The document provides an overview of Docker, explaining its architecture, basic commands, and the differences between containers and virtual machines. It details the Docker workflow, including building and running containers, managing images, and pushing images to a registry, along with insights into Linux kernel features that support containerization. Additionally, it touches on orchestration tools, container security, and the benefits of using containers for development and operations.

1. INTRODUCTION TO
by Tom Verelst
Automation & Tooling Competence Center
© 2016 JWorks

2. BEFORE WE BEGIN...
Join https://tlk.io/ordina-docker

3. WHAT IS DOCKER?
Build Ship Run

4. WHAT IS A CONTAINER?
Contains the complete runtime environment
Application
Dependencies

5. It feels like a
LIGHTWEIGHT VIRTUAL MACHINE
It has a shell (SSH, ...)
Has its own namespace
Has its own network interface
Run stuff as root
Services
Packages
But if it's not a VM, so what's the difference?

6. VIRTUAL MACHINES
App
bins/libs
Guest OS
App
bins/libs
Guest OS
App
bins/libs
Guest OS
Hypervisor
Host OS / Kernel
Infrastructure

7. CONTAINERS
Processes that share the same kernel
App
bins/libs
App
bins/libs
App
bins/libs Daemon
Kernel
Infrastructure

8. Docker
Architecture

9. BASIC DOCKER WORKFLOW

10. DOCKER HOST
Docker Daemon
Docker Remote API (REST)
unix:///var/run/docker.sock
https://dockerhost:2376
Downloads and runs the containers

11. DOCKER CLIENT
Talks to Docker daemon

12. DOCKER REGISTRY
Image repository
Official Docker Registry @ hub.docker.com
As a service @ Docker Trusted Registry
Host your own @ github.com/docker/distribution

13. DOCKER IMAGE
Basis for each container
Layers

14. LAYERS
Top layer is thrown away when container stops
Writeable Container
Image: My application
Image: Java 8
Base Image: Ubuntu
bootfs (Kernel)

15. CONTENT ADDRESSABLE IMAGE IDS
Previously random UUIDs
Secure hash of image and layer data (SHA-256)
Separation of images and layers
ID collision prevention
Data integrity
Migration needed from pre-1.10

16. VOLUMES
Write and read data from outside
Mount local folders onto the container
Docker Volume drivers available

17. Basic Docker

18. DEMO TIME!

19. Commands

20. DOCKERFILE
Instructions to automate building of your image
Steps are cached for fast-reuse
FROM java:8
COPY target/application.jar app.jar
ENTRYPOINT ["java", "-jar", "app.jar"]

21. BASIC DOCKER COMMANDS
# Build the image in the working directory
$ docker build -t myapp .
# Run the image we just built as a container
$ docker run --name mycontainer myapp
# Stop the container
$ docker stop mycontainer
# Start the container again
$ docker start mycontainer

22. MANAGE CONTAINERS AND IMAGES
# List running containers
$ docker ps
# List all containers, including stopped
$ docker ps -a
# List all images
$ docker images
# Remove an image
$ docker rmi myapp

23. PUSH DOCKER IMAGES TO THE REGISTRY
# Login to Docker Registry
$ docker login --username=tomverelst --email=tom.verelst@or
dina.be
# Push the image to the Docker Registry
$ docker push myapp

24. HOW DO CONTAINERS REALLY WORK?

25. WARNING
Real low-level Linux stuff ahead!

26. BACK TO 2007, KERNEL 2.6.24
Control Groups aka cgroups
Kernel feature
Linux Containers aka lxc
Linux package that uses cgroups

27. CONTROL GROUP
Resource limiting
Prioritization
Accounting
Controlling

28. LINUX CONTAINERS
Package
Different on different Linux distro's

29. REDESIGN IN 2013
KERNEL 3.15 AND 3.16
NAMESPACE ISOLATION
PID namespace
Network namespace
Hostname
Mount namespace
Inter-process communication namespace
User namespace

30. FIRST DOCKER RELEASE IN 2013
Depended on LXC
Now abstracted with libcontainer

31. Benefits of containerisation

32. SCALING

33. IMMUTABLE INFRASTRUCTURE

34. DevOps
DEV
Application and dependencies
Inside of the container
OPS
Infrastructure
Outside of the container

35. CONTINUOUS INTEGRATION
Same artifact for all environments
No more "It worked on my laptop"
Run your builds and tests inside containers

36. Orchestration
Compose Machine Swarm Networking

37. Compose
Define and run multi-container applications
Single host
Multi-host experimental

38. Machine
Create and provision machines as Docker hosts

39. Create new Docker hosts
Run containers on these new hosts

40. Drivers

41. Swarm
Clustering tool
Turn multiple hosts into one virtual host
Service discovery
Scheduling

43. LABELS
Define custom labels to your Docker host
$ docker daemon --label env="production" --label storage="ssd"
$ docker-machine --engine-label env="production" --label storage="ssd"
$ docker run -e constraint:env==production -e constraint:storage==ssd ...

44. Filters
NODE
Constraint
Health
CONTAINER
Affinity
Port
Dependency

45. Networking
Create overlay networks
Replaces links (bridge)
Network plugins (Weave)
Embedded DNS server

46. Compose + Swarm Production Ready?
NOPE
https://github.com/docker/compose/issues/2866

47. https://cloud.docker.com/
(Tutum: )https://www.tutum.co/

48. Tools

49. Kubernetes

52. etcd etcd etcdDocker Docker Docker
CoreOS host CoreOS host CoreOS host
Host #1 Host #2 Host #3
etcd
fleetctl
etcdctl
fleetd
nServices
systemd
service files pool
Docker
containers
Docker
containers
Docker
containers
Local machine

53. Lattice

54. Flocker
Data Volume Manager

56. CONTAINER SECURITY
Isolation
Dependencies
Seccomp profiles
Coming soon: Unikernels
Security patches

57. NODE SECURITY
Daemon must run as root
Default authorization is all or nothing
Authorization plugins

58. Roadmap

59. Thank You!
Automation & Tooling Competence Center
© 2016 JWorks