SlideShare a Scribd company logo

Docker from scratch

M
Michał Wójtowicz

Basic intro to Docker for beggineers

Engineering
1 of 42
Download to read offline
FROM scratch MAINTAINER Michal Wojtowicz michal@wojtowicz.ovh
WHAT IS DOCKER?WHAT IS DOCKER? makes easier to create, build and ship apps in containers single build contains only your application, libs/dependencies follows Open Container Initiative (part of Linux Foundation)
WHAT IS A CONTAINER?WHAT IS A CONTAINER?
WHAT IS A CONTAINER?WHAT IS A CONTAINER? It looks like VM: own process space own network can run things as root can install packages can play with system services
WHAT IS A CONTAINER?WHAT IS A CONTAINER? But it's not a VM: share host's kernel can't boot different OS boot much faster
HOW CONTAINER DIFFERS FROM VM?HOW CONTAINER DIFFERS FROM VM?
HOW CONTAINER DIFFERS FROM VM?HOW CONTAINER DIFFERS FROM VM?
VIRTUALIZATION ON LINUXVIRTUALIZATION ON LINUX Containers share same Linux Kernel as host machine They always share Linux kernel
VIRTUALIZATION ON OSX AND WINDOWSVIRTUALIZATION ON OSX AND WINDOWS Requires additional Virtual Machine with Linux Kernel Hyper-V on Windows 10 HyperKit on macOS since Yosemite Docker-machine (based on Virtualbox) on earlier versions
KERNEL NAMESPACES - WHAT'S THEKERNEL NAMESPACES - WHAT'S THE POINT?POINT? Each process is associated with a namespace and can only see or use the resources associated with that namespace, and descendant namespaces where applicable.
PID NAMESPACEPID NAMESPACE processes can see each other in bounds of same PID namespace when PID 1 is killed, whole namespace is killed either
NET NAMESPACENET NAMESPACE Allows to own private network stack including: interfaces routing tables firewall rules sockets
MNT NAMESPACEMNT NAMESPACE isolates mount points for a processes allows different views of the host's files mount points can be shared
UTS NAMESPACEUTS NAMESPACE isolates the hostname and the NIS domain name
IPC NAMESPACE (INTERPROCESSIPC NAMESPACE (INTERPROCESS COMMUNICATION)COMMUNICATION) semaphores POSIX message queues shared memory
USER NAMESPACEUSER NAMESPACE table of user IDs maps container's user to host user used for priviledge isolation
WHAT IS NOT NAMESPACED?WHAT IS NOT NAMESPACED? time - try to change it inside the container / # whoami root / # uname -a Linux 51a456ca0479 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 / # date +%T -s "10:13:13" date: can't set date: Operation not permitted kernel keyring - syscalls are also blocked things under /sys/
ONE SERVICE - ONE CONTAINERONE SERVICE - ONE CONTAINER PHILOSOPHYPHILOSOPHY easier to scale easier to maintain doesn't face first process assassination issue more effort needed to configure than VM-like approach
DOCKER IMAGEDOCKER IMAGE
WHAT IS AN IMAGE?WHAT IS AN IMAGE? overlays kernel can contain libraries/binaries can define exposed ports, workdir runs default process in container
WHAT'S INSIDE THE IMAGE?WHAT'S INSIDE THE IMAGE? Linux distro dependencies like in Ubuntu image Prebuilt dependencies for app useful in containers Everything is packed up as layers Images are read-only
HOW TO BUILD OWN IMAGE?HOW TO BUILD OWN IMAGE?
