Shipping Applications to Production in Containers with DockerJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage Linux Containers. Containers use less resources than virtual machines, they boot faster, but they have similar guarantees of portability and repeatability for Linux applications. Those features made Docker and Linux Containers extremely popular for development and testing environments. But what does it take to use Docker and Containers for production workloads?
Docker containers are other piece of the new Connections architecture that makes it a highly extensible and flexible collaboration platform. Flashing back to IBM Connect 17 in San Francisco, I knew Docker was going to be a topic of high interest as the Docker session was standing room only. Predicated on this I decided to conduct an introduction to Docker session at Social Connections 11.
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage containers. We'll explain what are Linux Containers, what powers them (under the hood), and what extra value Docker brings to the table. Then we'll see what the typical Docker workflow looks like from a developer point of view. We'll also give an Ops perspective, including deployment options. If you already saw a "Docker 101", consider this presentation as the February 2014 update! :-)
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage Linux Containers. Containers use less resources than virtual machines, they boot faster, but they have similar guarantees of portability and repeatability for Linux applications. Those features made Docker and Linux Containers extremely popular for development and testing environments. But what does it take to use Docker and Containers for production workloads?
Docker containers are other piece of the new Connections architecture that makes it a highly extensible and flexible collaboration platform. Flashing back to IBM Connect 17 in San Francisco, I knew Docker was going to be a topic of high interest as the Docker session was standing room only. Predicated on this I decided to conduct an introduction to Docker session at Social Connections 11.
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage containers. We'll explain what are Linux Containers, what powers them (under the hood), and what extra value Docker brings to the table. Then we'll see what the typical Docker workflow looks like from a developer point of view. We'll also give an Ops perspective, including deployment options. If you already saw a "Docker 101", consider this presentation as the February 2014 update! :-)
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
If you're not familiar with Docker yet, here is your chance to catch up: a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. It also includes Jérôme will also discuss the new features of Docker 1.0, and briefly explain how you can run and maintain Docker on Azure. In addition, an Azure team member will demonstrate how deploy docker to Azure. The presentation will be followed by a Q&A session!
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
Containers have been evolved from generations behind today.So what's new with Docker ? What has changed during the current scenario ? Find out more on docker and how to implement it in your environments in the above slide show.
An overview of Docker and Linux containers. There are three parts:
An introduction to Docker and containers
A demo that the audience can try out
An overview of the various vendors and groups in this space
The demo is meant to be a simple, step-by-step recipe that introduces the basic commands and ends by spinning up a node.js app using two linked containers: node and redis.
The final section explores the companies and groups that are working on containers, either complementing Docker's contributions or in direct competition with them.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
An introduction to Docker and docker-compose. Starting from single docker run commands we discover docker file basics, docker-compose basics and finally we play around with scaling containers in docker-compose.
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Introduction to Docker presented by MANAOUIL Karim at the Shellmates's Hack.INI event. The teams deployed were assisted to deploy a Python Flask application behind an Nginx load balancer.
Orchestrating Docker containers at scaleMaciej Lasyk
Many of us already poked around Docker. Let's recap what we know and then think what do we know about scaling apps & whole environments which are Docker - based? Should we PaaS, IaaS or go with bare? Which tools to use on a given scale?
This presentation session will go through the basics of Docker and illustrate its importance in modern DevOps. It will also go through a step-by-step demo of setting up a Docker image for the LAMP stack (Linux, Apache, MySQL, PHP) together with a working sample application.
Slides & codes: http://bit.ly/thomasdocker
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
Presented by: Brent Laster, SAS
Presented at All Things Open 2020
Abstract: In this workshop, students will get a quick overview of what containers are and why they form the basis for many of the key technologies that we use today in cloud environments.
We’ll explore what makes up a container and how they are managed and leveraged in key industry tooling including Docker, Kubernetes, Helm, and Istio. You’ll also learn the basics of these technologies, what they are used for, and see some simple examples of how to use them.
This workshop will include hands-on labs where you will get experience:
Building container images, running them as containers, and tagging and pushing them into a Docker repository.
Creating deployments, services, and pods for containers and instantiating and running those in Kubernetes.
Working with Helm to leverage templates for Kubernetes objects and managing releases in Kubernetes.
Working with Istio to do traffic shaping between multiple versions of your app, fault and delay injection for testing and validation in Kubernetes.
We’ll also briefly cover GitOps – the recommended Git-based way to manage infrastructure like your Kubernetes cluster.
