Introduction to Containers

Similar documents
CS-580K/480K Advanced Topics in Cloud Computing. Container III

Introduction to containers

An introduction to Docker

Container-based virtualization: Docker

Travis Cardwell Technical Meeting

Investigating Containers for Future Services and User Application Support

Cross platform enablement for the yocto project with containers. ELC 2017 Randy Witt Intel Open Source Technology Center

[Docker] Containerization

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

Midterm Presentation Schedule

Who is Docker and how he can help us? Heino Talvik

Docker Cheat Sheet. Introduction

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

Docker & why we should use it

Arup Nanda VP, Data Services Priceline.com

Dockerfile & docker CLI Cheat Sheet

Red Hat Containers Cheat Sheet

DEPLOYMENT MADE EASY!

High Performance Containers. Convergence of Hyperscale, Big Data and Big Compute

Getting Started With Containers

LSST software stack and deployment on other architectures. William O Mullane for Andy Connolly with material from Owen Boberg

docker & HEP: containerization of applications for development, distribution and preservation

Docker und IBM Digital Experience in Docker Container

DGX-1 DOCKER USER GUIDE Josh Park Senior Solutions Architect Contents created by Jack Han Solutions Architect

Network softwarization Lab session 2: OS Virtualization Networking

Dockerize Your IT! Centrale Nantes Information Technology Department Yoann Juet Dec, 2018

containerization: more than the new virtualization

Engineering Robust Server Software

Real world Docker applications

Docker for HPC? Yes, Singularity! Josef Hrabal

Containers. Pablo F. Ordóñez. October 18, 2018

Run containerized applications from pre-existing images stored in a centralized registry

A Hands on Introduction to Docker

Infrastructure at your Service. Oracle over Docker. Oracle over Docker

What s Up Docker. Presented by Robert Sordillo Avada Software

agenda PAE Docker Docker PAE

Presented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory CONTAINERS IN HPC WITH SINGULARITY

Think Small to Scale Big

Well, That Escalated Quickly! How abusing the Docker API Led to Remote Code Execution, Same Origin Bypass and Persistence in the Hypervisor via

Docker 101 Workshop. Eric Smalling - Solution Architect, Docker

Faculté Polytechnique

Docker Swarm installation Guide

Docker and Oracle Everything You Wanted To Know

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

Code: Slides:

It s probably the most popular containerization technology on Linux these days

Downloading and installing Db2 Developer Community Edition on Ubuntu Linux Roger E. Sanders Yujing Ke Published on October 24, 2018

Automating the Build Pipeline for Docker Container

OS Virtualization. Linux Containers (LXC)

Deployment Patterns using Docker and Chef

SQL Server inside a docker container. Christophe LAPORTE SQL Server MVP/MCM SQL Saturday 735 Helsinki 2018

SQL Server Containers for Developers. Julie Lerman

OS Containers. Michal Sekletár November 06, 2016

Important DevOps Technologies (3+2+3days) for Deployment

Singularity: Containers for High-Performance Computing. Grigory Shamov Nov 21, 2017

Best Practices for Developing & Deploying Java Applications with Docker

Downloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018

Building A Better Test Platform:

Virtualisation: Jails and Unikernels

OS Security III: Sandbox and SFI

Building Your First SQL Server Container Lab in Docker

Getting Started with Hadoop

Rootless Containers with runc. Aleksa Sarai Software Engineer

PVS Deployment in the Cloud. Last Updated: June 17, 2016

Table of Contents DevOps Administrators

Flip the Switch to Container-based Clouds

BEST PRACTICES FOR DOCKER

The Galaxy Docker Project. our hands-on tutorial

Applications with R and Docker

Containers and isolation as implemented in the Linux kernel

SAINT LOUIS JAVA USER GROUP MAY 2014

The four forces of Cloud Native

Splunk N Box. Splunk Multi-Site Clusters In 20 Minutes or Less! Mohamad Hassan Sales Engineer. 9/25/2017 Washington, DC

