SlideShare uma empresa Scribd logo

Docker primer and tips

Samuel Chow
Samuel Chow

Introduction to Docker and 10 tips to using it effectively.

Software
1 de 52
Baixar para ler offline
Docker Primer and Tips Building Blocks of Cloud Native Apps GCP Los Angeles Meetup
Software Deployment in the Past Image courtesy of Wikipedia
Software Deployment is Hard ● Maintain code in different languages on different types of machines ● Deploy new version of the code ● Revert to the old version if something goes wrong ● Managing different configurations ● Hosting on different infrastructure (and Cloud providers)
But Tools are Better And there are some great tools out there
Infrastructure Abstraction In the past, the thing that runs your software is called hardware. But today with more sophisticated setup, what was called hardware then has now been abstracted to be known as infrastructure. ● Infrastructure can your workstation, on-premise data center, the Cloud, etc ● There’s a server but it’s hidden from you
Host Architecture Running an application
Application Hosting
Single Host ● Shared resources ● No user space (app) isolation ● Fairly tight coupling of operating system and applications
Virtual Machine ● Better user space (app) isolation ● Not very resource efficient ● Slower ● Guest OS can be different from the host OS
Container Virtualizer ● Better user space (app) isolation albeit not completely as isolated as a VM ● Lightweight ● Operating system virtualization ● Base OS
Isolated Containers Containers are starting to look like processes except they are highly isolated
Docker Deep Dive Closer Look at Docker
Container Technology ● Container existed for years ● Google has been using their own container for years ● In Open-source land, Linux has LXC and Libcontainer, BSD has Jails, Solaris has Zones ● A good alternative to Docker is RKT
Then One Day... Docker (the company) figured a clever way to package the tools for using containers by adding a rich toolset around it.
What is Docker? ● Container = isolated (user space) sandbox ● Docker = A Container implementation ● Benefits ○ Lightweight ○ Faster to launch ○ Isolation ○ Easily define and set up the container via code
Docker Internals ● Docker runs on Linux x64 (only) ● Dependent on libcontainer, a Linux container platform ○ Container responsible for: filesystem, process, network ○ Layered filesystem ● Benefits ○ Versioning ○ Portability
Docker Workflow To use docker, all you really need to remember are these 4 commands: ● docker build ● docker pull ● docker push ● docker run
Public and Private Docker Registries ● Registry = collection of repositories ● Private vs public registries ● When you push, you need write access. This means you need to run docker login ● By default, docker push pushes a local image to the public repository ● Every GCP Project has a private Docker Registry, prefix your docker image with gcr.io ● Configure your local docker client to push to the GCP Docker Registry ● See this article for more info
Docker Image and Layered Filesystem ● Docker image is a read-only template and is used to create containers ● Docker image consists of filesystems layered on top of each other - aka Union File System ○ Avoid duplicating a layer ○ Incremental addition to the image via layer ● Any update to an image adds a new layer instead of rebuilding the entire image ○ That’s why any subsequent build is fast because it’s an incremental build ● Images are shared across different containers
Layering Implications ● Understanding layering is critical especially if you want to be good at Docker and deploy Docker images to production ● Each layer is based on a step in the Dockerfile ● Each layer builds on the previous layer, there’s a “pointer” to the previous layer ● It’s also based on the delta between the current and previous layer ● Everytime you change a layer, it has a cascading effect of changing every subsequent layers - so install package before copying the source ● Image security - deleting a layer may not delete a file with sensitive data to preceding layers. Type docker history to see what I mean
Base Image Sizes
Running Docker Container Running Docker on a Mac
Docker Desktop vs Docker-Toolbox 1 Multiple Hypervisor.framework (xhyve) VirtualBox Alpine Boot2Docker Docker.app docker-machine GUI CLI Docker for Mac is seamless, you launch Docker.app from the GUI and you run your docker client just like you would on a Linux host. Read the official doc for more info.
Docker-Toolbox on Mac
Download and Installation ● Go to ○ https://www.docker.com/products/docker-toolbox ○ https://docs.docker.com/docker-for-mac ● Or use homebrew ○ brew cask install dockertoolbox ○ brew cask install docker
Solutions ● Docker volume ● Docker linking ● Docker port mapping ● Docker Compose ● Docker Swarm ● Kubernetes
Tips & Tricks
Tip 1a: Use docker-compose Turn this… $ docker run -d -p 27017:27017 --name mongo mongo into this… version: '3.7' services: mongo: image: mongo container_name: mongo ports: - "27017:27017"
Tip 1b: Use docker-compose for Build version: '3.7' services: my-app: build: context: ./docker dockerfile Dockerfile.ubuntu args: - GITCOMMIT=cd38d90 - VERSION=1.3.4
Tip 2a: Mount Local Files and Directories (version manager) Use Case: You build your source code using in a different build environment. It’s like a language version managers like goenv, nodenv, nvm; except it’s not a version manager.
