SlideShare a Scribd company logo

The Docker Ecosystem

Dmitry Skaredov
Dmitry Skaredov

The document provides a comprehensive overview of Docker, detailing its architecture, key components, and various use cases in production environments. It highlights how Docker simplifies application deployment and management through features like containerization, Docker Machine, and Docker Compose, while also emphasizing its effectiveness in rapid deployment, server consolidation, and multi-tenancy. Additionally, it discusses networking capabilities and the orchestration of container clusters using Docker Swarm.

Technology
1 of 55
Downloaded 108 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
1CONFIDENTIAL The Docker Ecosystem DZMITRY SKAREDAU, SOLUTION ARCHITECT NOVEMBER 5, 2015
2CONFIDENTIAL 2 AGENDA • Introduction to Docker • Docker’s Key Use Cases • Docker Toolbox • Docker Machine • Docker Compose • Docker Swarm • Multi-Host Docker Networking
3CONFIDENTIAL WHAT IS DOCKER?
4CONFIDENTIAL 4 WHAT IS DOCKER? Open source engine that leverage LXC and AUFS to package an application and its dependencies in a virtual container that can run on any Linux server. WHAT!? We are using Windows! most of us
5CONFIDENTIAL 5 WHAT IS DOCKER?
6CONFIDENTIAL 6 LXC Wikipedia https://en.wikipedia.org/wiki/LXC “ „ Linux Containers (LXC) provide a means to isolate individual services or applications as well as of a complete Linux operating system from other services running on the same host. To accomplish this, each container gets its own directory structure, network devices, IP addresses and process table. The processes running in other containers or the host system are not visible from inside a container. Additionally, Linux Containers allow for fine granular control of resources like RAM, CPU or disk I/O. LXC combines kernel's cgroups and support for isolated namespaces to provide an isolated environment for applications.
7CONFIDENTIAL 7 CGROUPS “ „cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Wikipedia https://en.wikipedia.org/wiki/Cgroups
8CONFIDENTIAL 8 NAMESPACE ISOLATION “ „ namespace isolation, where groups of processes are separated such that they cannot "see" resources in other groups. For example, a PID namespace provides a separate enumeration of process identifiers within each namespace. Also available are mount, UTS, network and SysV IPC namespaces. Wikipedia https://en.wikipedia.org/wiki/Cgroups
9CONFIDENTIAL 9 AUFS “ „aufs (short for advanced multi layered unification filesystem) implements a union mount for Linux file systems. Wikipedia https://en.wikipedia.org/wiki/Aufs
10CONFIDENTIAL 10 AUFS A typical Linux start to run to two FS: • bootfs (boot file system) Including bootloader and kernel, bootloader is the main kernel boot loader, when after the success of the boot kernel is loaded into memory after the bootfs was umount • rootfs (root file system) Is a typical Linux system consists of /dev, /proc, /bin, /etc and other standard directory and file.
11CONFIDENTIAL 11 AUFS Thus for different Linux distributions, the bootfs is basically the same, the rootfs will be different, so different distributions can be public bootfs as shown below: • Debian is a Unix-like computer operating system and a Linux distribution Size: 136.1 MB • BusyBox is software that provides several stripped-down Unix tools in a single executable file. It was specifically created for embedded operating systems with very limited resources. Size: 1.109 MB
12CONFIDENTIAL 12 AUFS 2 custom images: 1. With Apache/Emacs over Debian 2. Over BusyBox
13CONFIDENTIAL 13 CONTAINERS VS VMS
14CONFIDENTIAL 14 DOCKER UNDER THE HOOD
15CONFIDENTIAL 15 DOCKER UNDER THE HOOD
16CONFIDENTIAL 16 DOCKER AT LINUX AND MACOS/WINDOWS
17CONFIDENTIAL 17 DOCKER CONTAINERS IN PRODUCTION There is currently a pervasive (and faulty) perception that Docker containers are only being utilized in dev-test and proof-of- concept projects. In fact, the question I am most often asked by IT colleagues and customers goes like this: “Is anyone using Docker containers for critical workloads, or even in production?” The answer is an unequivocal “Yes” – critical workloads are being run in Docker containers, and much more pervasively than is commonly understood. Here are a few examples: • Global financial services corporation ING is using Docker containers to help accelerate its continuous delivery process and drive 500 deployments/week, meeting speed to market goals • Global investment bank Goldman Sachs uses Docker containers to centralize application builds and deployments • Streaming music leader Spotify uses Docker containers to make software deploymentsrepeatable, straightforward, and fault-tolerant • Application performance management leader New Relic is using Docker containers to solve its most challenging deployment issues
18CONFIDENTIAL DOCKER’S KEY USE CASES
19CONFIDENTIAL 19 SIMPLIFYING CONFIGURATION Cloud Services with built-in Docker support
