SlideShare a Scribd company logo

Docker Insight

Tiago Pires
Tiago Pires

Docker Insight workshop @ IT Aveiro 19/11/14. Insight about docker technology with advanced concepts, scenarios (yeoman in docker, Netbeans in docker, Eclipse in docker).

Technology
1 of 25
Download to read offline
insight
19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
Survey ● Played with Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
Agenda ● What is Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
What is Docker? Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
What is Docker? Why bother? Docker runs containers !!! 3
What is Docker? Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
What is Docker? Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
What is Docker? Why bother? 4
Roadmap ● 0.10 (TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
Security ● Don’t run your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
Advanced Concepts Gathering Metrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
Scenarios SHUT UP AND DEMO !!! 9
Yeoman in docker 10
IDE in docker 10
Continuous Delivery From: http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
Thank you! Twitter @tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com

Recommended

Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Julio Martinez
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and Docker
Danish Khakwani
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
Rachid Zarouali
 
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / Ansible
Stephane Manciot
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
kao kuo-tung
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com
Mathieu Buffenoir
 

Recommended

Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Julio Martinez
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and Docker
Danish Khakwani
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
Rachid Zarouali
 
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet Camp Chicago 2014: Docker and Puppet: 1+1=3 (Intermediate)
Puppet
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / Ansible
Stephane Manciot
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
kao kuo-tung
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com
Mathieu Buffenoir
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Kevin Littlejohn
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
Docker internals
Docker internalsDocker internals
Docker internals
Rohit Jnagal
 
Webdevops - Neos Docker
Webdevops - Neos DockerWebdevops - Neos Docker
Webdevops - Neos Docker
Hans Höchtl
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
Giovanni Toraldo
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
Aater Suleman
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013
Guillaume Charmes
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
Giovanni Toraldo
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebula Project
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
Victor S. Recio
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
bacongobbler
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Miloš Zubal
 
From Docker Run To Docker Compose
From Docker Run To Docker ComposeFrom Docker Run To Docker Compose
From Docker Run To Docker Compose
Fitra Aditya
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)
Vladimir Melnic
 
Linux Containers & Docker
Linux Containers & DockerLinux Containers & Docker
Linux Containers & Docker
Jumping Bean
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Justyna Ilczuk
 
Docker
DockerDocker
Docker
Vitaly Tsaplin
 
Docker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appDocker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP app
Andrés Collado
 
Customizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánCustomizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier Fontán
OpenNebula Project
 
2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++
Chen-Han Hsiao
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Daniel Krook
 

More Related Content

What's hot

Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013
Guillaume Charmes
 

What's hot (20)

Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Docker internals
Docker internalsDocker internals
Docker internals
 
Webdevops - Neos Docker
Webdevops - Neos DockerWebdevops - Neos Docker
Webdevops - Neos Docker
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
 
Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013Docker Internals - Twilio talk November 14th, 2013
Docker Internals - Twilio talk November 14th, 2013
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
 
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime MelisOpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
 
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to DockerDocker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
Docker-Vancouver Meetup - March 18, 2014 - An Introduction to Docker
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
From Docker Run To Docker Compose
From Docker Run To Docker ComposeFrom Docker Run To Docker Compose
From Docker Run To Docker Compose
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)
 
Linux Containers & Docker
Linux Containers & DockerLinux Containers & Docker
Linux Containers & Docker
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Docker
DockerDocker
Docker
 
Docker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP appDocker intro workshop: Dockerize your PHP app
Docker intro workshop: Dockerize your PHP app
 
Customizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier FontánCustomizing Virtual Machine Images - Javier Fontán
Customizing Virtual Machine Images - Javier Fontán
 

Viewers also liked

2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++
Chen-Han Hsiao
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Daniel Krook
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
Daniel Krook
 

Viewers also liked (6)

2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++2014-06-26 - A guide to undefined behavior in c and c++
2014-06-26 - A guide to undefined behavior in c and c++
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!Containers, OCI, CNCF, Magnum, Kuryr, and You!
Containers, OCI, CNCF, Magnum, Kuryr, and You!
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
 
A Tour of Google Cloud Platform
A Tour of Google Cloud PlatformA Tour of Google Cloud Platform
A Tour of Google Cloud Platform
 

Similar to Docker Insight

Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Jérôme Petazzoni
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
David Timothy Strauss
 

Similar to Docker Insight (20)

Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Powercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptxPowercoders · Docker · Fall 2021.pptx
Powercoders · Docker · Fall 2021.pptx
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Data Science Workflows using Docker Containers
Data Science Workflows using Docker ContainersData Science Workflows using Docker Containers
Data Science Workflows using Docker Containers
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Docker Insight