FOLLOW DOCKERFILE SYNTAXFOLLOW DOCKERFILE SYNTAX FROM <image>[:<tag>] # base image RUN <command> # runs command only once during build CMD command param1 param2 # runs on container boot EXPOSE <port> [<port>/<protocol>...] ENV <key> <value> # only inside a container ADD [--chown=<user>:<group>] <src>... <dest> COPY <src>... <dest> ENTRYPOINT command param1 param2 # container will run as an ex VOLUME ["/data"] USER <user>[:<group>] # who runs executables WORKDIR /path # where run executables HEALTHCHECK [OPTIONS] CMD command
$ docker build . Sending build context to Docker daemon 15.36 kB Step 1/4 : FROM alpine:3.2 ---> 31f630c65071 Step 2/4 : MAINTAINER forest.gump@example.com ---> Using cache ---> 2a1c91448f5f Step 3/4 : RUN apk update && apk add apache2 && rm -r /var/cac ---> Using cache ---> 21ed6e7fbb73 Step 4/4 : CMD apache2 ---> Using cache ---> 7ea8aef582cc Successfully built 7ea8aef582cc
RUNNING CONTAINERRUNNING CONTAINER $ docker run -it ubuntu:14.04 /bin/bash $ docker run -it tomcat -d -p 8080:80
DOCKER-COMPOSE - TO THE RESCUEDOCKER-COMPOSE - TO THE RESCUE version: '3' services: web: image: apache links: - database ports: - '8080:80' volumes: - ./project:/var/www:rw database: image: mysql $ docker-compose up
CI/CDCI/CD
BITBUCKET PIPELINESBITBUCKET PIPELINES similar syntax to docker-compose.yml limit of only one container with mounted codebase codebase can be mounted into different containers with steps services are the only way of having multiple containers services are reachable through network only
image: alpine:latest pipelines: default: - step: image: node:8.9.4 caches: - node_modules script: - npm run build branches: master: - step: script: - ./generateReleaseNotes.sh
GITLAB PIPELINESGITLAB PIPELINES can organise chain of processes which leads to release
GITLAB PIPELINESGITLAB PIPELINES limit of only one container with mounted codebase codebase can be mounted into different containers with jobs services are the only way of having multiple containers services are reachable through network only
image: php:latest services: - mysql:5.7 variables: MYSQL_DATABASE: fancyDB MYSQL_ROOT_PASSWORD: secret DB_HOST: mysql DB_USERNAME: root stages: - test - deploy
SECURITY - GET RID OF ROOTSECURITY - GET RID OF ROOT PRIVILEGESPRIVILEGES follow the principle of least privilege Docker requires root privileges to run, containers themselves do not process running in a container is no different from other process many images just run as root and leave it up to you
$ docker run -v /root:/tmp/rootdir alpine:latest ls -la /tmp/r drwxr-xr-x+ 126 root root 4032 Jun 21 13:43 . drwxr-xr-x 7 root root 224 Jun 15 12:31 .. -rw-r--r-- 1 root root 266 Nov 26 2017 secretFile
FROM anyimage:latest RUN groupadd -g 999 appuser && useradd -r -u 999 -g appuser appuser USER appuser
ELASTIC CONTAINERELASTIC CONTAINER SERVICE (ECS)SERVICE (ECS) user manages clusters of containers cluster defines type of underlying EC2 instances one underlying instance can run many containers it's still up to user to administrate instances
FARGATEFARGATE user doesn't have to manage cluster and instances user precises only CPU/memory requirements containers are created on AWS managed instances Kubernetes support coming in 2018
NEXT STEP - ORCHESTRASTIONNEXT STEP - ORCHESTRASTION Docker Swarm Kubernetes AWS/Azure/Google solutions
QUESTIONS?QUESTIONS?
THANK YOU FORTHANK YOU FOR YOUR TIMEYOUR TIME Slides are available on https://michailw.github.io/talks/docker/

