◦ docker run –it –rm cheers
◦ Switch from Linux Container to Windows Container and vice versa
Docker on Linux
◦ Easiest to install/setup, gives best native experience
◦ Docker developed on Linux, Made for Linux by Linux engineers
◦ DO NOT USE standard built repo for installation
◦ Version :
◦ Enterprise Linux uses Docker EE
◦ Example: RHEL , SLES
◦ Opensource Linux uses Docker CE
◦ Example: Centos , Fedora , Debian
◦ https://docs.docker.com/install/linux/docker-ce/centos/
Docker on Linux - Prerequisites
◦ To install Docker Engine - Community, you need a maintained version of CentOS 7
◦ Must be user root – uid0
◦ The centos-extras repository must be enabled ( enabled by default )
◦ Perform full update [ yum update –y ]
◦ The overlay2 storage driver is recommended.
◦ yum install –y yum-utils device-mapper-persistent-data lvm2
◦ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Docker on Linux
◦ Install the latest version of Docker Engine - Community and containerd
◦ yum install docker-ce docker-ce-cli containerd.io
◦ Enable and start docker
◦ systemctl enable docker.service
◦ systemctl start docker.service
Practice – Docker Linux Installation
◦ Demo
◦ Installation
◦ Verify
◦ docker version
◦ docker run –it –rm cheers
Docker on Linux – Additional package
◦ docker-compose
◦ Compose is a tool for defining and running multi-container Docker applications.
◦ With Compose, you use a YAML file to configure your application’s services.
◦ Then, with a single command, you create and start all the services from your configuration
Docker on Linux – Install docker-compose
◦ Steps for Linux:
◦ A) curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-
$(uname -m)" -o /usr/local/bin/docker-compose
◦ B) chmod +x /usr/local/bin/docker-compose
◦ C) ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
◦ Ref: https://docs.docker.com/compose/install/
Docker on Linux – Additional package
◦ docker-machine
◦ Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with
docker-machine commands.
◦ You can use Machine to create Docker hosts on your local Mac or Windows box, on your company
network, in your data center, or on cloud providers like Azure, AWS, or Digital Ocean.
◦ Docker Machine enables you to provision multiple remote Docker hosts on various flavors of Linux.
◦ Docker Machine is a tool for provisioning and managing your Dockerized hosts (hosts with Docker
Engine on them).
◦ You can use Machine to install Docker Engine on one or more virtual systems
Docker on Linux – Install docker-machine
◦ Steps for Linux:
◦ A) curl -L https://github.com/docker/machine/releases/download/v0.13.0/docker-machine-`uname -s`-
`uname -m` -o /usr/local/bin/docker-machine
◦ B) chmod +x /usr/local/bin/docker-machine
◦ C) ln -s /usr/local/bin/docker-compose /usr/bin/docker-machine
◦ Ref: https://docs.docker.com/v17.09/machine/install-machine/#install-machine-directly
Introduction to
Docker Client
What’s in this Section?
◦ Check version and info of your docker cli and engine
◦ Create a Nginx container
◦ What happens when we run container?
◦ Container vs VM : Its just a process
◦ Practice A : Manage Multiple Container
◦ Learn common container management tools
◦ Learn Docker networking basic
◦ Practice B: Container for CLI testing
◦ Practice C: DNS round robin
Docker Version
◦ docker version
◦ Verify cli can talk to docker engine
Docker info
◦ docker info
◦ Config values of docker engine
Docker command line structure
◦ Docker command line structure
◦ Old ( still works ) docker <command> (options)
◦ New : docker <command> <sub-command> (options)
Docker container run examples
Create a Nginx container
◦ Internet is a MUST – high speed
◦ Docker hub access
◦ Firstly, verify we have no existing image and any container is running
Create a Nginx container – simple run
Create a Nginx container - detached
Create a Nginx container - naming
Create a Nginx container – logs
Create a Nginx container – top
Create a Nginx container – cleanup
What happens when we run container?
◦ 1. Looks for image locally in image cache , if nothing found, then

