Tiago Pires, profile picture
Uploaded byTiago Pires
1,929 views

Docker Insight

The document provides an overview of Docker, detailing its benefits such as reliability, efficiency, and deployment capabilities. It outlines key concepts including container isolation, advanced features like networking and backups, as well as security best practices. Additionally, it discusses upcoming features and tools for orchestration and metrics gathering in Docker environments.

Embed presentation

Downloaded 21 times
insight
19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
Survey ● Played with Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
Agenda ● What is Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
What is Docker? Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
What is Docker? Why bother? Docker runs containers !!! 3
What is Docker? Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
What is Docker? Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
What is Docker? Why bother? 4
Roadmap ● 0.10 (TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
Security ● Don’t run your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
Advanced Concepts Gathering Metrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
Scenarios SHUT UP AND DEMO !!! 9
Yeoman in docker 10
IDE in docker 10
Continuous Delivery From: http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
Thank you! Twitter @tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com

More Related Content

PDF
Virtual Machines and Docker
byDanish Khakwani
 
PDF
Introduction to Docker, December 2014 "Tour de France" Edition
byJérôme Petazzoni
 
PDF
Introduction to Docker
byJulio Martinez
 
PDF
Start your container journey safely
byRachid Zarouali
 
PDF
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
byPuppet
 
PDF
Docker / Ansible
byStephane Manciot
 
PDF
Docker 原理與實作
bykao kuo-tung
 
PDF
2015 DockerCon Using Docker in production at bity.com
byMathieu Buffenoir
 
Virtual Machines and Docker
byDanish Khakwani
 
Introduction to Docker, December 2014 "Tour de France" Edition
byJérôme Petazzoni
 
Introduction to Docker
byJulio Martinez
 
Start your container journey safely
byRachid Zarouali
 
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
byPuppet
 
Docker / Ansible
byStephane Manciot
 
Docker 原理與實作
bykao kuo-tung
 
2015 DockerCon Using Docker in production at bity.com
byMathieu Buffenoir
 

What's hot

PPTX
Introduction to Docker
byKevin Littlejohn
 
PPTX
Introduction to containers
byNitish Jadia
 
PDF
Docker internals
byRohit Jnagal
 
PDF
Webdevops - Neos Docker
byHans Höchtl
 
PDF
From zero to Docker
byGiovanni Toraldo
 
PDF
Docker at Flux7
byAater Suleman
 
PDF
Running Docker with OpenStack | Docker workshop #1
bydotCloud
 
PPTX
Docker Internals - Twilio talk November 14th, 2013
byGuillaume Charmes
 
PDF
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
byGiovanni Toraldo
 
PDF
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
byOpenNebula Project
 
PDF
CoreOS Overview
byVictor S. Recio
 
PDF
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
bybacongobbler
 
PPTX
Kubernetes Introduction
byMiloš Zubal
 
PDF
From Docker Run To Docker Compose
byFitra Aditya
 
PDF
Linux Containers (LXC)
byVladimir Melnic
 
PDF
Linux Containers & Docker
byJumping Bean
 
PDF
Introduction to docker
byJustyna Ilczuk
 
PPTX
Docker
byVitaly Tsaplin
 
PPTX
Docker intro workshop: Dockerize your PHP app
byAndrés Collado
 
PDF
Customizing Virtual Machine Images - Javier Fontán
byOpenNebula Project
 
Introduction to Docker
byKevin Littlejohn
 
Introduction to containers
byNitish Jadia
 
Docker internals
byRohit Jnagal
 
Webdevops - Neos Docker
byHans Höchtl
 
From zero to Docker
byGiovanni Toraldo
 
Docker at Flux7
byAater Suleman
 
Running Docker with OpenStack | Docker workshop #1
bydotCloud
 
Docker Internals - Twilio talk November 14th, 2013
byGuillaume Charmes
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
byGiovanni Toraldo
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
byOpenNebula Project
 
CoreOS Overview
byVictor S. Recio
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
bybacongobbler
 
