Skip to content

container-workbook/docker-workshop

Repository files navigation

Docker Basics

1. What are we looking for?

  • Scalability, Maintainability, Agility, Portability.

  • Improved resource utilization.

  • A continuum of abstraction levels.

2. Linux containers

  • Using Linux kernel process isolation and resource features to give a VM like environment.

  • docker project is three years old, but linux containers are older than that e.g. LXC.

  • Some examples of linux container runtime: LXC, lmctfy, docker, rkt, etc.

3. Introducing docker

  • Sand boxing of process/Application

  • It is an application packaging and delivery mechanism.

  • Lightweight container virtualization platform.

4. Why Developers Care?

  • Build once → run anywhere*

  • A clean, safe, hygienic and portable runtime environment.

  • No worries about missing dependencies, packages, etc.

  • Automate testing, integration, packaging → anything you can script.

  • It is portable* → so it reduces the concern about portability.

5. Why Operations Care?

  • It reduces the time, from developing an application to putting it in to production.

  • The entire lifecycle can made more efficient, consistent and repeatable.

  • Reduce the inconsistencies between development, test, production and customer environment.

  • Because the containers are so light-weight, they significantly address performance, costs, deployment and portability issues.

6. docker vs Virtual Machine

  • Lighter than Virtual machines.

  • Less startup time.

  • We can run a lot of containers on a reasonably sized host.

  • Deploying and scaling is relatively easy.

7. Kernel Features which enables containrization

  • Control Groups

  • Namespaces

  • Union filesystem

  • Kernel Security features

7.1. Namespace

  • It helps to create isolated workspace for each process.

  • When you run a container, docker creates a set of namespaces for that container.

7.2. Cgroup

  • Control Groups are another key component of Linux Containers.

  • With Cgroup we can implement resource accounting and limiting.

  • Ensure that each container gets its fair share of memory, CPU, disk I/O.

  • Thanks to Cgroup, we can make sure that single container cannot bring the system down by exhausting resources.

7.3. Kernel Security features

  • Capabilities

    • By default docker drops all capabilities except those needed.

    • "root" within a container has much less privileges than the real "root".

    • The best practice for users would be to remove all capabilities except those explicitly required for their processes.

    • Even if an intruder manages to escalate to root within a container, it will be much harder to do serious damage, or to escalate to the host

  • Other kernel security features: TOMOYO, AppArmor, SELinux, GRSEC, etc.

7.4. SELinux

  • SELinux provides secure separation of containers by applying SELinux policy and labels.

8. docker Components

  • Image : It is a template which is used to launch containers.

  • Container : Container holds everything that is needed for an application to run.

  • Registry : It stores and serves up the actual image assets, and it delegates authentication to the index.

  • Index : It is the front end of Registry. It manages user accounts, permissions, search, tagging, and all that nice stuff that’s in the public web interface

9. Prerequisite for the workshop

  • You should be able to run docker command line on your workstation or in a VM or a machine running in public clouds.

  • We will recommend you to run a GNU/Linux distribution of your choice on your laptop or atleast a virtual machine. Then you should install docker on it.

    • Most of the Linux distributions e.g. Fedora provides you the docker package from the distribution it self.

    • Refer the below section for commands to install it on Fedora.

  • Before coming for the workshop, pull docker image of Fedora as conferences are not a good place to download stuff from internet.

$ docker pull fedora

10. Next

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published