◦ 2. docker looks in remote image repo ( defaults to Docker Hub )
◦ 3. Downloads the latest version ( nginx:latest by default )
◦ 4. Creates new container based on that image and prepare to start
◦ 5) Gives a virtual ip on a private network inside docker engine
◦ 6) opens up port 80 on host and forwards to port 80 in container
◦ 7) starts the container fully
Running docker container with difference
options and version
Running docker container with difference
options and version
Container vs VM : Its just a process
◦ Containers aren’t Mini-VM’s
◦ They are just processes
◦ Limited to what resources they can access [ file paths , network , devices, other running processes ]
◦ Exits when a process stops
Container vs VM : Its just a process
Practice A : Manage Multiple Container
◦ Run a mysql , a nginx and a httpd server
◦ Run all of them in detached mode and name them appropriately
◦ nginx should listen to 80:80 , httpd on 7171:80 and mysql on 3306:3306
◦ Note : when running mysql, you need to pass –e options to set mysql password
◦ -e MYSQL_RANDOM_ROOT_PASSWORD=yes
◦ Use logs sub-command to find out the random password and save it for later use
◦ Note : docs.docker.com and –help are your friend
Practice A : Solution
Common container management tools
◦ docker container top – process list in one container
◦ docker container inspect – details of container configuration , metadata and startup settings
◦ docker container stats – performance stats for all container [ cpu,memory, network and disk ]
◦ docker image - list / manage downloaded container images
◦ docker container stats
Getting a Shell inside a Container
◦ docker container run --it – Starts a new container interactively
◦ docker container exec --it – run additional command in existing container
◦ No SSH is needed to get into container
◦ Docker Cli is a great substitute for adding SSH to container
◦ docker container run --it will run a container interactively
◦ You can further pass argument to start interactive shell
◦ docker container exec --it : Run an interactive shell to change/update runtime container
◦ Copying files from host to docker container
◦ Getting shell inside running mysql container and perform mysql basic commands on database
◦ Getting shell inside running mysql
container and perform mysql basic
commands on database
Docker networking basic
◦ Docker networks uses bridge
◦ All container hooks to default bridge that created during the installation [ docker0 ]
◦ Any container started with option –p or --publish , will perform NAT / Port Forwarding to the container
from the host machine
◦ This are done automatically
◦ Should be used as default for development
◦ New private network should be created for efficient networking between containers
Container Container Container

