Introduction to Docker
35 likes15,264 views
This document provides an introduction to Docker, including: - Docker allows developers to package applications with all dependencies into standardized units called containers that can run on any infrastructure. - Docker uses namespaces and control groups to provide isolation and security between containers while allowing for more efficient use of resources than virtual machines. - The Docker architecture includes images which are templates for creating containers, a Dockerfile to automate image builds, and Docker Hub for sharing images. - Kubernetes is an open-source platform for automating deployment and management of containerized applications across clusters of hosts.
Introduction to Docker
- 2. Contents • Introduction to Containers • What is Docker? • Docker Architecture • Installing Docker • Docker Engine • Docker Images • Docker File • Docker Hub • Docker CLI • Kubernetes • Hands On Demo
- 3. Containers • LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. • The Linux kernel provides the cgroups functionality that allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and namespace isolation functionality that allows complete isolation of an applications' view of the operating environment, including process trees, networking, user IDs and mounted file systems
- 5. What is Docker • Docker is an open-source project that automates the deployment of applications inside software container • Docker containers wrap up a piece of software in a complete file system that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. • This guarantees that it will always run the same, regardless of the environment it is running in.
- 6. Static website Web frontend User DB Queue Analytics DB Background workers API endpoint nginx 1.5 + modsecurity + openssl + bootstrap 2 postgresql + pgv8 + v8 hadoop + hive + thrift + OpenJDK Ruby + Rails + sass + Unicorn Redis + redis-sentinel Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-client Development VM QA server Public Cloud Disaster recovery Contributor’s laptop Production Servers The Challenge Multiplicityof Stacks Multiplicityof hardware environments Production Cluster Customer Data Center Doservicesand appsinteract appropriately? CanImigrate smoothlyand quickly?
- 7. The Matrix From Hell Static website Web frontend Background workers User DB Analytics DB Queue Development VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor’s laptop Customer Servers ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
- 9. ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Also a matrix from hell
- 10. Multiplicityof Goods Multiplicityof methodsfor transporting/stori ng DoIworryabout howgoodsinteract (e.g.coffeebeans nexttospices) CanItransport quicklyand smoothly (e.g.fromboatto traintotruck) Solution: Intermodal Shipping Container …in between, can be loaded and unloaded, stacked, transported efficiently over long distances, and transferred from one mode of transport to another A standard container that is loaded with virtually any goods, and stays sealed until it reaches final delivery.
- 11. Static website Web frontendUser DB Queue Analytics DB Development VM QA server Public Cloud Contributor’s laptop Docker is a shipping container system for code Multiplicityof Stacks Multiplicityof hardware environments Production Cluster Customer Data Center Doservicesand appsinteract appropriately? CanImigrate smoothlyand quickly …that can be manipulated using standard operations and run consistently on virtually any hardware platform An engine that enables any payload to be encapsulated as a lightweight, portable, self- sufficient container…
- 12. Static website Web frontend Background workers User DB Analytics DB Queue Development VM QA Server Single Prod Server Onsite Cluster Public Cloud Contributor’s laptop Customer Servers Docker eliminates the matrix from Hell
- 13. Why Developers Care • Build once, run anywhere • A clean, safe, hygienic and portable runtime environment for your app. • No worries about missing dependencies, packages and other pain points during subsequent deployments. • Run each app in its own isolated container, so you can run various versions of libraries and other dependencies for each app without worrying
- 14. Why Developers Care • Automate testing, integration, packaging…anything you can script • Reduce/eliminate concerns about compatibility on different platforms, either your own or your customers. • Cheap, zero-penalty containers to deploy services? A VM without the overhead of a VM? Instant replay and reset of image snapshots? That’s the power of Docker
