SlideShare a Scribd company logo

Docker Overview

R
Rohit Jnagal

This document provides an overview of Docker including: - Docker allows building applications once and deploying them anywhere reliably through containers that provide resource isolation. - Key Docker components include images, resource isolation using cgroups and namespaces, filesystem isolation using layers, and networking capabilities. - Under the hood, Docker utilizes cgroups for resource accounting, namespaces for isolation, security features like capabilities and AppArmor, and UnionFS for the layered filesystem. - The Docker codebase includes components for the daemon, API, image and container management, networking, and integration testing. Commonly used packages include libcontainer for namespaces and cgroups and packages for security, mounting, and networking.

Engineering
1 of 16
Download to read offline
Docker Overview Rohit Jnagal, Docker Meetup, Bangalore
jnagal@ Containerizing everything @ Google Containers at scale. Resource Isolation. lmctfy libcontainer
Docker : What & Why Machine or Application containers Build Once, Configure Once. Deploy Everything* Everywhere* Reliably & Consistently Efficiently Cheaply
Docker Features Change Management Resource Isolation File system Isolation Network Isolation Image Management Sharing Process Management
Docker Components
Docker Grounds up: Resource Isolation Cgroups : Isolation and accounting ● cpu ● memory ● block i/o ● devices ● network ● numa ● freezer image credit: mairin
Docker Grounds up: Namespaces ● Process trees. ● Mounts. ● Network. ● User accounts. ● Hostnames. ● Inter-process communication. pid_t pid = clone(..., flags, ...) CLONE_NEWUTS hostname, domainname CLONE_NEWIPC IPC objects CLONE_NEWPID Process IDs CLONE_NEWNET Network configuration CLONE_NEWNS File system mounts CLONE_NEWUSER User and Group IDs setns(int fd, int nstype) CLONE_NEWIPC CLONE_NEWNET CLONE_NEWUTS Also: unshare(flags)
Docker Grounds up: Add Security ● Linux Capabilities ○ Drops most capabilities. ○ Enable what a task needs. ● GRSEC and PAX ● SELinux ● AppArmor image credit: Leo Reynolds
Docker Grounds up: Filesystem File-system Isolation: Building a rootfs dir and chroot into it. With mount namespace, use pivot-root. Features: Layering, CoW, Caching, Diffing Solutions: UnionFS, Snapshotting FS, CoW block devices
Docker Grounds up: Filesystem From: Jérôme Petazzoni
Docker Grounds up: Processes & Networking We have resources, isolation, and file system management. Docker daemon handles starting/stopping processes with: Attach logic Logs TTY management Docker run options Events and container state Network Management NAT, Bridge, Veth Expose Links
Docker Grounds up: Images Create and share images Push, pull, commit images. Registry (public, private) and index. Dockerfiles Orchestration: Linking Containers Multi-host linking Dynamic discovery image: jbarratt
Docker Codewalk github.com/dotcloud/docker/ api : docker client and server api daemon : Managing containers and images engine: commands/jobs processing graph: store for versioned filesystem images and their relationship. registry: handling registry and repository. links: Linking containers. integration-cli: Integration tests. docs: documentation. pkg: collection of standalone utility packages that are not docker specific. sdd -> Great place to start contributing. Time for actual walkthrough...
Docker Codewalk : docker/daemon Exec Driver Graph DriverNetwork Driver Docker Daemon LXC Native AUFS BTRFS DevMapper
Docker Codewalk : pkg github.com/dotcloud/docker/pkg libcontainer: cgroup and namespaces. Uses lot of other utility packages. nsinit binary. apparmor, selinux, label : applying security profiles. mount, signals : system utilities. iptables, networkfs, netlink : network utilities. term: terminal handling systemd Let’s look through some of these.
Thanks! Rohit Jnagal jnagal@google @jnagal

Recommended

Docker n co
Docker n coDocker n co
Docker n co
Rohit Jnagal
 
Running Django on Docker: a workflow and code
Running Django on Docker: a workflow and codeRunning Django on Docker: a workflow and code
Running Django on Docker: a workflow and code
Danielle Madeley
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
Atlassian
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
QNIB Solutions
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshop
Sathish VJ
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
 
Docker-hanoi meetup #1: introduction about Docker
Docker-hanoi meetup #1: introduction about DockerDocker-hanoi meetup #1: introduction about Docker
Docker-hanoi meetup #1: introduction about Docker
Nguyen Anh Tu
 

Recommended

Docker n co
Docker n coDocker n co
Docker n co
Rohit Jnagal
 
Running Django on Docker: a workflow and code
Running Django on Docker: a workflow and codeRunning Django on Docker: a workflow and code
Running Django on Docker: a workflow and code
Danielle Madeley
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
Atlassian
 