Recommended

Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Docker-Hanoi @DKT , Presentation about Docker EcosystemDocker-Hanoi @DKT , Presentation about Docker Ecosystem
Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Van Phuc
 
Azure container service docker-ha noi com
Azure container service docker-ha noi comAzure container service docker-ha noi com
Azure container service docker-ha noi com
Van Phuc
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Jim Yeh
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
Adhoura Academy
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Anssi Soinu
 
Docker with openstack
Docker with openstackDocker with openstack
Docker with openstack
Liang Bo
 
Docker - 15 great Tutorials
Docker - 15 great TutorialsDocker - 15 great Tutorials
Docker - 15 great Tutorials
Julien Barbier
 

Recommended

Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Docker-Hanoi @DKT , Presentation about Docker EcosystemDocker-Hanoi @DKT , Presentation about Docker Ecosystem
Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Van Phuc
 
Azure container service docker-ha noi com
Azure container service docker-ha noi comAzure container service docker-ha noi com
Azure container service docker-ha noi com
Van Phuc
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Jim Yeh
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
Adhoura Academy
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Anssi Soinu
 
Docker with openstack
Docker with openstackDocker with openstack
Docker with openstack
Liang Bo
 
Docker - 15 great Tutorials
Docker - 15 great TutorialsDocker - 15 great Tutorials
Docker - 15 great Tutorials
Julien Barbier
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Sparkbit
 
Ruby and Docker on Rails
Ruby and Docker on RailsRuby and Docker on Rails
Ruby and Docker on Rails
Muriel Salvan
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Layne Peng
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Partner S.A.
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
Ben Hall
 
Docker
DockerDocker
Docker
Patrick Oberdorf
 
The challenge of application distribution - Introduction to Docker (2014 dec ...
The challenge of application distribution - Introduction to Docker (2014 dec ...The challenge of application distribution - Introduction to Docker (2014 dec ...
The challenge of application distribution - Introduction to Docker (2014 dec ...
Sébastien Portebois
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
Anil Madhavapeddy
 
PHP development with Docker
PHP development with DockerPHP development with Docker
PHP development with Docker
Yosh de Vos
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
 
Docker All The Things - ASP.NET 4.x and Windows Server Containers
Docker All The Things - ASP.NET 4.x and Windows Server ContainersDocker All The Things - ASP.NET 4.x and Windows Server Containers
Docker All The Things - ASP.NET 4.x and Windows Server Containers
Anthony Chu
 
Docker Global Hack Day #3
Docker Global Hack Day #3 Docker Global Hack Day #3
Docker Global Hack Day #3
Docker, Inc.
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
Matthias Noback
 
Start your adventure with docker
Start your adventure with dockerStart your adventure with docker
Start your adventure with docker
Sagar Dash
 
What is Docker
What is DockerWhat is Docker
What is Docker
Pavel Klimiankou
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
Scott Lowe
 
Building Reusable Development Environments with Docker
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with Docker
Revelation Technologies
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @Twitter
dotCloud
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
Carlo Bonamico
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Codemotion
 

More Related Content

What's hot

Docker Global Hack Day #3
Docker Global Hack Day #3 Docker Global Hack Day #3
Docker Global Hack Day #3
Docker, Inc.
 

What's hot (20)

Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Ruby and Docker on Rails
Ruby and Docker on RailsRuby and Docker on Rails
Ruby and Docker on Rails
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
 
Docker
DockerDocker
Docker
 
The challenge of application distribution - Introduction to Docker (2014 dec ...
The challenge of application distribution - Introduction to Docker (2014 dec ...The challenge of application distribution - Introduction to Docker (2014 dec ...
The challenge of application distribution - Introduction to Docker (2014 dec ...
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
 
PHP development with Docker
PHP development with DockerPHP development with Docker
PHP development with Docker
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
 
Docker All The Things - ASP.NET 4.x and Windows Server Containers
Docker All The Things - ASP.NET 4.x and Windows Server ContainersDocker All The Things - ASP.NET 4.x and Windows Server Containers
Docker All The Things - ASP.NET 4.x and Windows Server Containers
 
Docker Global Hack Day #3
Docker Global Hack Day #3 Docker Global Hack Day #3
Docker Global Hack Day #3
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
 
Start your adventure with docker
Start your adventure with dockerStart your adventure with docker
Start your adventure with docker
 
What is Docker
What is DockerWhat is Docker
What is Docker
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
 
Building Reusable Development Environments with Docker
Building Reusable Development Environments with DockerBuilding Reusable Development Environments with Docker
Building Reusable Development Environments with Docker
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @Twitter
 

Similar to Docker from scratch

Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 

Similar to Docker from scratch (20)

codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using Docker
 
Docker for Dummies
Docker for DummiesDocker for Dummies
Docker for Dummies
 
Introduction to Docker Containers - Docker Captain
Introduction to Docker Containers - Docker CaptainIntroduction to Docker Containers - Docker Captain
Introduction to Docker Containers - Docker Captain
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUG
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
 
