Uploaded byMuhamedAhmed35
PPTX, PDF9 views

Docker Fundamasadsasdasdassadentals 101 - Dark.pptx

asdsadsadasaads

Food

Embed presentation

Download to read offline
Docker Fundamentals Mohamed Shokry
Agenda What is cloud native? Pillars of cloud native What is Docker? What is Container? What is Docker image and image layers? What is Dockerfile? What are Docker registries? Docker Architecture Linux Namespaces and cgroups and Union file systems What is Docker volume? What is Docker network? Service images vs Executable images What is Docker compose? Container orchestration
What is “Cloud Native”? The Cloud Native Computing Foundation provides the official definition: Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.
What is “Cloud Native”? Cont’d Netflix: Has 600+ services in production. Deploys 100 times per day. Uber: Has 1,000+ services in production. Deploys several thousand times each week. WeChat: Has 3,000+ services in production. Deploys 1,000 times a day.
Pillars of Cloud Native
Pillars of Cloud Native: The Cloud • Cloud Native apps treat the underlying infrastructure as disposable - provisioned in minutes and resized, scaled, or destroyed on demand – via automation. • Consider the widely accepted DevOps concept of Pets vs. Cattle • In a traditional data center, servers are treated as Pets: a physical machine, given a meaningful name, and cared for. You scale by adding more resources to the same machine (scaling up). If the server becomes sick, you nurse it back to health. Should the server become unavailable, everyone notices. • The Cattle service model is different. You provision each instance as a virtual machine or container. They’re identical and assigned a system identifier such as Service-01, Service-02, and so on. You scale by creating more of them (scaling out). When one becomes unavailable, nobody notices
Pillars of Cloud Native: The Cloud Cont’d • The cattle model embraces immutable infrastructure. Servers aren’t repaired or modified. If one fails or requires updating, it’s destroyed, and a new one is provisioned – all done via automation • Cloud-native systems embrace the Cattle service model. They continue to run as the infrastructure scales in or out with no regard to the machines upon which they’re running
What is Docker? • Docker is a tool that help you to create and manage containers
What is Docker? Cont’d
What is Container? • Containers are not VMs. • A container is an isolated (namespaces) and restricted (cgroups, capabilities, seccomp) process. • How to create a container ? If you have docker installed, you can run a CentOS container using below command # docker run -it centos bash
What is Docker image? Docker image is a read-only template with instructions for creating a Docker container
FROM node:18-alpine WORKDIR /app COPY . . RUN yarn install -- production CMD ["node", "src/index.js"] EXPOSE 3000 docker build -t getting-started . shokry@minikube:~/getting-started$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE getting-started latest 9178a6d68d32 About a minute ago 130MB How do I build the docker image?
What is Docker image layers? • Layers are what make up an image. Each layer is a “diff” that contains the changes made to the image since the last one was added • Each layer corresponds to certain instructions in your Dockerfile
What is Docker File? • A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession • Example for building an image using docker file #cd ~/image_content_path #docker built -t demo-app .
shokry@minikube:~/getting-started$ docker inspect getting-started | jq .[].RootFS.Layers [ "sha256:94e5f06ff8e3d4441dc3cd8b090ff38dc911bfa8ebdb0dc28395bc98f82f983f", "sha256:ecbef68c786c92ccf75b9cc7ad205206c2a3b51d3d190a516caecaf82554f060", "sha256:030e06ea331f4543c9bb1b30fb676e6edb5c28b6e91288b2ba52b95a7ebbe4bd", "sha256:05c5b8408e7396bf52ce92d360ad9adc5f1c1d705ce95e501baac6507b518d75", "sha256:3a46eb9c01ff4eb6d8e39eb26f80df939a25dc704a94583e250843742512619d", "sha256:62af293d35310627f2083ae537b1e26aef205951b1b73a30d514296ff60b194d", "sha256:b62ead727bf05464d9e8d3d4d05b6b4aff8c6708d287b5b4b3888f977cdb043c" ] Layers + Manifest = Image
shokry@minikube:~$ docker manifest inspect hello-world { "schemaVersion": 2, "mediaType": "application/vnd.oci.image.index.v1+json", "manifests": [ { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 861, "digest": "sha256:e2fc4e5012d16e7fe466f5291c476431beaa1f9b90a5c2125b493ed28e2aba57", "platform": { "architecture": "amd64", "os": "linux" } }, ... { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 863, "digest": "sha256:2d4e459f4ecb5329407ae3e47cbc107a2fbace221354ca75960af4c047b3cb13", "platform": { "architecture": "arm64", "os": "linux", "variant": "v8" } }, ... { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 946, "digest": "sha256:d9958c926e37a9700d85698bc9872cae110bbbb26f551a9684da9a8332dbb778", "platform": { "architecture": "amd64", "os": "windows", "os.version": "10.0.20348.2529" } } ] } Manifest Example
