Upload
bill-maxwell
View
144
Download
0
Embed Size (px)
Citation preview
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Container Days: Docker 101October 13
© 2015 Rancher Labs, Inc.2 © 2016 Rancher Labs, Inc .
Bill MaxwellPrincipal Eng. @ Rancher Labs @[email protected]
#ranchermeetup
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Agenda
Docker IntroContainer BasicsBuildingStorageNetworking
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
STOPDocker Install Time
https://docs.docker.com/engine/installation/
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
VM vs Containers
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Note: Containers ≠ microservices
…but containers are a good way of packaging and delivering microservices
[PS: you can still use VMs]
© 2015 Rancher Labs, Inc.7 © 2016 Rancher Labs, Inc .
Our Goal: A Production Container Service
Develop Build Containerize Test Deploy/Upgrade Operate
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Runtimes
runClxc/lxd
openVZ
rktdocker
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker ContainersMantra: Build once, run anywhere
• A clean and portable runtime environment for your application (or service)• No worries about missing dependencies, packages, etc during subsequent
deployments• Automate testing, integration, and packaging…anything you can script• Reduce concerns around compatibility on different platforms (either your own,
or your customers• Instant replay and reset of image snapshots
Docker containers are helping organizations achieve agility and efficiency
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .10
Docker is helping organizations achieve agility and efficiency
12
Improve the speed and reliability of software development organizations
Operate that software reliably at a reasonable cost
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Isolation Mechanisms• Cgroups – Metering and Limiting
• Namespaces• Pid• User• Net• Mnt• Ipc• User
• Layered Copy On Write Filesystems
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker flow
Docker file
Push
Build Registry
Pull
Host
Run
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Building Images
FROM alpine
RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*
CMD /bin/echo hello
Dockerfile
Base Image
Install Software
Default Command
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Anatomy of an Image
Base Image
Layer 1
Layer 2
Layer 3
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
What Happens?• Base image is pulled from
registry.• A container is created and the
next command is executed.• The result is committed to a
layer in the image.
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Demo Images/Building
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Building Images Cont.FROM alpine
RUN apk add --update bash \ mysql-client \ openssl \ vim && \ rm -rf /var/cache/apk/*
ADD ./script.sh /
CMD /bin/echo hello
Add a file from the local build context
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
ExerciseBuild a Docker image from Alpine that executes:
script.sh:#!/bin/bashecho “hello world”
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Exercise Solution
#!/bin/bashecho “hello world”
FROM alpine
RUN apk add --update bash &&\ rm -rf /var/cache/apk/*
ADD ./script.sh /
CMD /script.sh
script.sh
Dockerfile $ ls ./Dockerfile script.sh
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Demo Docker Push
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Notes on Tags• By default Docker
uses :latest tag.
• Docker checks for image locally, then checks registry.
• Always run a versioned tag in a production system
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker Run
docker run –d nginx
docker run –it debian bash
docker logs <container id>
See the stdout/stderr from a container:
docker exec –it <container id> /bin/bashJump inside a container with a shell:
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
ExerciseRun the container from previous exercise in both interactive andDetached mode.
Enter the detached container with docker exec
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker Run From a Filesystem perspective
Base Image
Layer 1
Layer 2
Layer 3
Container 1Filesystem
Container 2Filesystem
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
ExerciseRun 2 containers from the same image and see that changes on the local file system do not impact the other.
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker volumes
Base Image
Layer 1
Layer 2
Layer 3
By Default layered file systems. Keep mappingtable in memory.
AUFS doesn’t do Hard Links… good luck running Tox
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker volumes
Base Image
Layer 1
Layer 2
Layer 3
Use a VOLUME
Dockerfile:Volume /path
Runtime:-v /path
/var/lib/dockerFilesystem
Running Container
/path
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Volume PluginsDocker plugin binaries that can mount storage and attach to containers.
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Host Bind MountsDirectly mount any path on the host file system inside the container.
docker run –it –v /data:/data alpine sh
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Volumes FromShare volumes between containers!
Data Container
Container 1 Container 2
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Volume Exercises1. Docker volume ls2. docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql3. Docker volume ls
4. Docker volume create –name mysql-data5. docker run --name some-mysql-named-volume -e MYSQL_ROOT_PASSWORD=my-
secret-pw –d –v mysql-data:/var/lib/mysql mysql
6. mkdir ./data7. docker run --name some-mysql-host-volume -e MYSQL_ROOT_PASSWORD=my-secret-
pw –d –v $(pwd)/data:/var/lib/mysql mysql
8. Create a volume container
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Docker networking• Containers run in their own
network namespace.• Port mapping to host interface
for outside accessiblity.
Host
Interface
Docker Bridge
Container
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Demo Networking ModesNoneHost
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
LinkingCreates Directional Link
Creates DNS / Host lookup
Creates ENV variables
Container 1 Container 2
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Exposing PortsAllows traffic from outside of the Docker bridged network.
Host
Interface
Docker Bridge
Container
Outside world
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Demo LinkingSetting hostnameSetting host:ip mapping
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
ExerciseCreate Mysql Container and link a mysql client container to it.
Run nginx container and reach port
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Pulling it all togetherLets run:
https://github.com/realpython/orchestrating-docker
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Advanced TopicsNamespace sharing! Security ConsiderationsDaemon settings
© 2015 Rancher Labs, Inc.© 2016 Rancher Labs, Inc .
Thank you!
Questions?
Contact: [email protected]