Docker intro
Docker introDocker intro
Docker intro
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - Containers
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
 
Apt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stageApt get no more let Vagrant, Puppet and Docker take the stage
Apt get no more let Vagrant, Puppet and Docker take the stage
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Containers for Lawyers Richard Fontana
Containers for Lawyers Richard FontanaContainers for Lawyers Richard Fontana
Containers for Lawyers Richard Fontana
 
Deploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and HelmDeploying Windows Apps to Kubernetes with Draft and Helm
Deploying Windows Apps to Kubernetes with Draft and Helm
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 

Recently uploaded

University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
dharasingh5698
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 

Docker from scratch

  • 1. FROM scratch MAINTAINER Michal Wojtowicz michal@wojtowicz.ovh
  • 2.
  • 3. WHAT IS DOCKER?WHAT IS DOCKER? makes easier to create, build and ship apps in containers single build contains only your application, libs/dependencies follows Open Container Initiative (part of Linux Foundation)
  • 4. WHAT IS A CONTAINER?WHAT IS A CONTAINER?
  • 5. WHAT IS A CONTAINER?WHAT IS A CONTAINER? It looks like VM: own process space own network can run things as root can install packages can play with system services
  • 6. WHAT IS A CONTAINER?WHAT IS A CONTAINER? But it's not a VM: share host's kernel can't boot different OS boot much faster
  • 7. HOW CONTAINER DIFFERS FROM VM?HOW CONTAINER DIFFERS FROM VM?
  • 8. HOW CONTAINER DIFFERS FROM VM?HOW CONTAINER DIFFERS FROM VM?
  • 9. VIRTUALIZATION ON LINUXVIRTUALIZATION ON LINUX Containers share same Linux Kernel as host machine They always share Linux kernel
  • 10. VIRTUALIZATION ON OSX AND WINDOWSVIRTUALIZATION ON OSX AND WINDOWS Requires additional Virtual Machine with Linux Kernel Hyper-V on Windows 10 HyperKit on macOS since Yosemite Docker-machine (based on Virtualbox) on earlier versions
  • 11. KERNEL NAMESPACES - WHAT'S THEKERNEL NAMESPACES - WHAT'S THE POINT?POINT? Each process is associated with a namespace and can only see or use the resources associated with that namespace, and descendant namespaces where applicable.
  • 12. PID NAMESPACEPID NAMESPACE processes can see each other in bounds of same PID namespace when PID 1 is killed, whole namespace is killed either
  • 13. NET NAMESPACENET NAMESPACE Allows to own private network stack including: interfaces routing tables firewall rules sockets
  • 14. MNT NAMESPACEMNT NAMESPACE isolates mount points for a processes allows different views of the host's files mount points can be shared
  • 15. UTS NAMESPACEUTS NAMESPACE isolates the hostname and the NIS domain name
  • 16. IPC NAMESPACE (INTERPROCESSIPC NAMESPACE (INTERPROCESS COMMUNICATION)COMMUNICATION) semaphores POSIX message queues shared memory
  • 17. USER NAMESPACEUSER NAMESPACE table of user IDs maps container's user to host user used for priviledge isolation
  • 18. WHAT IS NOT NAMESPACED?WHAT IS NOT NAMESPACED? time - try to change it inside the container / # whoami root / # uname -a Linux 51a456ca0479 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 / # date +%T -s "10:13:13" date: can't set date: Operation not permitted kernel keyring - syscalls are also blocked things under /sys/
  • 19. ONE SERVICE - ONE CONTAINERONE SERVICE - ONE CONTAINER PHILOSOPHYPHILOSOPHY easier to scale easier to maintain doesn't face first process assassination issue more effort needed to configure than VM-like approach
  • 21. WHAT IS AN IMAGE?WHAT IS AN IMAGE? overlays kernel can contain libraries/binaries can define exposed ports, workdir runs default process in container
