Docker containers have been making inroads into Windows and Azure world. Docker has now replaced the traditional Azure IaaS & PaaS services, offering superior container versions which are more responsive, cost effective, and agile. In this session for Charlotte Azure User Group, we will take an in-depth look at the intersection of Docker and Azure, and how Docker is empowering next gen Azure services.
Here's the link to CAG meetup for the event - https://www.meetup.com/Charlotte-Microsoft-Azure/events/fpftgmyxjbjb/
1. Dockerization of Azure Platform
Niraj Bhatt
Cloud Expert & Founder CLT Azure Group
@nirajrules
http://nirajrules.wordpress.com
2. What is Docker?
“Docker is an open platform (also the company) which provides ability
to package and run an application in a loosely isolated environment
called a container.”
3. What are Containers?
A container image is a lightweight, stand-
alone, executable package of a piece of
software that includes everything needed
to run it: code, runtime, system tools,
system libraries, settings.
Multiple containers can run on the same
machine and share the OS kernel with
other containers, each running as isolated
processes in user space.
Containers take up less space than VMs
(copy-on-write COW strategy), and start
almost instantly.
5. Building Blocks of Containers
Building Block Linux Windows
OS Virtualization (including
process, mount, network,
user, ipc, etc.)
Namespaces Namespaces
Hardware Thresholds Control Groups Job Objects
Union File System OverlayFS, AUFS, ZFS
Virtual Disk with Symbolic
links
To directly use virtualization facilities provided by the Linux kernel
Docker has created a custom libcontainer library
6. Docker Architecture
Docker uses a client-server architecture
Docker client talks to the Docker daemon, which does the heavy lifting of building,
running, and distributing your Docker containers
https://hub.docker.com/_/registry/
7. Docker on Windows
Docker CLI Docker Daemon (Windows
Containers)
MobyLinuxVM Daemon
(Linux Containers)
S
W
I
T
C
H
https://docs.docker.com/docker-for-windows/install/
docker image pull alpine
docker container run -it alpine
docker image pull microsoft/aspnetcore:2.0-nanoserver-1709
docker container run -it microsoft/aspnetcore:2.0-nanoserver-1709 cmd
8. LCOW – Linux Containers on Windows
• LCOW > 17.11 release with experimental
features turned on
• Docker daemon runs as a Windows process
(same as when running Docker Windows
containers), and every time you start a
Linux container Docker launches a minimal
Hyper-V hypervisor running a VM with a
Linux kernel
• Both Linux and Windows containers can
now run side by side
docker container run -it --platform=linux alpine
9. Docker Image Layers
• Layer is a set of files and objects
• Multiple layers are connected via a manifest to form a image
• docker image inspect microsoft/aspnetcore
• Images layers are stored in C:ProgramDataDockerwindowsfilter
• In Linux, the path is /var/lib/docker/’storage driver’
• ‘Storage Driver’ details can be retrieved using command ‘docker system info’
• Layers are completely unaware of each other; it’s the UFS storage driver
that provides consolidated image view
10. Let’s Build an App, But first…
• .NET Core CLI commands
• dotnet build - command builds the project and its dependencies into a set of
binaries.If the project has third-party dependencies, such as libraries from NuGet,
they're resolved from the NuGet cache but aren't available with the project's built
output.
• dotnet publish - Packs the application and its dependencies into a folder for
deployment to a hosting system.
• dotnet run - Command provides a convenient option to run your application from the
source code with one command. If you're trying to run a framework-dependent
application DLL instead, you must use dotnet without a command.
11. DockerFile
• Set of instructions to create an image
• Format <INSTRUCTION> <value>
• Instructions are typed in CAPITALS while values in lower case
• Instructions are either adding content or meta data; content instructions generate new layers
• E.g. FROM microsoft/aspnetcore-build:2.0-nanoserver-1709
WORKDIR /src
COPY *.sln ./
COPY NETCoreWithDocker/NETCoreWithDocker.csproj NETCoreWithDocker/
RUN dotnet restore
COPY . .
WORKDIR /src/NETCoreWithDocker
RUN dotnet build -c Release -o /app
docker image build –t netcorewithdocker:v1 .
12. Multi-Stage Builds - Keeping prod images lean
FROM microsoft/aspnetcore:2.0-nanoserver-1709 AS base
WORKDIR /app
EXPOSE 80
FROM microsoft/aspnetcore-build:2.0-nanoserver-1709 AS build
WORKDIR /src
COPY *.sln ./
COPY NETCoreWithDocker/NETCoreWithDocker.csproj NETCoreWithDocker/
RUN dotnet restore
COPY . .
WORKDIR /src/NETCoreWithDocker
RUN dotnet build -c Release -o /app
FROM build AS publish
RUN dotnet publish -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "NETCoreWithDocker.dll"]>
Set Base Image and expose port 80
With Build image compile .NET Core App
Create Publish bundling dependencies and compiled binaries
Copy the published output to base image and set ENTRYPOINT
13. Docker Compose
version: '3'
services:
netcorewithdocker:
image: netcorewithdocker
build:
context: .
dockerfile: NETCoreWithDockerDockerfile
Tool for defining and running multi-container Docker applications
Docker-compose version
Name of Service (Container)
Build from current folder (context)
if image is not found
docker-compose up –d
docker-compose ps
docker-compose down
docker container inspect --format "{{.NetworkSettings.Networks.nat.IPAddress}}" containerId_or_containername
Get Container
IP Address
15. CI / CD with Docker
https://success.docker.com/article/dev-pipeline
Docker Trusted Registry (DTR) lets you run and manage your own Docker image storage service,
securely on your own infrastructure behind your company firewall.