20CONFIDENTIAL 20 CODE PIPELINE MANAGEMENT The immutable nature of Docker images, and the ease with which they can be spun up, help you achieve zero change in application runtime environments across dev through production. ENV DEV Private Docker Hub ENV INT ENV QA ENV PRE PROD ENV PROD
21CONFIDENTIAL 21 DEVELOPER PRODUCTIVITY In a developer environment, we have two goals that are at odds with each other: 1. We want it be as close as possible to production; and 2. We want the development environment to be as fast as possible for interactive use.
22CONFIDENTIAL 22 APP ISOLATION A couple of such cases to consider are server consolidation for decreasing cost or a gradual plan to separate a monolithic application into decoupled pieces.
23CONFIDENTIAL 23 SERVER CONSOLIDATION Just like using VMs for consolidating multiple applications, the application isolation abilities of Docker allows consolidating multiple servers to save on cost. However, without the memory footprint of multiple OSes and the ability to share unused memory across the instances, Docker provides far denser server consolidation than you can get with VMs.
24CONFIDENTIAL 24 MULTI-TENANCY Using Docker, it was easy and inexpensive to create isolated environments for running multiple instances of app tiers for each tenant.
25CONFIDENTIAL 25 RAPID DEPLOYMENT Docker creating a container for the process and not booting up an OS, brings it down to seconds.
26CONFIDENTIAL DOCKER TOOLBOX
27CONFIDENTIAL 27 • Docker Machine for running the docker-machine binary • Docker Engine for running the docker binary • Kitematic, the Docker GUI • a shell preconfigured for a Docker command-line environment • Oracle VM VirtualBox DOCKER TOOLBOX
28CONFIDENTIAL 28 The Docker VM is lightweight Linux virtual machine made specifically to run the Docker daemon on Windows. The VirtualBox VM runs completely from RAM, is a small ~29MB download, and boots in approximately 5s. DOCKER MACHINE docker-machine create --driver virtualbox my-default Creating VirtualBox VM... Creating SSH key... Starting VirtualBox VM... Starting VM... To see how to connect Docker to this machine, run: docker-machine env my-default docker-machine --native-ssh create -d virtualbox dev
29CONFIDENTIAL 29 DOCKER MACHINE docker-machine --native-ssh create -d virtualbox dev docker-machine ls NAME ACTIVE DRIVER STATE URL SWARM dev virtualbox Running tcp://192.168.99.100:2376 List your available machines Create a new Docker VM Get the environment commands for your new VM docker-machine env dev --shell cmd set DOCKER_TLS_VERIFY=1 set DOCKER_HOST=tcp://192.168.99.100:2376 set DOCKER_CERT_PATH=C:UsersDzmitry_Skaredau.dockermachinemachinesdev set DOCKER_MACHINE_NAME=dev # Run this command to configure your shell: # copy and paste the above values into your command prompt
30CONFIDENTIAL 30 DOCKER MACHINE docker-machine ls NAME ACTIVE DRIVER STATE URL SWARM dev * virtualbox Running tcp://192.168.99.100:2376 List your available machines docker run ^ -d ^ -p 80:80 ^ -v $(pwd)/src/vhost.conf:/etc/nginx/sites-enabled/vhost.conf ^ -v $(pwd)/src:/var/www ^ nginx Run container pwd: The pwd command will allow you to know in which directory you're located (pwd stands for "print working directory")
31CONFIDENTIAL 31 DOCKER MACHINE docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ef9b3f99a05f nginx "nginx -g 'daemon off" 13 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 443/tcp sad_elion Show containers docker-machine ip 192.168.99.100 Find machine IP
32CONFIDENTIAL docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE rnd-saas/service-discovery latest 9f7499191ada 10 seconds ago 722.7 MB java 8 bdd93cb6443c 4 days ago 641.9 MB busybox latest c51f86c28340 4 days ago 1.109 MB nginx latest 914c82c5a678 7 days ago 132.8 MB ubuntu precise 38f2c35e1b51 13 days ago 136.1 MB 32 DOCKERFILE FROM java:8 EXPOSE 8761 VOLUME /tmp ADD service-discovery-0.1.0.jar app.jar RUN bash -c 'touch /app.jar' ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] Dockerfile content docker build -t rnd-saas/service-discovery . Build new image Show images
33CONFIDENTIAL DOCKER COMPOSE
34CONFIDENTIAL 34 Running multiple containers • Run your stack with one command: docker-compose up • Describe your stack with one file: docker-compose.yml DOCKER COMPOSE
35CONFIDENTIAL 35 HOW TO RUN WORDPRESS FROM orchardup/php5 ADD . /code Dockerfile web: build: . command: php -S 0.0.0.0:8000 -t /code ports: - "8000:8000" links: - db volumes: - .:/code db: image: orchardup/mysql environment: MYSQL_DATABASE: wordpress docker-compose.yml
36CONFIDENTIAL 36 The features of Compose that make it effective are: • Multiple isolated environments on a single host DOCKER COMPOSE
37CONFIDENTIAL 37 Compose uses a project name to isolate environments from each other. You can use this project name to: • on a dev host to create multiple copies of a single environment (ex: you want to run a stable copy for each feature branch of a project) • on a CI server to keep builds from interfering with each other, you can set the project name to a unique build number • on a shared host or dev host to prevent different projects which may use the same service names, from interfering with each other ISOLATED ENVIRONMENTS
