DCSF19 Containers for Beginners
3 likes802 views
The document provides an overview of using Docker for creating and managing software containers, highlighting key concepts such as building images with Dockerfiles, sharing images via registries, and understanding containerization compared to traditional virtual machines. It discusses best practices for optimizing images and managing dependencies, as well as the importance of data persistence through volumes and networking among containers. Additionally, it touches on container orchestration, introducing various orchestration tools like Docker Swarm and Kubernetes for managing container workloads across multiple systems.
![@mikesir87
Creating Images
• Best practice is to use a Dockerfile
• A text file that serves as a script to build an image
• Build using the docker build command
FROM node
WORKDIR /app
COPY package.json yarn.lock .
RUN yarn install
COPY src ./src
CMD ["node", "src/index.js"]](https://image.slidesharecdn.com/dcsf19containersforbeginners-190626231946/85/DCSF19-Containers-for-Beginners-10-320.jpg)
DCSF19 Containers for Beginners
- 1. Michael Irwin - @mikesir87 Virginia Tech; Docker Captain Containers for Beginners
- 2. @mikesir87 Disclaimer: I cannot explain sprankle pods either!
- 3. @mikesir87 Quick History of Shipping Source: https://www.publicdomainpictures.net/en/view-image.php?image=275355 Source: https://en.wikipedia.org/wiki/Rail_freight_in_Great_Britain Source: https://pxhere.com/en/photo/553345
- 5. @mikesir87 Shipping in Software Source: https://www.usafe.af.mil/News/Photos/igphoto/2000887438/
- 6. @mikesir87 Either of these two scenarios sound familiar to you?
- 7. @mikesir87 Welcome! Glad to have you on the team! Clone the repo,use the wiki forsetup instructions,and update the docs as needed.Good luck!
- 8. @mikesir87
- 10. @mikesir87 Creating Images • Best practice is to use a Dockerfile • A text file that serves as a script to build an image • Build using the docker build command FROM node WORKDIR /app COPY package.json yarn.lock . RUN yarn install COPY src ./src CMD ["node", "src/index.js"]
- 11. @mikesir87 Sharing Images • Once built, the image is only available locally • To share, push it to a registry using docker push • Docker Hub is the default registry • Docker EE includes the Docker Trusted Registry • Many other third-party offerings available too • Once shared, others can pull the image Source: https://landscape.cncf.io
- 12. @mikesir87 Let’s build an image!
- 13. @mikesir87 What’s a container then? • While a container looks like a VM, it isn’t! • A container is just another process on the machine • It uses namespaces and control groups (cgroups) to provide isolation • Namespaces include network, process, user, IPC, mount, and others • To run a container, use the docker container run command
- 14. @mikesir87
- 15. @mikesir87 Containers vs VMs Infrastructure Host Operating System Hypervisor Guest OS Bins/Libs App 1 Guest OS Bins/Libs App 2 Guest OS Bins/Libs App 3 Infrastructure Operating System Bins/Libs App 1 Bins/Libs App 2 Bins/Libs App 3 Docker Daemon
- 16. @mikesir87 Image Layering • Images are composed of layers of filesystem changes • Each layer can add or remove from the previous layer • Each layer’s filesystem changes are stored as a single tar file • Each command in a Dockerfile creates a new layer • Use the docker image history command to see the layers and the command that was used to create each layer
- 17. @mikesir87 Layer contents file1 file2 file3 file4 file2 file5 file1 file2 file3 file4 file5 Layer 1 Layer 2 Merged • Layers are unioned together to make a full filesystem • Each layer can add files as needed • Files in “higher” layers replace the same file in “lower” layers • The container uses the “merged” view
- 18. @mikesir87 What about deleted files? ● Deleted files are represented in a layer as a “whiteout” file ● Whiteout files are only used by the filesystem driver and not visible in the merged filesystem file1 file2 file3 file4 file2 file5 file1 file2 file3 file5 Layer 1 Layer 2 Merged .wh.file4 Layer 3
- 19. @mikesir87 WARNING! Be careful what you put into images. Deleted files might not actually be gone!
