Pawel Krupa (@paulfantom)
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems while operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density
Containers are a way to package software in a format that can run isolated on a shared operating system.
Containers do not bundle a full operating system - only libraries and settings required to make the software work are needed.
This makes for efficient, lightweight, self-contained systems and guarantees that software will always run the same, regardless of where it’s deployed.
FAST – start containers in seconds
With Copy-on-Write model, making changes to contenerized application can take minutes
EFFICIENT – pack as many containers as possible
Removing overhead of the hypervisor means containers are highly performant
SEGREGATION OF DUTIES – Dev code, Ops manage
Docker is designed to enhance consistency by ensuring the development environment matches production one
SOA AND MICROSERVICES – one container, one app
Docker recommends running one process per container. This promotes a distributed application model with inter-connected containers.
Modernize Traditional Apps
CI/CD
Microservices
IT Infrastructure Optimization
# you will need the GPG repo key
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# next you need to add repository
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# finally you refresh apt cache and install docker community edition
$ sudo apt-get update
$ sudo apt-get install docker-ce
Everything in detail is explained at docs.docker.com/engine/installation
IMAGE
Lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files
CONTAINER
Runtime instance of an image - what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so.
REGISTRY
Stateless, highly scalable server side application that stores and lets you distribute Docker images
Docker daemon
The background service running on the host that manages building, running and distributing Docker containers.
Docker client
The command line tool that allows the user to interact with the Docker daemon.
# To simply start a container just use docker run
$ docker run hello-world
# Containers can also be started in detached mode
$ docker run -d -p 80:80 dockersamples/static-site
# Also we can start a shell in a container
$ docker run -it centos:7
What happens when "docker run" is executed?
1. The Docker client contacts the Docker daemon.
2. The Docker daemon checks local store if the image is available locally, and if not, dowloads it from remote registry.
3. The Docker daemon creates the container and then runs a command in that container.
4. The Docker daemon streams the output of the command to the Docker client.
Commands
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Management Commands
config Manage Docker configs
container Manage containers
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
volume Manage volumes
Full documentation at docs.docker.com/engine/reference/commandline/cli
NONE
Container doesn't have any network connection. Useful for running one-time jobs.
HOST
Container is directly connected to host NIC.
BRIDGE
Default network connection. Access to container is done with NAT and PAT (via iptables).
OVERLAY
Used in docker swarm mode to inter-connect multiple docker daemons. Based on VXLAN technology.
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image.
ON BUILD
BOTH
RUNTIME
RUN executes command(s) in a new layer and creates a new image. E.g., it is often used for installing software packages.
CMD sets default command and/or parameters, which can be overwritten from command line when docker container runs.
ENTRYPOINT configures a container that will run as an executable.
1. Choose baseimage, ex. ubuntu or alpine.
2. Install python package manager (pip). On ubuntu package python-pip.
3. Upgrade base system if needed.
4. Install application dependencies from requirements.txt file.
5. Copy application files from app.tgz. Unpack with
tar xvf app.tgz
6. Inform that application runs on port 5000.
7. Write instruction to run application.
Docker Compose
Tool for defining and running multi-container Docker applications.
More information: docs.docker.com/compose/overview
Ansible
Tool for automating almost everything, including running multi-container applications. Also can run docker-compose.
More information: www.ansible.com/docker
