Intro to containerization
1 like2,255 views
This document outlines the curriculum for an introduction to containerization presentation. It includes slides and hands-on exercises on installing Docker, building Docker images, running containers, viewing processes inside containers, and experimenting with resource isolation using cgroups and namespaces. Attendees will build a Docker image for a sample Flask application, run the container, view logs and processes, and push the image to Docker Hub. The presentation covers definitions of key containerization concepts and the benefits of using containers.
Intro to containerization
- 1. INTRODUCTION TO CONTAINERIZATION BALINT PATO SOFTWARE CRAFTSMANSHIP NYC MEETUP 11/17/2016
- 2. CURRICULUM FOR TODAY ▸ slides: curriculum ▸ hands-on: install docker, hello-world ▸ slides: containerization foundations ▸ hands-on: build an image from an app, run it, peak into the container ▸ slides: isolation and resource management ▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments! ▸ discussion INTRODUCTION TO CONTAINERIZATION
- 3. INTRODUCTION TO CONTAINERIZATION LET’S START HANDS-ON TEST > docker run hello-world
- 4. INTRODUCTION TO CONTAINERIZATION WHAT IS CONTAINERIZATION? ▸ metaphor I. shipping container ▸ standard packaging ▸ isolation method ▸ composability
- 5. INTRODUCTION TO CONTAINERIZATION WHAT IS CONTAINERIZATION? ▸ metaphor II. lightweight, fast virtualization ▸ a container is like a virtual machine but magnitudes faster to spin it up ▸ own networking stack ▸ own filesystem ▸ own process IDs ▸ …but it runs on a host machine!
- 6. INTRODUCTION TO CONTAINERIZATION BENEFITS: WHAT ARE CONTAINERS GOOD FOR? ▸ repeatability: I build the image once, and deploy (roughly) the same thing prod ▸ portability: as long as the runtime is available for a platform, the container can run there too. ▸ reusable filesystem setup: layers are the base of reuse ▸ standard execution and distribution: most (I consider windows preview only) software stacks are supported ▸ density: I can deploy multiple instances next to each other and split up the resources
- 7. INTRODUCTION TO CONTAINERIZATION BENEFITS: CLOUD NATIVE ARCHITECTURE an important piece in the cloud puzzle
- 8. INTRODUCTION TO CONTAINERIZATION DEFINITIONS ▸ containerization platform: a family of technologies to isolate processes from each other, so that processes run as if they are running in a normal operating system while - enforced by the container runtime - they actually share the resources of a single host without having the ability to see each other's or the host's processes and resources. A platform also has opinion about the runtime and the lifecycle of the image, from building to distribution. Examples: LXC, Rkt, Docker ▸ container runtime: container execution environment, which enforces the limited shares of resources (e.g. cpu, memory, disk) allocated to the containerized application, also exposes API and tools around managing containers. Examples: LXD, Docker daemon, Rkt process ▸ image: an image defines the filesystem and execution parameters for the container. Images can be layered, composable, depending on the format. Examples: Docker image, appc, LXC image format
- 9. EXERCISE: LET’S BUILD AN IMAGE! INTRODUCTION TO CONTAINERIZATION FROM alpine RUN apk add --no-cache bash curl py-pip RUN pip install --upgrade pip RUN pip install flask COPY ./app.py / ENTRYPOINT python /app.py 2. create docker-start/Dockerfile with the following content > git clone https://github.com/balopat/docker-starter 1. get some sample code, discuss the flask app > docker build -t nanoservice . 3. build the image and discuss: What can these instructions mean?
- 10. EXERCISE: LET’S RUN IT! INTRODUCTION TO CONTAINERIZATION > docker images 1. list images on your machine, discuss: what can you see? > docker run -d -p 1234:5000 nanoservice 2. spin up a container, discuss: what’s the output? > docker ps 3. list running containers, discuss the output > docker logs <container-id> 4. get the logs, discuss the output - try accessing the app
- 11. EXERCISE: WHAT’S IN THE BOX? INTRODUCTION TO CONTAINERIZATION > docker exec <container-id> ls / 1. run this and discuss > docker exec -ti <container-id> bash 2. run this and experiment around container> ps ax 3. how many processes are in the container? what are their PIDs? container> curl localhost:5000 4. try accessing the app from inside
- 12. INTRODUCTION TO CONTAINERIZATION KEEP IN MIND: THE DOCKER ARCHITECTURE: CLIENT-SERVER
- 13. INTRODUCTION TO CONTAINERIZATION ISOLATION AND RESOURCE SHARING ▸ linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html ▸ hostname ▸ net ▸ pid ▸ users ▸ mounts ▸ … ▸ linux cgroups https://en.wikipedia.org/wiki/Cgroups ▸ CPU share ▸ CPU set ▸ memory ▸ block I/O ▸ network priority ▸ …
- 14. INTRODUCTION TO CONTAINERIZATION EXERCISE: PUNCH A WHOLE ON THE CONTAINER > docker run -d -p 1234:5000 nanoservice 1. spin up a container with port mapping and discuss: what’s the output? what does docker ps show? 2. On Mac + Ubuntu desktops just access http://localhost:5000, [on Windows with Docker Toolbox: a.) find the boot2docker VM’s IP: run ‘docker-machine ls’ this will give you a tcp://<boot2dockerVMIP>:XXXX in the response b.) you can access the app at http://<boot2dockerVMIP>:1234
- 15. INTRODUCTION TO CONTAINERIZATION https://hub.docker.com 1. Register on docker hub > docker login 2. login > docker tag nanoservice <username>/nanoservice 3. re-tag our service to setup the repository (check with docker images) > docker push <username>/nanoservice 4. push! EXERCISE: PUSH IT TO DOCKERHUB
- 16. EXERCISE: TALKING TO THE DAEMON INTRODUCTION TO CONTAINERIZATION > docker run -it --privileged -v /var/run/docker.sock:/var/ run/docker.sock appropriate/curl sh > curl google.com 1. we’ll need curl > ls /var/run/docker.sock 2. find /var/run/docker.sock > curl --unix-socket /var/run/docker.sock http://localhost/images/json 3. let’s query the daemon!
- 17. EXERCISE: LIMIT MEMORY INTRODUCTION TO CONTAINERIZATION > docker run -ti -m 300M debian bash 1.Let’s get a shell limited to 300M of memory > docker stats 2. another window, let’s see the amount of RAM you have! https://docs.docker.com/engine/reference/run/ Loads of options to manage resource usage of apps: > cat <(yes | tr n x | head -c $((1024*1024*300))) <(sleep 10) | grep n 3. let’s load stuff in the memory, follow the action in the docker stats!
- 18. EXERCISE: MAX OUT YOUR CPU - ONLY DO THIS IF YOU HAVE MORE THAN 1 CORE! INTRODUCTION TO CONTAINERIZATION > docker run -ti --cpuset-cpus="1" --cpu-quota=10000 debian bash 1.Let’s get a shell limited to 1 cpu and only 10% of it > :(){ :|:& };: 2. Let’s drop the fork bomb > docker stats 3. on another tab - let’s see the stats > docker kill <container-id> 4. kill the cpu killer
- 19. CURRICULUM FOR TODAY ▸ slides: curriculum ▸ hands-on: install docker, hello-world ▸ slides: containerization foundations ▸ hands-on: build an image from an app, run it, peak into the container ▸ slides: isolation and resource management ▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments! ▸ well done! we can get to the discussion :) INTRODUCTION TO CONTAINERIZATION