- 15. Why Devops Cares? • Configure once…run anything • Make the entire lifecycle more efficient, consistent, and repeatable • Increase the quality of code produced by developers. • Eliminate inconsistencies between development, test, production, and customer environments
- 16. Why Devops Cares? • Support segregation of duties • Significantly improves the speed and reliability of continuous deployment and continuous integration systems • Because the containers are so lightweight, address significant performance, costs, deployment, and portability issues normally associated with VMs
- 17. Why it works—separation of concerns • The Developer • Worries about what’s “inside” the container • His code • His Libraries • His Package Manager • His Apps • His Data • All Linux servers look the same • The Administrator • Worries about what’s “outside” the container • Logging • Remote access • Monitoring • Network config • All containers start, stop, copy, attach, migrate, etc. the same way
- 18. More technical explanation • High Level—It’s a lightweight VM • Own process space • Own network interface • Can run stuff as root • Can have its own /sbin/init (different from host) • Low Level—It’s chroot on steroids • Can also not have its own /sbin/init • Container=isolated processes • Share kernel with host • No device emulation (neither HVM nor PV) from host) • Run everywhere • Regardless of kernel version (2.6.32+) • Regardless of host distro • Physical or virtual, cloud or not • Container and host architecture must match* • Run anything • If it can run on the host, it can run in the container • i.e. if it can run on a Linux kernel, it can run WHY WHAT
- 19. App A Containers vs. VMs Hypervisor (Type 2) Host OS Server Guest OS Bins/ Libs App A’ Guest OS Bins/ Libs App B Guest OS Bins/ Libs AppA’ Docker Host OS Server Bins/Libs AppA Bins/Libs AppB AppB’ AppB’ AppB’ VM Container Containers are isolated, but share OS and, where appropriate, bins/libraries Guest OS Guest OS …result is significantly faster deployment, much less overhead, easier migration, faster restart
- 20. Why are Docker containers lightweight? Bins/ Libs App A Original App (No OS to take up space, resources, or require restart) AppΔ Bins / App A Bins/ Libs App A’ Guest OS Bins/ Libs Modified App Copy on write capabilities allow us to only save the diffs Between container A and container A’ VMs Every app, every copy of an app, and every slight modification of the app requires a new virtual server App A Guest OS Bins/ Libs Copy of App No OS. Can Share bins/libs App A Guest OS Guest OS VMs Containers
- 21. What are the basics of the Docker system? Source Code Repository Dockerfile For A Docker Engine Docker Container Image Registry Build Docker Host 2 OS (Linux) ContainerA ContainerB ContainerC ContainerA Push Search Pull Run Host 1 OS (Linux)
- 22. Changes and Updates Docker Engine Docker Container Image Registry Docker Engine Push Update Bins/ Libs App A AppΔ Bins / Base Container Image Host is now running A’’ Container Mod A’’ AppΔ Bins / Bins/ Libs App A Bins / Bins/ Libs App A’’ Host running A wants to upgrade to A’’. Requests update. Gets only diffs Container Mod A’
- 23. Ecosystem Support • Operating systems • Virtually any distribution with a 2.6.32+ kernel • Red Hat/Docker collaboration to make work across RHEL 6.4+, Fedora, and other members of the family (2.6.32 +) • CoreOS—Small core OS purpose built with Docker • OpenStack • Docker integration into NOVA (& compatibility with Glance, Horizon, etc.) accepted for Havana release • Private PaaS • OpenShift • Solum (Rackspace, OpenStack) • Other TBA • Public PaaS • Deis, Voxoz, Cocaine (Yandex), Baidu PaaS
- 24. Ecosystem Support • Public IaaS • Native support in Rackspace, Digital Ocean,+++ • AMI (or equivalent) available for AWS & other • DevOps Tools • Integrations with Chef, Puppet, Jenkins, Travis, Salt, Ansible +++ • Orchestration tools • Mesos, Heat, ++ • Shipyard & others purpose built for Docker • Applications • 1000’s of Dockerized applications available at index.docker.io
- 25. Use Cases Use Case Examples Clusters Building a MongoDB cluster using docker Production Quality MongoDB Setup with Docker Wildfly cluster using Docker on Fedora Build your own PaaS OpenSource PaaS built on Docker, Chef, and Heroku Buildpacks Web Based Environment for Instruction JiffyLab – web based environment for the instruction, or lightweight use of, Python and UNIX shell Easy Application Deployment Deploy Java Apps With Docker = Awesome How to put your development environment on docker Running Drupal on Docker Installing Wordpress on Docker