Tip 2b: Mount a Config File to be Loaded at Initialization Use Case: There are some images that allow you to inject a config file when the app launches. For example postgres docker container picks any sql files that placed in directory /docker-entrypoint-initdb.d. So in your docker-compose.yaml, add: image: postgres ... volumes: - ./seed.sql:/docker-entrypoint-initdb.d/seed.sql
Tip 2c: Persist my Database Data Use Case: Docker container is ephemeral. After you remove a container, the data is gone. To persist the data in a database, do the following: image: postgres ... volumes: - ./data.sql:/docker-entrypoint-initdb.d/seed.sql - ./pg_data:/var/lib/postgresql/data
version: '3' services: postgres: image: postgres:12-alpine container_name: postgres ports: - "5432:5432" volumes: - ./seed.sql:/docker-entrypoint-initdb.d/seed.sql - ./pg_data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: my-password POSTGRES_USER: postgres POSTGRES_DB: db
Tip 3: Execute a Command in a Running Container Use Case: You have a running container but it’s not working correctly. It’s like SSH to a VM except there’s no SSH Use Case: You are running a database server and need to connect to it. No need to download and install a client. Just do this: $ docker exec -it postgres-server psql -U my-user
Tip 4: Multi-stage Build for a Clean Production Image ● 1-stage build process means 1 single Dockerfile for build and execution ● Multi-stage build process means ○ Stages to build ○ Last stage to copy all built artifacts/binaries and dependencies to an image that will be used for execution
Tip 5: Useful Docker Commands for Housekeeping $ docker ps -a # List all docker containers $ # Remove all stopped containers $ docker rm $(docker ps -q -f status=exited) $ docker stats # Live stream of live container stats $ docker image ls # List all local images $ docker rmi [image_name] # Remove a specific image $ docker image prune -a # Remove unused images $ # Delete all stopped containers, dangling images, unused networks, unused volumes, and build cache $ docker system prune -a --volumes
Tip 6: Transfer your Container to Another Host $ docker stop container-name $ docker commit -p container-name container-name.backup $ docker images # You should see container-name.backup $ docker save -o container.tar saved-container-name $ docker load -i container.tar
Tip 7: Inject ARG and ENV Values ● ARG and ENV are great for passing values ● Definition ○ ENV defined in Dockerfile and CLI ○ ARG defined in Dockerfile and CLI ● Build ○ Can’t change ENV values ○ Can change ARG values ● After build ○ ARG values unavailable ○ ENV value available ● To pass ARG values to ENV do this in Dockerfile ARG arg_var="arg_value" ENV env_var=${arg_var} Reference: Vsupalov Dockeer ARG vs ENV
Tip 8: Harden your Container ● Don’t run as root. Use the USER command in Dockerfile. Why this is bad? Attacker can access kernel and gain access to sensitive info ● Don’t use privileged ports ie. 1024 and below ● Trust but verify - use only images you trust, ie. official images ● Extreme: Pull image by digest ● The simpler the better, use minimal images as much as possible eg. alpine or better yet use scratch or distroless (see next tip) ● 1 process per container ● Be careful of recursive copy like COPY . . - may end up copying sensitive files ● Don’t pass sensitive data to ARG or ENV
Tip 9: Extreme Hardening, Use Scratch ● For extreme image reduction (and more secure), build your Docker image using the base image scratch ● Scratch means no base OS ● This also mean that the application must run on its own and has no dependency on any runtime library ● Use Go and compile everything into a single binary with all dependent libraries statically linked ● Alternatively consider GoogleContainer distroless Reference: Create the Smallest and Secured Docker Image Based on Scratch
Tip 8b: Size Reduction Using Scratch
Multiple Containers Running multiple containers
Use Case ● Real world production applications are multi-tier... ● Web application ○ 1 Container running the API service written in Golang ● Datastores ○ 1 Container running Postgres as the core data store ○ 1 Container running Redis for cache and user sessions ● Need to orchestrate them, tell them how to communicate with each other
Before ● Local Setup ○ Download the postgres and redis - both server and client programs ○ Install them ○ Set them up - probably cut and paste instructions ● Remote Setup (dev environment) ○ Ask Ops to spin up an VM instance and set up the environment - you wait ○ Make sure no one else is using the environment ○ Ensure that the settings in the dev environment is the same as your local environment
Tip 10: Better Setup for Local Dev Environment 1. Dockerize everything a. For custom app, define it in a Dockerfile b. Push to a registry for sharing and version control c. For other dependencies, use the official images and pull them from the public registry 2. Docker-compose - great for single node a. For local run, just use docker-compose. It’s simpler and more resource-efficient b. Put all the configurations in the docker-compose.yaml file 3. Kubernetes - great for cluster of nodes (Cloud native) a. Have Ops set up a Kubernetes cluster b. Define k8s manifest files and deploy
Summary
Docker primer and tips

