Develop Intelligence – Docker Build Mounts and Volumes

Agenda: Docker Storage – Bind Mounts and Volumes

 Why Docker Storage
 Docker Storage Options
o Bind Mounts
o Docker Volumes
o tmpfs mounts
 Working with Docker Mount
 Working with Docker Volume
 Docker Volume Commands
 Reaonly Volumes
 Anonymous and Named Volumes
 Mount volume from a container
 Sharing Volumes

Why Docker Storage

Create a .NET Core Console Application
C:\dockerdemos\volumedemo\> dotnet new console
Edit Program.cs
using System;
using System.IO;
class Program
{
static void Main(string[] args)
{
int counter;
FileStream fs = null;
string filePath = Path.Combine(Directory.GetCurrentDirectory(), "mydata/counter.dat");
System.Console.WriteLine(filePath);
try
{
Directory.CreateDirectory(Directory.GetCurrentDirectory() + "/" + "mydata");
fs = new FileStream(filePath, FileMode.Open);
BinaryReader br = new BinaryReader(fs);
counter = br.ReadInt32();
}
catch (Exception ex)
Develop Intelligence – Docker Build Mounts and Volumes
{
System.Console.WriteLine(ex.Message);
fs = new FileStream(filePath, FileMode.CreateNew);
counter = 0;
}
counter++;
Console.WriteLine("Counter: " + counter);
fs.Seek(0, SeekOrigin.Begin);
BinaryWriter bw = new BinaryWriter(fs);
bw.Write(counter);
bw.Flush();
fs.Close();
}
}
When the application execute it will write to the counter.txt in current working directory of the application.

Dockerfile:
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
WORKDIR /app
COPY *.csproj ./
RUN dotnet restore
COPY . ./
RUN dotnet publish -c Release -o out

FROM mcr.microsoft.com/dotnet/runtime:6.0 as production-env

WORKDIR /app
COPY --from=build-env /app/out ./
ENTRYPOINT ["dotnet", "CounterDemo.dll"]

Build a Docker Image

docker build -t sandeepsoni/counterdemo
Run the application
docker run --rm sandeepsoni/counterdemo
Develop Intelligence – Docker Build Mounts and Volumes
By default, all files created inside a container are stored on a writable container layer. This means that the data
doesn’t persist when that container is no longer running, and it can be difficult to get the data out of the container
if another process needs it.
A container’s writable layer is tightly coupled to the host machine where the container is running. You can’t easily
move the data somewhere else.

Docker Storage Options

Following are Docker options for containers to store files in the host machine, so that the files are persisted even
after the container stops:
1. Bind mounts may be stored anywhere on the host system. They may even be important system files or
directories. Non-Docker processes on the Docker host or a Docker container can modify them at any time.
2. Volumes are stored in a part of the host filesystem which is managed by Docker (/var/lib/docker/volumes/
on Linux and C:\ProgramData\Docker\volumes on Windows). Non-Docker processes should not modify this
part of the filesystem. Volumes are the best way to persist data in Docker.
Note: If WSL 2 on Windows is used: Open in explorer: \\wsl$\docker-desktop-data\version-pack-
data\community\docker\volumes
3. tmpfs mounts are stored in the host system’s memory only, and are never written to the host system’s
filesystem. These are supported only by Linux systems.

No matter which type of mount you choose to use, the data looks the same from within the container.
An easy way to visualize the difference is to think about where the data lives on the Docker host.

Bind mounts have been around since the early days of Docker. Bind mounts have limited functionality compared to
volumes. When you use a bind mount, a file or directory on the host machine is mounted into a container. The file
or directory is referenced by its full or relative path on the host machine. By contrast, when you use a volume, a
new directory is created within Docker’s storage directory on the host machine, and Docker manages that
directory’s contents.
Develop Intelligence – Docker Build Mounts and Volumes
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.
Volumes have several advantages over bind mounts:
 Volumes are easier to back up or migrate than bind mounts.
 You can manage volumes using Docker CLI commands or the Docker API.
 Volumes work similary on both Linux and Windows containers.
 Volumes can be more safely shared among multiple containers.
 New volumes can have their content pre-populated by a container (demo below).
 Volume drivers* let you store volumes on remote hosts or cloud providers, to encrypt the contents of
volumes.

*https://docs.docker.com/storage/volumes/#use-a-volume-driver
Save the data on node2 using the identity of user test. If anything is saved to /home/text of container, it should
be saved on Node2. Volume name=sshvolume
$ docker volume create --driver vieux/sshfs \
-o sshcmd=username@node2:/home/test \
-o password=userpassword \
sshvolume
Working with Docker Bind Mount
Syntax for attaching bind mount or volume to container
We can use either
1. -v or --volume
2. --mount
Syntax for Linux Containers:
docker run --rm --volume /data:/app/mydata sandeepsoni/counterdemo
OR
docker run --rm --mount type=bind,source=/data,destination=/app/mydata sandeepsoni/counterdemo
/data is the physical folder on host machine.

This command can be used for checking root directory of host machine
docker run --rm -it -v /:/root ubuntu sh
# cd /root

Syntax For Windows Containers:

docker run --rm --volume "d:\temp":"c:\app\mydata" sandeepsoni/counterdemo
OR
Develop Intelligence – Docker Build Mounts and Volumes
docker run --rm --mount type=bind,source=d:\temp,destination=c:\app\mydata sandeepsoni/counterdemo

-v or --volume: Consists of three fields, separated by colon characters (:).