- 26. Use Cases Use Case Examples Create Secure Sandboxes Docker makes creating secure sandboxes easier than ever Create your own SaaS Memcached as a Service Automated Application Deployment Multi-cloud Deployment with Docker Continuous Integration and Deployment Next Generation Continuous Integration & Deployment with dotCloud’s Docker and Strider Testing Salt States Rapidly With Docker Lightweight Desktop Virtualization Docker Desktop: Your Desktop Over SSH Running Inside Of A Docker Container
- 28. Namespaces • Docker takes advantage of a technology called namespaces to provide the isolated workspace we call the container. • When you run a container, Docker creates a set of namespaces for that container. • Some of the namespaces that Docker Engine uses on Linux are: 1. The pid namespace: Process isolation (PID: Process ID). 2. The net namespace: Managing network interfaces (NET: Networking). 3. The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication). 4. The mnt namespace: Managing mount-points (MNT: Mount). 5. The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System)
- 29. Control groups • Docker Engine on Linux also makes use of another technology called cgroups or control groups. • A key to running applications in isolation is to have them only use the resources you want. • This ensures containers are good multi-tenant citizens on a host. • Control groups allow Docker Engine to share available hardware resources to containers and, if required, set up limits and constraints. • For example, limiting the memory available to a specific container.
- 31. Docker Engine Docker Engine is a client-server application with these major components: • A server which is a type of long-running program called a daemon process. • A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do. • A command line interface (CLI) client.
- 32. Docker Engine
- 33. Docker images • A Docker image is a read-only template. For example, an image could contain an Ubuntu operating system with Apache and your web application installed. • Images are used to create Docker containers. Docker provides a simple way to build new images or update existing images, or you can download Docker images that other people have already created. • Docker images are the build component of Docker.
- 34. Docker File • Docker can build images automatically by reading the instructions from a Dockerfile. • A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. • Using docker build users can create an automated build that executes several command-line instructions in succession. • The docker build command builds an image from a Dockerfile and a context.
- 35. Docker File - Example • Instructions INSTRUCTION arguments Eg. RUN echo 'we are running some # of cool things!’ • Parser directives: FROM ImageName Example: #Comment FROM windowsservercore COPY testfile.txt c: RUN dir c: To Build image using this file: docker build -f /path/to/a/Dockerfile .
- 36. Docker Hub • Docker registries hold images. • These are public or private stores from which you upload or download images. • The public Docker registry is provided with the Docker Hub. (hub.docker.com) • It serves a huge collection of existing images for your use. These can be images you create yourself or you can use images that others have previously created. • Docker registries are the distribution component of Docker.
- 37. Docker CLI • The CLI makes use of the Docker REST API to control or interact with the Docker daemon through scripting or direct CLI commands. • Many other Docker applications make use of the underlying API and CLI. • The CLI is also used to issue commands.
- 38. Kubernetes • Kubernetes is an open-source platform for automating deployment, scaling, and operations of application containers across clusters of hosts, providing container-centric infrastructure. • With Kubernetes, you can: • Deploy your applications quickly and predictably. • Scale your applications on the fly. • Seamlessly roll out new features. • Optimize use of your hardware by using only the resources you need
- 40. Kubernetes Features Kubernetes is: • portable: public, private, hybrid, multi-cloud • extensible: modular, pluggable, hookable, composable • self-healing: auto-placement, auto-restart, auto-replication, auto-scaling The Kubernetes project was started by Google in 2014.
- 43. Demo Time!
- 44. Q&A
- 45. Thank you