Docker simplifies software delivery by making it easy to build and share images that contain your application’s operating system. It packages your application and infrastructure together, managed as one component. These images are then used to create Docker containers which run on the container virtualization platform, provided by Docker. These images can be distributed using Docker Registry. Docker gives PODA or Package Once Deploy Anywhere. This talk will provide an introduction to Docker images (build time), containers (run time), and registry (distribution). Java EE application require operating system, JDK, database, application server, tuning of different parts of the stack, WAR file, and much more. The talk will explain how to create and publish your Docker images that package all of these components together. This will overall simplify replicating your development, test, and production environments. Attendees will be productive by applying these concepts in their daily work. The talk will also discuss how to setup an internal registry to share private Docker images. Session at the IndicThreads.com Confence held in Pune, India on 27-28 Feb 2015 http://www.indicthreads.com http://pune15.indicthreads.com

1. Package your
Java EE applications
using
Docker and Kubernetes
Arun Gupta, @arungupta
Red Hat

2. Arun Gupta
Director, Developer Advocacy
@arungupta
blog.arungupta.me
arungupta@redhat.com

3. What is Docker?

4. What is Docker?
• Open source project and company

5. What is Docker?
• Open source project and company
• Used to create containers for software applications

6. What is Docker?
• Open source project and company
• Used to create containers for software applications
• Package Once Deploy Anywhere (PODA)

7. Advantages

8. Advantages
• Faster deployments

9. Advantages
• Faster deployments
• Isolation

10. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”

11. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”
• Snapshotting

12. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”
• Snapshotting
• Security sandbox

13. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”
• Snapshotting
• Security sandbox
• Limit resource usage

14. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”
• Snapshotting
• Security sandbox
• Limit resource usage
• Simplified dependency

15. Advantages
• Faster deployments
• Isolation
• Portability - “it works
on my machine”
• Snapshotting
• Security sandbox
• Limit resource usage
• Simplified dependency
• Sharing

16. Underlying Technology

17. Underlying Technology
• Written in Go

18. Underlying Technology
• Written in Go
• Uses several Linux features

19. Underlying Technology
• Written in Go
• Uses several Linux features
• Namespaces to provide isolation

20. Underlying Technology
• Written in Go
• Uses several Linux features
• Namespaces to provide isolation
• Control groups to share/limit hardware resources

21. Underlying Technology
• Written in Go
• Uses several Linux features
• Namespaces to provide isolation
• Control groups to share/limit hardware resources
• Union File System makes it light and fast

22. Underlying Technology
• Written in Go
• Uses several Linux features
• Namespaces to provide isolation
• Control groups to share/limit hardware resources
• Union File System makes it light and fast
• libcontainer defines container format

23. Is it only Linux?

24. Is it only Linux?
• Natively supported in Linux

25. Is it only Linux?
• Natively supported in Linux
• Can be installed on Mac or Windows using
boot2docker

26. Is it only Linux?
• Natively supported in Linux
• Can be installed on Mac or Windows using
boot2docker
• Tiny Core Linux VM

30. • Image defined in text-based Dockerfile

31. • Image defined in text-based Dockerfile
• List of commands to build the image
FROM fedora:latest
CMD echo “Hello world”

32. • Image defined in text-based Dockerfile
• List of commands to build the image
• docker build or pull
FROM fedora:latest
CMD echo “Hello world”

34. • Images shared using registry

35. • Images shared using registry
• Docker Hub is public SaaS

36. • Images shared using registry
• Docker Hub is public SaaS
• Private registries can be setup inside firewall

37. • Images shared using registry
• Docker Hub is public SaaS
• Private registries can be setup inside firewall
• docker push or pull <IMAGE_ID>

39. • Container built from the image

40. • Container built from the image
• Runtime representation of the image

41. • Container built from the image
• Runtime representation of the image
• Self contained execution environment

42. • Container built from the image
• Runtime representation of the image
• Self contained execution environment
• docker run <IMAGE_ID>

43. Docker commands
• docker ps: List running containers
• docker stop: Stop a running container
• docker rm: Remove a running container
• docker rmi: Remove an image
• …
https://docs.docker.com/reference/commandline/cli/

44. Docker
Hub
Docker
Host
DaemonDocker
Client
Docker Workflow

45. Docker
Hub
Docker
Host
DaemonDocker
Client
docker run <image>
docker …
Docker Workflow

46. Docker
Hub
Docker
Host
DaemonDocker
Client
docker run <image>
docker …
Docker Workflow

47. Docker
Hub
Image 1
Image 2
Image 3
Image M
Docker
Host
DaemonDocker
Client
docker run <image>
docker …
Docker Workflow

48. Docker
Hub
Image 1
Image 2
Image 3
Image M
Docker
Host
Image 1
Image 2
Image 3
Image N
DaemonDocker
Client
docker run <image>
docker …
Docker Workflow

