Docker - Ankara JUG, Nisan 2015

Mustafa AKIN Ankara Java Users Group 16 April 2015 What is Docker? And what it means to you?

Transcript of Docker - Ankara JUG, Nisan 2015

Mustafa AKIN

Ankara Java Users Group

16 April 2015

What is Docker?

And what it means to you?

What is Docker?

■ An open platform

■ Portable, lightweight runtime and packaging tool

■ Automating deployment of applications inside software


■ Operating-system-level virtualization

■ Isolated containers

Virtual Machines, Hypervisors

■ KVM, kernel based virtual


■ Virtualize an entire system

■ Virtual CPU

■ Virtual Hard Disk

■ Virtual Network


■ Containers share same Linux


■ Isolation possible by

namespaces, cgroups provided

by Linux Kernel

■ Microsoft has started providing

Native Windows Containers

Containers vs Virtual Machines

Performance of Containers

An Updated Performance Comparison of Virtual Machines and Linux Containers,

IBM Research

How does Docker Work?

■ Operating system provides you a set of system calls

■ You do not actually read file, read from socket, write output

to screen

■ Operating system handles most crucial functionality for you

■ Docker utilizes namespaces for abstracting access to system


■ Docker also utilizes cgroups, that provides namespace


■ Cgroups also provide resource accounting and limitation


■ Mount: Isolate the set of file system mount points for


■ UTS: Isolates domain name and host name

■ IPC: Inter process communication, such as shared memory,

named semaphores, message queues

■ PID: Process ID number space. So init process of each

namespace can be different

■ Network: Different network devices, routing tables

■ User: Different user ids for inside and outside of namespace

Regular htop

htop inside a container

Docker images

■ Docker mounts images as the root file system of a container

■ Images in Docker are layered: like git, you have to commit

changes to create a new image, or update the current


■ Image layers can be shared among containers

■ Sharing layers increases performance since the common

files will be in cache, and also reduces the disk usage

Example usage of images

Layers of images



myjavaapp jetty



Docker hub


Control Groups (cgroups)

■ blkio: set limits and monitor usage of block devices such as


■ cpu: scheduling, weights of tasks

■ cpuacct: usage reports of cpus

■ cpuset: assign cpus and memory nodes to tasks

■ devices: allow access to devices (webcam, gpu etc.)

■ memory: limit on memory, and usage reports

■ net_prio: priority on network interfaces

Example of cpuacct

Aggregating Docker metrics■ My own project to gather cgroup metrics for containers:


Containerizing GUI Apps$ docker run -it \

-v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket

-e DISPLAY=unix$DISPLAY \ # pass the display

-v /dev/snd:/dev/snd --privileged \ # sound

--name tor-browser jess/tor-browser

Containerizing Ubuntu Desktop

docker run -i -t -p 6080:6080 dorowu/ubuntu-desktop-lxde-vnc

Running a database

Mounting Data

Poor man’s Continuous integration

Rich man’s continuous integration

■ CircleCI

■ Bamboo

■ Jenkins

■ TravisCI

■ Shippable

PrimeFaces showcase

Running Benchmarks

Selenium Grid

Selenium Grid

PAGS: Programming Assignment Grading System



PAGS, Programming Assignment Grading System

PAGS, Programming Assignment Grading System

My Research

Twelve Factor App

I. Codebase

One codebase tracked in revision

control, many deploys

II. Dependencies

Explicitly declare and isolate


III. Config

Store config in the environment

IV. Backing Services

Treat backing services as

attached resources

V. Build, release, run

Strictly separate build and run


VI. Processes

Execute the app as one or more

stateless processes

VII. Port binding

Export services via port binding

VIII. Concurrency

Scale out via the process model

IX. Disposability

Maximize robustness with fast

startup and graceful shutdown

X. Dev/prod parity

Keep development, staging, and

production as similar as possible

XI. Logs

Treat logs as event streams

XII. Admin processes

Run admin/management tasks

as one-off processes


Deis – Your own Heroku

Deis – Your own Heroku

Deis – Your own Heroku

IBM Bluemix

RancherOS: Dockerizeeverything

Rancher UI

Docker Web UIs

Kitematic: GUI for Docker

Kubernetes by Google

Docker Compose (Fig)

Docker SwarmUse filtering:

• Constraints:

• Labeling, SSD Server, Big


• Operating System

• Kernel Version

• Affinity

• Schedule 2 containers


• Port

• Availability

• Dependency

• Containers might be using

volumes, or share network


Docker Machine

Docker-ready clouds

■ Amazon EC2 Container Service

■ Google Container Engine

■ Digital Ocean

Docker investments

■ Series B: 21 Jan 2014 $15M

■ Series C: 16 Sep 2014 $40M

■ Series D: 14 Apr 2015: $95M

■ Docker initial release: 13 March 2013

Windows side.. Docker Client!

Windows side, Nano Server!

Remote API■ HTTP over Unix Socket, TCP Socket, Optionally TLS


– Create container

– Start container

– Wait container

– List containers

– Search image

– Pull/Push images

– Build image from Dockerfile

■ Hijacked HTTP API or alternatively WebSocket API for

attaching to container, to see its output in real-time

Mustafa AKINTwitter: @mustafaakin

Mail: [email protected]


■ Feel free to contact for Docker related questions, or anything