Recomendados

Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPSamuel Chow
 
Managing GCP Projects with Terraform (devfest Pisa 2018)
Managing GCP Projects with Terraform (devfest Pisa 2018)Managing GCP Projects with Terraform (devfest Pisa 2018)
Managing GCP Projects with Terraform (devfest Pisa 2018)Giovanni Toraldo
 
GDG London Workshop: Build GCP infrastructure with Terraform
GDG London Workshop: Build GCP infrastructure with Terraform GDG London Workshop: Build GCP infrastructure with Terraform
GDG London Workshop: Build GCP infrastructure with Terraform Pradeep Bhadani
 
Container Camp London (2016-09-09)
Container Camp London (2016-09-09)Container Camp London (2016-09-09)
Container Camp London (2016-09-09)craigbox
 
Cloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCCloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCsmalltown
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDHaggai Philip Zagury
 
Netty training
Netty trainingNetty training
Netty trainingMarcelo Serpa
 
KubeCon US 2021 - Recap - DCMeetup
KubeCon US 2021 - Recap - DCMeetupKubeCon US 2021 - Recap - DCMeetup
KubeCon US 2021 - Recap - DCMeetupFaheem Memon
 

Recomendados

Terraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPTerraforming your Infrastructure on GCP
Terraforming your Infrastructure on GCPSamuel Chow
 
Managing GCP Projects with Terraform (devfest Pisa 2018)
Managing GCP Projects with Terraform (devfest Pisa 2018)Managing GCP Projects with Terraform (devfest Pisa 2018)
Managing GCP Projects with Terraform (devfest Pisa 2018)Giovanni Toraldo
 
GDG London Workshop: Build GCP infrastructure with Terraform
GDG London Workshop: Build GCP infrastructure with Terraform GDG London Workshop: Build GCP infrastructure with Terraform
GDG London Workshop: Build GCP infrastructure with Terraform Pradeep Bhadani
 
Container Camp London (2016-09-09)
Container Camp London (2016-09-09)Container Camp London (2016-09-09)
Container Camp London (2016-09-09)craigbox
 
Cloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCCloud Native User Group: Shift-Left Testing IaC With PaC
Cloud Native User Group: Shift-Left Testing IaC With PaCsmalltown
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDHaggai Philip Zagury
 
Netty training
Netty trainingNetty training
Netty trainingMarcelo Serpa
 
KubeCon US 2021 - Recap - DCMeetup
KubeCon US 2021 - Recap - DCMeetupKubeCon US 2021 - Recap - DCMeetup
KubeCon US 2021 - Recap - DCMeetupFaheem Memon
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storageSalo Shp
 
Rally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at ScaleRally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at ScaleMirantis
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH Ceph Community
 
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...TomBarron
 
The road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as serviceThe road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as serviceSean Cohen
 
Manila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - TokyoManila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - TokyoSean Cohen
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleStephen Gordon
 
Netty training
Netty trainingNetty training
Netty trainingJackson dos Santos Olveira
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SYi-Fu Ciou
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4Tikal Knowledge
 