What are Docker registries? • A Docker registry stores Docker images where any host can pull images • Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default • You can even run your own private registry
Docker Architecture • Docker uses a client-server architecture • The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers • The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon • The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface
More on containers • Containers are runnable instance of an image • Container are built using 3 main components  Namespaces  Control Groups “cgroups”  Union Filesystem
Linux Namespaces • Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources • Namespaces are simply isolation of system resources “Jails” • Current available Linux Namespaces  Cgroup  IPC  Network  Mount  PID  Time  User  UTS
shokry@minikube:~$ lsns -l NS TYPE NPROCS PID USER COMMAND 4026531834 time 4 1583 shokry /lib/systemd/systemd --user 4026531835 cgroup 4 1583 shokry /lib/systemd/systemd --user 4026531836 pid 4 1583 shokry /lib/systemd/systemd --user 4026531837 user 4 1583 shokry /lib/systemd/systemd --user 4026531838 uts 4 1583 shokry /lib/systemd/systemd --user 4026531839 ipc 4 1583 shokry /lib/systemd/systemd --user 4026531840 net 4 1583 shokry /lib/systemd/systemd --user 4026531841 mnt 4 1583 shokry /lib/systemd/systemd --user How to list namespaces
Linux Control Groups “cgroups” • Cgroups are a facility built into the kernel that allow the administrator to set resource utilization limits on any process on the system. In general, cgroups control:  The number of CPU shares per process  The limits on memory per process  Block Device I/O per process  Which network packets are identified as the same type so that another application can enforce network traffic rules.
Union File system • Union mount is a type of a filesystem that can create an illusion of merging contents of several directories into one without modifying its original (physical) sources. This can be useful as we might have related sets of files stored in different locations or media, and yet we want to show them in single, merged view • Why it is important for docker? Many images that we use to spin up our containers are quite bulky whether it's ubuntu with size of 72MB or nginx with size of 133MB. It would be quite expensive to allocate that much space every time we'd like to create a container from these images. Thanks to union filesystem, Docker only needs to create thin layer on top of the image and rest of it can be shared between all the containers. This also provides the added benefit of reduced start time, as there's no need to copy the image files and data
Union File system Cont’d • Examples of unionFS implementations:  UnionFS: UnionFS doesn't seem to be actively developed anymore  AUFS: A re-implemenation of original UnionFS that added many new features but was rejected for merging into mainline Linux kernel. Aufs was default driver for Docker on Ubuntu/Debian but was replaced by OverlayFS  OverlayFS: included in Linux Kernel since 3.18 (26 October 2014). This is the filesystem used by default overlay2 Docker driver  ZFS: ZFS is union filesystem created by Sun Microsystems (now Oracle). It has some interesting features like hierarchical checksumming, native handling of snapshots and backup/replication or native data compression and deduplication  Btrfs: Btrfs is a default filesystem of Fedora 33. It also has some useful features such as block-level operations, defragmentation, writeable snapshots and a lot more
LET’S GO DEEPER INTO DOCKER DETAILS
Docker Container operations • Create and run a container from an image, with a custom name: docker run --name <container_name> <image_name> • Run a container with and publish a container’s port(s) to the host. docker run -p <host_port>:<container_port> <image_name> • Run a container in the background docker run -d <image_name> • Start or stop an existing container: docker start|stop <container_name> (or <container-id>) • Remove a stopped container: docker rm <container_name> • Open a shell inside a running container: docker exec -it <container_name> sh
Docker Container operations Cont’d • Fetch and follow the logs of a container: docker logs -f <container_name> • To inspect a running container: docker inspect <container_name> (or <container_id>) • To list currently running containers: docker ps • List all docker containers (running and stopped): docker ps --all • View resource usage stats docker container stats
Docker File (Container File) • A Dockerfile is a text file that contains a series of instructions on how to build a Docker image • Each instruction in a Dockerfile creates a layer in the image, which can be cached and reused to speed up subsequent builds • The Dockerfile specifies everything needed to set up the environment inside a container, including the base image, dependencies, configuration files, environment variables, and commands to run