38CONFIDENTIAL 38 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created DOCKER COMPOSE
39CONFIDENTIAL 39 Compose preserves all volumes used by your services. When docker- compose up runs, if it finds any containers from previous runs, it copies the volumes from the old container to the new container. This process ensures that any data you’ve created in volumes isn’t lost. PRESERVE VOLUME DATA
40CONFIDENTIAL 40 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created • Only recreate containers that have changed DOCKER COMPOSE
41CONFIDENTIAL 41 Compose caches the configuration used to create a container. When you restart a service that has not changed, Compose re-uses the existing containers. Re-using containers means that you can make changes to your environment very quickly. RECREATES ONLY CHANGED CONTAINERS
42CONFIDENTIAL 42 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created • Only recreate containers that have changed • Variables and moving a composition between environments DOCKER COMPOSE
43CONFIDENTIAL 43 Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which docker- compose is run. For example, suppose the shell contains POSTGRES_VERSION=9.3 and you supply this configuration: VARIABLE SUBSTITUTION db: image: "postgres:${POSTGRES_VERSION}"
44CONFIDENTIAL 44 Common use case is multiple compose files: changing a Compose app for different environments MOVING A COMPOSITION BETWEEN ENVIRONMENTS docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
45CONFIDENTIAL DOCKER SWARM
46CONFIDENTIAL 46 Docker Swarm is used to host and schedule a cluster of Docker containers. DOCKER SWARM
47CONFIDENTIAL 47 Since Swarm ships as a standard Docker image with no external infrastructure dependencies, getting started is a simple, three-step process: 1. Run one command to create a cluster. 2. Run another command to start Swarm. 3. On each host where the Docker Engine is running, run a command to join said cluster. SETUP
48CONFIDENTIAL 48 Swarm is aware of the resources available in the cluster and will place containers accordingly. To choose a ranking strategy, pass the --strategy flag and a strategy value to the swarm manage command. Swarm currently supports these values: • spread • binpack • random RESOURCE MANAGEMENT docker run -d -m 1g redis
49CONFIDENTIAL 49 In order to meet the specific requirements of each container, their placement can be fine-tuned using constraints. CONSTRAINTS docker run -d -e constraint:storage==ssd mysql Constraints operate on Docker daemon labels. To make the previous example work, Docker must be started with the–label storage=ssd option. More advanced expressions are also supported: docker run --rm -d -e constraint:node!=fed* docker run --rm -d -e constraint:node==/ubuntu-[0-9]+/
50CONFIDENTIAL 50 In some cases, the placement of a container must be relative to other containers. Swarm lets you define those relationships through affinities. The following will run two Redis servers, while guaranteeing they don’t get scheduled on the same machine: AFFINITY docker run -d --name redis_1 -e ‘affinity:container!=redis_*’ redis docker run -d --name redis_2 -e ‘affinity:container!=redis_*’ redis
51CONFIDENTIAL 51 At some point, Swarm will be able to reschedule containers upon host failure. Let’s say you schedule a frontend container with some constraints: FAULT-TOLERANT SCHEDULING docker run -d -e constraint:storage==ssd nginx If the host of this container goes down, Swarm will be able to detect the outage and reschedule this container on another host that can respect the constraint storage==ssd
52CONFIDENTIAL MULTI-HOST DOCKER NETWORKING
53CONFIDENTIAL 53 Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. NETWORKING
54CONFIDENTIAL 54 1. Connect containers to each other across different physical or virtual hosts 2. Containers using Networking can be easily stopped, started and restarted without disrupting the connections to other containers 3. You don’t need to create a container before you can link to it. With Networking containers be created in any order and discover each other using their container names NETWORKING
55CONFIDENTIAL 55 You can create a new network with docker network create. In this example, we’ll create a network called “frontend” and run an nginx container inside it: NETWORKING docker network create frontend docker run -d --net=frontend --name web nginx Then we could run a web application in a network called “app” and then use the docker network connect command so our Nginx container can forward connections to it. docker network create app docker run -d --name myapp --net=app <my application container> docker network connect app web Now Nginx should be able to connect to your application using the hostname “myapp.app”