Docker provides a new, powerful way of prototyping, testing and deploying applications on cloud-based infrastructures. In this seminar we delve into the concept of Docker containers without requiring any previous knowledge from the audience.
As developers, we are blessed with a huge variety of tools to help us in our daily jobs. One of the most popular ones that has shown up over the last few years is Docker. How does one go about getting started with Docker? Why should you invest your time in this new technology? What can you do with Docker? Let's find out!
If you're not familiar with Docker yet, here is your chance to catch up: a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. It also includes Jérôme will also discuss the new features of Docker 1.0, and briefly explain how you can run and maintain Docker on Azure. In addition, an Azure team member will demonstrate how deploy docker to Azure. The presentation will be followed by a Q&A session!
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
Containers have been evolved from generations behind today.So what's new with Docker ? What has changed during the current scenario ? Find out more on docker and how to implement it in your environments in the above slide show.
An overview of Docker and Linux containers. There are three parts:
An introduction to Docker and containers
A demo that the audience can try out
An overview of the various vendors and groups in this space
The demo is meant to be a simple, step-by-step recipe that introduces the basic commands and ends by spinning up a node.js app using two linked containers: node and redis.
The final section explores the companies and groups that are working on containers, either complementing Docker's contributions or in direct competition with them.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
An introduction to Docker and docker-compose. Starting from single docker run commands we discover docker file basics, docker-compose basics and finally we play around with scaling containers in docker-compose.
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Introduction to Docker presented by MANAOUIL Karim at the Shellmates's Hack.INI event. The teams deployed were assisted to deploy a Python Flask application behind an Nginx load balancer.
Orchestrating Docker containers at scaleMaciej Lasyk
Many of us already poked around Docker. Let's recap what we know and then think what do we know about scaling apps & whole environments which are Docker - based? Should we PaaS, IaaS or go with bare? Which tools to use on a given scale?
This presentation session will go through the basics of Docker and illustrate its importance in modern DevOps. It will also go through a step-by-step demo of setting up a Docker image for the LAMP stack (Linux, Apache, MySQL, PHP) together with a working sample application.
Slides & codes: http://bit.ly/thomasdocker
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and moreAll Things Open
Presented by: Brent Laster, SAS
Presented at All Things Open 2020
Abstract: In this workshop, students will get a quick overview of what containers are and why they form the basis for many of the key technologies that we use today in cloud environments.
We’ll explore what makes up a container and how they are managed and leveraged in key industry tooling including Docker, Kubernetes, Helm, and Istio. You’ll also learn the basics of these technologies, what they are used for, and see some simple examples of how to use them.
This workshop will include hands-on labs where you will get experience:
Building container images, running them as containers, and tagging and pushing them into a Docker repository.
Creating deployments, services, and pods for containers and instantiating and running those in Kubernetes.
Working with Helm to leverage templates for Kubernetes objects and managing releases in Kubernetes.
Working with Istio to do traffic shaping between multiple versions of your app, fault and delay injection for testing and validation in Kubernetes.
We’ll also briefly cover GitOps – the recommended Git-based way to manage infrastructure like your Kubernetes cluster.
Docker provides a new, powerful way of prototyping, testing and deploying applications on cloud-based infrastructures. In this seminar we delve into the concept of Docker containers without requiring any previous knowledge from the audience.
As developers, we are blessed with a huge variety of tools to help us in our daily jobs. One of the most popular ones that has shown up over the last few years is Docker. How does one go about getting started with Docker? Why should you invest your time in this new technology? What can you do with Docker? Let's find out!
Load Balancing Apps in Docker Swarm with NGINXNGINX, Inc.
On-demand webinar recording: http://bit.ly/2mRjk2g
Docker and other container technologies continue to gain in popularity. We recently surveyed the broad community of NGINX and NGINX Plus users and found that two-thirds of organizations are either investigating containers, using them in development, or using them in production. Why? Because abstracting your applications from the underlying infrastructure makes developing, distributing, and running software simpler, faster, and more robust than ever before.
But when you move from running your app in a development environment to deploying containers in production, you face new challenges – such as how to effectively run and scale an application across multiple hosts with the performance and uptime that your customers demand.
The latest Docker release, 1.12, supports multihost container orchestration, which simplifies deployment and management of containers across a cluster of Docker hosts. In a complex environment like this, load balancing plays an essential part in delivering your container-based application with reliability and high performance.
