In a talk intended for beginners who are already familiar with Bash and other Linux basics, I will demonstrate how Docker is a powerful tool to build, deploy and run applications. I'll introduce Docker container architecture for the uninitiated and focus on Docker for deploying Python code.
20. ● Images, containers stateless
○ ephemeral filesystem storage
● Volume or bind mounting from host OS
○ persistent storage
○ separate stateless code from stateful
data
Docker State
38. ● Docker command line reference: https://dockr.ly/2DzkgBk
● Run as non-root user: https://bit.ly/2DpSyJw
● Multistage Dockerfile reference:
https://dockr.ly/2Mmy7Qt
● Play with Docker: https://bit.ly/2AXqewB
● Docker Deep Dive (Pluralsight): https://bit.ly/2khWfqt
More About Docker
Editor's Notes
Container: software tool for OS to run isolated processes with limits on resources processes can use
Abstracts away the machine running software
Container processes isolated from host OS processes
Containers from same image also isolated from each other – independent!
Declare and isolate dependencies
Also set up dev environments quickly with containers (add databases, other services)
Focus on Docker because most popular container standard
IDEs offer live debugging in Docker (VS Code, PyCharm Pro etc.)
VMM: create and run VMs with separate OS
Divide host CPU, RAM, disk, total isolation!
Docker engine layer allows container base OS to share host OS resources – lighter, much less overhead!
Docker engine on MacOS and Windows uses virtualization system
Also, docker on Mac and Windows (except on Windows Server 2016+) only as local dev environments! NOT FOR PRODUCTION!
Build
existing image (OS, other official Docker certified images!) pulled from local or known remote registry
From scratch (special keyword)
Image built to local registry
Also upload to remote registry
First part of lifecycle
Dockerfile describes how the image is built
Image is read-only, blueprint for creating the container at run time
Image gets unique ID (SHA256 cryptographic hash)
optionally name and tag (version etc)
Image built from a stack of layers generated from Dockerfile commands (RUN, COPY, ADD which add or change files, env vars, CMD) and a manifest
Layers are independent files, can be caches, each has ID (hash)
Order matters!!!
Digest is hash to verify image from registry (like checking MD5 sum)
Caching layers matters!!!
Viewing manifest is still experimental, won’t really talk about this...
Registry contains repositories
Docker Hub is default (no registry URL needed in default config), can set up registries in Google cloud, AWS etc.
Repository example: collection of python images on DockerHub stored in python repo tagged by release numbers
Can pull images from public or private registries
Can push images to public or private registries
Other commands can pull images (run!)
Container is run-time instance of image
Runs base OS with a command or executable set up in Dockerfile or set up command with Docker run
Running official Python 3.6 docker image from Docker Hub
If Python 3.6 image not local, pulls from Docker Hub
Setting up a ”terminal” to interact with running container: flags typically used together to ensure IO attached
Most flags have short form too!
Command in image runs Python REPL with default settings
See image layers pulled from registry
Reports digest
Work with interactive shell in container
TODO: Slides linked in talk desc!
Assume that the docker build context is the subdirectory containing code for the example!
Tag flag is optional, can use image ID hash in run command too
PATH is local dir
URL can be Git repo, tar archive or plain text file
see Docker docs for more info, not covering URL here
dockerignore similar to git ignore, avoid bloat!
1st example!
Docker has 2 ways of copying data into image:
COPY best for local files, directories
ADD best if remote URL or tar archive
Default tag: latest, can use whatever
Container run runs command in Dockerfile
Not interactive this time!
History of image we just built
Missing image layer IDs from base python 3.6 image pulled from Docker Hub
#nop: docker internal command (vs bash)
Can export image and load elsewhere bypassing registry
Also used for backups
Best for dev and testing
ENTRYPOINT and CMD set up docker container run something in container
ENTRYPOINT is usually a single command, executable or script (bash scripts are common)
In next example
CMD is easier to override, can override without changing ENTRYPOINT
Overriding our Dockerfile here
Python parent image has null ENTRYPOINT
Second example!
Build super-simple Flask app that writes logs
Binds to port 5000 in container
Example of ENTRYPOINT and CMD together!
Stateless unless connected persistent storage!
Writing container data to a database or object store like S3 also works
Better not to put too much data in image
Bind mounts mount local filesystem files, directories
Just covering volume mounts here
Build: set tag
version!
Create volume to persist logs!
Containers can share volumes!
List local images
Use image ID instead of name and tag!
List running containers with name, command etc.
Container ls alias = ps
Use --publish to expose port to host (left is host, right is container always!), --rm to remove container on exit, --detach to run in background
Without --mount, logs written only in running container and will disappear when container is removed
mounted volume can be read-only
--name: run container with alias, otherwise hash ID
Shorthand with volume flag
More memory and CPU limits in run CLI options
Min memory is 4MB
Container orchestration frameworks (Kubernetes) also do this
Bind mount: mount local directory
Doesn’t have to exist in either container or host
Can also be read-only
Note: new name, new host port
List local images
Use image ID instead of name and tag!
List running containers with name, command etc.
Container ls alias = ps
Note random name for stopped python app
Run one-off command in running container
Interactive session in running container using same --interactive and --tty flags as run command
Debugging!
All the build-time data about the app:1.0 image
Can also use Golang formatters to select output from inspect commands
All the runtime data about the my_app container
Shows mountpoint on local filesystem
On Macs, need to access the VM Docker is running in
Possible, but out of scope
Overview of state of docker system about engine, running containers etc.
Full information about disk usage by running and stopped containers
Keeps info cached until system cache is pruned
Note: Docker assigned random name to Python 3.6 container run earlier
SIGTERM aka soft kill, can set timeout
docker kill CLI can send signal other than SIGKILL (works like unix kill command)
--signal flag
Remove images
-q: only image ids
Can remove images by name
CTRL-P, CTRL-Q leaves container running, can attach again
Interactive: also use exit commands to stop container
Play with Docker: Linux VM for experimenting with Docker containers