More Related Content

What's hot (20)

PPTX
Docker Basics
DuckDuckGo
 
PPTX
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
PDF
Docker swarm
Alberto Guimarães Viana
 
PDF
Introduction to docker
Instruqt
 
PPT
Docker introduction
Phuc Nguyen
 
PPTX
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Simplilearn
 
PPTX
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Simplilearn
 
PPTX
What is Docker
Pavel Klimiankou
 
PDF
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
Edureka!
 
PPTX
Docker introduction (1)
Gourav Varma
 
PDF
Introduction to Docker
Aditya Konarde
 
PDF
An Introduction to Kubernetes
Imesh Gunaratne
 
PDF
Docker Swarm 0.2.0
Docker, Inc.
 
PDF
Docker
SangtongPeesing
 
PPTX
Docker and kubernetes
Dongwon Kim
 
PDF
Introduction to Docker
Luong Vo
 
PPTX
Docker Swarm for Beginner
Shahzad Masud
 
PDF
Introduction to Docker storage, volume and image
ejlp12
 
PDF
Docker & kubernetes
NexThoughts Technologies
 
PDF
Docker 101: Introduction to Docker
Docker, Inc.
 
Docker Basics
DuckDuckGo
 
What Is A Docker Container? | Docker Container Tutorial For Beginners| Docker...
Simplilearn
 
Docker swarm
Alberto Guimarães Viana
 
Introduction to docker
Instruqt
 
Docker introduction
Phuc Nguyen
 
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Simplilearn
 
Docker Compose | Docker Compose Tutorial | Docker Tutorial For Beginners | De...
Simplilearn
 
What is Docker
Pavel Klimiankou
 
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...
Edureka!
 
Docker introduction (1)
Gourav Varma
 
Introduction to Docker
Aditya Konarde
 
An Introduction to Kubernetes
Imesh Gunaratne
 
Docker Swarm 0.2.0
Docker, Inc.
 
Docker
SangtongPeesing
 
Docker and kubernetes
Dongwon Kim
 
Introduction to Docker
Luong Vo
 
Docker Swarm for Beginner
Shahzad Masud
 
Introduction to Docker storage, volume and image
ejlp12
 
Docker & kubernetes
NexThoughts Technologies
 
Docker 101: Introduction to Docker
Docker, Inc.
 

Viewers also liked (20)

PPTX
Docker Platform and Ecosystem
Patrick Chanezon
 
PDF
Spring Cloud and Netflix OSS overview v1
Dmitry Skaredov
 
PDF
Understanding the Docker ecosystem
Kiratech
 
PPTX
Intro to Docker at the 2016 Evans Developer relations conference
Mano Marks
 
PPTX
Docker & aPaaS: Enterprise Innovation and Trends for 2015
WaveMaker, Inc.
 
PDF
Docker ecosystem
zefhemel
 
PPTX
Docker Ecosystem: Part III - Machine
Mario IC
 
PPTX
Docker Ecosystem on Azure
Patrick Chanezon
 
PDF
Docker Ecosystem: Engine, Compose, Machine, Swarm, Registry
Mario IC
 
PPTX
ICSEC2016-Policy management for docker ecosystem
Bukhary Ikhwan Ismail
 
PPTX
Docker Platform and Ecosystem Nov 2015
Patrick Chanezon
 
PDF
Evolution (Core)
Stephen Taylor
 
PDF
Tracxn Docker Ecosystem Startup Landscape - Feb 2015
Tracxn
 
PDF
Tracxn Research — Docker Ecosystem Startup Landscape, September 2016
Tracxn
 
PDF
Microservices Technology Stack
Eberhard Wolff
 
PPTX
Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Van Phuc
 
PDF
當專案漸趕,當遷移也不再那麼難 (Ship Your Projects with Docker EcoSystem)
Ruoshi Ling
 
PDF
“Containerizing” applications with Docker: Ecosystem and Tools
Francisco Javier Ramírez Urea
 