Join us in this webinar to learn:
* The basic built-in load balancing options available in Docker Swarm Mode
* The pros and cons of moving to an advanced load balancer like NGINX
* How to integrate NGINX and NGINX Plus with Swarm Mode to provide an advanced load-balancing solution for a cluster with orchestration
* How to scale your Docker-based application with Swarm Mode and NGINX Plus
Docker has created enormous buzz in the last few years. Docker is a open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers, provide an overview of Docker, and take the participants through the steps for installing Docker. The main session involves using Docker CLI (Command Line Interface) - all the concepts such as images, managing containers, and getting useful work done is illustrated step-by-step by running commands.
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
Docker Community Edition (CE) and Enterprise Edition (EE) are the best expressions of the Docker Platform to date. Whether you’re a developer, an ops team or a enterprise IT-team member, and no matter the infrastructure, Docker CE and EE gives you a way to install, upgrade and maintain Docker with the support and assurances required for your particular workload.
Both Docker CE and EE are available on a wide range of popular operating systems (including Windows Server 2016) and cloud infrastructure. Developers and devOps have the freedom to run Docker on their favorite infrastructure without risk of lock-in.
Michael Friis will give an overview of both editions and highlight the big enhancements to the lifecycle, maintainability and upgradability of Docker.
On-demand recording: http://bit.ly/2mRhTRB
If you’re a Java developer, you probably know that containers have begun to revolutionize application development and deployment. Developers across the world have adopted modern application stacks to more quickly develop and deploy their applications, and deliver the performance users expect. When the power of NGINX Plus and Docker is combined developers, system administrators, and application owners achieve something we all desire: flawless application delivery.
In this webinar you will hear from Arun Gupta, a key visionary behind the development and success of Java, about why choosing technologies like Docker and NGINX can provide significant benefit to your applications. Arun Gupta will share key points which he discusses in his newly released book, Docker for Java Developers, from O’Reilly.
Join us in this webinar to learn:
* How Docker can improve your Java development lifecycle.
* How to build and run Docker containers for Java applications
* Tips for managing Docker containers in Java development environments
* How to load balance Java applications running in Docker containers
Dockerをちゃんと使おうと考えていたらKubernetesに出会いました。ERPのシステム開発でkubernetesを使おうとして苦労した、あるいは現在進行形で苦労していることを、そもそもKubernetesが解決しようとしている課題やそのアーキテクチャそのものにも言及しながらお話します。Dockerをベースにシステム設計を行おうとしている方にノウハウ(主に苦労話)を共有します。
July 24th, 2016 July Tech Festa 2016
Infrastructure Deployment with Docker & AnsibleRobert Reiz
This is an introduction to Docker & Ansible. It shows how Ansible can be used as orchestration too for Docker. There are 2 real world examples included with code examples in a Gist.
What is this Docker and Microservice thing that everyone is talking about? A primer to Docker and Microservice and how the two concepts complement each other.
Presentation about docker from Java User Group in Ostrava CZ (23th of November 2015). Presented by Martin Damovsky (@damovsky).
Demos are available at https://github.com/damovsky/jug-ostrava-docker
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
Michigan IT Symposium 2017 - Container BOFJeffrey Sica
Development with Containers
Moderator: Jeffery Sica
Orchestration and Management with Containers
Moderator: Bob Killen
The Container has revolutionized how many industries and enterprises develop and deploy software and services. While the promise of containers to improve reliability, reproducibility and sharing application is helping to drive this adoption, there are still questions and concerns that are holding back broader adoption. In this BOF we will provide an opportunity for the Michigan IT community to engage with the local leaders in this area that are developing solutions and promoting the container model in their units
This BoF has been broken into two high-level topics: Development with Containers that is geared toward developers working with and implementing containerized applications, and Orchestration and Management with Containers that is geared toward sysadmins that are hosting and maintaining production-level containers. There will be an overview followed by an interactive period where the audience can ask questions of our experts and share their experiences with others. A key goal of these sessions is to understand and develop an agenda for solving questions and concerns that are holding back broader adoption.
Serverless Presentation from Devoxx 2017 Casablanca (AWS Lambda / FaaS / Fn Project).
I did another presentation with the same slides at DOAG Nürnberg.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1. munz & more
Docker from A to Z
Including Oracle Container Cloud Service
OUGN Conference 2017 Dr. Frank Munz
2. 2
Frank Munz
• Founded munz & more in 2007
• 17 years Oracle Middleware,
Cloud, and Distributed Computing
• Consulting and
High-End Training
• Wrote two Oracle WLS and
one Cloud book
5. Docker
• Open Source (evolving), written in Go
• Container technology
• Portable standard
• Runs on Linux (Microsoft, MacOS, Solaris)
Google starts
2.000.000.000
containers
per week!
