Containers/DockerMirna Alaisami

Matthias Haeussler

What is a container? „in general“

2

What is a Container? "in General"

3

• The term comes originally from the transportation world!

• A shipping container is any receptacle or enclosure for holding goods, so that it can be moved from one place to another without affecting its content.

[2]

What problems do containers solve?

• Let's say that we want to ship some important documents and at the same time a kind of liquid. How can we ship them together without having the danger that the liquid may ruin the documents?

• Simply open up two standardized shipping containers (that can be handled the same anywhere in the world), load the documents in one of them and the liquid in the other, lock the containers, and ship them next to each other with isolating their content and protecting it from being damaged or lost, using any transportation mode!

What Problems Do Containers Solve?

5

[3] [4]

What Problems Do Containers Solve?

6

[5]

What Problems Do Containers Solve?

7

What Problems Do Containers Solve?

8

What Problems Do Containers Solve?

9[6]

What Problems Do Containers Solve?

10[7]

What Problems Do Containers Solve?

11[8]

What is a container? "in IT world“

What is a Container? "in IT World"

13

• A software container is very similar to a shipping container in its purpose!

• Here we simply package a piece ofsoftware along with everything that is needed to make it work.

• More concretely, a software container is an isolated working environment for an application, containing all the necessary dependencies, libraries, binaries and configurations needed for the application to run seamlessly.

[9]

A container in technical words

• Technically, a container is a Linux process, or many processes, which are running isolated from other processes on the system, using the chroot system call and some Linux kernel features such as cgroups and namespaces:

− A chroot system call changes the root directory of a process and its children to a new location in the filesystem.

− A namespace wraps the system objects (processes, networking, filesystems, and user ID components) in an abstraction that limits the visibility an object has on other objects. Thus, container processes are limited to see only what is in the same namespace.

− A cgroup (Control group) limits the usage of resources (CPU, memory, disk, I/O) for a group of processes or containers.

A Container in Technical Words

15

Why do software containers exist?

Why Do Software Containers Exist?

17

App

Java EE„App Server“

App

Java EE„App Server“

DB

jar readme+

Dev Ops

!

DevOps Problem

Infrastructure Infrastructure

“Dev” “Prod”

Config

“Lightweight”

[10]

Why Do Software Containers Exist?

18

App

Java EE„App Server“

App

Java EE„App Server“

DB

jar readme+

Dev Ops

Infrastructure Infrastructure

“Dev” “Prod”

Config

“Lightweight”

[10]

“Containers”

Node

Container Engine

Node

Container Engine

Node Node

☺

• Abstraction

• Isolation

• Portability

• Security

• Agility

• Disposability

• Scalability

Why Do Software Containers Exist?

19

[11]

Containers vs. Container Images

▪ Container

− Begin lifecycle using an image

− Running instance of an image

− Many containers can be run off the same image

Containers vs. Container Images

21

▪ Container Image

− Never started, never “running”

− Blueprint of a container (Inert file, that’s the base on which you instantiate containers)

− Ensure reusability of containers

• Let us clarify the terminology before going more into details:

App

Runtime-dependency

Container Image Containers

Run

Containers vs. Container Images

22

Ubuntu

JVM

App

„immutable“Image-name:v1

Containers vs. Container Images

23

Ubuntu

JVM

App

„immutable“Image-name:v1

docker run

Ubuntu

JVM

App

Docker Daemon

mkdir /tmpcreate file

ssh

Containers vs. Container Images

24

Ubuntu

JVM

App

„immutable“Image-name:v1

docker run

Ubuntu

JVM

App

Docker Daemon

mkdir /tmpcreate file

ssh

docker commit

Ubuntu

JVM

App

/tmp

„immutable“Image-name:v2

Container technologies

Container Technologies

26

1979 2000-2005 2006 2008 2011-2013 2013 2013-2018

chroot

Implementation of chroot system call in Unix V7

Enables separation of the file system for individual processes

Process Containers, later: cgroups

Implementation of cgroups in Linux-Kernel by Google

Limiting, accounting and isolating resource usage

CF Warden, LMCTFY

Container Runtimes of CloudFoundry / Google

Slow increase in interest in containers

Google/LMCTFY concepts still used today

rkt, runC, Kubernetes

Competition with Docker with e.g. rkt

Release of container tools like Kubernetes

FreeBSD Jails, Linux VServer, Solaris Container, OpenVZ

Virtualization and isolation in subsystems

Required a lot of configuration and some kernel patches

LXC

The first, most complete implementation of Linux container manager

Implementation without Kernel-Patches

A lot of Configuration

Baseline for actual Runtimes

Docker

Release of Docker Platform as open source

Significant for the development of the technology

Easy handling and management of containers

What is Docker?

What is Docker?

28

• A popular container with a broad support from the cloud community but also commercially:

− Linux-based docker (based on cgroups and namespaces).

− Windows-based docker (cgroups and namespaces are represented differently).

[17]

Why Docker?

Why Docker?

30

• Has the biggest and growing community

• Provides the largest public repository of container images(Docker Hub)

• Has clear and clean documentation

• Is easy to use

• Is an open source technology

• Integrates with a number of infrastructure tools

[18]

Docker Hub

Docker Hub

32

• A cloud registry service that enables storing and discovery of Docker images and automating workflows.

• Provides both public and private repositories:

• Free for public images

• Cost for private images

• https://hub.docker.com

[19]

Docker engine components

Docker Engine Components

34

• Docker-Daemon: A persistent background process (the dockerd command) that manages Docker images, containers, networks, and storage volumes. It constantly listens for Docker API requests and processes them (the dockerd command).