# Use an official Python runtime as a parent image FROM python:3.8-slim # Set the working directory in the container WORKDIR /usr/src/app # Copy the current directory contents into the container at /usr/src/app COPY . . # Install any needed packages specified in requirements.txt RUN pip install --no-cache-dir -r requirements.txt # Make port 80 available to the world outside this container EXPOSE 80 # Define environment variable ENV NAME World # Run app.py when the container launches CMD ["python", "app.py"]
Docker Image operations • Build an Image from a Dockerfile docker build -t <image_name> • Build an Image from a Dockerfile without the cache docker build -t <image_name> . –no-cache • List local images docker images • Delete an Image docker rmi <image_name> • Remove all unused images docker image prune
What is Docker volume? • By default, docker container uses ephemeral volumes which gets removed when container is deleted • A Docker volume is a mechanism for persisting data generated by and used by Docker containers • Volumes are stored outside the container's filesystem and are managed by Docker • This allows data to persist even after the container is removed
Docker volume operation • List docker volumes docker volume ls • Get detailed info about volume docker volume inspect <volume name> • Create a docker volume docker volume create <volume name> • Remove volume docker volume rm <volume name> • Remove all unused volumes docker volume prune
What is Docker network? • A Docker network is a virtual network created by Docker that allows containers to communicate with each other and with external systems • Docker networks provide isolation, security, and routing capabilities for containers • By default, Docker provides several network drivers to create different types of networks tailored to various use cases • Types of Docker Networks:  Bridge (Default)  Host  Overlay  IPVLAN  MACVLAN  None
Docker network operation • List docker networks docker network ls • Get detailed info about docker network docker network inspect <network name> • Create docker network docker network create <network name> • Remove docker network docker network rm <network name> • Connect docker container to a network docker network connect <network name > <container ID> • Specify IP address of the container interface when connecting to a network Docker network connect --ip <IP> <network name > <container ID> • Disconnect container from a network docker network disconnect <network name> <container ID>
Service images vs Executable images • Traditionally, container images are used for long running processes: services that are run on a server, not influencing the host because they are contained. We call these service images. Web servers, load balancers and databases are good examples of service images • Container images can also be used for short lived processes: a containerized executable meant to be run on your computer. These containers execute a single task, are short lived and can generally be removed after use. We call these executable images • The main difference between two types are the “Dockerfile” instructions. Service images runs scripts that starts application accepting parameters while executable images uses “ENTRYPOINT” instruction to execute a specific command when spinning a container from the image
FROM ubuntu:24.04 CMD ["echo", "CMD variant"] FROM ubuntu:24.04 ENTRYPOINT ["echo", "CMD variant"] docker build -t cmd-v1 . docker build -t cmd-v2 . $ docker run -it cmd-v1 CMD variant $ docker run -it cmd-v2 ENTROYPOINT variant $ docker run -it cmd-v1 echo "Hello from Docker" Hello from Docker $ docker run -it cmd-v2 echo "Hello from Docker" ENTROYPOINT variant echo Hello from Docker $ docker run --entrypoint "/bin/echo" cmd- v2 "Hello from Docker" Hello from Docker Build Build Run Run Override Override
Docker Compose
What is Docker compose? • Docker Compose is a tool used for defining and running multi- container Docker applications • It allows you to manage a multi-container environment by defining the services, networks, and volumes needed in a single YAML file, called docker-compose.yml • With Docker Compose, you can easily start, stop, and configure multiple containers as a single application.
networks: counter-net: volumes: counter-vol: services: web-fe: build: . command: python app.py ports: - target: 8080 published: 5001 networks: - counter-net volumes: - type: volume source: counter-vol target: /app redis: image: "redis:alpine" networks: counter-net:
What if we have thousands of containers? Do we still manage it using docker command for each single container?
NO, we have container orchestration tools
Popular container orchestration tools • Kubernetes • Hasicorp Nomad • Docker Swarm • Apache Mesos
Thanks