6. Virtualization vs. Isolation
munz & more #6
Linux + Docker
Hardware
a.war
Immutable Docker container in Linux
with own FS, network stack /
IP address, process space and
resource limits.
-> Isolation
Hardware
OVM / VmWare ESX / Xen
Application
1
Solaris
Application
2
Linux
Application
3
Win
Server Virtualization
Type 1 hypervisor
= on bare metal
Hardware
Mac OS / Win
Desktop Virtualization:
Type 2 hypervisor
= with host OS
ejb.jar
y.jar
x.py
JDK
WebLogic
tools
Jython
VirtualBox
Application1
Linux
Application2
Win
7. Docker
munz & more #7
Linux + Docker
Hardware
a.war
ejb.jar
y.jar
x.py
JDK
WebLogic
tools
Jython
Docker is not a
lightweight VirtualBox
- it's about isolation.
Containers run on
Linux kernel of host
-> Containers are
visible on host
8. Docker Images
• Package format
• Layered incremental,
copy on write file system
• “Application with all dependencies”
• Create image yourself
or get it from Docker Hub
docker image ls
munz & more #8
Example Layers:
- WLS Domain
- WebLogic
- Java
- Linux Image
9. Docker Container
• Isolated runtime of Docker image
• Starts up in milliseconds
• Sandboxing uses Linux namespaces and
cgroups (RAM, CPU, filesystem)
-> isolated part of your Linux
• Open Container Standard / Linux Foundation
docker run -d –p 8080:9999 fmunz/micro
munz & more #9
10. Docker Limitations
• Cannot load kernel modules
• Applications that manipulate namespaces
• Kernel config per container
• Some SW not (yet) supported when running
in Docker container: Oracle DB etc.
munz & more #10
11. Solves the “Worked For Me!” issue
munz & more #11
OS tools, JDK,
patches, database
driver, libs,
appserver, domain,
deployment, tools,
scripts
Docker
OS utils, JDK, patches, database driver, libs,
appserver, domain, deployment, tools,
scripts
Integration,
Performance,
Acceptance
Testing
Production
dockerize it!
You can pass environment variables
for specific settings e.g. in prod
Docker Registry
13. Automated Builds
• Automatically build your images:
GitHub account with Dockerfile
• Registry uses GitHub directory structure
as build context
• Image is uploaded automatically
to Docker hub
-> Trust, up to date, and transparent
15. And Then Automate
• Build Docker images for testing from
continuous delivery pipeline
• Use Jenkins / Hudson hooks or a maven
plugin to create / start / stop /delete
Docker containers
munz & more #15
16. Docker Maven Plugins
• Alternative
approach to
Dockerfile
• Various plugins
• Few only active
munz & more #16
https://github.com/fabric8io/docker-maven-plugin
fabric8: docker-maven
18. Registry
• Docker image is not found?
-> pulled from registry
• Push your image to registry
docker push yourname/newimage
• Free account includes 1 private registry
Also private, containerized registry for download
with fs and optional in-memory, S3, or Azure data
store
munz & more #18
19. what should be your
biggest nightmare:
unknown and
unofficial images
(>14000)
Docker Registry
21. Docker in the Cloud?
Supported by every major cloud provider:
munz & more #21
On premise -> all clouds
Docker
Registry
Docker Container Service
EC2 Container Service
Google Container Engine
Azure Container Service
Bluemix Containers
22. Oracle Cloud and Docker
Oracle Container Cloud Service OCCS (covered in part II)
• Available now!
Oracle Application Container Cloud Service
• Uses Docker containers to run your
Java or JavaScript application
Compute Cloud Service
• Manually run your containers
Docker Data Center, AWS ECS, Google Container Service
• Docker Clouds
munz & more #22
29. A stranger gives you a box at night and asks
you to connect it to your company network:
Would you do it?
30. Suggestions
• Use trusted images / with known Dockerfile
• Kernel features are well established
– cgroups (2006, merged into 2.6.24 kernel)
– namespaces (initial kernel patch 2.4.19)
• Docker can use TLS (client to daemon)
• Docker images can be signed
• Think twice about pulling images from
public repos / Docker hub
munz & more #30
31. FUD
"Docker is like chroot() on steroids."
