Containers with .

A humble introduction
 foreword.
Kernel & Operating System
 The Operating System (OS) provides
an interface between the User and the Machine.

The Kernel is a part of this Operating System.

It provides interface between the Applications and the Hardware.
Its main purpose is the memory, disk, process and task management.
It's the first program to load when the Operating System loads.

Operating System (OS)

Usually located in
/boot
Computer
3
 1.
WHat is DOCKER ?
 Real-world analogy = Intermodal Containers
before 1960:
- Multiplicity of methods for storing/transporting
- Problems of interaction between goods
= It was a mess… so it was really expensive and not really trustable

5
 2.
WHat is really DOCKER ?
Docker is a tool for running applications in
isolated environments called Containers.

container container container

App 1 App 2 App 3

tomcat apache2 MySQL

Ubuntu Debian CentOS

Docker Engine
 3.
Is it just another Virtual Machine ?
 Nope ^^
● Hardware-level virtualization ● OS virtualization
● Each VM runs its own OS (and kernel) ● Share the host OS (and kernel)
● Fully isolated, hence more secure ● Process-level isolation, possibly less secure
● Heavyweight ● Lightweight
● Startup time in minutes ● Startup time in milliseconds
● Allocates fixed memory ● Requires less memory space

kernel kernel kernel

kernel kernel
 4.
Great ! is it ready for production ?
 Of course !!!
The first release of Docker was in 2013

And the technologies behind are older:

LXC (LinuX Containers) 2008

Cgroups 2007
Aufs 2006
Namespaces 2002
 5.
Why Docker is so popular now ?
 LXC (2008) wasn’t adopted by
the community because
it was too hard to put in place and to use...

Docker is Powerful and Simple.

With a simple command line, in few seconds,

you can download, run ubuntu & open a bash on it:

docker run -it ubuntu

-it option is short for --interactive and --tty
 E R
O CK
D Dev VS Ops (case 1)
OUT
T H
WI ( The prod server crashed !!! > (•`_´•) <--- Ops

Dev ---> ‾\_(ツ)_/‾ < Not my fault, It works on my machine)

Dev VS Ops (case 2)

Dev ---> \(°д°)/ < Ahhhh, I need to deploy a new version ! )

( Come back in 3 weeks :p > (^_^) <--- Ops

14
 ER
CK
DO DevOps
TH
WI
Dev ---> \(ᵔᵕᵔ)/\(ᵔᵕᵔ)/ <--- Ops

Standardization and Productivity

Compatibility and Maintainability
Simplicity and Faster Configurations
Rapid Deployment
Continuous Deployment and Testing
Isolation/Security
15
 6.
You want to see an example ?
 1) Install Docker Engine

https://docs.docker.com/engine/install/

2) Open a terminal and execute this

docker run -d -p 8000:80 jgreat/2048

-d is for detach mode and -p is for publish port

3) Open with your web browser

http://localhost:8000/

17
 7.
What Kind of Sorcery Is This ?
 STOPPED RUNNING
IMAGE CONTAINER CONTAINER

START

BUILD CREATE
STOP

RUN = CREATE + START

Main concepts:
You can build “Images” from a “Dockerfile”.
// You can easily write your own Dockerfile, it’s a simple text file (seen later).
To create a new running “Container”, you have to run an “Image”.
// You can do the same in 2 steps: “docker create” + “docker start”
Next you can stop or start your existing “Containers”.
19
There are tons of images “ready to use” available on DockerHub
(hosted repository service provided by Docker) but you can have
your own repo, we call that a Registry.

20
 When we ran the Image jgreat/2048
As the Image was missing on the host, it automatically
downloaded from the Registry, built the Container and started

21
You can have any distribution while it’s based on the linux kernel.
Of course, it’s perfect for web applications, databases, etc…
But also for a Minecraft server or a good old CS 1.6 ^^
docker run -d -p 27015:27015 -p 27015:27015/udp --name cs16-server ggoulart/cs1.6-server-more-maps

22
 8.
ok let’s do it !
Create a directory named “test” and inside the “Dockerfile” file.
Put this 2 lines:
build and Image on top of the “ubuntu” Image
FROM ubuntu
execute the command: echo “Hello World” DOCKERFILE
CMD ["echo", "Hello World"]

Next, open a terminal in this “test” directory.

To build an Image from the Dockerfile, execute (-t option is to define the tag):
docker build -t hello_img . the last parameter . is the Dockerfile location

To see all the images available in local:

docker images IMAGES

To create a new container from the Image hello_img and start it:
docker run hello_img
CONTAINERS
To see all the existing containers on the host (-a option to see all the containers, stopped too):
docker ps -a

24
Well understand, each time you RUN an IMAGE, it creates a NEW CONTAINER !!!

Instead of create a new container, you can use an existing one:

docker start CONTAINER_ID_or_NAME
docker stop CONTAINER_ID_or_NAME
Tips:
- You can name a container when creating:
docker run hello_img --name my_hello_container
- You can delete all the stopped containers like this:
docker system prune
25
 9.
One container, one unit task
Containers are designed for running specific tasks and
processes, not just for hosting operating systems.