  • 2. 19 November 2014 Tiago Pires tiago-a-pires@telecom.pt Jérôme Petazzoni jerome@docker.com
  • 3. Survey ● Played with Docker Online Tutorial ● Installed Docker locally ● Has one, or more, images on Docker Hub ● Works with Docker daily 1
  • 4. Agenda ● What is Docker? Why bother? ● Roadmap ● Security ● Advanced Concepts ● Scenarios (Yay !!!) 2
  • 5. What is Docker? Why bother? ● Deploy everything, (almost) everywhere ● Reliability, Consistency ● Efficiency (~ native speed) ● Fundamentally… 3
  • 6. What is Docker? Why bother? Docker runs containers !!! 3
  • 7. What is Docker? Why bother? ● Containers are “lighweight VMs” ○ Own process space, network interface, /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation 4
  • 8. What is Docker? Why bother? ● Dev env (Linux, OS X, Windows) ○ boot2docker (OS X, Windows) ○ Natively (Linux) ● Linux Servers (Ubuntu, Debian, Fedora, Gentoo, Arch…) ○ Single binary install ○ Easy provisioning on Rackspace, Digital Ocean, EC2, GCE ... 6
  • 9. What is Docker? Why bother? 4
  • 10. Roadmap ● 0.10 (TLS support API access, --dns, --dns-search, systemd cgroups) ● 0.11 (SELinux integration, DNS integration for links, --net) ● 0.12 (pause / unpause) ● 1.1 ( .dockerignore, logs --tail ) ● 1.2 (--restart, capabilities: --cap-add; --cap-drop, --device) ● 1.3 (docker exec, docker create, --security-opts (SELinux/AppArmor)) 5
  • 11. Security ● Don’t run your containers as root. ● Don’t enable SSH unless it’s a SSH server. ● Configure TLS for API access. ● If possible, use SELinux / AppArmor / GRSEC, etc… ! ● Make use of capabilities (CAP_CHOWN, CAP_MKNOD, CAP_NET_ADMIN …) 7
  • 12. Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8
  • 13. Advanced Concepts 8 ● Logs ○ Create “data container” to hold logs $ docker run --name logs -v /var/log busybox true ○ Start app container with shared volume $ docker run --volumes-from logs app ○ Digging into logs $ docker run -it --volumes-from logs -w /var/log ubuntu bash
  • 14. Advanced Concepts 8 ● Backups ○ Create “data container” to hold files to back up $ docker run --name mysqldata -v /var/lib/mysql busybox true ○ Start app container with shared volume $ docker run --volumes-from mysqldata mysql ○ Create a separate image with backup tools - Dockerfile with “apt-get install rsync, s3cmd…”
  • 15. Advanced Concepts 8 ● Network debugging ○ Create a image with backup tcpdump, ngrep... Dockerfile with “apt-get install tcpdump ngrep” ○ Run it in the namespace of the app container $ docker run -it --net container:<app_cid> netdebug bash ○ You can now run tcpdump, etc or copy a dump to visualise with Wireshark. $ docker run -it --net container:<app_cid> -v /tmp:/tmp netdebug tcpdump -s0 -peni eth0 -w /tmp/myapp.pcap
  • 16. Advanced Concepts ● Naming: each container should have a unique name. ● Links: connect containers. ● Volumes: separate code and data / share data between containers. ● Network: None, Bridge, Container, Host. 8 ● Capabilities: don’t use privileged! Instead use --cap-add / --cap-drop.
  • 17. Advanced Concepts 8 ● Capabilities ○ Change the status of the container’s interfaces. $ docker run --cap-add=NET_ADMIN ubuntu sh -c “ip link eth0 down” ○ Prevent any `chown` in the container. $ docker run --cap-drop=CHOWN ubuntu ... ○ Allow all capabilities except `mknod`. $ docker run --cap-add=ALL --cap-drop=MKNOD ubuntu ...
  • 18. Advanced Concepts Orchestration ● Fig, Chef, Puppet, Salt, Ansible ● Mesos, Kubernetes, Helios ● OpenShift, OpenStack 8
  • 19. Advanced Concepts Gathering Metrics ● cgroups gives per-container: ○ CPU usage ○ Memory usage ○ I/O usage (per device, reads and writes, in bytes and in ops) ● cgroups doesn’t give: ○ network metrics (https://github.com/tpires/packetbeat-setup) 8
  • 20. Scenarios SHUT UP AND DEMO !!! 9
  • 23. Continuous Delivery From: http://contino.co.uk/use-docker-continuous-delivery-part-2/ 10
  • 24. 11 Coming next... ● Volume management ● IPv6 support ● Cluster management ● Logging improvements ● Windows Server Containers
  • 25. Thank you! Twitter @tpires Twitter @jpetazzo tiago-a-pires@telecom.pt jerome@docker.com