PDF
The Docker ecosystem and the future of application deployment
Jérôme Petazzoni
 
PDF
Docker Einführung @GPN15
m1no
 
Docker Platform and Ecosystem
Patrick Chanezon
 
Spring Cloud and Netflix OSS overview v1
Dmitry Skaredov
 
Understanding the Docker ecosystem
Kiratech
 
Intro to Docker at the 2016 Evans Developer relations conference
Mano Marks
 
Docker & aPaaS: Enterprise Innovation and Trends for 2015
WaveMaker, Inc.
 
Docker ecosystem
zefhemel
 
Docker Ecosystem: Part III - Machine
Mario IC
 
Docker Ecosystem on Azure
Patrick Chanezon
 
Docker Ecosystem: Engine, Compose, Machine, Swarm, Registry
Mario IC
 
ICSEC2016-Policy management for docker ecosystem
Bukhary Ikhwan Ismail
 
Docker Platform and Ecosystem Nov 2015
Patrick Chanezon
 
Evolution (Core)
Stephen Taylor
 
Tracxn Docker Ecosystem Startup Landscape - Feb 2015
Tracxn
 
Tracxn Research — Docker Ecosystem Startup Landscape, September 2016
Tracxn
 
Microservices Technology Stack
Eberhard Wolff
 
Docker-Hanoi @DKT , Presentation about Docker Ecosystem
Van Phuc
 
當專案漸趕,當遷移也不再那麼難 (Ship Your Projects with Docker EcoSystem)
Ruoshi Ling
 
“Containerizing” applications with Docker: Ecosystem and Tools
Francisco Javier Ramírez Urea
 
The Docker ecosystem and the future of application deployment
Jérôme Petazzoni
 
Docker Einführung @GPN15
m1no
 
Ad

Similar to The Docker Ecosystem (20)

PDF
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Codemotion
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
PDF
codemotion-docker-2014
Carlo Bonamico
 
PDF
Docker and-containers-for-development-and-deployment-scale12x
rkr10
 
PDF
Docker
Neeraj Wadhwa
 
PDF
Docker Concepts for Oracle/MySQL DBAs and DevOps
Zohar Elkayam
 
PDF
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Partner S.A.
 
PDF
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
PDF
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
PDF
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Jérôme Petazzoni
 
PPTX
Docker In Brief
Ritu Kamthan
 
PDF
Introduction to Docker at Glidewell Laboratories in Orange County
Jérôme Petazzoni
 
PDF
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
PDF
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
PDF
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
ODP
Linux containers & Devops
Maciej Lasyk
 
PDF
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
PPTX
Developer workflow with docker
Wyn B. Van Devanter
 
PPTX
Introducing docker
Dharmit Shah
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Codemotion
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
codemotion-docker-2014
Carlo Bonamico
 
Docker and-containers-for-development-and-deployment-scale12x
rkr10
 
Docker
Neeraj Wadhwa
 
Docker Concepts for Oracle/MySQL DBAs and DevOps
Zohar Elkayam
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Partner S.A.
 
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Jérôme Petazzoni
 
Docker In Brief
Ritu Kamthan
 
Introduction to Docker at Glidewell Laboratories in Orange County
Jérôme Petazzoni
 
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Linux containers & Devops
Maciej Lasyk
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Jérôme Petazzoni
 
Developer workflow with docker
Wyn B. Van Devanter
 
Introducing docker
Dharmit Shah
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
Ad

Recently uploaded (20)

PDF
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Mastering Financial Management in Direct Selling
Epixel MLM Software
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
July Patch Tuesday
Ivanti
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...
Rejig Digital
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 

