Post on 20-May-2020
DOCKER 101Raju Gandhi
RAJU GANDHI! " # @LOOSELYTYPED CTO - INTEGRALLIS SOFTWARE
WHY?
BUILD ONCE, RUN ANYWHERE
Image
Registry
Container
pullpush
commit run
WHY?
- Local application development and testing
- Team (and OSS) collaboration
- Ci/Cd
CONTAINERS?
CGROUPS
NAMESPACES
JAILS
CONTAINERS
- A container is a lightweight virtual runtime*
- Share the host kernel
- CPU/Memory/Network/File system isolation
- Own their on hostname, users, networking stack
NAMESPACES
“What you can see”
NAMESPACES
• Isolation of
• Users
• Filesystem
• Process trees
• Network
• IPC
CGROUPS
“What you can use”
CGROUPS
• Limiting/Metering/ACL
• CPU
• Memory
• I/O
• Network
• Device permissions
VM? CONTAINERS?
Server
Host OS
Hypervisor
Guest OS
Libs
App A
Guest OS
Libs
App A*
Guest OS
Libs
App B
VM
Server
Host OS
Docker Engine
Libs
Libs
App A
App A*
App A
App A*
App A
App A*
Server
Host OS
Hypervisor
Guest OS
Libs
App A
Guest OS
Libs
App A*
Guest OS
Libs
App B
VM
Container
Libs
Libs
Libs
Libs
TERMINOLOGY
TERMINOLOGY
- Docker Engine
- Docker client
- Dockerfile
- Docker Machine
- Docker Compose
- Docker Stack
- Docker Swarm
- Docker Hub
INSTALLATION
WORKFLOW
client
Dockerfile
Image Registry
Container
build
push
run create start
pull
Modifies
commit
docker engine
WHAT IS A CONTAINER?
Host OS (Kernel)
Base Image
Writeable layer
your changes
Image
Container
Host OS (Kernel)
Base Image
New Layer
commit
Image
Host OS (Kernel)
Base Image
New Layer
Image
run <new-image>
Writeable layer Container
NETWORK
Logical Host Interface
Docker Bridge
Container
docker run -it --net none --rm alpine /bin/sh
Logical Host Interface
Docker Bridge
Container
docker run -it --rm alpine /bin/sh
Container Interface
Logical Host Interface
Docker Bridge
Container
docker run -it --rm -p 8080:8080 alpine /bin/sh
Container Interface
VOLUME
Host filesystem
Container
docker run -it --rm ubuntu /bin/bash
Docker managed space
Host filesystem
Container
docker run -it -v /host/path:/tmp ubuntu /bin/bash
Docker managed space
DOCKER COMPOSE
DOCKER COMPOSE
• A system is usually made up of multiple containers
• Containers depend on each other
• Orchestration
• Single host
DOCKER COMPOSE
• Define multi-container applications in a single file
• Supports scaling, healing
• Single host
serviceB
serviceA
db
Dockerfile
docker-compose.yml
config
Dockerfile
config
Dockerfile
config
depends_on
CONS
CONS
- Orchestration/composition tooling still rudimentary
- Native Docker implementations still buggy
- Most existing monitoring/logging are host centric, not process centric
THANKS!!