More Related Content

PDF
Intro To Docker
byJessica Lucci
 
PDF
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
PDF
Cloud Native Computing - Part III - Containers
byLinjith Kunnon
 
PDF
Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main
byPuja Abbassi
 
PDF
Docker intro
byFrei Zhang
 
PDF
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
PDF
Docker introduction
byJulien Maitrehenry
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Intro To Docker
byJessica Lucci
 
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
Cloud Native Computing - Part III - Containers
byLinjith Kunnon
 
Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main
byPuja Abbassi
 
Docker intro
byFrei Zhang
 
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
Docker introduction
byJulien Maitrehenry
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 

Similar to Docker Fundamasadsasdasdassadentals 101 - Dark.pptx

PDF
Docker and Containers for Development and Deployment — SCALE12X
byJérôme Petazzoni
 
PDF
classdockerimages.pdf
byWaiYipLiew
 
PPTX
Docker and kubernetes
byDongwon Kim
 
PDF
Docker introduction for Carbon IT
byyannick grenzinger
 
PDF
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
PDF
Up and running with docker
byMichelle Liu
 
PDF
Introducing Docker
byFrancesco Pantano
 
ODP
Linux containers & Devops
byMaciej Lasyk
 
PDF
Introduction to Docker
byTharaka Devinda
 
PDF
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
PDF
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
PDF
Accelerate your software development with Docker
byAndrey Hristov
 
PPTX
Accelerate your development with Docker
byAndrey Hristov
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
PDF
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
byErica Windisch
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
PPTX
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
PDF
Docker presentation | Paris Docker Meetup
bydotCloud
 
PDF
Victor Vieux at Docker Paris Meetup #1
byDocker, Inc.
 
PDF
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 
Docker and Containers for Development and Deployment — SCALE12X
byJérôme Petazzoni
 
classdockerimages.pdf
byWaiYipLiew
 
Docker and kubernetes
byDongwon Kim
 
Docker introduction for Carbon IT
byyannick grenzinger
 
Docker Essentials Workshop— Innovation Labs July 2020
byCloudHero
 
Up and running with docker
byMichelle Liu
 
Introducing Docker
byFrancesco Pantano
 
Linux containers & Devops
byMaciej Lasyk
 
Introduction to Docker
byTharaka Devinda
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
Accelerate your software development with Docker
byAndrey Hristov
 
Accelerate your development with Docker
byAndrey Hristov
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
byErica Windisch
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
Docker presentation | Paris Docker Meetup
bydotCloud
 
Victor Vieux at Docker Paris Meetup #1
byDocker, Inc.
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 