You create a container to serve a single unit task.

Once it completes the given task, it stops.

Therefore, the container life-cycle depends on

the ongoing process inside of it.

Once the “main” process stops,

the container stops as well.

27
 10.
how we specify this “main” process ?
In short, if it’s present it will be the ENTRYPOINT instruction,
else it will be the CMD instruction.
FROM ubuntu
CMD ["echo", "Hello World"]

What is funny with the CMD instruction,

you can override when creating the container…
docker run hello_img echo bye → output: bye

And with the ENTRYPOINT instruction,

you can’t override… it will add at the end...
FROM ubuntu
ENTRYPOINT ["echo", "Hello World"]

docker run hello_img echo bye → output: Hello World echo bye
29
 11.
Why “cmd” and “entrypoint” ExiST both?
 Because the power comes when you combine them !
FROM ubuntu → in this form, CMD add
ENTRYPOINT ["echo", "Hello"] overridable parameters to the
CMD ["World"] ENTRYPOINT instruction

→ without parameter
it displays Hello World

→ with a parameter Nobody

it displays Hello Nobody

At the moment, maybe you don’t see the “real” power of that.
But it will let you create images with a default command and/or arguments
that can be overwritten from command line when creating containers.
31
 12.
It’s time to Share our image
 You need to push your image to a Registry.
Of course you can have your own private registry
but here we will use the public DockerHub repo.
docker push hello_img

Accordings the docs, we need to prefix with our DockerHub name

33
It’s well available now on DockerHub:

You can download my Image like this:

docker pull ludk/hello_img

And/or you can create a new Container with this Image like this:
docker run ludk/hello_img
 13.
WAIT...Does it download everything everytime?
 Each container is
an image with a readable/writeable layer on top of
a bunch of read-only layers.
These layers (also called intermediate images) are generated when the
commands in the Dockerfile are executed during the Docker image build.
LE
AB
RIT
L E/W
DAB
A
RE
FROM debian
RUN apt-get update && apt-get install -y nano

READ ONLY
RUN apt-get install -y apache2 && apt-get clean
ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

=> Modify your current Dockerfile like this

36
 Each line in the Dockerfile create a new Image Layer.
And each Image layer has its own id (like a commit in a Git project).

FROM debian
RUN apt-get update && apt-get install -y nano
RUN apt-get install -y apache2 && apt-get clean
ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

docker build -t debian_nano_apache .

docker images
docker history debian_nano_apache

IMAGE CREATED CREATED BY SIZE

cdf24ceab4f8 41 seconds ago /bin/sh -c #(nop) ENTRYPOINT ["/usr/sbin/ap… 0B
44089de03b88 41 seconds ago /bin/sh -c apt-get install -y apache2 && apt… 112MB apache2
adae04d4f580 55 seconds ago /bin/sh -c apt-get update && apt-get install… 20.5MB nano
1b686a95ddbf 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:1ab357efe422cfed5… 114MB debian
docker history debian

IMAGE CREATED CREATED BY SIZE

1b686a95ddbf 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:1ab357efe422cfed5… 114MB debian
37
 Any new Docker image layer created with
an instruction in the Dockerfile (as if it deletes files)
increases the size of the final Docker image.

So why this System is great ?

Because if you need the exact same image layer anywhere,

it won’t download it again… it will be able to use the cached version.

If you have an heavy Image for your project but

you COPY the source code of your project at the end of the Dockerfile
you can make new releases with the new source code quickly
because all the heavy step will pass instantly (from the cache)

38
 14.
How to interact with the container ?
 The main kinds of processes we usually run
inside a Container are what we call a “Server”.

A server is running on a Port (http:80, ftp:21, mysql:3306, etc).

Remember when we launch the 2048 game:

docker run -d -p 8000:80 jgreat/2048

The -d option was to start the Container in “detach” mode.

The -p option is to publish a container's port(s) to the host.
So we published the 80 port of the container to the 8000 port of the machine.

That’s why we opened this URL (port 8000):

http://localhost:8000/
40
Well, we can run a new Container named websrv from our last Image like this;

docker run -d -p 80:80 --name websrv debian_nano_apache

And check http://localhost/ to see the Apache2 Debian Default Page.

If you need to connect to this container (to see the logs for example)
docker exec -it websrv /bin/bash

exec is used to run any command in a running container.