49. Docker
Hub
Image 1
Image 2
Image 3
Image M
Docker
Host
Image 1
Image 2
Image 3
Image N
Daemon
Container 1
Container 2
Container O
Docker
Client
docker run <image>
docker …
Docker Workflow

51. Recipe #1.1
FROM jboss/wildfly
RUN curl -L https://github.com/javaee-samples/javaee7-hol/raw/master/solution/
movieplex7-1.0-SNAPSHOT.war -o /opt/jboss/wildfly/standalone/deployments/
movieplex7-1.0-SNAPSHOT.war
docker run -it -p 8080:8080 arungupta/javaee7-hol
Host
Application
Server
Database

52. Recipe #1.2
Host
Application
Server
Database
http://blog.arungupta.me/wildfly-javaee7-mysql-link-two-docker-container-techtip65/
data-source add --name=mysqlDS --driver-name=mysql --jndi-name=java:jboss/
datasources/ExampleMySQLDS --connection-url=jdbc:mysql://$DB_PORT_3306_TCP_ADDR:
$DB_PORT_3306_TCP_PORT/sample?useUnicode=true&amp;characterEncoding=UTF-8 --
user-name=mysql --password=mysql --use-ccm=false --max-pool-size=25 --blocking-
timeout-wait-millis=5000 --enabled=true

53. Recipe #1.3
Host
Application
Server
Database
http://blog.arungupta.me/docker-orchestration-fig-techtip67/

54. Recipe #1.4
Host
Application
Server
http://blog.arungupta.me/docker-container-linking-across-multiple-hosts-techtip69/
Host
Database

55. Recipe #1.4
Host
Application
Server
http://blog.arungupta.me/docker-container-linking-across-multiple-hosts-techtip69/
Host
Database

56. Recipe #1.4
Host
Application
Server
http://blog.arungupta.me/docker-container-linking-across-multiple-hosts-techtip69/
Host
Database

57. Recipe #1.4
Host
Application
Server
http://blog.arungupta.me/docker-container-linking-across-multiple-hosts-techtip69/
Host
Database

58. Arquillian Cube
• Controls the lifecycle of Docker images as part of
test cycle - automatically or manually
• Uses Docker REST API to talk to container
• Talk using WildFly remote adapter (in container)
• Try it out
http://blog.arungupta.me/run-javaee-tests-wildfly-docker-arquillian-cube/

59. Docker: Pros and Cons

60. Docker: Pros and Cons
• PROS
• Extreme application portability
• Very easy to create and work with derivative
• Fast boot on containers

61. Docker: Pros and Cons
• PROS
• Extreme application portability
• Very easy to create and work with derivative
• Fast boot on containers
• CONS
• Host-centric solution
• No higher-level provisioning
• No usage tracking/reporting

62. Application Operating
Environment

63. Kubernetes

64. Kubernetes
• Open source orchestration system for Docker
containers

65. Kubernetes
• Open source orchestration system for Docker
containers
• Provide declarative primitives for the “desired state”
• Self-healing
• Auto-restarting
• Schedule across hosts
• Replicating

67. Concepts

68. Concepts
• Pods: collocated group of
Docker containers that
share an IP and storage
volume
Docker
Pod 1 Pod 2
C1 C2 C3

69. Concepts
• Pods: collocated group of
Docker containers that
share an IP and storage
volume
• Service: Single, stable
name for a set of pods, also
acts as LB
Docker
Pod 1 Pod 2
C1 C2 C3
Pod 1
JBoss
Pod 2
JBoss
Service “web”
port 8080 port 8080

70. Concepts
• Pods: collocated group of
Docker containers that
share an IP and storage
volume
• Service: Single, stable
name for a set of pods, also
acts as LB
• Replication Controller:
manages the lifecycle of
pods and ensures specified
number are running
Docker
Pod 1 Pod 2
C1 C2 C3
Pod 1
JBoss
Pod 2
JBoss
Service “web”
port 8080 port 8080

71. Concepts
• Pods: collocated group of
Docker containers that
share an IP and storage
volume
• Service: Single, stable
name for a set of pods, also
acts as LB
• Replication Controller:
manages the lifecycle of
pods and ensures specified
number are running
• Label: used to organize
and select group of objects
Docker
Pod 1 Pod 2
C1 C2 C3
Pod 1
JBoss
Pod 2
JBoss
Service “web”
port 8080 port 8080

72. kubectl

73. kubectl
• Controls the Kubernetes cluster manager

74. kubectl
• Controls the Kubernetes cluster manager
• kubectl get pods or minions

75. kubectl
• Controls the Kubernetes cluster manager
• kubectl get pods or minions
• kubectl create -f <filename>

76. kubectl
• Controls the Kubernetes cluster manager
• kubectl get pods or minions
• kubectl create -f <filename>
• kubectl update or delete