Ansible docker
Ansible dockerAnsible docker
Ansible docker
QNIB Solutions
 
Docker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshopDocker and Kubernetes 101 workshop
Docker and Kubernetes 101 workshop
Sathish VJ
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
 
Docker-hanoi meetup #1: introduction about Docker
Docker-hanoi meetup #1: introduction about DockerDocker-hanoi meetup #1: introduction about Docker
Docker-hanoi meetup #1: introduction about Docker
Nguyen Anh Tu
 
Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleDmytro Slupytskyi
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
dotCloud
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
Lei (Harry) Zhang
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
Kubernetes Node Deep Dive
Kubernetes Node Deep DiveKubernetes Node Deep Dive
Kubernetes Node Deep Dive
Lei (Harry) Zhang
 
virtualization-vs-containerization-paas
virtualization-vs-containerization-paasvirtualization-vs-containerization-paas
virtualization-vs-containerization-paas
rajdeep
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
Martin Etmajer
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
Thomas Chacko
 
Docker serverless v1.0
Docker serverless v1.0Docker serverless v1.0
Docker serverless v1.0
Thomas Chacko
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Lakmal Warusawithana
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
Ted Jung
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
Works Applications
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
Patrick Chanezon
 
Docker training
Docker trainingDocker training
Docker training
Kiran Kumar
 

More Related Content

What's hot

Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleDmytro Slupytskyi
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
rajdeep
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
dotCloud
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
Lei (Harry) Zhang
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
Kubernetes Node Deep Dive
Kubernetes Node Deep DiveKubernetes Node Deep Dive
Kubernetes Node Deep Dive
Lei (Harry) Zhang
 
virtualization-vs-containerization-paas
virtualization-vs-containerization-paasvirtualization-vs-containerization-paas
virtualization-vs-containerization-paas
rajdeep
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
Martin Etmajer
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
Thomas Chacko
 
Docker serverless v1.0
Docker serverless v1.0Docker serverless v1.0
Docker serverless v1.0
Thomas Chacko
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
Docker, Inc.
 
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Lakmal Warusawithana
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
Ted Jung
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
Works Applications
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 

What's hot (20)

Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and Ansible
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
Kubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical ViewKubernetes Walk Through from Technical View
Kubernetes Walk Through from Technical View
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes MeetupKubernetes Architecture and Introduction – Paris Kubernetes Meetup
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
 
Kubernetes Node Deep Dive
Kubernetes Node Deep DiveKubernetes Node Deep Dive
Kubernetes Node Deep Dive
 
virtualization-vs-containerization-paas
virtualization-vs-containerization-paasvirtualization-vs-containerization-paas
virtualization-vs-containerization-paas
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
 
Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview Docker Distributed application bundle & Stack - Overview
Docker Distributed application bundle & Stack - Overview
 
Docker serverless v1.0
Docker serverless v1.0Docker serverless v1.0
Docker serverless v1.0
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
Wso2 con 2014-us-tutorial-apache stratos-wso2 private paas with docker integr...
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
 

Similar to Docker Overview

Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
Patrick Chanezon
 
Docker training
Docker trainingDocker training
Docker training
Kiran Kumar
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov
 
Docker, but what it is?
Docker, but what it is?Docker, but what it is?
Docker, but what it is?
Julien Maitrehenry
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
Patrick Chanezon
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - Containers
Linjith Kunnon
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
IgnacioTamayo2
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
Vincent De Smet
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbies
Yigal Elefant
 
DockerCC.pdf
DockerCC.pdfDockerCC.pdf
DockerCC.pdf
Cesar Capillas
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
Akihiro Suda
 
Docker Security
Docker SecurityDocker Security
Docker Security
BladE0341
 
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Erica Windisch
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
JasonStraughan1
 

Similar to Docker Overview (20)

Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
Docker training
Docker trainingDocker training
Docker training
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Docker, but what it is?
Docker, but what it is?Docker, but what it is?
Docker, but what it is?
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - Containers
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Develop with docker 2014 aug
Develop with docker 2014 augDevelop with docker 2014 aug
Develop with docker 2014 aug
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbies
 
DockerCC.pdf
DockerCC.pdfDockerCC.pdf
DockerCC.pdf
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
 

Recently uploaded

Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTSHeap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Soumen Santra
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
Steel & Timber Design according to British Standard
Steel & Timber Design according to British StandardSteel & Timber Design according to British Standard
Steel & Timber Design according to British Standard
AkolbilaEmmanuel1
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
heavyhaig
 
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
ssuser7dcef0
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
AmarGB2
 
The Role of Electrical and Electronics Engineers in IOT Technology.pdf
The Role of Electrical and Electronics Engineers in IOT Technology.pdfThe Role of Electrical and Electronics Engineers in IOT Technology.pdf
The Role of Electrical and Electronics Engineers in IOT Technology.pdf
Nettur Technical Training Foundation
 