The Docker Ecosystem

  • 1. 1CONFIDENTIAL The Docker Ecosystem DZMITRY SKAREDAU, SOLUTION ARCHITECT NOVEMBER 5, 2015
  • 2. 2CONFIDENTIAL 2 AGENDA • Introduction to Docker • Docker’s Key Use Cases • Docker Toolbox • Docker Machine • Docker Compose • Docker Swarm • Multi-Host Docker Networking
  • 4. 4CONFIDENTIAL 4 WHAT IS DOCKER? Open source engine that leverage LXC and AUFS to package an application and its dependencies in a virtual container that can run on any Linux server. WHAT!? We are using Windows! most of us
  • 6. 6CONFIDENTIAL 6 LXC Wikipedia https://en.wikipedia.org/wiki/LXC “ „ Linux Containers (LXC) provide a means to isolate individual services or applications as well as of a complete Linux operating system from other services running on the same host. To accomplish this, each container gets its own directory structure, network devices, IP addresses and process table. The processes running in other containers or the host system are not visible from inside a container. Additionally, Linux Containers allow for fine granular control of resources like RAM, CPU or disk I/O. LXC combines kernel's cgroups and support for isolated namespaces to provide an isolated environment for applications.
  • 7. 7CONFIDENTIAL 7 CGROUPS “ „cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Wikipedia https://en.wikipedia.org/wiki/Cgroups
  • 8. 8CONFIDENTIAL 8 NAMESPACE ISOLATION “ „ namespace isolation, where groups of processes are separated such that they cannot "see" resources in other groups. For example, a PID namespace provides a separate enumeration of process identifiers within each namespace. Also available are mount, UTS, network and SysV IPC namespaces. Wikipedia https://en.wikipedia.org/wiki/Cgroups
  • 9. 9CONFIDENTIAL 9 AUFS “ „aufs (short for advanced multi layered unification filesystem) implements a union mount for Linux file systems. Wikipedia https://en.wikipedia.org/wiki/Aufs
  • 10. 10CONFIDENTIAL 10 AUFS A typical Linux start to run to two FS: • bootfs (boot file system) Including bootloader and kernel, bootloader is the main kernel boot loader, when after the success of the boot kernel is loaded into memory after the bootfs was umount • rootfs (root file system) Is a typical Linux system consists of /dev, /proc, /bin, /etc and other standard directory and file.
  • 11. 11CONFIDENTIAL 11 AUFS Thus for different Linux distributions, the bootfs is basically the same, the rootfs will be different, so different distributions can be public bootfs as shown below: • Debian is a Unix-like computer operating system and a Linux distribution Size: 136.1 MB • BusyBox is software that provides several stripped-down Unix tools in a single executable file. It was specifically created for embedded operating systems with very limited resources. Size: 1.109 MB
  • 12. 12CONFIDENTIAL 12 AUFS 2 custom images: 1. With Apache/Emacs over Debian 2. Over BusyBox
  • 17. 17CONFIDENTIAL 17 DOCKER CONTAINERS IN PRODUCTION There is currently a pervasive (and faulty) perception that Docker containers are only being utilized in dev-test and proof-of- concept projects. In fact, the question I am most often asked by IT colleagues and customers goes like this: “Is anyone using Docker containers for critical workloads, or even in production?” The answer is an unequivocal “Yes” – critical workloads are being run in Docker containers, and much more pervasively than is commonly understood. Here are a few examples: • Global financial services corporation ING is using Docker containers to help accelerate its continuous delivery process and drive 500 deployments/week, meeting speed to market goals • Global investment bank Goldman Sachs uses Docker containers to centralize application builds and deployments • Streaming music leader Spotify uses Docker containers to make software deploymentsrepeatable, straightforward, and fault-tolerant • Application performance management leader New Relic is using Docker containers to solve its most challenging deployment issues
  • 20. 20CONFIDENTIAL 20 CODE PIPELINE MANAGEMENT The immutable nature of Docker images, and the ease with which they can be spun up, help you achieve zero change in application runtime environments across dev through production. ENV DEV Private Docker Hub ENV INT ENV QA ENV PRE PROD ENV PROD
  • 21. 21CONFIDENTIAL 21 DEVELOPER PRODUCTIVITY In a developer environment, we have two goals that are at odds with each other: 1. We want it be as close as possible to production; and 2. We want the development environment to be as fast as possible for interactive use.
  • 22. 22CONFIDENTIAL 22 APP ISOLATION A couple of such cases to consider are server consolidation for decreasing cost or a gradual plan to separate a monolithic application into decoupled pieces.