More from MuhamedAhmed35

PPTX
Apache AirfowAsaSAsaSAsSas - Session1.pptx
byMuhamedAhmed35
 
PDF
Data exploraAsaSAsAasASASasaSSastion.pdf
byMuhamedAhmed35
 
PPTX
KubernetSADASDASDASDSADASDASDASDASDes.pptx
byMuhamedAhmed35
 
PPTX
KuberneteSADASDSADASDASDASDASDASDAs Labs.pptx
byMuhamedAhmed35
 
PPTX
DockerSADASDASDA SADASDASDASDASDASDLabs.pptx
byMuhamedAhmed35
 
PPT
assadasdsadadasdasdasdsadsadasasdasdasdasd
byMuhamedAhmed35
 
PPT
asdasdasdasdsadasdasdasdasdsadasdasdasdsadsadasd
byMuhamedAhmed35
 
PPT
Mapping-Day2.pptsadsadasdasdasdasdasdasdasdas
byMuhamedAhmed35
 
Apache AirfowAsaSAsaSAsSas - Session1.pptx
byMuhamedAhmed35
 
Data exploraAsaSAsAasASASasaSSastion.pdf
byMuhamedAhmed35
 
KubernetSADASDASDASDSADASDASDASDASDes.pptx
byMuhamedAhmed35
 
KuberneteSADASDSADASDASDASDASDASDAs Labs.pptx
byMuhamedAhmed35
 
DockerSADASDASDA SADASDASDASDASDASDLabs.pptx
byMuhamedAhmed35
 
assadasdsadadasdasdasdsadsadasasdasdasdasd
byMuhamedAhmed35
 
asdasdasdasdsadasdasdasdasdsadasdasdasdsadsadasd
byMuhamedAhmed35
 
Mapping-Day2.pptsadsadasdasdasdasdasdasdasdas
byMuhamedAhmed35
 

Recently uploaded

PDF
Sustainable and Eco-Friendly Meal Plans in Dubai A 2026 Guide
byBasiligo Mealplans
 
PPTX
CLIMATE, SOIL AND NUTRIENTS FOR MANGO PRODUCTION IN BANGLADESH .pptx
byProdipto Bishnu Angon
 
PPTX
Goat_Manure_Marketing_Strategyrishab, narayan .pptx
byNarayanGhorai2
 
PPTX
AUGMENTED REALITY IN FOOD INDUSTRIES AND APPLUCATION
byJhalaknath Sharma
 
PPTX
Phenotypic and Molecular Characterization of Anthracnose Resistance in Lima B...
byskaletmedia
 
PDF
POLENTA E SCHIZ FORMAGGIO FRESCO BELLUNESE
byLocanda Baita A L'Arte
 
Sustainable and Eco-Friendly Meal Plans in Dubai A 2026 Guide
byBasiligo Mealplans
 
CLIMATE, SOIL AND NUTRIENTS FOR MANGO PRODUCTION IN BANGLADESH .pptx
byProdipto Bishnu Angon
 
Goat_Manure_Marketing_Strategyrishab, narayan .pptx
byNarayanGhorai2
 
AUGMENTED REALITY IN FOOD INDUSTRIES AND APPLUCATION
byJhalaknath Sharma
 
Phenotypic and Molecular Characterization of Anthracnose Resistance in Lima B...
byskaletmedia
 