  • 22. WHAT'S INSIDE THE IMAGE?WHAT'S INSIDE THE IMAGE? Linux distro dependencies like in Ubuntu image Prebuilt dependencies for app useful in containers Everything is packed up as layers Images are read-only
  • 23. HOW TO BUILD OWN IMAGE?HOW TO BUILD OWN IMAGE?
  • 24. FOLLOW DOCKERFILE SYNTAXFOLLOW DOCKERFILE SYNTAX FROM <image>[:<tag>] # base image RUN <command> # runs command only once during build CMD command param1 param2 # runs on container boot EXPOSE <port> [<port>/<protocol>...] ENV <key> <value> # only inside a container ADD [--chown=<user>:<group>] <src>... <dest> COPY <src>... <dest> ENTRYPOINT command param1 param2 # container will run as an ex VOLUME ["/data"] USER <user>[:<group>] # who runs executables WORKDIR /path # where run executables HEALTHCHECK [OPTIONS] CMD command
  • 25. $ docker build . Sending build context to Docker daemon 15.36 kB Step 1/4 : FROM alpine:3.2 ---> 31f630c65071 Step 2/4 : MAINTAINER forest.gump@example.com ---> Using cache ---> 2a1c91448f5f Step 3/4 : RUN apk update && apk add apache2 && rm -r /var/cac ---> Using cache ---> 21ed6e7fbb73 Step 4/4 : CMD apache2 ---> Using cache ---> 7ea8aef582cc Successfully built 7ea8aef582cc
  • 26. RUNNING CONTAINERRUNNING CONTAINER $ docker run -it ubuntu:14.04 /bin/bash $ docker run -it tomcat -d -p 8080:80
  • 27. DOCKER-COMPOSE - TO THE RESCUEDOCKER-COMPOSE - TO THE RESCUE version: '3' services: web: image: apache links: - database ports: - '8080:80' volumes: - ./project:/var/www:rw database: image: mysql $ docker-compose up
  • 29. BITBUCKET PIPELINESBITBUCKET PIPELINES similar syntax to docker-compose.yml limit of only one container with mounted codebase codebase can be mounted into different containers with steps services are the only way of having multiple containers services are reachable through network only
  • 30. image: alpine:latest pipelines: default: - step: image: node:8.9.4 caches: - node_modules script: - npm run build branches: master: - step: script: - ./generateReleaseNotes.sh
  • 31. GITLAB PIPELINESGITLAB PIPELINES can organise chain of processes which leads to release
  • 32. GITLAB PIPELINESGITLAB PIPELINES limit of only one container with mounted codebase codebase can be mounted into different containers with jobs services are the only way of having multiple containers services are reachable through network only
  • 33. image: php:latest services: - mysql:5.7 variables: MYSQL_DATABASE: fancyDB MYSQL_ROOT_PASSWORD: secret DB_HOST: mysql DB_USERNAME: root stages: - test - deploy
  • 34. SECURITY - GET RID OF ROOTSECURITY - GET RID OF ROOT PRIVILEGESPRIVILEGES follow the principle of least privilege Docker requires root privileges to run, containers themselves do not process running in a container is no different from other process many images just run as root and leave it up to you
  • 35. $ docker run -v /root:/tmp/rootdir alpine:latest ls -la /tmp/r drwxr-xr-x+ 126 root root 4032 Jun 21 13:43 . drwxr-xr-x 7 root root 224 Jun 15 12:31 .. -rw-r--r-- 1 root root 266 Nov 26 2017 secretFile
  • 36. FROM anyimage:latest RUN groupadd -g 999 appuser && useradd -r -u 999 -g appuser appuser USER appuser
  • 37.
  • 38. ELASTIC CONTAINERELASTIC CONTAINER SERVICE (ECS)SERVICE (ECS) user manages clusters of containers cluster defines type of underlying EC2 instances one underlying instance can run many containers it's still up to user to administrate instances
  • 39. FARGATEFARGATE user doesn't have to manage cluster and instances user precises only CPU/memory requirements containers are created on AWS managed instances Kubernetes support coming in 2018
  • 40. NEXT STEP - ORCHESTRASTIONNEXT STEP - ORCHESTRASTION Docker Swarm Kubernetes AWS/Azure/Google solutions
  • 42. THANK YOU FORTHANK YOU FOR YOUR TIMEYOUR TIME Slides are available on https://michailw.github.io/talks/docker/