This document outlines an agenda for a 3 day Docker training course being conducted by Swapnil Jain. Day 1 covers introductions to containers and Docker, as well as creating a simple web application. Day 2 focuses on building Docker images, networking, and managing data in containers. Day 3 discusses Docker registries, multi-stage builds, and limiting container resources. Participants are advised to have at least one Docker host running and an internet connection.
Docker is the world's leading software containerization platform.
This is a comprehensive introduction to Docker, suitable for delivering in introductory meetups to an audience who does not know about docker.
In case you want to deliver this presentation somewhere, kindly drop me a mail at aditya.konarde@gmail.com
You can contact me at:
Connect with me onLinkedIN: https://www.linkedin.com/in/adityakonarde
Add me on Facebook: https://www.facebook.com/Aditya.Konarde
Tweet to me @aditya_konarde
In deploying apps that have been containerized, you have a lot to think about regarding what to use in production. There are a lot of things to manage, so orchestrators become a huge help. providing many services together such as scheduling, container communication, scaling, health, and more. There are major platforms to consider from Kubernetes, Swarm to ECS. In this talk we'll go through the overview of orchestrators and some of the differences between the big players. You should come out of the talk knowing where to go next in determining your orchestrator needs.
Docker is the world's leading software containerization platform.
This is a comprehensive introduction to Docker, suitable for delivering in introductory meetups to an audience who does not know about docker.
In case you want to deliver this presentation somewhere, kindly drop me a mail at aditya.konarde@gmail.com
You can contact me at:
Connect with me onLinkedIN: https://www.linkedin.com/in/adityakonarde
Add me on Facebook: https://www.facebook.com/Aditya.Konarde
Tweet to me @aditya_konarde
In deploying apps that have been containerized, you have a lot to think about regarding what to use in production. There are a lot of things to manage, so orchestrators become a huge help. providing many services together such as scheduling, container communication, scaling, health, and more. There are major platforms to consider from Kubernetes, Swarm to ECS. In this talk we'll go through the overview of orchestrators and some of the differences between the big players. You should come out of the talk knowing where to go next in determining your orchestrator needs.
Today, the development and operations landscape has shifted to a more collaborative model merging the two (DevOps). Developers need to know much more about the operational components of their software - especially around network programming, services development, and continuous deployment. Likewise, the developer's IT counterpart needs to know much more about development - especially around infrastructure automation (Chef/Puppet), automated testing, and continuous deployment.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
This presentation on Docker Container will help you understand what is Docker, the architecture of Docker, what is a Docker Container, how to create a Docker Container, benefits of Docker Container, basic commands of Containers and you will also see a demo on creating Docker Container. Docker is a very lightweight software container and containerization platform. Docker containers provide a way to run software in isolation. It is an open source platform that helps to package an application and its dependencies into a Docker container for the development and deployment of software and a Docker COntainer is a portable executable package which includes applications and their dependencies. With Docker Containers, applications can work efficiently in different computer environments.
Below DevOps tools are explained in this Docker Container presentation:
1. What is Docker?
2. The architecture of Docker?
3. What is a Docker Container?
4. How to create a Docker Container?
5. Benefits of Docker Containers
6. Basic commands of Containers
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
After completing the DevOps training course you will achieve hands-on expertise in various aspects of the DevOps delivery model. The practical learning outcomes of this Devops training course are:
An understanding of DevOps and the modern DevOps toolsets
The ability to automate all aspects of a modern code delivery and deployment pipeline using:
1. Source code management tools
2. Build tools
3. Test automation tools
4. Containerization through Docker
5. Configuration management tools
6. Monitoring tools
DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
Learn more at https://www.simplilearn.com/cloud-computing/devops-practitioner-certification-training
Swarm in a nutshell
• Exposes several Docker Engines as a single virtual Engine
• Serves the standard Docker API
• Extremely easy to get started
• Batteries included but swappable
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
Introduction to dockers and kubernetes. Learn how this helps you to build scalable and portable applications with cloud. It introduces the basic concepts of dockers, its differences with virtualization, then explain the need for orchestration and do some hands-on experiments with dockers
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla
In this presentation we take you through the concept of virtualization which includes the different types of virtualizations, understanding the Docker as a software containerization platform like Docker's Architecture, Building and running custom images in Docker containers, Scalable container management services which include overview of Amazon ECS & kubernetes and how at LimeTray we harnessed the power of kubernetes for scalable automated deployment of our microservices.