POLENTA E SCHIZ FORMAGGIO FRESCO BELLUNESE
byLocanda Baita A L'Arte
 

Docker Fundamasadsasdasdassadentals 101 - Dark.pptx

  • 1.
  • 2.
    Agenda What is cloud native? Pillarsof cloud native What is Docker? What is Container? What is Docker image and image layers? What is Dockerfile? What are Docker registries? Docker Architecture Linux Namespaces and cgroups and Union file systems What is Docker volume? What is Docker network? Service images vs Executable images What is Docker compose? Container orchestration
  • 3.
    What is “CloudNative”? The Cloud Native Computing Foundation provides the official definition: Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.
  • 4.
    What is “CloudNative”? Cont’d Netflix: Has 600+ services in production. Deploys 100 times per day. Uber: Has 1,000+ services in production. Deploys several thousand times each week. WeChat: Has 3,000+ services in production. Deploys 1,000 times a day.
  • 5.
  • 6.
    Pillars of CloudNative: The Cloud • Cloud Native apps treat the underlying infrastructure as disposable - provisioned in minutes and resized, scaled, or destroyed on demand – via automation. • Consider the widely accepted DevOps concept of Pets vs. Cattle • In a traditional data center, servers are treated as Pets: a physical machine, given a meaningful name, and cared for. You scale by adding more resources to the same machine (scaling up). If the server becomes sick, you nurse it back to health. Should the server become unavailable, everyone notices. • The Cattle service model is different. You provision each instance as a virtual machine or container. They’re identical and assigned a system identifier such as Service-01, Service-02, and so on. You scale by creating more of them (scaling out). When one becomes unavailable, nobody notices
  • 7.
    Pillars of CloudNative: The Cloud Cont’d • The cattle model embraces immutable infrastructure. Servers aren’t repaired or modified. If one fails or requires updating, it’s destroyed, and a new one is provisioned – all done via automation • Cloud-native systems embrace the Cattle service model. They continue to run as the infrastructure scales in or out with no regard to the machines upon which they’re running
  • 8.
    What is Docker? •Docker is a tool that help you to create and manage containers
  • 9.
  • 10.
    What is Container? • Containersare not VMs. • A container is an isolated (namespaces) and restricted (cgroups, capabilities, seccomp) process. • How to create a container ? If you have docker installed, you can run a CentOS container using below command # docker run -it centos bash
  • 11.
    What is Dockerimage? Docker image is a read-only template with instructions for creating a Docker container
  • 12.
    FROM node:18-alpine WORKDIR /app COPY. . RUN yarn install -- production CMD ["node", "src/index.js"] EXPOSE 3000 docker build -t getting-started . shokry@minikube:~/getting-started$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE getting-started latest 9178a6d68d32 About a minute ago 130MB How do I build the docker image?
  • 13.
    What is Dockerimage layers? • Layers are what make up an image. Each layer is a “diff” that contains the changes made to the image since the last one was added • Each layer corresponds to certain instructions in your Dockerfile
  • 14.
    What is DockerFile? • A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession • Example for building an image using docker file #cd ~/image_content_path #docker built -t demo-app .
  • 15.
    shokry@minikube:~/getting-started$ docker inspectgetting-started | jq .[].RootFS.Layers [ "sha256:94e5f06ff8e3d4441dc3cd8b090ff38dc911bfa8ebdb0dc28395bc98f82f983f", "sha256:ecbef68c786c92ccf75b9cc7ad205206c2a3b51d3d190a516caecaf82554f060", "sha256:030e06ea331f4543c9bb1b30fb676e6edb5c28b6e91288b2ba52b95a7ebbe4bd", "sha256:05c5b8408e7396bf52ce92d360ad9adc5f1c1d705ce95e501baac6507b518d75", "sha256:3a46eb9c01ff4eb6d8e39eb26f80df939a25dc704a94583e250843742512619d", "sha256:62af293d35310627f2083ae537b1e26aef205951b1b73a30d514296ff60b194d", "sha256:b62ead727bf05464d9e8d3d4d05b6b4aff8c6708d287b5b4b3888f977cdb043c" ] Layers + Manifest = Image
  • 16.
    shokry@minikube:~$ docker manifestinspect hello-world { "schemaVersion": 2, "mediaType": "application/vnd.oci.image.index.v1+json", "manifests": [ { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 861, "digest": "sha256:e2fc4e5012d16e7fe466f5291c476431beaa1f9b90a5c2125b493ed28e2aba57", "platform": { "architecture": "amd64", "os": "linux" } }, ... { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 863, "digest": "sha256:2d4e459f4ecb5329407ae3e47cbc107a2fbace221354ca75960af4c047b3cb13", "platform": { "architecture": "arm64", "os": "linux", "variant": "v8" } }, ... { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 946, "digest": "sha256:d9958c926e37a9700d85698bc9872cae110bbbb26f551a9684da9a8332dbb778", "platform": { "architecture": "amd64", "os": "windows", "os.version": "10.0.20348.2529" } } ] } Manifest Example
  • 17.
    What are Dockerregistries? • A Docker registry stores Docker images where any host can pull images • Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default • You can even run your own private registry
  • 18.
    Docker Architecture • Dockeruses a client-server architecture • The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers • The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon • The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface
  • 22.