• Yes: It's easy to escape chroot() environment
• No: Docker does not use chroot()
-> it uses namespaces
munz & more #31
32. Do namespaces solve it?
6 different namespace, but
not everything is namespaced, eg:
• /proc/sys|irq|bus
• /sys, /sys/fs
• /dev/mem
• /dev/sd*
• kernel modules
• User namespaces since 1.9
Docker uses read-only mounts where possible
munz & more #32
33. Linux Capabilities
• Privileged container: like being root on host
• Capabilities -> Break down power of root
• Examine PID 1 capabilities with getpcaps:
munz & more #33
34. User Namespaces
• Before Docker 1.10 root process in container
was root process on host
– with limited capabilites
• With Docker 1.10 user namespaces a root
process in container can be mapped to user
process on host
– Disabled per default
– To enable start Docker daemon with --userns-remap
munz & more #34
35. … more Suggestions
• Drop privileges as quickly as possible
• Treat root in container as root outside
(although it isn't)
• No secrets in images
• Combine Docker with
SELinux, AppArmor and / or virtualization
• Host can always access container
Note: Public PaaS do not simply spin up Docker
containers!
munz & more #35
37. Conclusion
• You have to deal with Docker security
depending on your use case
• Note: Public PaaS are not just spinning up
Docker containers they use SELinux, VMs,…
• Docker is not a risk per se
but new technology with different challenges.
munz & more #37
39. Docker Style
• Independent appserver in container
• Microservices / 12-factor app architecture
• Just add your favorite Docker
cluster manager
munz & more #39
OS tools, JDK,
database driver, libs,
appserver, single /
selfcontained
domain,
deployment, tools,
scripts
40. JDK, WLS, Domain
createServer.sh:
creates machine/NM,
starts NM,
creates manServ,
starts manServ
WebLogic Example
munz & more #40
$docker run -d
--link wlsadmin:wlsadmin
fmdom1
createServer.sh
$docker run -d -p 8001:8001
--name=wlsadmin
fmdom1
startWebLogic.sh
JDK, WLS, Domain
startWebLogic.sh
starts AdminServer
wlsadmin
JDK, WLS, Domain
createServer.sh:
creates machine/NM,
starts NM,
creates manServ,
starts manServ
connect to admin
due to --link:
/etc/hosts
172.17.1.99 wlsadmin 31a1baaf
OLD STYLE!
Use Networks now…port 8001 IP:port 7001
Managed Servers
--link
41. Official Support
#41^
Oracle support
does not require
you to use the
provided Docker
files
Oracle Product Official Support
GlassFish
MySQL yes
NoSQL
OpenJDK
Oracle Linux yes
OracleCoherence yes
OracleDatabase yes
OracleHTTPServer yes
OracleJDK yes
OracleTuxedo yes
OracleWebLogic yes
42. Oracle and Docker
Different approaches:
1. DIY: Dockerfile from Oracle github
2. Oracle Docker registry
3. Oracle Container Cloud Service
munz & more #42
43. DIY: Github
• Github repo with set up
scripts based on
Oracle Linux
• Docker is a supported
environment for
WebLogic 12.1.3+
https://github.com/oracle/docker-images
munz & more #43
44. Just Drop Server JRE and WLS Installer
munz & more #44
$ cd java-8
$ docker build -t oracle/jdk:8 .
Sending build context to Docker daemon 4.096 kB
Step 1 : FROM oraclelinux:latest
latest: Pulling from library/oraclelinux
10ec637c060c: Downloading 4.865 MB/97.84 MB
...
$ sh buildDockerImage.sh -g -v 12.2.1.1
...
45. Extend the WLS image
Sample script provided:
• Dockerfile to extend WLS image
• Run WLST script to create domain
• Create boot.properties
• Expose NM, Server ports
munz & more #45
Linux Base Image
JDK Image
WebLogic Image
WLS Domain Image
46. Docker Registry (New)
Docker images from Oracle container registry
(restricted to US / OZ / GB!)
Get image:
$ docker login container-registry.oracle.com
$ docker pull container-registry.oracle.com/java/serverjre:8
munz & more #46
47. Container Cloud Service (New)
Run your Docker in Oracle cloud with OCCS
• Dashboards
• Services
• Stacks of services
• Ressource pools
• Registries
munz & more #47
49. OCCS
• Easy way to run Docker container in Oracle
cloud
• No need to install Docker, buy machines etc.