In the case of bind mounts, the first field is the path to the file or directory on the host machine.
In the case of named volumes, the first field is the name of the volume, and is unique on a given host
machine. For anonymous volumes, the first field is omitted.
 The second field is the path where the file or directory are mounted in the container.
 The third field is optional, and is a comma-separated list of options like ro for readonly.
--mount: Consists of multiple key-value pairs, separated by commas and each consisting of a <key>=<value>
tuple.
 The type of the mount, which can be bind, volume, or tmpfs.
 The source of the mount. Can be specified as source or src.
o For bind mount, this is host foldername.
o For named volumes, this is the name of the volume.
o For anonymous volumes, this field is omitted.
 The destination takes as its value the path where the file or directory is mounted in the container. May be
specified as destination, dst, or target.
 The read-only (ro) option, if present, causes the bind mount to be mounted into the container as read-
only.

Note:
The biggest difference is that the -v syntax combines all the options together in one field, while the --mount syntax
separates them.
New users should try --mount syntax which is simpler than --volume syntax.

Working with Docker Volumes

You can create a volume explicitly using the docker volume create command, or Docker can create a volume
during container or service creation. When you create a volume, it is stored within a directory on the Docker host.
When you mount the volume into a container, this directory is what is mounted into the container.

In Linux Physical location of Docker Volumes: /var/lib/docker/volumes

Syntax for attaching volume to container

We can use either
1. -v or --volume
2. --mount
Develop Intelligence – Docker Build Mounts and Volumes

Create a volume
docker volume create my-vol

Creating a container with a volume

docker run -it -v my-vol:/app/mydata sandeepsoni/coutnerdemo
OR
docker run -it --mount type=volume,source=my-vol,destination=/app/mydata
sandeepsoni/counterdemo
Use docker inspect myvol to verify that the volume was created and mounted correctly. Look for the Mounts
section:

Volume Commands:
docker volume create my-vol
docker volume ls
docker volume inspect my-vol
docker volume rm my-vol

MSSQL Server
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Password_*123" --name "sql-demo" -e
"MSSQL_PID=Developer" -d -p 1412:1433 -v db-data-sqlsrv:/var/opt/mssql mcr.microsoft.com/mssql/server:2019-
latest

MySQL Server
docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=Password_*123 -d -p 3306:3306 -v db-data-
mysql:/var/lib/mysql mysql:latest

Demo for "New volumes can have their content pre-populated by a container"
When the container is created, files in container volume folder will be also visible in volume folder on host.
Dockerfile
FROM ubuntu
RUN mkdir /myvol
RUN echo "hello world" > /myvol/greeting.txt
Note:
Command: docker run -it --rm -v v1:/myvol demo bash
Develop Intelligence – Docker Build Mounts and Volumes
Observation: The file greeting.txt will be present in volume v1 (/var/lib/docker/volumes/v1/_data/) on host and
also in /myvol folder in container.

Command: docker run -it --rm -v /demo:/myvol demo bash

Observation: The file greeting.txt will not be present in /demo in host and /myvol in container. The content of
/demo will be available to /myvol in container but pre-polulated content of /myvol will be not available in /demo
on host.

If Linux VM is used – Filesystem of the container can be used using the following command
docker run --rm -it -v /:/host alpine
# cd host

Additional Volume Features

Readonly Volume
docker run -it -v my-vol:c:\app:ro microsoft/dotnet:2.1-sdk cmd.exe
OR
docker run -it --mount type=bind,source=/,destination=/out/mydata,ro sandeep/hello

Anonymous Volumes
When you mount a volume, it may be named or anonymous. Anonymous volumes are not given an explicit name
when they are first mounted into a container, so Docker gives them a random name that is guaranteed to be
unique within a given Docker host. Besides the name, named and anonymous volumes behave in the same ways.
docker run -it -v /data ubuntu /bin/sh
docker run -it --mount type=volume,source=,destination=/data ubuntu /bin/sh

Deleting Volumes:
Unused Volumes (no running container is using a volume) can be removed using following command
docker volume prune

Remove anonymous volumes:

To automatically remove anonymous volumes, use the --rm option. For example, this command creates an
anonymous volume. When the container is removed, the Docker Engine removes the anonymous volume but not
the named volume.
docker run --rm -it -v /data1 -v test-vol:/data2 ubuntu /bin/sh

Mount volume from a container (Linux)

Develop Intelligence – Docker Build Mounts and Volumes
– The below command creates two volumes mybackup and logs
docker run -dit --name master -v mybackup-vol:"/backup" -v mylogs-vol:"/logs" ubuntu /bin/bash
docker run --rm -it -v mybackup-vol:"/backup" -v mylogs-vol:"/logs" ubuntu /bin/bash
docker run --rm -it --volumes-from master ubuntu /bin/bash
docker run --rm -it --volumes-from master ubuntu /bin/bash

Mount volume from a container (Windows)

docker run -it --name master -v mybackup:"c:\backup" -v logs:"c:\logs" mcr.microsoft.com/dotnet/runtime:6.0
cmd.exe
docker volume ls
docker run --rm -it -v mybackup:"c:\backup" -v logs:"c:\logs" mcr.microsoft.com/dotnet/runtime:6.0 cmd
docker run --rm -it --volumes-from master mcr.microsoft.com/dotnet/runtime:6.0 cmd
docker run --rm -it --volumes-from master mcr.microsoft.com/dotnet/runtime:6.0 cmd
docker run --rm -it --volumes-from master mcr.microsoft.com/dotnet/runtime:6.0 cmd
Note: Benefit is all the above 4 containers use the same volumes as that of master container.