[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson LinHanLing Shen
 
Integrating Applications: the Reactive Way
Integrating Applications: the Reactive WayIntegrating Applications: the Reactive Way
Integrating Applications: the Reactive WayNicola Ferraro
 
OpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaKOpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaKRama Krishna B
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveRed Hat Developers
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Divejoshdurgin
 
How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephSean Cohen
 
Going deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkusGoing deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkusRed Hat Developers
 
Introduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataIntroduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataInfluxData
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web DevelopersBADR
 

Mais conteúdo relacionado

Mais procurados

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storageSalo Shp
 
Rally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at ScaleRally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at ScaleMirantis
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH Ceph Community
 
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...TomBarron
 
The road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as serviceThe road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as serviceSean Cohen
 
Manila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - TokyoManila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - TokyoSean Cohen
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleStephen Gordon
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SYi-Fu Ciou
 
[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson LinHanLing Shen
 
Integrating Applications: the Reactive Way
Integrating Applications: the Reactive WayIntegrating Applications: the Reactive Way
Integrating Applications: the Reactive WayNicola Ferraro
 
OpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaKOpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaKRama Krishna B
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveRed Hat Developers
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Divejoshdurgin
 
How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephSean Cohen
 
Going deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkusGoing deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkusRed Hat Developers
 

Mais procurados (20)

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storage
 
Rally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at ScaleRally--OpenStack Benchmarking at Scale
Rally--OpenStack Benchmarking at Scale
 
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH CEPH DAY BERLIN - WHAT'S NEW IN CEPH
CEPH DAY BERLIN - WHAT'S NEW IN CEPH
 
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
 
The road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as serviceThe road to enterprise ready open stack storage as service
The road to enterprise ready open stack storage as service
 
Manila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - TokyoManila, an update from Liberty, OpenStack Summit - Tokyo
Manila, an update from Liberty, OpenStack Summit - Tokyo
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at Scale
 
Netty training
Netty trainingNetty training
Netty training
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8S
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
 
[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin[20200720]cloud native develoment - Nelson Lin
[20200720]cloud native develoment - Nelson Lin
 
Integrating Applications: the Reactive Way
Integrating Applications: the Reactive WayIntegrating Applications: the Reactive Way
Integrating Applications: the Reactive Way
 
OpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaKOpenStack Rally presentation by RamaK
OpenStack Rally presentation by RamaK
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation Live
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
 
How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with Ceph
 
Going deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkusGoing deep (learning) with tensor flow and quarkus
Going deep (learning) with tensor flow and quarkus
 

Semelhante a Docker primer and tips

Introduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataIntroduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataInfluxData
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web DevelopersBADR
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web DevelopersAmr Fawzy
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
 
Docker in everyday development
Docker in everyday developmentDocker in everyday development
Docker in everyday developmentJustyna Ilczuk
 
Docker on Power Systems
Docker on Power SystemsDocker on Power Systems
Docker on Power SystemsCesar Maciel
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxIgnacioTamayo2
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline Docker, Inc.
 
[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101Naukri.com
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with DockerAndrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with DockerAndrey Hristov
 
DevAssistant, Docker and You
DevAssistant, Docker and YouDevAssistant, Docker and You
DevAssistant, Docker and YouBalaBit
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerEric Smalling
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessDocker-Hanoi
 

Semelhante a Docker primer and tips (20)

Introduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxDataIntroduction to Docker and Monitoring with InfluxData
Introduction to Docker and Monitoring with InfluxData
 
Docker up and Running For Web Developers
Docker up and Running For Web DevelopersDocker up and Running For Web Developers
Docker up and Running For Web Developers
 
Docker Up and Running for Web Developers
Docker Up and Running for Web DevelopersDocker Up and Running for Web Developers
Docker Up and Running for Web Developers
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Docker workshop GDSC_CSSC
Docker workshop GDSC_CSSCDocker workshop GDSC_CSSC
Docker workshop GDSC_CSSC
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker in everyday development
Docker in everyday developmentDocker in everyday development
Docker in everyday development
 
Docker on Power Systems
Docker on Power SystemsDocker on Power Systems
Docker on Power Systems
 
DOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDESDOCKER-PIAIC-SLIDES
DOCKER-PIAIC-SLIDES
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101[@NaukriEngineering] Docker 101
[@NaukriEngineering] Docker 101
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
DevAssistant, Docker and You
DevAssistant, Docker and YouDevAssistant, Docker and You
DevAssistant, Docker and You
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 
Docker 101
Docker 101Docker 101
Docker 101
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small business
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Run automated tests in Docker
Run automated tests in DockerRun automated tests in Docker
Run automated tests in Docker
 

Mais de Samuel Chow

GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the Cloud
GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the CloudGCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the Cloud
GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the CloudSamuel Chow
 
Docker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google CloudDocker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google CloudSamuel Chow
 
Docker and Microservice
Docker and MicroserviceDocker and Microservice
Docker and MicroserviceSamuel Chow
 
UI Design - Lessons Learned, Principles, and Best Practices
UI Design - Lessons Learned, Principles, and Best PracticesUI Design - Lessons Learned, Principles, and Best Practices
UI Design - Lessons Learned, Principles, and Best PracticesSamuel Chow
 
Mobile Analytics
Mobile AnalyticsMobile Analytics
Mobile AnalyticsSamuel Chow
 
iOS Release Management
iOS Release ManagementiOS Release Management
iOS Release ManagementSamuel Chow
 
Frisbee Thrower Prototype
Frisbee Thrower PrototypeFrisbee Thrower Prototype
Frisbee Thrower PrototypeSamuel Chow
 
Frisbee Thrower Concepts (Part 1)
Frisbee Thrower Concepts (Part 1)Frisbee Thrower Concepts (Part 1)
Frisbee Thrower Concepts (Part 1)Samuel Chow
 

Mais de Samuel Chow (8)

GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the Cloud
GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the CloudGCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the Cloud
GCPLA Meetup Workshop - Migration from a Legacy Infrastructure to the Cloud
 
Docker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google CloudDocker, Kubernetes, and Google Cloud
Docker, Kubernetes, and Google Cloud
 
Docker and Microservice
Docker and MicroserviceDocker and Microservice
Docker and Microservice
 
UI Design - Lessons Learned, Principles, and Best Practices
UI Design - Lessons Learned, Principles, and Best PracticesUI Design - Lessons Learned, Principles, and Best Practices
UI Design - Lessons Learned, Principles, and Best Practices
 
Mobile Analytics
Mobile AnalyticsMobile Analytics
Mobile Analytics
 
iOS Release Management
iOS Release ManagementiOS Release Management
iOS Release Management
 
Frisbee Thrower Prototype
Frisbee Thrower PrototypeFrisbee Thrower Prototype
Frisbee Thrower Prototype
 
Frisbee Thrower Concepts (Part 1)
Frisbee Thrower Concepts (Part 1)Frisbee Thrower Concepts (Part 1)
Frisbee Thrower Concepts (Part 1)
 

Último

VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 

Último (20)