Kubernetes Introduction
byMiloš Zubal
 
From Docker Run To Docker Compose
byFitra Aditya
 
Linux Containers (LXC)
byVladimir Melnic
 
Linux Containers & Docker
byJumping Bean
 
Introduction to docker
byJustyna Ilczuk
 
Docker
byVitaly Tsaplin
 
Docker intro workshop: Dockerize your PHP app
byAndrés Collado
 
Customizing Virtual Machine Images - Javier Fontán
byOpenNebula Project
 

Viewers also liked

PDF
2014-06-26 - A guide to undefined behavior in c and c++
byChen-Han Hsiao
 
PDF
Containers, OCI, CNCF, Magnum, Kuryr, and You!
byDaniel Krook
 
PDF
Artem Zhurbila - docker clusters (solit 2015)
byArtem Zhurbila
 
PDF
Docker up and running
byVictor S. Recio
 
PDF
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
byDaniel Krook
 
PDF
A Tour of Google Cloud Platform
byColin Su
 
2014-06-26 - A guide to undefined behavior in c and c++
byChen-Han Hsiao
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
byDaniel Krook
 
Artem Zhurbila - docker clusters (solit 2015)
byArtem Zhurbila
 
Docker up and running
byVictor S. Recio
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
byDaniel Krook
 
A Tour of Google Cloud Platform
byColin Su
 

Similar to Docker Insight

PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
PDF
Docker Tips And Tricks at the Docker Beijing Meetup
byJérôme Petazzoni
 
PDF
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
PDF
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
PDF
Containers: from development to production at DevNation 2015
byJérôme Petazzoni
 
PDF
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
PDF
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
PDF
Docker 2014
byOpen Networking Perú (Opennetsoft)
 
PPTX
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
PPTX
Docker
byHussien Elhannan
 
PDF
Introduction to Docker (as presented at December 2013 Global Hackathon)
byJérôme Petazzoni
 
PDF
Containerization is more than the new Virtualization: enabling separation of ...
byJérôme Petazzoni
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
PDF
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
PDF
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
PDF
Containerization Is More than the New Virtualization
byC4Media
 
PDF
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Docking postgres
byrycamor
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Docker Tips And Tricks at the Docker Beijing Meetup
byJérôme Petazzoni
 
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
Containers: from development to production at DevNation 2015
byJérôme Petazzoni
 
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
Docker 2014
byOpen Networking Perú (Opennetsoft)
 
Virtualization, Containers, Docker and scalable container management services
byabhishek chawla
 
Docker
byHussien Elhannan
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
byJérôme Petazzoni
 
Containerization is more than the new Virtualization: enabling separation of ...
byJérôme Petazzoni
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
Containerization Is More than the New Virtualization
byC4Media
 
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
Docking postgres
byrycamor
 

Recently uploaded

PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
Reality Drift: Why Systems Keep Working After Meaning Drops Out
byReality Drift Archive | A. Jacobs
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
final.pdf
byomarbishtawi04
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
Reality Drift: Why Systems Keep Working After Meaning Drops Out
byReality Drift Archive | A. Jacobs
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 

Docker Insight

  • 1.
  • 2.
    19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
  • 3.
    Survey ● Playedwith Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
  • 4.
    Agenda ● Whatis Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
  • 5.
    What is Docker?Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
  • 6.
    What is Docker?Why bother? Docker runs containers !!! 3
  • 7.
    What is Docker?Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
  • 8.
    What is Docker?Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
  • 9.
    What is Docker?Why bother? 4
  • 10.
    Roadmap ● 0.10(TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
  • 11.
    Security ● Don’trun your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
  • 12.
    Advanced Concepts ●Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
  • 13.
    Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
  • 14.
    Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
  • 15.
    Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
  • 16.
    Advanced Concepts ●Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
  • 17.
    Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
  • 18.
    Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
  • 19.
    Advanced Concepts GatheringMetrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
  • 20.
    Scenarios SHUT UPAND DEMO !!! 9
  • 21.
  • 22.
  • 23.
    Continuous Delivery From:http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
  • 24.
    11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
  • 25.
    Thank you! Twitter@tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com