So if you run a bash with the options (-it => interactive tty)
it’s like you was connected with ssh !

41
 15.
How to work inside a container ?
 You’re right, until now we just played with Containers.
To really work with them you have to
share data between the Container and the Host
=> Let’s me introduce the Volumes.
Inside your test directory, create myproject/index.html
<html>
<head>Hello</head>
<body>Volumes are great !!!</body>
</html>

We need to delete our container and create a new one with a Volume:
docker rm -f websrv
docker run -d -p 80:80 --name websrv -v /path/to/myproject:/var/www/html debian_nano_apache

As this path is relative to the Host directories, it’s not the best way :/
The proper way to mount Volumes (more complicated) is described here.
43
 16.
And if I want to copy stuff inside my container
 You just need to use the COPY instruction, example:
FROM debian
RUN apt-get update && apt-get install -y nano
RUN apt-get install -y apache2 && apt-get clean
COPY myproject /var/www/html
ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

We need to build a new Image from the new version of the Dockerfile.
And next, we can delete our Container and create a new one.
docker build -t debian_nano_apache .
docker rm -f websrv
docker run -d -p 80:80 --name websrv debian_nano_apache

It’s perfect if you want to distribute your project with the source code inside,
but it’s not the best way when developing because for every change
in your code you need to create a new container for testing.
45
 17.
containers working together
A really basic LAMP architecture could look like this:

Volume
mysql

EXPOSE
MySQL Server DB folder

3306
8000:80

Apache + PHP 7.4

Volume
www

Apache + PHP 7.1 App folder

Apache + PHP 5.6

Docker Network
Docker Host
47
 ./db/Dockerfile ./web/Dockerfile

MySQL Server
FROM mysql:5.6 FROM webdevops/php-apache-dev:7.4 Apache + PHP 7.4

ENV MYSQL_ROOT_PASSWORD my_secret_pw ENV WEB_DOCUMENT_ROOT /var/www/html

ENV MYSQL_DATABASE test_docker
ENV MYSQL_USER devuser
ENV MYSQL_PASSWORD devpass
Listen the 3306
port inside the EXPOSE 3306
network CMD ["mysqld"] We can reach
the web
container from
docker build -t db_img ./db outside through
docker run -d --name db_container db_img the 8000 port

docker build -t web_img ./web

docker run -d --name web_container -p 8000:80 -v /path/to/myproject:/var/www/html web_img

docker network create myNetwork

docker network connect myNetwork db_container
docker network connect myNetwork web_container
48
Finally, inside myproject directory replace index.html by index.php
<?php
$servername = "db_container";
$username = "devuser";
$password = "devpass";
$dbname = "test_docker";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

$sql = "CREATE TABLE Test (

id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY
)";

if ($conn->query($sql) === TRUE) {

echo "Table Test created successfully";
} else {
echo "Error creating table: " . $conn->error;
}

$conn->close();

49
 18.
Docker compose
 https://jstobigdata.com/docker-compose-cheatsheet/

Compose is a tool for defining and running

multi-container Docker applications.

With Compose, you use a YAML file to configure your application’s services.

Then, with a single command, you create and start

all the services (= your project) from your configuration
51
 Create the file docker-compose.yml with this content:
version: "3"
services:
db_container:
build: db
networks:
MySQL Server - myNetwork
web_container:
build: web
depends_on:
- db_container
Apache + PHP 7.4 volumes:
- /path/to/myproject:/var/www/html
ports:
- 8000:80
networks:
- myNetwork
networks:
myNetwork:

docker-compose up Starts the project (-d for detach mod and --rebuild to rebuild images).
=> build images, (re)create containers and start containers.
docker-compose stop Stops running containers without removing them.
docker-compose down Stops containers and removes containers, networks, volumes, and images
52
 In fact, as we just set environment variables, we don’t need to define
custom Dockerfiles, we can just do like this:
version: "3"
services:
db_container:
image: mysql:5.6
environment:
MYSQL_ROOT_PASSWORD: my_secret_pw
MySQL Server
MYSQL_DATABASE: test_docker
MYSQL_USER: devuser
MYSQL_PASSWORD: devpass
networks:
- myNetwork
web_container:
image: webdevops/php-apache-dev:7.4
environment:
WEB_DOCUMENT_ROOT: /var/www/html
Apache + PHP 7.4
depends_on:
- db_container
volumes:
- /path/to/myproject:/var/www/html
ports:
- 8000:80
networks:
- myNetwork
networks:
myNetwork: 53
 19.
dockerfile instructions SUMMARY
55
 20.
other docker commands
57
 21.
Where To go ?
 Container Orchestration
= managing the life cycles of containers,
especially in large, dynamic environments.

https://docs.docker.com/engine/swarm/ https://kubernetes.io/

59