- 20. @mikesir87 Two Best Practices Incoming!
- 21. @mikesir87 Clean up as you go! ● Don’t wait until the end of the Dockerfile to “clean” up ● Chain RUN commands together to clean things as you go FROM ubuntu RUN apt-get update RUN apt-get install -y python python-pip RUN pip install awscli RUN apt-get autoremove --purge -y python-pip FROM ubuntu RUN apt-get update && apt-get install -y python python-pip && pip install awscli && apt-get autoremove --purge -y python-pip && rm -rf /var/lib/apt/lists/* Net change of image size from 512MB to 183MB (64% reduction)
- 22. @mikesir87 Keep images tight and focused • Only install the deps/tools/packages that are necessary • Use multi-stage builds to separate build-time and run-time dependencies FROM node AS build WORKDIR /usr/src/app COPY package.json yarn.lock . RUN yarn install COPY public ./public COPY src ./src RUN yarn build FROM nginx:alpine COPY nginx.conf /etc/nginx/nginx.conf COPY --from=build /usr/src/app/build /usr/share/nginx/html Sample multi-stage build for a React app
- 23. @mikesir87 How do you persist data?
- 24. @mikesir87 ● Volumes provide the ability to persist/supply data ● Bind mount volumes ○ You choose where to persist the data ○ Example: -v $HOME/mysql-data:/var/lib/mysql ● Named volumes ○ Let Docker choose where to persist the data ○ Can use docker volume inspect to find actual location ○ Example: -v mysql-data:/var/lib/mysql Volumes
- 25. @mikesir87 Show me these volumes!
- 26. @mikesir87
- 27. @mikesir87 Docker Compose • Makes defining and running multi-container apps super easy • Uses a YAML file for configuration (docker-compose.yml) • Often included in project source repo at the root of the project • With a single command, start all containers/services for an app • Tool is bundled with Docker Desktop
- 28. @mikesir87 Docker Networking • Think of networking in terms of communication boundaries/isolation • If two containers are on the same network, they can talk to each other • Docker runs its own DNS resolver on each network • Allows it to resolve IP addresses of other containers using “aliases” API1 Database Reverse Proxy React App API2 Cache
- 30. @mikesir87 Container Orchestration • Orchestration provides the ability to manage the running of container workloads, often over a fleet of machines • You define the expected state (the desired state) • The system then tries to make actual state reflect expected state
- 31. @mikesir87 Actors in Orchestration • Every orchestrator has the concept of two types of nodes • Managers • Serve as the brains of the cluster • Maintain state and schedule work • Sometimes called masters • Worker nodes • Perform the actual work, as instructed by a manager • Sometimes called agents or nodes
- 32. @mikesir87 Various Orchestrators • Docker Swarm • Shipped with the Docker engine • Very user friendly and easy to get up and running • Satisfies most needs, though not all; built to be extensible, but takes some work • Kubernetes • Spun out of work done within Google and contributed to CNCF • Think of it more as a toolkit - so not as easy to get up and running • Very configurable and extensible • Amazon ECS • Made by Amazon Web Services and provided for free • Provides deep integration with AWS resources (IAM, ALBs, Auto-scaling, etc.)
- 34. @mikesir87 • Containers/images are here to standardize application packaging • No longer require host configuration • Docker Compose builds on the abstraction to make multi-service apps easier • Container orchestration builds on this idea • Be mindful of how you build your images and what you include • Volumes allow data to be persisted longer than the container • Networking serves provides communication paths/isolation Recap
- 35. @mikesir87 WARNING! Containers are NOT a silver bullet that will fix your company culture
- 36. Thank you! Rate the session! Keep in touch! @mikesir87; mikesir87@vt.edu