Fundamentals of Induction Motor Drives.pptx
Fundamentals of Induction Motor Drives.pptxFundamentals of Induction Motor Drives.pptx
Fundamentals of Induction Motor Drives.pptx
manasideore6
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
veerababupersonal22
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Water billing management system project report.pdf
Water billing management system project report.pdfWater billing management system project report.pdf
Water billing management system project report.pdf
Kamal Acharya
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABSDESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
itech2017
 

Recently uploaded (20)

Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTSHeap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
Steel & Timber Design according to British Standard
Steel & Timber Design according to British StandardSteel & Timber Design according to British Standard
Steel & Timber Design according to British Standard
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
 
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
NUMERICAL SIMULATIONS OF HEAT AND MASS TRANSFER IN CONDENSING HEAT EXCHANGERS...
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Investor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptxInvestor-Presentation-Q1FY2024 investor presentation document.pptx
Investor-Presentation-Q1FY2024 investor presentation document.pptx
 
The Role of Electrical and Electronics Engineers in IOT Technology.pdf
The Role of Electrical and Electronics Engineers in IOT Technology.pdfThe Role of Electrical and Electronics Engineers in IOT Technology.pdf
The Role of Electrical and Electronics Engineers in IOT Technology.pdf
 
Fundamentals of Induction Motor Drives.pptx
Fundamentals of Induction Motor Drives.pptxFundamentals of Induction Motor Drives.pptx
Fundamentals of Induction Motor Drives.pptx
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Water billing management system project report.pdf
Water billing management system project report.pdfWater billing management system project report.pdf
Water billing management system project report.pdf
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABSDESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
DESIGN AND ANALYSIS OF A CAR SHOWROOM USING E TABS
 

Docker Overview

  • 1. Docker Overview Rohit Jnagal, Docker Meetup, Bangalore
  • 2. jnagal@ Containerizing everything @ Google Containers at scale. Resource Isolation. lmctfy libcontainer
  • 3. Docker : What & Why Machine or Application containers Build Once, Configure Once. Deploy Everything* Everywhere* Reliably & Consistently Efficiently Cheaply
  • 6. Docker Grounds up: Resource Isolation Cgroups : Isolation and accounting ● cpu ● memory ● block i/o ● devices ● network ● numa ● freezer image credit: mairin
  • 7. Docker Grounds up: Namespaces ● Process trees. ● Mounts. ● Network. ● User accounts. ● Hostnames. ● Inter-process communication. pid_t pid = clone(..., flags, ...) CLONE_NEWUTS hostname, domainname CLONE_NEWIPC IPC objects CLONE_NEWPID Process IDs CLONE_NEWNET Network configuration CLONE_NEWNS File system mounts CLONE_NEWUSER User and Group IDs setns(int fd, int nstype) CLONE_NEWIPC CLONE_NEWNET CLONE_NEWUTS Also: unshare(flags)
  • 8. Docker Grounds up: Add Security ● Linux Capabilities ○ Drops most capabilities. ○ Enable what a task needs. ● GRSEC and PAX ● SELinux ● AppArmor image credit: Leo Reynolds
  • 9. Docker Grounds up: Filesystem File-system Isolation: Building a rootfs dir and chroot into it. With mount namespace, use pivot-root. Features: Layering, CoW, Caching, Diffing Solutions: UnionFS, Snapshotting FS, CoW block devices
  • 10. Docker Grounds up: Filesystem From: Jérôme Petazzoni
  • 11. Docker Grounds up: Processes & Networking We have resources, isolation, and file system management. Docker daemon handles starting/stopping processes with: Attach logic Logs TTY management Docker run options Events and container state Network Management NAT, Bridge, Veth Expose Links
  • 12. Docker Grounds up: Images Create and share images Push, pull, commit images. Registry (public, private) and index. Dockerfiles Orchestration: Linking Containers Multi-host linking Dynamic discovery image: jbarratt
  • 13. Docker Codewalk github.com/dotcloud/docker/ api : docker client and server api daemon : Managing containers and images engine: commands/jobs processing graph: store for versioned filesystem images and their relationship. registry: handling registry and repository. links: Linking containers. integration-cli: Integration tests. docs: documentation. pkg: collection of standalone utility packages that are not docker specific. sdd -> Great place to start contributing. Time for actual walkthrough...
  • 14. Docker Codewalk : docker/daemon Exec Driver Graph DriverNetwork Driver Docker Daemon LXC Native AUFS BTRFS DevMapper
  • 15. Docker Codewalk : pkg github.com/dotcloud/docker/pkg libcontainer: cgroup and namespaces. Uses lot of other utility packages. nsinit binary. apparmor, selinux, label : applying security profiles. mount, signals : system utilities. iptables, networkfs, netlink : network utilities. term: terminal handling systemd Let’s look through some of these.