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 

Docker primer and tips

  • 1. Docker Primer and Tips Building Blocks of Cloud Native Apps GCP Los Angeles Meetup
  • 2. Software Deployment in the Past Image courtesy of Wikipedia
  • 3. Software Deployment is Hard ● Maintain code in different languages on different types of machines ● Deploy new version of the code ● Revert to the old version if something goes wrong ● Managing different configurations ● Hosting on different infrastructure (and Cloud providers)
  • 4. But Tools are Better And there are some great tools out there
  • 5. Infrastructure Abstraction In the past, the thing that runs your software is called hardware. But today with more sophisticated setup, what was called hardware then has now been abstracted to be known as infrastructure. ● Infrastructure can your workstation, on-premise data center, the Cloud, etc ● There’s a server but it’s hidden from you
  • 8. Single Host ● Shared resources ● No user space (app) isolation ● Fairly tight coupling of operating system and applications
  • 9. Virtual Machine ● Better user space (app) isolation ● Not very resource efficient ● Slower ● Guest OS can be different from the host OS
  • 10. Container Virtualizer ● Better user space (app) isolation albeit not completely as isolated as a VM ● Lightweight ● Operating system virtualization ● Base OS
  • 11. Isolated Containers Containers are starting to look like processes except they are highly isolated
  • 12. Docker Deep Dive Closer Look at Docker
  • 13. Container Technology ● Container existed for years ● Google has been using their own container for years ● In Open-source land, Linux has LXC and Libcontainer, BSD has Jails, Solaris has Zones ● A good alternative to Docker is RKT
  • 14. Then One Day... Docker (the company) figured a clever way to package the tools for using containers by adding a rich toolset around it.
  • 15. What is Docker? ● Container = isolated (user space) sandbox ● Docker = A Container implementation ● Benefits ○ Lightweight ○ Faster to launch ○ Isolation ○ Easily define and set up the container via code
  • 16. Docker Internals ● Docker runs on Linux x64 (only) ● Dependent on libcontainer, a Linux container platform ○ Container responsible for: filesystem, process, network ○ Layered filesystem ● Benefits ○ Versioning ○ Portability
  • 17. Docker Workflow To use docker, all you really need to remember are these 4 commands: ● docker build ● docker pull ● docker push ● docker run
  • 18. Public and Private Docker Registries ● Registry = collection of repositories ● Private vs public registries ● When you push, you need write access. This means you need to run docker login ● By default, docker push pushes a local image to the public repository ● Every GCP Project has a private Docker Registry, prefix your docker image with gcr.io ● Configure your local docker client to push to the GCP Docker Registry ● See this article for more info
  • 19. Docker Image and Layered Filesystem ● Docker image is a read-only template and is used to create containers ● Docker image consists of filesystems layered on top of each other - aka Union File System ○ Avoid duplicating a layer ○ Incremental addition to the image via layer ● Any update to an image adds a new layer instead of rebuilding the entire image ○ That’s why any subsequent build is fast because it’s an incremental build ● Images are shared across different containers
  • 20. Layering Implications ● Understanding layering is critical especially if you want to be good at Docker and deploy Docker images to production ● Each layer is based on a step in the Dockerfile ● Each layer builds on the previous layer, there’s a “pointer” to the previous layer ● It’s also based on the delta between the current and previous layer ● Everytime you change a layer, it has a cascading effect of changing every subsequent layers - so install package before copying the source ● Image security - deleting a layer may not delete a file with sensitive data to preceding layers. Type docker history to see what I mean
  • 23. Docker Desktop vs Docker-Toolbox 1 Multiple Hypervisor.framework (xhyve) VirtualBox Alpine Boot2Docker Docker.app docker-machine GUI CLI Docker for Mac is seamless, you launch Docker.app from the GUI and you run your docker client just like you would on a Linux host. Read the official doc for more info.
  • 25. Download and Installation ● Go to ○ https://www.docker.com/products/docker-toolbox ○ https://docs.docker.com/docker-for-mac ● Or use homebrew ○ brew cask install dockertoolbox ○ brew cask install docker
  • 26. Solutions ● Docker volume ● Docker linking ● Docker port mapping ● Docker Compose ● Docker Swarm ● Kubernetes
  • 28. Tip 1a: Use docker-compose Turn this… $ docker run -d -p 27017:27017 --name mongo mongo into this… version: '3.7' services: mongo: image: mongo container_name: mongo ports: - "27017:27017"
  • 29. Tip 1b: Use docker-compose for Build version: '3.7' services: my-app: build: context: ./docker dockerfile Dockerfile.ubuntu args: - GITCOMMIT=cd38d90 - VERSION=1.3.4
  • 30. Tip 2a: Mount Local Files and Directories (version manager) Use Case: You build your source code using in a different build environment. It’s like a language version managers like goenv, nodenv, nvm; except it’s not a version manager.