• A REST API: An API used by applications to interact with the Docker daemon. It can be accessed by an HTTP client.

• Docker-Client: A command line interface (CLI) client (the docker command) for interacting with the Docker daemon.

managesmanages

manages manages

[21]

How does Docker work?

How does Docker Work?

36

Docker Client

Remote API

CLI

OR

[22]

[23]

How does Docker Work?

37

Docker Client Docker Host

CLI

OR

Containers Images

Docker Daemon

Remote API

How does Docker Work?

38

Docker Client Docker Host

Registry

CLI

OR

Containers Images

Docker Daemon

Remote API

How does Docker Work?

39

Docker Client Docker Host

Registry

CLI

OR

Containers Images

Docker Daemon(1)

(1)

Dockerfile

Build (1)

(1)

Dowload Base Image (1)

Remote API

How does Docker Work?

40

Docker Client Docker Host

Registry

CLI

OR

Containers Images

Docker Daemon(1)

(1)

(2)

(2)

Dockerfile

Push (2)

Build (1)

(1)

Dowload Base Image (1)

Remote API

How does Docker Work?

41

Docker Client Docker Host

Registry

CLI

OR

Containers Images

Docker Daemon

Not Found Locally? (3) Get From Registry (3)

(1)

(1)

(2)

(2)

(3)

(3)

Dockerfile

Push (2)

Build (1)

Pull (3)

(3)

(1)

Dowload Base Image (1)

Remote API

How does Docker Work?

42

Docker Client Docker Host

Registry

Remote API

CLI

OR

Containers Images

Docker Daemon

Run (4)

Found Locally? (4) „Start Container“ (4)

(1)

(1)

(2)

(2)

Push (2)

Build (1)

Pull (3)

Not Found Locally? (3) Get From Registry (3)

(3) (3)

(4)

(4)

(4)

Dockerfile

(3)

(1)

Dowload Base Image (1)

Sources

Sources

1. https://regmedia.co.uk/2017/09/11/shutterstock_containers_in_port.jpg?x=1200&y=794

2. https://i.ytimg.com/vi/XbF-MBr0Vlk/maxresdefault.jpg

3. https://www.shareicon.net/document-file-documents-archive-interface-files-files-and-folders-817212

4. https://www.deviantart.com/thepow/art/Chemistry-Flasks-322657766

5. http://multiboxx.com/

6. https://fr.pngtree.com/freepng/vector-maritime-transport_1639584.html

7. https://rfclipart.com/image/big/3f-89-52/cargo-container-train-with-diesel-locomotive-Download-Royalty-free-Vector-File-EPS-211474.jpg

8. https://previews.123rf.com/images/leshkasmok/leshkasmok1511/leshkasmok151100178/49155728-trasporto-aereo-di-concetto-di-trasporto-appartamento-stile-illustrazione-concetto-di-logistica-pu%C3%B2-ess.jpg

9. https://blog.risingstack.com/operating-system-containers-vs-application-containers/

10. https://us.123rf.com/450wm/ylivdesign/ylivdesign1701/ylivdesign170101181/68586484-laptop-icon-isometric-3d-style.jpg?ver=6

11. https://medium.com/tech-tajawal/devops-in-a-scaling-environment-9d5416ecb928

44

Sources

12. https://www.linuxfoundation.org/Projects/rkt/attachment/rkt-01/

13. https://static.openvz.org/artwork/Logos/ovz_transparent.png

14. http://vserver.13thfloor.at/Stuff/LOGO/Linux-VServer-1.01s.png

15. https://fr.wikipedia.org/wiki/LXC

16. https://www.vectorlogo.zone/logos/docker/docker-official.svg

17. https://news.opensuse.org/2018/05/04/hands-on-with-docker-opensuse-leap-15/

18. https://www.radcortez.com/wp-content/uploads/2015/04/docker-logo.png

19. https://hub.docker.com

20. http://www.cashadvance6online.com/data/archive/img/288163466.png

21. https://docs.docker.com/engine/docker-overview/

22. http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Mac-Terminal-icon.png

45

Sources

23. https://vskumarblogs.files.wordpress.com/2017/11/docker-logo.png?w=625

24. https://www.slideshare.net/Docker/tips-and-tricks-of-the-docker-captains

25. https://i0.wp.com/codeblog.dotsandbrackets.com/wp-content/uploads/2016/10/compose-logo.jpg?resize=262%2C285

26. https://www.linode.com/docs/applications/containers/how-to-use-docker-compose/

27. https://i.pinimg.com/originals/e2/e0/3c/e2e03c2a3fc0250e4e7c4b326a26a049.png

28. https://i2.wp.com/thepracticalsysadmin.com/wp-content/uploads/2018/05/k8s1.png?ssl=1

29. http://www.howtochoosealaptop.com/wp-content/uploads/2015/03/PayPal.jpg, https://expandedramblings.com/index.php/paypal-statistics/

30. http://techgenix.com/tgwordpress/wp-content/uploads/2017/12/ADP-logo-1024x465.png, http://techgenix.com/containers-success-stories/

31. https://blog.expedia.co.uk/holiday-habits/top-10-apps/img/main/expedialogo.png, https://www.docker.com/customers/expedia

46

Novatec Consulting GmbHDieselstraße 18/1D-70771 Leinfelden-Echterdingen

T. +49 711 22040-700info@novatec-gmbh.dewww.novatec-gmbh.de

Senior Consultant

Matthias Haeussler

Matthias.haeussler@novatec-gmbh.de

Consultant

Mirna Alaisami

Mirna.Alaisami@novatec-gmbh.de