Docker is more than Kernel Virtualization

About Me

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He's a frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on https://robrich.org/presentations and follow him on twitter at @rob_rich.

Docker is

• ephemeral
• isomorphic
• deterministic

Docker is

• ephemeral (short-lived)
• isomorphic (unchanging)
• deterministic (same every time)

Like any good story,

we've started in the middle ...

What is Docker?

Docker is an ecosystem around Container Virtualization

Containers vs VMs

Source: http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/

Containers

Containers virtualize and share the host kernel

Containers must run on the kernel for which they were built:

• Linux containers run on a Linux host
• Windows containers run on Windows Server host

Host Docker in a VM

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

Installing Docker

• Linux, Mac, or Windows 10:
  https://www.docker.com/get-started
• Windows Server:
  https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start_windows_server

Docker Desktop

• Automatically spins up a Linux VM
• Connects docker command-line to the VM
• Proxies localhost traffic to the VM's containers

Dockerfile

FROM node

WORKDIR /app

COPY package.json .
RUN npm install

COPY . .

ENV NODE_ENV production
ENV PORT 3000
EXPOSE 3000

CMD ["npm", "start"]

Dockerfile

• FROM ...
  • image we start from
• RUN ...
  • run setup content
• COPY ...
  • copy content into the container
• CMD [ ... ]
  • the thing to start

Layered Filesystem

Each line in the Dockerfile creates a layer

Layer is isomorphic

Layer hash is SHA256 of content and parent hash

See https://gist.github.com/aaronlehmann/b42a2eaf633fc949f93b#id-definitions-and-calculations

Layered Filesystem

Source: https://docs.docker.com/engine/userguide/storagedriver/aufs-driver/

Layered Filesystem

source

Layered Filesystem

Volumes - non-temporary storage

Volumes are a pointer in the container
saved to a folder on the host

Volumes

In Dockerfile:

VOLUME ["/data"]

Starting container

docker run -v $(pwd):/data imagename

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

Dockerfile to Image

• build dockerfile into image:

  docker build .

• list images:

  docker image list

• remove an image:

  docker image rm myimage

Run Container

• run the image as a container

  docker run imagename

• list containers:

  docker container list

• stop container:

  docker stop containername

• remove container:

  docker rm containername

Run Container

What did it do?

• download image layers (if needed)
• start process for container
• assign virtual ip to container
• NAT traffic into container

Run Container

Want another server?

"docker run" it again

Rule of Thumb

1 container is 1 process

Customize runtime: ports

docker run -p 80:5000 imagename:version

Port 80 outside maps to port 5000 inside

Customize runtime: volumes

docker run -v $(pwd):/data imagename

Symling the host's current directory
to the container's /data folder

Customize runtime: start command

docker run imagename /bin/bash

Ignore CMD instructions and run this instead

Get console logs

docker logs containername

Gets all logs sent to stdout and stderr

Consider piping these to promethius or ELK

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

Sharing Docker Images

• Tag the image

  docker image tag myimage username/imagename:1.2.3

• Login to Docker Hub

  docker login

• Push the image to Docker Hub

  docker push username/imagename:1.2.3

Using images from Docker Hub

• Download the image

  docker pull username/imagename:1.2.3

• Download image layers and start container

  docker run username/imagename:1.2.3

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

Many containers running in concert

Features:

• Containers alone in private network
• Only cluster's public ports are available to the outside
• Service discovery so containers can find each other
• Service management to start / scale cluster

Cluster Choices

• Docker Swarm: "in the box"
• Kubernetes: built by Google
• Apache Mesos: most proven at scale
• others ...

docker-compose.yml - configuration as code

version: '3'
services:
  web:
    build: .
    ports:
    - "80:5000"
    volumes:
    - logvolume01:/var/log
    links:
    - redis
  redis:
    image: redis
volumes:
  logvolume01: {}

Source: https://docs.docker.com/compose/overview/

docker-compose commands

• Build all the images

  docker-compose build

• Build and start the swarm

  docker-compose up -d

• Stop the swarm

  docker-compose down

• List containers in the swarm

  docker-compose ps

• Remove stopped containers

  docker-compose rm

Download: https://robrich.org/slides/welcome-to-docker/docker-ecosystem.pdf

Docker Magic

Docker Benefits

• denser hardware utilization
• faster spin-up time
  how long does it take to boot Windows vs start Sublime?
• smaller file size
• share image layers
• identical (or nearly) dev / prod configuration
• easily share setup

Docker Drawbacks

• less isolation
  • still in a sandbox
• kernel dependence
• no UI, command-line only
• it's IaaS, PaaS may be better

Creative uses

• use docker-compose as simpler command launch
• prod container exposes config as environment variables
• dev container has volume mapped to local directory
• schedule a container to backup a shared volume
• inherit from prod image, add CI content, run tests