  • 31. Tip 2b: Mount a Config File to be Loaded at Initialization Use Case: There are some images that allow you to inject a config file when the app launches. For example postgres docker container picks any sql files that placed in directory /docker-entrypoint-initdb.d. So in your docker-compose.yaml, add: image: postgres ... volumes: - ./seed.sql:/docker-entrypoint-initdb.d/seed.sql
  • 32. Tip 2c: Persist my Database Data Use Case: Docker container is ephemeral. After you remove a container, the data is gone. To persist the data in a database, do the following: image: postgres ... volumes: - ./data.sql:/docker-entrypoint-initdb.d/seed.sql - ./pg_data:/var/lib/postgresql/data
  • 33. version: '3' services: postgres: image: postgres:12-alpine container_name: postgres ports: - "5432:5432" volumes: - ./seed.sql:/docker-entrypoint-initdb.d/seed.sql - ./pg_data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: my-password POSTGRES_USER: postgres POSTGRES_DB: db
  • 34. Tip 3: Execute a Command in a Running Container Use Case: You have a running container but it’s not working correctly. It’s like SSH to a VM except there’s no SSH Use Case: You are running a database server and need to connect to it. No need to download and install a client. Just do this: $ docker exec -it postgres-server psql -U my-user
  • 35. Tip 4: Multi-stage Build for a Clean Production Image ● 1-stage build process means 1 single Dockerfile for build and execution ● Multi-stage build process means ○ Stages to build ○ Last stage to copy all built artifacts/binaries and dependencies to an image that will be used for execution
  • 36.
  • 37. Tip 5: Useful Docker Commands for Housekeeping $ docker ps -a # List all docker containers $ # Remove all stopped containers $ docker rm $(docker ps -q -f status=exited) $ docker stats # Live stream of live container stats $ docker image ls # List all local images $ docker rmi [image_name] # Remove a specific image $ docker image prune -a # Remove unused images $ # Delete all stopped containers, dangling images, unused networks, unused volumes, and build cache $ docker system prune -a --volumes
  • 38. Tip 6: Transfer your Container to Another Host $ docker stop container-name $ docker commit -p container-name container-name.backup $ docker images # You should see container-name.backup $ docker save -o container.tar saved-container-name $ docker load -i container.tar
  • 39. Tip 7: Inject ARG and ENV Values ● ARG and ENV are great for passing values ● Definition ○ ENV defined in Dockerfile and CLI ○ ARG defined in Dockerfile and CLI ● Build ○ Can’t change ENV values ○ Can change ARG values ● After build ○ ARG values unavailable ○ ENV value available ● To pass ARG values to ENV do this in Dockerfile ARG arg_var="arg_value" ENV env_var=${arg_var} Reference: Vsupalov Dockeer ARG vs ENV
  • 40. Tip 8: Harden your Container ● Don’t run as root. Use the USER command in Dockerfile. Why this is bad? Attacker can access kernel and gain access to sensitive info ● Don’t use privileged ports ie. 1024 and below ● Trust but verify - use only images you trust, ie. official images ● Extreme: Pull image by digest ● The simpler the better, use minimal images as much as possible eg. alpine or better yet use scratch or distroless (see next tip) ● 1 process per container ● Be careful of recursive copy like COPY . . - may end up copying sensitive files ● Don’t pass sensitive data to ARG or ENV
  • 41. Tip 9: Extreme Hardening, Use Scratch ● For extreme image reduction (and more secure), build your Docker image using the base image scratch ● Scratch means no base OS ● This also mean that the application must run on its own and has no dependency on any runtime library ● Use Go and compile everything into a single binary with all dependent libraries statically linked ● Alternatively consider GoogleContainer distroless Reference: Create the Smallest and Secured Docker Image Based on Scratch
  • 42. Tip 8b: Size Reduction Using Scratch
  • 43.
  • 44.
  • 46. Use Case ● Real world production applications are multi-tier... ● Web application ○ 1 Container running the API service written in Golang ● Datastores ○ 1 Container running Postgres as the core data store ○ 1 Container running Redis for cache and user sessions ● Need to orchestrate them, tell them how to communicate with each other
  • 47. Before ● Local Setup ○ Download the postgres and redis - both server and client programs ○ Install them ○ Set them up - probably cut and paste instructions ● Remote Setup (dev environment) ○ Ask Ops to spin up an VM instance and set up the environment - you wait ○ Make sure no one else is using the environment ○ Ensure that the settings in the dev environment is the same as your local environment
  • 48. Tip 10: Better Setup for Local Dev Environment 1. Dockerize everything a. For custom app, define it in a Dockerfile b. Push to a registry for sharing and version control c. For other dependencies, use the official images and pull them from the public registry 2. Docker-compose - great for single node a. For local run, just use docker-compose. It’s simpler and more resource-efficient b. Put all the configurations in the docker-compose.yaml file 3. Kubernetes - great for cluster of nodes (Cloud native) a. Have Ops set up a Kubernetes cluster b. Define k8s manifest files and deploy
  • 49.
  • 50.