Today, the development and operations landscape has shifted to a more collaborative model merging the two (DevOps). Developers need to know much more about the operational components of their software - especially around network programming, services development, and continuous deployment. Likewise, the developer's IT counterpart needs to know much more about development - especially around infrastructure automation (Chef/Puppet), automated testing, and continuous deployment.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...Simplilearn
This presentation on Docker Container will help you understand what is Docker, the architecture of Docker, what is a Docker Container, how to create a Docker Container, benefits of Docker Container, basic commands of Containers and you will also see a demo on creating Docker Container. Docker is a very lightweight software container and containerization platform. Docker containers provide a way to run software in isolation. It is an open source platform that helps to package an application and its dependencies into a Docker container for the development and deployment of software and a Docker COntainer is a portable executable package which includes applications and their dependencies. With Docker Containers, applications can work efficiently in different computer environments.
Below DevOps tools are explained in this Docker Container presentation:
1. What is Docker?
2. The architecture of Docker?
3. What is a Docker Container?
4. How to create a Docker Container?
5. Benefits of Docker Containers
6. Basic commands of Containers
Simplilearn's DevOps Certification Training Course will prepare you for a career in DevOps, the fast-growing field that bridges the gap between software developers and operations. You’ll become an expert in the principles of continuous development and deployment, automation of configuration management, inter-team collaboration and IT service agility, using modern DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios. DevOps jobs are highly paid and in great demand, so start on your path today.
Why learn DevOps?
Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age.
After completing the DevOps training course you will achieve hands-on expertise in various aspects of the DevOps delivery model. The practical learning outcomes of this Devops training course are:
An understanding of DevOps and the modern DevOps toolsets
The ability to automate all aspects of a modern code delivery and deployment pipeline using:
1. Source code management tools
2. Build tools
3. Test automation tools
4. Containerization through Docker
5. Configuration management tools
6. Monitoring tools
DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit.
Learn more at https://www.simplilearn.com/cloud-computing/devops-practitioner-certification-training
Swarm in a nutshell
• Exposes several Docker Engines as a single virtual Engine
• Serves the standard Docker API
• Extremely easy to get started
• Batteries included but swappable
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
Introduction to dockers and kubernetes. Learn how this helps you to build scalable and portable applications with cloud. It introduces the basic concepts of dockers, its differences with virtualization, then explain the need for orchestration and do some hands-on experiments with dockers
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla
In this presentation we take you through the concept of virtualization which includes the different types of virtualizations, understanding the Docker as a software containerization platform like Docker's Architecture, Building and running custom images in Docker containers, Scalable container management services which include overview of Amazon ECS & kubernetes and how at LimeTray we harnessed the power of kubernetes for scalable automated deployment of our microservices.
The slides talk about Docker and container terminologies but will also be able to see the big picture of where & how it fits into your current project/domain.
Topics that are covered:
1. What is Docker Technology?
2. Why Docker/Containers are important for your company?
3. What are its various features and use cases?
4. How to get started with Docker containers.
5. Case studies from various domains
Agenda
1. The changing landscape of IT Infrastructure
2. Containers - An introduction
3. Container management systems
4. Kubernetes
5. Containers and DevOps
6. Future of Infrastructure Mgmt
About the talk
In this talk, you will get a review of the components & the benefits of Container technologies - Docker & Kubernetes. The talk focuses on making the solution platform-independent. It gives an insight into Docker and Kubernetes for consistent and reliable Deployment. We talk about how the containers fit and improve your DevOps ecosystem and how to get started with containerization. Learn new deployment approach to effectively use your infrastructure resources to minimize the overall cost.
Brief overview of the Docker eco system, the paradigm change it brings to development and operations processes. While docker has lots of potential its still working to mature into a viable production system that has proved itself secure, stable, and viable.
My college ppt on topic Docker. Through this ppt, you will understand the following:- What is a container? What is Docker? Why its important for developers? and many more!
What is this Docker and Microservice thing that everyone is talking about? A primer to Docker and Microservice and how the two concepts complement each other.
Undine: Turnkey Drupal Development EnvironmentsDavid Watson
Undine is a cross-platform, fully-featured development VM (virtual machine) for Drupalistas of all experience levels. Sponsored by Stevens Institute of Technology, it is a turnkey solution to many of the common pain points encountered in developing for Drupal.
Download Undine: http://drupal.org/project/undine
Presentation about docker from Java User Group in Ostrava CZ (23th of November 2015). Presented by Martin Damovsky (@damovsky).