    More on containers •Containers are runnable instance of an image • Container are built using 3 main components  Namespaces  Control Groups “cgroups”  Union Filesystem
  • 23.
    Linux Namespaces • Namespacesare a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources • Namespaces are simply isolation of system resources “Jails” • Current available Linux Namespaces  Cgroup  IPC  Network  Mount  PID  Time  User  UTS
  • 24.
    shokry@minikube:~$ lsns -l NSTYPE NPROCS PID USER COMMAND 4026531834 time 4 1583 shokry /lib/systemd/systemd --user 4026531835 cgroup 4 1583 shokry /lib/systemd/systemd --user 4026531836 pid 4 1583 shokry /lib/systemd/systemd --user 4026531837 user 4 1583 shokry /lib/systemd/systemd --user 4026531838 uts 4 1583 shokry /lib/systemd/systemd --user 4026531839 ipc 4 1583 shokry /lib/systemd/systemd --user 4026531840 net 4 1583 shokry /lib/systemd/systemd --user 4026531841 mnt 4 1583 shokry /lib/systemd/systemd --user How to list namespaces
  • 25.
    Linux Control Groups“cgroups” • Cgroups are a facility built into the kernel that allow the administrator to set resource utilization limits on any process on the system. In general, cgroups control:  The number of CPU shares per process  The limits on memory per process  Block Device I/O per process  Which network packets are identified as the same type so that another application can enforce network traffic rules.
  • 26.
    Union File system •Union mount is a type of a filesystem that can create an illusion of merging contents of several directories into one without modifying its original (physical) sources. This can be useful as we might have related sets of files stored in different locations or media, and yet we want to show them in single, merged view • Why it is important for docker? Many images that we use to spin up our containers are quite bulky whether it's ubuntu with size of 72MB or nginx with size of 133MB. It would be quite expensive to allocate that much space every time we'd like to create a container from these images. Thanks to union filesystem, Docker only needs to create thin layer on top of the image and rest of it can be shared between all the containers. This also provides the added benefit of reduced start time, as there's no need to copy the image files and data
  • 27.
    Union File systemCont’d • Examples of unionFS implementations:  UnionFS: UnionFS doesn't seem to be actively developed anymore  AUFS: A re-implemenation of original UnionFS that added many new features but was rejected for merging into mainline Linux kernel. Aufs was default driver for Docker on Ubuntu/Debian but was replaced by OverlayFS  OverlayFS: included in Linux Kernel since 3.18 (26 October 2014). This is the filesystem used by default overlay2 Docker driver  ZFS: ZFS is union filesystem created by Sun Microsystems (now Oracle). It has some interesting features like hierarchical checksumming, native handling of snapshots and backup/replication or native data compression and deduplication  Btrfs: Btrfs is a default filesystem of Fedora 33. It also has some useful features such as block-level operations, defragmentation, writeable snapshots and a lot more
  • 28.
    LET’S GO DEEPERINTO DOCKER DETAILS
  • 29.
    Docker Container operations •Create and run a container from an image, with a custom name: docker run --name <container_name> <image_name> • Run a container with and publish a container’s port(s) to the host. docker run -p <host_port>:<container_port> <image_name> • Run a container in the background docker run -d <image_name> • Start or stop an existing container: docker start|stop <container_name> (or <container-id>) • Remove a stopped container: docker rm <container_name> • Open a shell inside a running container: docker exec -it <container_name> sh
  • 30.
    Docker Container operationsCont’d • Fetch and follow the logs of a container: docker logs -f <container_name> • To inspect a running container: docker inspect <container_name> (or <container_id>) • To list currently running containers: docker ps • List all docker containers (running and stopped): docker ps --all • View resource usage stats docker container stats
  • 31.
    Docker File (Container File) •A Dockerfile is a text file that contains a series of instructions on how to build a Docker image • Each instruction in a Dockerfile creates a layer in the image, which can be cached and reused to speed up subsequent builds • The Dockerfile specifies everything needed to set up the environment inside a container, including the base image, dependencies, configuration files, environment variables, and commands to run
  • 32.
    # Use anofficial Python runtime as a parent image FROM python:3.8-slim # Set the working directory in the container WORKDIR /usr/src/app # Copy the current directory contents into the container at /usr/src/app COPY . . # Install any needed packages specified in requirements.txt RUN pip install --no-cache-dir -r requirements.txt # Make port 80 available to the world outside this container EXPOSE 80 # Define environment variable ENV NAME World # Run app.py when the container launches CMD ["python", "app.py"]
  • 33.
    Docker Image operations •Build an Image from a Dockerfile docker build -t <image_name> • Build an Image from a Dockerfile without the cache docker build -t <image_name> . –no-cache • List local images docker images • Delete an Image docker rmi <image_name> • Remove all unused images docker image prune
  • 34.
