austin - container days - docker 101

© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .

Container Days: Docker 101October 13

© 2015 Rancher Labs, Inc.2 © 2016 Rancher Labs, Inc .

Bill MaxwellPrincipal Eng. @ Rancher Labs @[email protected]

#ranchermeetup


Agenda

Docker IntroContainer BasicsBuildingStorageNetworking


STOPDocker Install Time

https://docs.docker.com/engine/installation/


VM vs Containers


Note: Containers ≠ microservices

…but containers are a good way of packaging and delivering microservices

[PS: you can still use VMs]

© 2015 Rancher Labs, Inc.7 © 2016 Rancher Labs, Inc .

Our Goal: A Production Container Service

Develop Build Containerize Test Deploy/Upgrade Operate


Runtimes

runClxc/lxd

openVZ

rktdocker


Docker ContainersMantra: Build once, run anywhere

• A clean and portable runtime environment for your application (or service)• No worries about missing dependencies, packages, etc during subsequent

deployments• Automate testing, integration, and packaging…anything you can script• Reduce concerns around compatibility on different platforms (either your own,

or your customers• Instant replay and reset of image snapshots

Docker containers are helping organizations achieve agility and efficiency

© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .10

Docker is helping organizations achieve agility and efficiency

12

Improve the speed and reliability of software development organizations

Operate that software reliably at a reasonable cost


Isolation Mechanisms• Cgroups – Metering and Limiting

• Namespaces• Pid• User• Net• Mnt• Ipc• User

• Layered Copy On Write Filesystems


Docker flow

Docker file

Push

Build Registry

Pull

Host

Run


Building Images

FROM alpine

RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*

CMD /bin/echo hello

Dockerfile

Base Image

Install Software

Default Command


Anatomy of an Image

Base Image

Layer 1

Layer 2

Layer 3


What Happens?• Base image is pulled from

registry.• A container is created and the

next command is executed.• The result is committed to a

layer in the image.


Demo Images/Building


Building Images Cont.FROM alpine

RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*

ADD ./script.sh /

CMD /bin/echo hello

Add a file from the local build context


ExerciseBuild a Docker image from Alpine that executes:

script.sh:#!/bin/bashecho “hello world”


Exercise Solution

#!/bin/bashecho “hello world”

FROM alpine

RUN apk add --update bash &&\ rm -rf /var/cache/apk/*

ADD ./script.sh /

CMD /script.sh

script.sh

Dockerfile $ ls ./Dockerfile script.sh


Demo Docker Push


Notes on Tags• By default Docker

uses :latest tag.

• Docker checks for image locally, then checks registry.

• Always run a versioned tag in a production system


Docker Run

docker run –d nginx

docker run –it debian bash

docker logs <container id>

See the stdout/stderr from a container:

docker exec –it <container id> /bin/bashJump inside a container with a shell:


ExerciseRun the container from previous exercise in both interactive andDetached mode.

Enter the detached container with docker exec


Docker Run From a Filesystem perspective

Base Image

Layer 1

Layer 2

Layer 3

Container 1Filesystem

Container 2Filesystem


ExerciseRun 2 containers from the same image and see that changes on the local file system do not impact the other.


Docker volumes

Base Image

Layer 1

Layer 2

Layer 3

By Default layered file systems. Keep mappingtable in memory.

AUFS doesn’t do Hard Links… good luck running Tox


Docker volumes

Base Image

Layer 1

Layer 2

Layer 3

Use a VOLUME

Dockerfile:Volume /path

Runtime:-v /path

/var/lib/dockerFilesystem

Running Container

/path


Volume PluginsDocker plugin binaries that can mount storage and attach to containers.


Host Bind MountsDirectly mount any path on the host file system inside the container.

docker run –it –v /data:/data alpine sh


Volumes FromShare volumes between containers!

Data Container

Container 1 Container 2


Volume Exercises1. Docker volume ls2. docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql3. Docker volume ls

4. Docker volume create –name mysql-data5. docker run --name some-mysql-named-volume -e MYSQL_ROOT_PASSWORD=my-

secret-pw –d –v mysql-data:/var/lib/mysql mysql

6. mkdir ./data7. docker run --name some-mysql-host-volume -e MYSQL_ROOT_PASSWORD=my-secret-

pw –d –v $(pwd)/data:/var/lib/mysql mysql

8. Create a volume container


Docker networking• Containers run in their own

network namespace.• Port mapping to host interface

for outside accessiblity.

Host

Interface

Docker Bridge

Container


Demo Networking ModesNoneHost


LinkingCreates Directional Link

Creates DNS / Host lookup

Creates ENV variables

Container 1 Container 2


Exposing PortsAllows traffic from outside of the Docker bridged network.

Host

Interface

Docker Bridge

Container

Outside world


Demo LinkingSetting hostnameSetting host:ip mapping


ExerciseCreate Mysql Container and link a mysql client container to it.

Run nginx container and reach port


Pulling it all togetherLets run:

https://github.com/realpython/orchestrating-docker




Advanced TopicsNamespace sharing! Security ConsiderationsDaemon settings


Thank you!

Questions?

Contact: [email protected]

austin - container days - docker 101

Technology