Demos are available at https://github.com/damovsky/jug-ostrava-docker
The challenge of application distribution - Introduction to Docker (2014 dec ...Sébastien Portebois
Live recording with the demos: https://www.youtube.com/watch?v=0XRcmJEiZOM
Contents
- The application distribution challenge
- The current solutions
- Introduction to Docker, Containers, and the Matrix from Hell
- Why people care: Separation of Concerns
- Technical Discussion
- Ecosystem, momentum
- How to build Docker images
- How to make containers talk to each other, how to handle data persistence
- Demo 1: isolation
- Demo 2: real case - installing Go Math! Academy, tail –f containers, unit tests
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. ABOUT ME
SWAPNIL JAIN
• 17 years of broad technical experience
• Red Hat Certified Architect (RHCA) Level X
• Awarded as “Best Instructor” for 2015-2016 by Red Hat
• Founder & Director at Pisces Solutions P. Ltd
• Founder & CTO at Ambedded Taiwan, and creator of worlds first ARM MicroServer Based Ceph
Appliance “MARS200”, winner of “Best of Interop 2016” innovation award
• Red Hat Certified Instructor, delivering trainings in India, Singapore, Hong Kong, Japan,
Australia, New Zealand and now USA
• Trained 600+ Candidates on different OpenSource Products & Technologies
4. DAY 1
AGENDA
1. Introduction to Containers
2. Docker & Its Architecture
3. Creating Your first Docker Container
4.Simple Web Application
5.Working with Images
5. DAY 2
AGENDA
6.Building Docker Images
7.Triggers in Docker Images
8.Networking with Docker
9.Manage data in containers
10.Linking Multiple Containers
6. DAY 3
AGENDA
11.Docker Public Registries
12.Create your own private Docker Registry
13.Running a Secured Docker Registry
14.Content trust in Docker
15.Limiting a container's resources
16.Multi-stage builds
8. PREREQUISITE
1.At-least 1 Docker host running
2.Computer with internet connection and a web browser
3.Nice to have a docker hub account (hub.docker.com)
9. EXTRA DETAILS
1.Lab Guide: http://docker-fundamentals.mask365.com
2.Online Labs: http://docker.mask365.com
3.References: https://github.com/swapnil-linux/dockertraining
4.Chat during training:
• Chat SignUp: https://goo.gl/khxmQB
• Chat: https://mask365trainings.slack.com/
5. Slide Deck: http://www.googlinux.com/docker-training.pdf
ASK ME
10. LAB DETAILS
1.To follow along, you need at-least 1 Docker hosts with
docker version 1.12+ (recommended version 17.07)
2.If you are doing (or re-doing) this on your own, you can
use the online labs at http://docker.mask365.com
11. DOCKER.MASK365.COM
ONLINE LABS
• Open a new browser tab to docker.mask365.com.
• Confirm that you're not a robot
• Click on "ADD NEW INSTANCE": congratulations, you have your first Docker
node! Unless instructed, all commands must be run from the first VM, node1
• We will (mostly) interact with node1 only
• Note the countdown in the corner; when it expires, your instances are destroyed
• If you give your URL to somebody else, they can access your nodes too, (You can
use that for pair programming, or to get help from a mentor)
17. FROM WIKIPEDIA, THE FREE ENCYCLOPAEDIA
VIRTUALIZATION
• Virtualization refers to the act of creating a virtual (rather than actual) version of
something, including virtual computer hardware platforms, operating systems,
storage devices, and computer network resources.
18. FROM WIKIPEDIA, THE FREE ENCYCLOPAEDIA
VIRTUALIZATION
• Virtualization refers to the act of creating a virtual (rather than actual) version of
something, including virtual computer hardware platforms, operating systems,
storage devices, and computer network resources.
• Virtualization began in the 1960s, as a method of logically dividing the system
resources provided by mainframe computers between different applications. Since
then, the meaning of the term has broadened.
20. WHAT IS IT?
CLOUD COMPUTING
• Wikipedia: It is a model for enabling
ubiquitous, on-demand access to a
shared pool of configurable
c o m p u t i n g re s o u rc e s . C l o u d
computing and storage solutions
provide users and enterprises with
various capabilities to store and
process their data in third-party
data centers.
https://en.wikipedia.org/wiki/Cloud_computing
37. IT DEPENDS WHO YOU ASK
WHAT ARE CONTAINERS?
Container is a light weight Operating System Virtualization ?
38. WHAT IS A CONTAINER?
• Container is a process running on your system in an isolated environment.
• Multiple containers can run on the same machine and share the OS kernel with other
containers, each running as isolated processes in user space.
• Containers take up less space than VMs (container images are typically tens of MBs in
size), and start almost instantly.
• Isolation is created using:
• Linux Kernel Namespaces runs isolated process from other processes
• Cgroups limit the use of CPU, RAM, virtual memory, and I/O bandwidth, among other
hardware and kernel resources.
39. HOW IS IT DIFFERENT FROM TRADITIONAL VIRTUALIZATION?
• Traditional Virtualization: Provides Virtual Hardware
• Containers: Virtual Operating System
• isolated process on the host (more in next unit)
40. HOW IS IT DIFFERENT FROM TRADITIONAL VIRTUALIZATION?
41. CONTAINERIZATION TECHNOLOGIES
Container implementation was first available in 1982 as chroot in most Unix like
operating systems, in 2004 as zones in solaris and became more popular after
implementation as Docker containers since 2013.
44. BUILD, SHIP, RUN
WHAT IS DOCKER ?