    What is Docker volume? •By default, docker container uses ephemeral volumes which gets removed when container is deleted • A Docker volume is a mechanism for persisting data generated by and used by Docker containers • Volumes are stored outside the container's filesystem and are managed by Docker • This allows data to persist even after the container is removed
  • 35.
    Docker volume operation •List docker volumes docker volume ls • Get detailed info about volume docker volume inspect <volume name> • Create a docker volume docker volume create <volume name> • Remove volume docker volume rm <volume name> • Remove all unused volumes docker volume prune
  • 36.
    What is Docker network? •A Docker network is a virtual network created by Docker that allows containers to communicate with each other and with external systems • Docker networks provide isolation, security, and routing capabilities for containers • By default, Docker provides several network drivers to create different types of networks tailored to various use cases • Types of Docker Networks:  Bridge (Default)  Host  Overlay  IPVLAN  MACVLAN  None
  • 37.
    Docker network operation •List docker networks docker network ls • Get detailed info about docker network docker network inspect <network name> • Create docker network docker network create <network name> • Remove docker network docker network rm <network name> • Connect docker container to a network docker network connect <network name > <container ID> • Specify IP address of the container interface when connecting to a network Docker network connect --ip <IP> <network name > <container ID> • Disconnect container from a network docker network disconnect <network name> <container ID>
  • 38.
    Service images vsExecutable images • Traditionally, container images are used for long running processes: services that are run on a server, not influencing the host because they are contained. We call these service images. Web servers, load balancers and databases are good examples of service images • Container images can also be used for short lived processes: a containerized executable meant to be run on your computer. These containers execute a single task, are short lived and can generally be removed after use. We call these executable images • The main difference between two types are the “Dockerfile” instructions. Service images runs scripts that starts application accepting parameters while executable images uses “ENTRYPOINT” instruction to execute a specific command when spinning a container from the image
  • 39.
    FROM ubuntu:24.04 CMD ["echo","CMD variant"] FROM ubuntu:24.04 ENTRYPOINT ["echo", "CMD variant"] docker build -t cmd-v1 . docker build -t cmd-v2 . $ docker run -it cmd-v1 CMD variant $ docker run -it cmd-v2 ENTROYPOINT variant $ docker run -it cmd-v1 echo "Hello from Docker" Hello from Docker $ docker run -it cmd-v2 echo "Hello from Docker" ENTROYPOINT variant echo Hello from Docker $ docker run --entrypoint "/bin/echo" cmd- v2 "Hello from Docker" Hello from Docker Build Build Run Run Override Override
  • 40.
  • 41.
    What is Dockercompose? • Docker Compose is a tool used for defining and running multi- container Docker applications • It allows you to manage a multi-container environment by defining the services, networks, and volumes needed in a single YAML file, called docker-compose.yml • With Docker Compose, you can easily start, stop, and configure multiple containers as a single application.
  • 42.
    networks: counter-net: volumes: counter-vol: services: web-fe: build: . command: pythonapp.py ports: - target: 8080 published: 5001 networks: - counter-net volumes: - type: volume source: counter-vol target: /app redis: image: "redis:alpine" networks: counter-net:
  • 43.
    What if wehave thousands of containers? Do we still manage it using docker command for each single container?
  • 44.
    NO, we havecontainer orchestration tools
  • 45.
    Popular container orchestrationtools • Kubernetes • Hasicorp Nomad • Docker Swarm • Apache Mesos
  • 46.

Editor's Notes

  • #3 Cloud native is about speed and agility. Business systems are evolving from enabling business capabilities to weapons of strategic transformation that accelerate business velocity and growth. It's imperative to get new ideas to market immediately
  • #4 As you can see, Netflix, Uber, and, WeChat expose cloud-native systems that consist of many independent services. This architectural style enables them to rapidly respond to market conditions. They instantaneously update small areas of a live, complex application, without a full redeployment. They individually scale services as needed.
  • #5 The speed and agility of cloud native derive from many factors. Foremost is cloud infrastructure. But there's more
  • #33 By default, Docker uses a layer caching mechanism to speed up the build process. When you build an image, Docker caches each layer so that if you run the build again and nothing has changed in certain layers, it can reuse those layers from the cache. However, when you use the --no-cache flag, Docker ignores the cache and builds each layer from scratch This ensures that all the instructions in your Dockerfile are executed fresh, and any changes in the source files, dependencies, or external sources are taken into account. This can be particularly useful if you suspect that the cached layers are causing issues or if you want to ensure that the latest versions of all dependencies are included in the image
  • #41 git clone https://github.com/nigelpoulton/ddd2023.git