• Integrates with Docker hub and Oracle
Container registry
• Does not use Kubernetes or Docker Swarm
61. Networking: Facts to Know
• Docker --link only works on single host
-> regarded as deprecated now
• Networking supported since Docker 1.9
• SDN network that spans hosts:
Libnetwork implements
Container Networking Model (CNM):
Endpoint / Network / Sandbox
munz & more #61
63. Networking: Facts to Know
• Integrated with Compose / Swarm
• Two types:
– Bridge: Single host
– Overlay: Multiple hosts, based on k-v store
munz & more #63
65. Cluster Manager Options
On Premise Cloud
Docker Swarm Docker 1.12 Docker DC (EE)
Kubernetes DIY Google
Oracle Oracle Registry / Git Oracle CCS
munz & more #65
66. Kubernetes (K8s)
• Kicked off by Google’s borg
• Most active github project
• Orchestration for containers, e.g. Docker
• Declarative configuration
• Service discovery
• Rolling upgrades
munz & more #66
67. K8s
• YAML configuration
• Pod: Container(s) sharing IP, network, filesystem
– IP is ephemeral
– Uses Labels
• Replication Controller -> Replica Set
– Manages PODs (restarts replicas based on labels)
• Services
– Proxy for pod
– Permanent IP
munz & more #67
68. Kubernetes
• Not easy to install / manage
• Recommended for local: minicube
• Cloud: Google container engine
• Oracle: somehow announced (?)
• OCCS is not K8s
munz & more #68
69. Docker Swarm
• Native Docker cluster with same API as
a single engine
• Fast provisioning, about 500 msec
• Scheduling: spread, binpack, rand
• No insecure mode J
munz & more #69
70. Docker Swarm
Since Docker 1.12
• Swarm is merged with Docker engine:
• Load balancer included
• Service discovery
• Cluster scheduler
-> Swarm has now more features similar to Kubernetes
-> easier to get started
munz & more #70
71. Step to Create a Swarm
1. Create Swarm master node
2. Create worker nodes
3. Create / scale / update service
4. Use routing mesh
munz & more #71
72. Swarm Routing Mesh
• All nodes participate in routing mesh
• Load balancing for services
• Service discovery
munz & more #72
https://docs.docker.com/engine/swarm/ingress/
#publish-a-port-for-tcp-only-or-udp-only
73. Kubernetes or Swarm?
• Swarm wasn’t impressive when released,
but this has changed now
• Swarm is much easier to understand
and to operate
• Swarm covers a lot of what K8s does
• Swarm is tightly linked to Docker API
-> harder to replace Docker with e.g. Rocket
munz & more #73
78. Design Goals for Mini
• Hands-on Raspi experience
• Kubernetes setup -> Docker Swarm setup
• HA / failover / rolling updates
• Build something cool
munz & more #78
79. Design Decisions for Mini
• Hypriot Linux
• 4 node cluster
• ARM based -> runs ARM Docker images
• Preferred Gbit switch, but WIFI only
– Better I/O throughput with separate WIFI chip
– Simplicity
– DHCP reservation bug in router -> no MAC reservation for switch
• Wifi router in hotspot mode
– Mac OS issue with NAT
• DIY: github https://github.com/fmunz/raspicluster
munz & more #79
80. Paper bag Computer Raspberry Pi
• 1.2 GHz Quad Core ARM cortex-a53
• RAM: 1 GB LPDDR2 Speicher
• Dual Core VideoCore, 1920x1080
• Bluetooth
• 802.11 B/G WIFI
• Boots from micro SD card
• 38 €
munz & more #80
81. DIY Raspi Docker Cluster
munz & more #81
Component Price
Raspi 4x 38€
Micro SD 4x 11€
Power 28€
Wifi 22€
Case 30€
Wires 10€
84. munz & more #84
Good Docker book by
J. Turnbull / $ 9.99
(covering Docker 1.13)
85. Predictions
• Swarm will take its share from Kubernetes.
• You will not dockerize 90% of your enterprise IT
in the next 24 months.
• Docker is the new Linux.
Be ready to experience that feeling we had
with Linux 13 years ago J
• Sometimes Docker is the new PaaS.
munz & more #85
86. Conclusion
• Docker is used in production
• Docker, but more so cluster managers
are still evolving
• Docker is not a security risk,
but tick off the referenced security checklist
• Oracle caught the trend early – good!
• Many Oracle products supported already, more
to come?
munz & more #86
87. TL;DR @docker / #cloud
works for me: solved / cross cloud
/ not everything must be a
container / just Docker is not
enough / #swarm is the easier #k8s
/ not a security risk / many
products offered as images /
official Oracle support / consider
cloud services.
@frankmunz