Literal meaning of Docker is "a person employed in a port
to load and unload ships". If Container is a lightweight
operating system virtualization, Docker is software to
create and manage containers.
52. REGISTRY
• A Docker registry stores Docker images. Docker Hub is
public registries that anyone can use, and Docker is
configured to look for images on Docker Hub by default.
You can even run your own private registry.
• When you use the docker pull or docker run commands,
the required images are pulled from your configured
registry. When you use the docker push command, your
image is pushed to your configured registry.
53. IMAGES
• An image is a read-only template with instructions for creating a Docker container.
Often, an image is based on another image, with some additional customization. For
example, you may build an image which is based on the ubuntu image, but installs the
Apache web server and your application, as well as the configuration details needed to
make your application run.
• You might create your own images or you might only use those created by others and
published in a registry. To build your own image, you create a Dockerfile with a simple
syntax for defining the steps needed to create the image and run it. Each instruction in
a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild
the image, only those layers which have changed are rebuilt. This is part of what makes
images so lightweight, small, and fast, when compared to other virtualization
technologies.
54. CONTAINER
• A container is a runnable instance of an image. You can create, run, stop, move,
or delete a container using the Docker API or CLI. You can connect a container to
one or more networks, attach storage to it, or even create a new image based on
its current state.
• By default, a container is relatively well isolated from other containers and its
host machine. You can control how isolated a container’s network, storage, or
other underlying subsystems are from other containers or from the host machine.
• A container is defined by its image as well as any configuration options you
provide to it when you create or run it. When a container stops, any changes to
its state that are not stored in persistent storage disappears.
55. • Linux Kernel Namespaces
• Control Groups
• Union File System
• SELinux (Red Hat)
THE UNDERLYING TECHNOLOGY
WHAT MAKES A DOCKER CONTAINER
56. LINUX KERNEL NAMESPACES
• PID (Process Isolation)
• NET (Managing Network Interfaces)
• IPC (Interprocess Communication)
• User and Group IDs
• MNT (File System Mount Points)
• UTS (Isolating Kernel and version identifiers)
66. SELINUX
• SELinux controls access to processes by Type and
Level. Docker offers two forms of SELinux protection:
type enforcement and multi-category security (MCS)
separation.
• SELinux labels consist of 4 parts:
USER:ROLE:TYPE:LEVEL
67. SELINUX - TYPE ENFORCEMENT
• Type enforcement is a kind of enforcement in which rules are based
on process type. It works in the following way. The default type for a
confined container process is svirt_lxc_net_t. This type is permitted
to read and execute all files types under /usr and most types under
/etc. svirt_lxc_net_t is permitted to use the network but is not
permitted to read content under /var, /home, /root, /mnt …
svirt_lxc_net_t is permitted to write only to files labeled
svirt_sandbox_file_t and docker_var_lib_t. All files in a container are
labeled by default as svirt_sandbox_file_t. Access to docker_var_lib_t
is permitted in order to allow the use of docker volumes.
68. SELINUX - MCS SEPARATION
• Multi-Category Security (MCS) Separation is sometimes called svirt. It works
in the following way. A unique value is assigned to the level field of the
SELinux label of each container. By default each container is assigned the MCS
Level equivalent to the PID of the docker process that starts the container.
• The standard targeted policy includes rules that dictate that the MCS Labels
of the process must dominate the MCS label of the target. The target is
usually a file. The MCS Label usually looks something like s0:c1,c2 Such a label
would Dominate files labeled s0, s0:c1, s0:c2, s0:c1,c2. It would not, however,
dominate s0:c1,c3. All MCS Labels are required to use two Categories. This
guarantees that no two containers can have the same MCS Label by default.
69. NAMESPACES + CGROUPS + UFS + SELINUX
WHAT MAKES A CONTAINER
• Container format: Docker Engine combines the
namespaces, control groups, UnionFS and SELinux into
a wrapper called a container format. The default
container format is libcontainer.
• In the future, Docker may support other container
formats by integrating with technologies such as BSD
Jails or Solaris Zones.
72. DOCKER VERSION
• Docker Inc. announced Docker Enterprise Edition
• Docker 1.13 = Docker 17.03 (year.month, like Ubuntu)
• Every month, there is a new "edge" release (with new features)
• Every quarter there is a new "stable" release
• Docker CE releases are maintained 4+ months
• Docker EE releases are maintained 12+ months
74. MOBY PROJECT
• DockerCon 2017 Austin: Docker announces it's opening/moving
more components outside of Docker Inc. org to Moby org.
• Why? To help separate and clarify the open source
"projects" (LinuxKit, SwarmKit, containerd) from the Docker
"products" (Docker CE, Docker EE, Docker for X)
• "An open framework to assemble specialised container systems
without reinventing wheel."
• Not for Docker users. For docker internals devs and system builders.