  • 23. 23CONFIDENTIAL 23 SERVER CONSOLIDATION Just like using VMs for consolidating multiple applications, the application isolation abilities of Docker allows consolidating multiple servers to save on cost. However, without the memory footprint of multiple OSes and the ability to share unused memory across the instances, Docker provides far denser server consolidation than you can get with VMs.
  • 24. 24CONFIDENTIAL 24 MULTI-TENANCY Using Docker, it was easy and inexpensive to create isolated environments for running multiple instances of app tiers for each tenant.
  • 25. 25CONFIDENTIAL 25 RAPID DEPLOYMENT Docker creating a container for the process and not booting up an OS, brings it down to seconds.
  • 27. 27CONFIDENTIAL 27 • Docker Machine for running the docker-machine binary • Docker Engine for running the docker binary • Kitematic, the Docker GUI • a shell preconfigured for a Docker command-line environment • Oracle VM VirtualBox DOCKER TOOLBOX
  • 28. 28CONFIDENTIAL 28 The Docker VM is lightweight Linux virtual machine made specifically to run the Docker daemon on Windows. The VirtualBox VM runs completely from RAM, is a small ~29MB download, and boots in approximately 5s. DOCKER MACHINE docker-machine create --driver virtualbox my-default Creating VirtualBox VM... Creating SSH key... Starting VirtualBox VM... Starting VM... To see how to connect Docker to this machine, run: docker-machine env my-default docker-machine --native-ssh create -d virtualbox dev
  • 29. 29CONFIDENTIAL 29 DOCKER MACHINE docker-machine --native-ssh create -d virtualbox dev docker-machine ls NAME ACTIVE DRIVER STATE URL SWARM dev virtualbox Running tcp://192.168.99.100:2376 List your available machines Create a new Docker VM Get the environment commands for your new VM docker-machine env dev --shell cmd set DOCKER_TLS_VERIFY=1 set DOCKER_HOST=tcp://192.168.99.100:2376 set DOCKER_CERT_PATH=C:UsersDzmitry_Skaredau.dockermachinemachinesdev set DOCKER_MACHINE_NAME=dev # Run this command to configure your shell: # copy and paste the above values into your command prompt
  • 30. 30CONFIDENTIAL 30 DOCKER MACHINE docker-machine ls NAME ACTIVE DRIVER STATE URL SWARM dev * virtualbox Running tcp://192.168.99.100:2376 List your available machines docker run ^ -d ^ -p 80:80 ^ -v $(pwd)/src/vhost.conf:/etc/nginx/sites-enabled/vhost.conf ^ -v $(pwd)/src:/var/www ^ nginx Run container pwd: The pwd command will allow you to know in which directory you're located (pwd stands for "print working directory")
  • 31. 31CONFIDENTIAL 31 DOCKER MACHINE docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ef9b3f99a05f nginx "nginx -g 'daemon off" 13 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 443/tcp sad_elion Show containers docker-machine ip 192.168.99.100 Find machine IP
  • 32. 32CONFIDENTIAL docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE rnd-saas/service-discovery latest 9f7499191ada 10 seconds ago 722.7 MB java 8 bdd93cb6443c 4 days ago 641.9 MB busybox latest c51f86c28340 4 days ago 1.109 MB nginx latest 914c82c5a678 7 days ago 132.8 MB ubuntu precise 38f2c35e1b51 13 days ago 136.1 MB 32 DOCKERFILE FROM java:8 EXPOSE 8761 VOLUME /tmp ADD service-discovery-0.1.0.jar app.jar RUN bash -c 'touch /app.jar' ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] Dockerfile content docker build -t rnd-saas/service-discovery . Build new image Show images
  • 34. 34CONFIDENTIAL 34 Running multiple containers • Run your stack with one command: docker-compose up • Describe your stack with one file: docker-compose.yml DOCKER COMPOSE
  • 35. 35CONFIDENTIAL 35 HOW TO RUN WORDPRESS FROM orchardup/php5 ADD . /code Dockerfile web: build: . command: php -S 0.0.0.0:8000 -t /code ports: - "8000:8000" links: - db volumes: - .:/code db: image: orchardup/mysql environment: MYSQL_DATABASE: wordpress docker-compose.yml
  • 36. 36CONFIDENTIAL 36 The features of Compose that make it effective are: • Multiple isolated environments on a single host DOCKER COMPOSE
  • 37. 37CONFIDENTIAL 37 Compose uses a project name to isolate environments from each other. You can use this project name to: • on a dev host to create multiple copies of a single environment (ex: you want to run a stable copy for each feature branch of a project) • on a CI server to keep builds from interfering with each other, you can set the project name to a unique build number • on a shared host or dev host to prevent different projects which may use the same service names, from interfering with each other ISOLATED ENVIRONMENTS
  • 38. 38CONFIDENTIAL 38 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created DOCKER COMPOSE
