Upload
balint-pato
View
86
Download
0
Embed Size (px)
Citation preview
INTRODUCTION TO CONTAINERIZATION
BALINT PATO
SOFTWARE CRAFTSMANSHIP NYC MEETUP 11/17/2016
CURRICULUM FOR TODAY
▸ slides: curriculum
▸ hands-on: install docker, hello-world
▸ slides: containerization foundations
▸ hands-on: build an image from an app, run it, peak into the container
▸ slides: isolation and resource management
▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments!
▸ discussion
INTRODUCTION TO CONTAINERIZATION
INTRODUCTION TO CONTAINERIZATION
LET’S START HANDS-ON
TEST> docker run hello-world
INTRODUCTION TO CONTAINERIZATION
WHAT IS CONTAINERIZATION?
▸ metaphor I. shipping container
▸ standard packaging
▸ isolation method
▸ composability
INTRODUCTION TO CONTAINERIZATION
WHAT IS CONTAINERIZATION?
▸ metaphor II.lightweight, fast virtualization
▸ a container is like a virtual machine but magnitudes faster to spin it up
▸ own networking stack
▸ own filesystem
▸ own process IDs
▸ …but it runs on a host machine!
INTRODUCTION TO CONTAINERIZATION
BENEFITS: WHAT ARE CONTAINERS GOOD FOR?
▸ repeatability: I build the image once, and deploy (roughly) the same thing prod
▸ portability: as long as the runtime is available for a platform, the container can run there too.
▸ reusable filesystem setup: layers are the base of reuse
▸ standard execution and distribution: most (I consider windows preview only) software stacks are supported
▸ density: I can deploy multiple instances next to each other and split up the resources
INTRODUCTION TO CONTAINERIZATION
BENEFITS: CLOUD NATIVE ARCHITECTURE
an important piece in the cloud puzzle
INTRODUCTION TO CONTAINERIZATION
DEFINITIONS
▸ containerization platform: a family of technologies to isolate processes from each other, so that processes run as if they are running in a normal operating system while - enforced by the container runtime - they actually share the resources of a single host without having the ability to see each other's or the host's processes and resources. A platform also has opinion about the runtime and the lifecycle of the image, from building to distribution. Examples: LXC, Rkt, Docker
▸ container runtime: container execution environment, which enforces the limited shares of resources (e.g. cpu, memory, disk) allocated to the containerized application, also exposes API and tools around managing containers. Examples: LXD, Docker daemon, Rkt process
▸ image: an image defines the filesystem and execution parameters for the container. Images can be layered, composable, depending on the format. Examples: Docker image, appc, LXC image format
EXERCISE: LET’S BUILD AN IMAGE!
INTRODUCTION TO CONTAINERIZATION
FROM alpine RUN apk add --no-cache bash curl py-pip RUN pip install --upgrade pip RUN pip install flask COPY ./app.py / ENTRYPOINT python /app.py
2. create docker-start/Dockerfile with the following content
> git clone https://github.com/balopat/docker-starter
1. get some sample code, discuss the flask app
> docker build -t nanoservice .
3. build the image and discuss: What can these instructions mean?
EXERCISE: LET’S RUN IT!
INTRODUCTION TO CONTAINERIZATION
> docker images
1. list images on your machine, discuss: what can you see?
> docker run -d -p 1234:5000 nanoservice
2. spin up a container, discuss: what’s the output?
> docker ps
3. list running containers, discuss the output
> docker logs <container-id>
4. get the logs, discuss the output - try accessing the app
EXERCISE: WHAT’S IN THE BOX?
INTRODUCTION TO CONTAINERIZATION
> docker exec <container-id> ls /
1. run this and discuss
> docker exec -ti <container-id> bash
2. run this and experiment around
container> ps ax
3. how many processes are in the container? what are their PIDs?
container> curl localhost:5000
4. try accessing the app from inside
INTRODUCTION TO CONTAINERIZATION
KEEP IN MIND: THE DOCKER ARCHITECTURE: CLIENT-SERVER
INTRODUCTION TO CONTAINERIZATION
ISOLATION AND RESOURCE SHARING
▸ linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html ▸ hostname
▸ net
▸ pid
▸ users
▸ mounts
▸ …
▸ linux cgroups https://en.wikipedia.org/wiki/Cgroups ▸ CPU share
▸ CPU set
▸ memory
▸ block I/O
▸ network priority
▸ …
INTRODUCTION TO CONTAINERIZATION
EXERCISE: PUNCH A WHOLE ON THE CONTAINER
> docker run -d -p 1234:5000 nanoservice
1. spin up a container with port mapping and discuss: what’s the output? what does docker ps show?
2. On Mac + Ubuntu desktops just access http://localhost:5000,
[on Windows with Docker Toolbox:
a.) find the boot2docker VM’s IP: run ‘docker-machine ls’ this will give you
a tcp://<boot2dockerVMIP>:XXXX in the response
b.) you can access the app at http://<boot2dockerVMIP>:1234
INTRODUCTION TO CONTAINERIZATION
https://hub.docker.com
1. Register on docker hub
> docker login
2. login
> docker tag nanoservice <username>/nanoservice
3. re-tag our service to setup the repository (check with docker images)
> docker push <username>/nanoservice
4. push!
EXERCISE: PUSH IT TO DOCKERHUB
EXERCISE: TALKING TO THE DAEMON
INTRODUCTION TO CONTAINERIZATION
> docker run -it --privileged -v /var/run/docker.sock:/var/run/docker.sock appropriate/curl sh > curl google.com
1. we’ll need curl
> ls /var/run/docker.sock
2. find /var/run/docker.sock
> curl --unix-socket /var/run/docker.sock http://localhost/images/json
3. let’s query the daemon!
EXERCISE: LIMIT MEMORY
INTRODUCTION TO CONTAINERIZATION
> docker run -ti -m 300M debian bash
1.Let’s get a shell limited to 300M of memory
> docker stats
2. another window, let’s see the amount of RAM you have!
https://docs.docker.com/engine/reference/run/
Loads of options to manage resource usage of apps:
> cat <(yes | tr \\n x | head -c $((1024*1024*300))) <(sleep 10) | grep n
3. let’s load stuff in the memory, follow the action in the docker stats!
EXERCISE: MAX OUT YOUR CPU - ONLY DO THIS IF YOU HAVE MORE THAN 1 CORE!
INTRODUCTION TO CONTAINERIZATION
> docker run -ti --cpuset-cpus="1" --cpu-quota=10000 debian bash
1.Let’s get a shell limited to 1 cpu and only 10% of it
> :(){ :|:& };:
2. Let’s drop the fork bomb
> docker stats
3. on another tab - let’s see the stats
> docker kill <container-id>
4. kill the cpu killer
CURRICULUM FOR TODAY
▸ slides: curriculum
▸ hands-on: install docker, hello-world
▸ slides: containerization foundations
▸ hands-on: build an image from an app, run it, peak into the container
▸ slides: isolation and resource management
▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments!
▸ well done! we can get to the discussion :)
INTRODUCTION TO CONTAINERIZATION