77. kubectl
• Controls the Kubernetes cluster manager
• kubectl get pods or minions
• kubectl create -f <filename>
• kubectl update or delete
• kubectl resize —replicas=3
replicationcontrollers <name>

78. export KUBERNETES_PROVIDER=vagrant
./cluster/kube-up.sh
Mac OS X
Kubernetes (Vagrant)
Master Minion

79. Recipe #2.1
Mac OS X
Kubernetes (Vagrant)
Master
Minion
Pod
Docker
(WildFly)
http://blog.arungupta.me/javaee7-wildfly-kubernetes-mac-vagrant/

80. Services
• Abstract a set of pods as a single IP and port
• Simple TCP/UDP load balancing
• Creates environment variables in other pods
• Like “Docker links” but across hosts
• Stable endpoint for pods to reference
• Allows list of pods to change dynamically

81. Recipe #2.2
Minion
Pod
Docker
(WildFly)
Pod
Docker
(MySQL)
MySQL
Service
http://blog.arungupta.me/mysql-kubernetes-service-access-wildfly-pod-techtip72/

82. Minion 2
Recipe #2.3
Minion 1
Pod
Docker
(WildFly)
Pod
Docker
(MySQL)
MySQL
Service

83. Replication Controller

84. Replication Controller
• Ensures specified number of pod “replicas” are
running

85. Replication Controller
• Ensures specified number of pod “replicas” are
running
• Pod templates are cookie cutters

86. Replication Controller
• Ensures specified number of pod “replicas” are
running
• Pod templates are cookie cutters
• Rescheduling

87. Replication Controller
• Ensures specified number of pod “replicas” are
running
• Pod templates are cookie cutters
• Rescheduling
• Manual or auto-scale replicas

88. Replication Controller
• Ensures specified number of pod “replicas” are
running
• Pod templates are cookie cutters
• Rescheduling
• Manual or auto-scale replicas
• Rolling updates

89. Recipe #2.4

90. Recipe #2.4

91. Recipe #2.4
Minion 2
Minion 1
Pod
Docker
(WildFly)
Pod
Docker
(MySQL)
MySQL
Service
Pod
Docker
(WildFly)
WildFly
Service

92. Recipe #2.4
Minion 2
Minion 1
Pod
Docker
(WildFly)
Pod
Docker
(MySQL)
MySQL
Service
Pod
Docker
(WildFly)
WildFly
Service

93. Kubernetes: Pros and Cons
• PROS
• Manage related Docker containers as a unit
• Container communication across hosts
• Availability and scalability through automated deployment
and monitoring of pods and their replicas, across hosts

94. Kubernetes: Pros and Cons
• CONS
• Lifecycle of applications - build, deploy, manage, promote
• Port existing source code to run in Kubernetes
• DevOps: Dev -> Test -> Production
• No multi-tenancy
• On-premise (available on GCE)
• Assumes inter-pod networking as part of infrastructure
• Requires explicit load balancer

95. Pod 7
ActiveMQ
Pod 8
ActiveMQ
“mq”
port 8161 port 8161
Pod 1
Apache
Pod 2
Apache
“web”
port 80 port 80
Pod 5
MySQL
Pod 6
MySQL
“db”
port 3306 port 3306
Pod 3
JBoss
Pod 4
JBoss
“javaee”
port 8080 port 8080

96. Pod 7
ActiveMQ
Pod 8
ActiveMQ
“mq”
port 8161 port 8161
Pod 1
Apache
Pod 2
Apache
“web”
port 80 port 80
Pod 5
MySQL
Pod 6
MySQL
“db”
port 3306 port 3306
Pod 3
JBoss
Pod 4
JBoss
“javaee”
port 8080 port 8080

97. Container Host
Container
Cluster Management
User Experience

98. OpenShift 3 Features

99. OpenShift 3 Features
• Push to production - full DevOps

100. OpenShift 3 Features
• Push to production - full DevOps
• Client tools for building web applications

101. OpenShift 3 Features
• Push to production - full DevOps
• Client tools for building web applications
• Centralized administration and management of
application component libraries

102. OpenShift 3 Features
• Push to production - full DevOps
• Client tools for building web applications
• Centralized administration and management of
application component libraries
• Team and user isolation of containers, builds, and
network communication in an easy multi-tenancy
system

103. Recipe #3.1
• Start OpenShift as Docker container
• Or run natively
• Use osc (OpenShift Client) instead of kubectl
with Kubernetes configuration file

104. Recipe #3.2
• (Alpha) tools generate project JSON configuration
file that provide build/deployment

105. 40

106. Recipe #3.3
• Integration with JBoss Developer Studio (cooking)

107. Summary
• Container runtime and image distribution
• Roll your own solutions for everything
• Runtime and operational management of containers
• Lifecycle of applications - build, deploy, manage, promote
• Manage tens of thousands of applications with teams

108. References
• blog.arungupta.me/topics/containers/
• github.com/openshift/origin