  • 39. 39CONFIDENTIAL 39 Compose preserves all volumes used by your services. When docker- compose up runs, if it finds any containers from previous runs, it copies the volumes from the old container to the new container. This process ensures that any data you’ve created in volumes isn’t lost. PRESERVE VOLUME DATA
  • 40. 40CONFIDENTIAL 40 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created • Only recreate containers that have changed DOCKER COMPOSE
  • 41. 41CONFIDENTIAL 41 Compose caches the configuration used to create a container. When you restart a service that has not changed, Compose re-uses the existing containers. Re-using containers means that you can make changes to your environment very quickly. RECREATES ONLY CHANGED CONTAINERS
  • 42. 42CONFIDENTIAL 42 The features of Compose that make it effective are: • Multiple isolated environments on a single host • Preserve volume data when containers are created • Only recreate containers that have changed • Variables and moving a composition between environments DOCKER COMPOSE
  • 43. 43CONFIDENTIAL 43 Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which docker- compose is run. For example, suppose the shell contains POSTGRES_VERSION=9.3 and you supply this configuration: VARIABLE SUBSTITUTION db: image: "postgres:${POSTGRES_VERSION}"
  • 44. 44CONFIDENTIAL 44 Common use case is multiple compose files: changing a Compose app for different environments MOVING A COMPOSITION BETWEEN ENVIRONMENTS docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
  • 46. 46CONFIDENTIAL 46 Docker Swarm is used to host and schedule a cluster of Docker containers. DOCKER SWARM
  • 47. 47CONFIDENTIAL 47 Since Swarm ships as a standard Docker image with no external infrastructure dependencies, getting started is a simple, three-step process: 1. Run one command to create a cluster. 2. Run another command to start Swarm. 3. On each host where the Docker Engine is running, run a command to join said cluster. SETUP
  • 48. 48CONFIDENTIAL 48 Swarm is aware of the resources available in the cluster and will place containers accordingly. To choose a ranking strategy, pass the --strategy flag and a strategy value to the swarm manage command. Swarm currently supports these values: • spread • binpack • random RESOURCE MANAGEMENT docker run -d -m 1g redis
  • 49. 49CONFIDENTIAL 49 In order to meet the specific requirements of each container, their placement can be fine-tuned using constraints. CONSTRAINTS docker run -d -e constraint:storage==ssd mysql Constraints operate on Docker daemon labels. To make the previous example work, Docker must be started with the–label storage=ssd option. More advanced expressions are also supported: docker run --rm -d -e constraint:node!=fed* docker run --rm -d -e constraint:node==/ubuntu-[0-9]+/
  • 50. 50CONFIDENTIAL 50 In some cases, the placement of a container must be relative to other containers. Swarm lets you define those relationships through affinities. The following will run two Redis servers, while guaranteeing they don’t get scheduled on the same machine: AFFINITY docker run -d --name redis_1 -e ‘affinity:container!=redis_*’ redis docker run -d --name redis_2 -e ‘affinity:container!=redis_*’ redis
  • 51. 51CONFIDENTIAL 51 At some point, Swarm will be able to reschedule containers upon host failure. Let’s say you schedule a frontend container with some constraints: FAULT-TOLERANT SCHEDULING docker run -d -e constraint:storage==ssd nginx If the host of this container goes down, Swarm will be able to detect the outage and reschedule this container on another host that can respect the constraint storage==ssd
  • 53. 53CONFIDENTIAL 53 Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. NETWORKING
  • 54. 54CONFIDENTIAL 54 1. Connect containers to each other across different physical or virtual hosts 2. Containers using Networking can be easily stopped, started and restarted without disrupting the connections to other containers 3. You don’t need to create a container before you can link to it. With Networking containers be created in any order and discover each other using their container names NETWORKING
  • 55. 55CONFIDENTIAL 55 You can create a new network with docker network create. In this example, we’ll create a network called “frontend” and run an nginx container inside it: NETWORKING docker network create frontend docker run -d --net=frontend --name web nginx Then we could run a web application in a network called “app” and then use the docker network connect command so our Nginx container can forward connections to it. docker network create app docker run -d --name myapp --net=app <my application container> docker network connect app web Now Nginx should be able to connect to your application using the hostname “myapp.app”