SlideShare a Scribd company logo

Docker Insight Document Provides Overview of Docker Concepts

Tiago Pires
Tiago Pires

Docker Insight workshop @ IT Aveiro 19/11/14. Insight about docker technology with advanced concepts, scenarios (yeoman in docker, Netbeans in docker, Eclipse in docker).

Technology
1 of 25
Download to read offline
insight
19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
Survey ● Played with Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
Agenda ● What is Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
What is Docker? Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
What is Docker? Why bother? Docker runs containers !!! 3
What is Docker? Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
What is Docker? Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
What is Docker? Why bother? 4
Roadmap ● 0.10 (TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
Security ● Don’t run your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
Advanced Concepts Gathering Metrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
Scenarios SHUT UP AND DEMO !!! 9
Yeoman in docker 10
IDE in docker 10
Continuous Delivery From: http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
Thank you! Twitter @tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com

Recommended

Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerJulio Martinez
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safelyRachid Zarouali
 
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / AnsibleStephane Manciot
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.comMathieu Buffenoir
 

Recommended

Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerJulio Martinez
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safelyRachid Zarouali
 
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / AnsibleStephane Manciot
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.comMathieu Buffenoir
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to DockerKevin Littlejohn
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containersNitish Jadia
 
Docker internals
Docker internalsDocker internals
Docker internalsRohit Jnagal
 
Webdevops - Neos Docker
Webdevops - Neos DockerWebdevops - Neos Docker
Webdevops - Neos DockerHans Höchtl
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to DockerGiovanni Toraldo
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7Aater Suleman
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Guillaume Charmes
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaGiovanni Toraldo
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebula Project
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS OverviewVictor S. Recio
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Dockerbacongobbler
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMiloš Zubal
 
From Docker Run To Docker Compose
From Docker Run To Docker ComposeFrom Docker Run To Docker Compose
From Docker Run To Docker ComposeFitra Aditya
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)Vladimir Melnic
 
Linux Containers & Docker
Linux Containers & DockerLinux Containers & Docker
Linux Containers & DockerJumping Bean
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerJustyna Ilczuk
 
Docker
DockerDocker
DockerVitaly Tsaplin
 
Docker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appDocker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appAndrés Collado
 
Customizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánCustomizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánOpenNebula Project
 
2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++Chen-Han Hsiao
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Daniel Krook
 

More Related Content

What's hot

Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containersNitish Jadia
 
Webdevops - Neos Docker
Webdevops - Neos DockerWebdevops - Neos Docker
Webdevops - Neos DockerHans Höchtl
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Guillaume Charmes
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaGiovanni Toraldo
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebula Project
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Dockerbacongobbler
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMiloš Zubal
 
From Docker Run To Docker Compose
From Docker Run To Docker ComposeFrom Docker Run To Docker Compose
From Docker Run To Docker ComposeFitra Aditya
 
Linux Containers & Docker
Linux Containers & DockerLinux Containers & Docker
Linux Containers & DockerJumping Bean
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerJustyna Ilczuk
 
Docker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appDocker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appAndrés Collado
 
Customizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánCustomizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánOpenNebula Project
 

What's hot (20)

Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Docker internals
Docker internalsDocker internals
Docker internals
 
Webdevops - Neos Docker
Webdevops - Neos DockerWebdevops - Neos Docker
Webdevops - Neos Docker
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
From Docker Run To Docker Compose
From Docker Run To Docker ComposeFrom Docker Run To Docker Compose
From Docker Run To Docker Compose
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)
 
Linux Containers & Docker
Linux Containers & DockerLinux Containers & Docker
Linux Containers & Docker
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Docker
DockerDocker
Docker
 
Docker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appDocker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP app
 
Customizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánCustomizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier Fontán
 

Viewers also liked

2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++Chen-Han Hsiao
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Daniel Krook
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...Daniel Krook
 
A Tour of Google Cloud Platform
A Tour of Google Cloud PlatformA Tour of Google Cloud Platform
A Tour of Google Cloud PlatformColin Su
 

Viewers also liked (6)

2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
 
A Tour of Google Cloud Platform
A Tour of Google Cloud PlatformA Tour of Google Cloud Platform
A Tour of Google Cloud Platform
 

Similar to Docker Insight Document Provides Overview of Docker Concepts

Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkJérôme Petazzoni
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyJérôme Petazzoni
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesAkihiro Suda
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tipsSamuel Chow
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxIgnacioTamayo2
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and ContainersDocker, Inc.
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Jérôme Petazzoni
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersDocker, Inc.
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersAly Sivji
 

Similar to Docker Insight Document Provides Overview of Docker Concepts (20)

Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Docker Insight Document Provides Overview of Docker Concepts

  • 2. 19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
  • 3. Survey ● Played with Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
  • 4. Agenda ● What is Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
  • 5. What is Docker? Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
  • 6. What is Docker? Why bother? Docker runs containers !!! 3
  • 7. What is Docker? Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
  • 8. What is Docker? Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
  • 9. What is Docker? Why bother? 4
  • 10. Roadmap ● 0.10 (TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
  • 11. Security ● Don’t run your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
  • 12. Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
  • 13. Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
  • 14. Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
  • 15. Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
  • 16. Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
  • 17. Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
  • 18. Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
  • 19. Advanced Concepts Gathering Metrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
  • 20. Scenarios SHUT UP AND DEMO !!! 9
  • 23. Continuous Delivery From: http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
  • 24. 11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
  • 25. Thank you! Twitter @tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com