Containerization

GL5 2020-2021
Today’s program
1. What’s a containerization
▹ Overview
▹ History
▹ Compared to virtualization
2. What’s docker
▹ Overview
▹ Under the hood
▹ Workflow
▹ Layers
3. Install and Play with Docker

2
1
What’s
Containerization?
Containerization: Overview

Containerization is a technique that

aims to bundle a software and its
dependency within a single unit, that
can be easily built, shipped and
maintained.

4
Containerization: History

5
Containerization: Compared to
virtualization

6
 Containerization: Compared to
virtualization
▸ Unlike Virtualization: No Guest OS
▹ Containers’ processes run directly on Host OS
▹ Benefits: to better performance and quicker start
▸ Like Virtualization: Runtime(Libs/Bins) are not shared
▹ Isolation is mostly uncompromised

https://www.backblaze.com/blog/vm-vs-containers/ 7
2 What’s Docker?
Docker: Overview

Docker is a containerization solution released in

March 2013, with three main objectives: develop,
ship and run.
Gives the ability to build applications into docker
images that can be shipped, and later run by
spinning containers.

9
Play now,
With Docker

10
Docker: Workflow

11
 Docker: Commands
▸ docker container ls ▸ List running containers

▸ docker container ls -a ▸ List all containers including stopped ones

Namespaces
▸ todocker
A way isolateimage ls in Linux:
processes ▸ List all images
▸ Mount
▸ docker pull image-name ▸ Pull image from registry
▸ Process ID
▸ docker container stop container-id ▸ Stop container
▸ Network
▸ docker container start container-id ▸ Start stopped container
▸ IPC
▸ User
▸ docker
ID inspect image-name ▸ Get more info about image

▸ docker inspect container-id ▸ Get more info about container

12
Docker run: Options
▸ docker run [options] image-name
image-name

▸ -p, --publish host_port:container_port

host_port:container_port (publish
(publish container
containerport
portto
tohost,
host,eg:
eg:expose
expose
container
container port
port 80
80 on
on host
host port
port 8080
8080 using
using the
the flag
flag -p
-p 8080:80)
8080:80)

▸ -v, --volumes-from host_location:container_location

-v, --volumes-from host_location:container_locationMount
Mountdirectory
directoryfrom
fromhost
hostto
to
container
container

▸ --rm (remove container

container on stop)

▸ -d (run container in detached

detached mode)

▸ -it (interactive
(interactive and
and tty,
tty, attach
attach terminal
terminal to
to the
the container
containerand
andlet
letititaccept
acceptuser
userinput)
input)
13
Dockerfile
FROM node:16 ▸ Image to start from
start from
WORKDIR /usr/src/app ▸ Working directory
directory
COPY package*.json ./ ▸ Copy from
from host
hostto
tocontainer
container
RUN npm install ▸ Running command
command on
onbuild
build
COPY . . ▸ Copy from
from host
hostto
tocontainer
container
EXPOSE 3000 ▸ Specify port to be exposed
exposed by the
the container
container when
when started
started
ENV VAR_NAME=var_value ▸ Set
Set Environment
Environmentvariables
variables
CMD
CMD [ "node", "app.js" ] ▸ Define the command
command to
to be
be run
run on
on container
container start
start

$docker build [OPTIONS] PATH eg: docker build –t my_new_image:tag my_app_directory

More: Docker docs
14
 Docker: under the hood

Namespaces CGroups
A way to isolate processes in Linux: A Linux built-in tool to limit resources to
▸ Mount processes and sockets:

▸ Process ID ▸ CPU

▸ Network ▸ Memory

▸ IPC ▸ Network Bandwidth

▸ User ID ▸ Disk
▸ Priority

15
Docker: Layers (UnionFS)

16