For testing you can use – Docker Hub (https://hub.docker.com/) or Azure Container Registry
docker login -u dockerId
docker image tag netcorewithdocker dockerId/your_repo
docker image push dockerId/your_repo
17. Traditional PaaS Compute Services on Azure
Azure App Service
Web Workloads
Azure Batch
Scheduled Job Workloads
Service Fabric
Microservices Workloads
18. If not containers, how does Azure scale and isolate?
All Azure Web Apps (as well as Mobile App/Services, WebJobs and Functions) run in
a secure environment called a sandbox. Each app runs inside its own sandbox,
isolating its execution from other instances on the same machine as well as
providing an additional degree of security and privacy which would otherwise not
be available. The sandbox mechanism aims to ensure that each app running on a
machine will have a minimum guaranteed level of service; furthermore, the runtime
limits enforced by the sandbox protects apps from being adversely affected by
other resource-intensive apps which may be running on the same machine.
https://stackoverflow.com/questions/43186498/azure-app-services-isolation-and-security/43186718
20. Web App (App Service)
• Service for hosting web
applications, REST APIs, and mobile
back ends
• App Service plan defines a set of
compute resources for a web apps
to run.
• These compute resources are
analogous to the server farm in
conventional web hosting.
21. Web App for Containers
• Web App for Containers will deploy your containerized application and
provision required infrastructure
• You just need to attach your container image in Docker Hub, Azure
Container Registry, or your private registry (DTR)
• GA for Linux environments on Sept 6, 2017
• https://azure.microsoft.com/en-us/blog/webapp-for-containers-overview/
• Windows Containers support is in private preview
• WebHooks are used for configuring CI / CD
22. Demo
Azure Web App For Containers
microsoft/azure-appservices-go-quickstart - /hello
23. Azure Batch
• Azure Batch creates and manages a
pool of compute nodes (virtual
machines), installs the applications you
want to run, and schedules jobs to run
on the nodes.
• No cluster or job scheduler software to
install, manage, or scale.
• Batch APIs and tools are available to
configure, manage, and monitor your
jobs.
24. Batch Shipyard
• Batch Shipyard is a tool to help provision and execute container-
based batch processing on Azure Batch compute pools
• You run your containers with easy-to-understand configuration files
shipyard.cmd pool / jobs Config
(folder)
credentials.yaml (azure batch and storage creds)
config.yaml (docker images)
jobs.yaml (job with task desc)
pool.yaml (Infra Nodes)
http://batch-shipyard.readthedocs.io/en/latest/05-batch-
shipyard-from-scratch-step-by-step/
25. Demo Batch Shipyard
Create Pool - batch-shipyard-3.5.0b1-cli-win-amd64.exe pool add --configdir config
Add Job to the Pool - batch-shipyard-3.5.0b1-cli-win-amd64.exe jobs add --configdir
config --tail stdout.txt
26. Service Fabric
• Distributed systems platform that
makes it easy to package, deploy, and
manage scalable and reliable
microservices
• It provides a sophisticated, lightweight
runtime to build distributed, scalable,
stateless, and stateful microservices
running in containers
• Also provides comprehensive
application management capabilities
to provision, deploy, monitor,
upgrade/patch, and delete deployed
applications
27. Service Fabric with Containers
No Changes to app; you can use an existing docker images to deploy them to service fabric cluster
Traditional SF Deployment
Container based SF Deployment
<ContainerHost>
<ImageName>nrcontainerregistry.azurecr.io/netcore</ImageName>
</ContainerHost>
29. Summary
• Containers offer substantial value over traditional virtualization
including scale, density, responsiveness, consistency and operations
• Microsoft is adopting containers, specifically docker, as it’s new PaaS
runtime – across web apps, batch processing and microservices
• Vital for developers and IT pros to develop container mindset for
deploying their applications
C:\Users\niraj\.docker – config.sh for client and related configurations
C:\Users\Public\Documents\Hyper-V\Virtual hard disks – MobyLinuxVHDs
C:\ProgramData\Docker\windowsfilter – Local Image Store
MobyLinuxVM is based on LinuxKit - a toolkit for building custom minimal, immutable Linux distributions.
Docker assigns default container names for every run - https://frightanic.com/computers/docker-default-container-names/
Layers are identified by a digest, which takes the form algorithm:hex
Directory for storing the layer is named after a randomly generated 'cache ID’
Delete all containers in docker - FOR /f "tokens=*" %i IN ('docker ps -a -q') DO docker rm %i
Delete all dangling images in docker - FOR /f "tokens=*" %i IN ('docker images -q -f "dangling=true"') DO docker rmi %i
Docker Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker. You install it on-premises or in your virtual private cloud, and it helps you manage your Docker cluster and applications through a single interface. - https://docs.docker.com/ee/ucp/