:nginx :mysql :httpd
Bridge:docker0
Ethernet/NIC
◦ These are docker network command used to manipulate docker default network
◦ docker network ls : Show Networks for Docker
◦ docker network inspect : Show / Inspect which container is connected to a network
◦ docker network create : Create a new private network
◦ docker network connect : Attach a container to new network
◦ docker network disconnect : detach a container from network
◦ NOTE: new network is recommended if you need to use docker build in DNS resolver based on
container naming
◦ From previous example run
◦ Container db and webserver are connected to
custom private network called myappnet
◦ Therefore, container db and webserver
can resolve each other names using
build in docker resolver
◦ But, since container proxy still connected
to default bridge(which has no DNS) ,
webserver and db container may need to use
IP address or
rely on external name resolver to reach proxy container
Practice B : Container for CLI testing
◦ Install new package in container
◦ Use centos:7 and ubuntu:14.04 and install curl in each container
◦ This practice requires you to pull both images and run interactively to install the package curl
◦ Ensure curl is installed and latest version for that distro
◦ Centos : yum install curl
◦ Ubuntu: apt-get update && apt-get install curl
◦ Verify curl version by [ curl --version ]
Practice B : Solution
Practice C : DNS Round Robin
◦ Since Docker engine 1.XX , you can have multiple containers on a created network respond to same
DNS address , this creates a DNS Round Robin
◦ DNS Round Robin is a mechanism to reach any host with single naming [ kind of doing cheap load
balancing ]
◦ The practice :
◦ Create a new virtual network [ name it mynet ]
◦ Pull elasticsearch:2 and create 2 container from that image
◦ Pull centos image and create one container
◦ All container must be attached to mynet private network
◦ Use option --network-alias when creating the container to give them additional DNS name to respond
◦ Use centos container curl to conform the load balancing
Practice C : Solution
Practice C: Solution
Creating Images
through Docker
What’s in this section?
◦ What’s in an image?
◦ Docker HUB Registry images
◦ Images and Layers
◦ Image Tagging and Pushing to Docker HUB
◦ Building images : dockerfile basic
◦ Building images : running docker builds
What’s in an image?
◦ App binaries and dependencies
◦ Metadata about the image data and how to run the image
◦ Official definition: "An Image is an ordered collection of root filesystem changes and the corresponding
execution parameters for use within a container runtime.“
◦ Not a complete OS. No kernel, kernel modules (e.g. drivers)
◦ Small as one file (your app binary) like a golang static binary
◦ Big as a Ubuntu distro with apt, and Apache, PHP, and more
installed
Docker HUB Registry images
◦ The Registry is a stateless, highly scalable server side application that stores and lets you distribute
Docker images. The Registry is open-source, under the permissive Apache license.
◦ You should use the Registry if you want to:
◦ tightly control where your images are being stored
◦ fully own your images distribution pipeline
◦ integrate image storage and distribution tightly into your in-house development workflow
◦ Alternatives
◦ Users looking for a zero maintenance, ready-to-go solution are encouraged to head-over to the Docker
Hub, which provides a free-to-use, hosted Registry
◦ Requirements: The Registry is compatible with Docker engine version 1.6.0 or higher.
◦ Requirements: Need username and password [ free account ]
Images and Layers
◦ A Docker image is built up from a series of layers.
◦ Each layer represents an instruction in the image’s Dockerfile.
◦ Each layer except the very last one is read-only
Images and Layers
◦ The major difference between a container and an image is the top writable layer.
◦ All writes to the container that add new or modify existing data are stored in this writable layer.
◦ When the container is deleted, the writable layer is also deleted.
◦ The underlying image remains unchanged
Images and Layers
Image Tagging and Pushing to Docker HUB
◦ What are Docker tags?
◦ In simple words, Docker tags convey useful information about a specific image version/variant.
◦ They are aliases to the ID of your image which often look like this: f1477ec11d12.
◦ It’s just a way of referring to your image
◦ Before pushing the image to docker hub
◦ You are required to login using docker login
◦ Credentials will be saved in $HOME/.docker/
◦ This the docker hub before push
◦ This is after the push
Building images : dockerfile basic
◦ Docker can build images automatically by reading the instructions from a Dockerfile.
◦ A Dockerfile is a text document that contains all the commands a user could call on the command line
to assemble an image.
◦ Using docker build users can create an automated build that executes several command-line instructions
in succession.
◦ Common practice is to build from Official Image and you proceed to add on your own code and
required libraries and packages
◦ Ref : https://docs.docker.com/engine/reference/builder/
◦ Example Docker File :
◦ FROM – to define what master image to build this new image from
◦ ENV – Variables that can be defined for later use inside the Dockerfile
◦ RUN – commands or task to run when building an image
◦ WORKDIR – declare working directory inside image ( used with copy , otherwise you define path )
◦ COPY – copy any files from external location to inside the image [ Code, Scripts, Digest … ]
◦ EXPOSE – open default port in image
◦ ENTRYPOINT – to run custom script
◦ CMD – final command to run when the image is starting
Building images : Building your own image
◦ We will build a simple PHP Calculator webpage
◦ PHP and HTTPD will be installed in the image
◦ Base image can any Linux ( Centos Recommended )
◦ Steps :
◦ A) clone or download this source : https://github.com/davescripts/docker-centos-7-apache-php-72
◦ B) create a simple PHP from this source : https://www.mikedane.com/web-development/php/creating-a-

calculator/
◦ Modify the Dockerfile to match below :
◦ Create index.php
◦ End Result :
◦ Build your image and run the image and Verify the Image
Additional docker image – bind mount
◦ For Developers, its best you start a container with code directory is bind mounted to your local
machine
◦ With this option, you can develop / update / test your code from host machine and verify in Container
Additional docker image – bind mount
◦ Changes on local /root/code will be reflected to running container whenever there is changes
◦ The before and After effect
The END of DAY 1

Mod 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mod 1

Uploaded by

Copyright:

Available Formats

Docker

◦ Latest development allows docker to be adapted by Windows Platform

◦ 1. Looks for image locally in image cache , if nothing found, then

Container Container Container

◦ B) create a simple PHP from this source : https://www.mikedane.com/web-development/php/creating-a-

You might also like