View
651
Download
3
Category
Preview:
Citation preview
What we want?● Scalability, maintainability, Agility, Portability.
● DevOps tools.
● Improved resource utilization.
● A continuum of abstraction levels.
Linux Containers● Use Linux kernel isolation features to give a VM like environment.
● Process isolation /Sandboxing.
● Example: Lxc, lmctfy, Docker, Rkt
Docker● An easy to use Linux container technology.
● Docker image format.
● It helps in application packaging and delivery.
Docker is a tool that can package an application and its dependencies in a virtual
container that can run on any Linux server. This helps enable flexibility and portability
on where the application can run, whether on premises, public cloud, private cloud,
bare metal, etc. (Wikipedia)
Docker Vs VirtualizationPositive expects of Docker:
● Lighter than Virtual machines.
● Size of docker images are very small compared
● We can run more docker containers on a reasonably sized host.
● Deploying and scaling is relatively easy.
● Containers have less startup time.
Docker Vs VirtualizationDownside:
● Containers share a single kernel on a host.
● Less secure.
● You might need to redesign your application to take benefits.
Technologies behind docker● Control groups:
○ Control Groups are another key component of Linux Containers
○ With Cgroup we can implement resource accounting and limiting.
○ Ensure that each container gets its fair share of memory, CPU, disk I/O.
○ Thanks to Cgroup, we can make sure that single container cannot bring the system down by
exhausting resources.
● Union file systems:
○ Layered file system so you can have a read only part and a write part, and merge those together.
○ Docker images made up with are layers.
Technologies behind dockerNamespaces
● It helps to create isolated workspace for each process.
● When you run a container, Docker creates a set of namespaces for that container.
SELinux
● SELinux provides secure separation of containers by applying SELinux policy and
labels.
Technologies behind dockerCapabilities:
● By default Docker drops all capabilities except those needed.
● "root" within a container has much less privileges than the real "root".
● The best practice for users would be to remove all capabilities except those
explicitly required for their processes.
● Even if an intruder manages to escalate to root within a container, it will be much
harder to do serious damage, or to escalate to the host
Components● Docker Images
● Docker containers
● Docker Hub
● Docker Registry
● Docker daemon
● Docker client.
Dockerfiles● Dockerfile is a text document that contains all the commands a user could call on
the command line to assemble an image.
● docker build can build images using Dockerfile.
● https://github.com/fedora-cloud/Fedora-Dockerfiles
Let's talk about real life applications first!● One application consists of multiple containers.
● One container is dependent on another.
● Mutual dependency/ startup order.
● Process involves building containers and then deploy them
● Long docker run commands
● Complexity is proportional to the number of containers involved.
Docker Compose● Tool for defining and running multi-container Docker application.
● It is a YML file.
● Compose contains information about how to build the containers and deploy
containers.
● Integrated with Docker Swarm.
● Competes with Kubernetes.
Example● https://docs.docker.com/compose/wordpress/
● https://github.com/docker/example-voting-app
References● https://docs.docker.com/compose/overview/
● https://docs.docker.com/compose/startup-order/
● https://docs.docker.com/compose/compose-file/
Recommended