PREPARING TO USE CONTAINERS

Tricks of the Captains. Adrian Mouat. Chief Scientist Container Solutions

Docker Container Logging

Dockercon 2017 Networking Workshop

How Docker Compose Changed My Life

Docker on VDS. Aurelijus Banelis

Asterisk & the Docker revolution Some lessons from the trenches

Simple custom Linux distributions with LinuxKit. Justin Cormack

Basic Linux Security. Roman Bohuk University of Virginia

STATUS OF PLANS TO USE CONTAINERS IN THE WORLDWIDE LHC COMPUTING GRID

Docker for Developers

Docker Security. Mika Vatanen

~Deep dive into Windows Containers and Docker~

Docker Deep Dive. Daniel Klopp

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT

what is the problem to be solved

Set up, Configure, and Use Docker on Local Dev Machine

Technical Manual. Software Quality Analysis as a Service (SQUAAD) Team No.1. Implementers: Aleksandr Chernousov Chris Harman Supicha Phadungslip

Deploying Rails with Kubernetes

Index. Bessel function, 51 Big data, 1. Cloud-based version-control system, 226 Containerization, 30 application, 32 virtualize processes, 30 31

Allowing Users to Run Services at the OLCF with Kubernetes

CONTAINERS AND MICROSERVICES WITH CONTRAIL

ISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training

VNS3 3.5 Container System Add-Ons

Fixing the "It works on my machine!" Problem with Docker

Singularity CRI User Documentation

Transcription:

Introduction to Containers Shawfeng Dong Principal Cyberinfrastructure Engineer University of California, Santa Cruz

What are Containers? Containerization, aka operating-system-level virtualization, refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances. Such instances are called containers, or partitions, or jails. Implementations: o chroot (1982) o FreeBSD jail (2000) o Solaris Zones (2004) o OpenVZ (2005) o Docker (2013)

Containers vs. VMs https://docs.docker.com/get-started/

Docker Docker is the most popular container system Uses Linux kernel features, such as cgroups and namespaces, as well as unioncapable file system such as OverlayFS Readily supports DevOps

Benefits of Container-based Solutions Flexible: Even the most complex applications can be containerized. Lightweight: Containers leverage and share the host kernel. Interchangeable: You can deploy updates and upgrades on-the-fly. Portable: You can build locally, deploy to the cloud, and run anywhere. Scalable: You can increase and automatically distribute container replicas. Stackable: You can stack services vertically and on-the-fly. https://docs.docker.com/get-started/

Installing Docker You can install Docker Community Edition (CE) by following the installation instructions. Supported platforms: o Linux Docker's native platform o Docker for Mac (macos) running a custom minimal Linux distro in HyperKit o Docker for Windows (Microsoft Windows 10) running a custom minimal Linux distro in Hyper-V

Post-installation steps for Linux To allow non-root user to run the docker command, create a Unix group called docker and add users to it # create the docker group sudo groupadd docker # add your user to the docker group sudo usermod -ag docker $USER # log out and log back in so that your group membership is re-evaluated Warning: The docker group grants privileges equivalent to the root user! See Docker security. https://docs.docker.com/install/linux/linux-postinstall/

Test Docker version 1. Run docker --version: [dong@hydra ~]$ docker --version Docker version 18.06.0-ce, build 0ffa825 2. Run docker info: [dong@hydra ~]$ docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.06.0-ce Storage Driver: overlay

Containers and Images Container: a running instance that encapsulates required software. Containers are always created from images. Image: an executable package that includes everything needed to run an application the code, a runtime, libraries, environment variables, and configuration files.

Basic docker commands Run the simple Docker image hello-world: docker run hello-world Run the more ambitious Docker image ubuntu: docker run -it --rm ubuntu bash List the images: docker image ls List the containers: docker container ls --all docker ps -a

Docker Networking Docker s networking subsystem is pluggable, using drivers: bridge: The default network driver. host: For standalone containers, remove network isolation between the container and the Docker host, and use the host s networking directly. overlay: Overlay networks connect multiple Docker daemons together and enable swarm services to communicate with each other. macvlan: Macvlan networks allow you to assign a MAC address to a container, making it appear as a physical device on your network. none: For this container, disable all networking. https://docs.docker.com/network/

Docker Networking examples (bridge) List networks: docker network ls Run the Docker image nginx in detached mode: docker run --name nginx1 -p 8080:80 -d nginx Load http://localhost:8080/ in your browser Inspect the bridge network: docker network inspect bridge Inspect the container: docker container inspect nginx1

Docker Networking examples (host) List networks: docker network ls Run the Docker image nginx in detached mode: docker run --network host --name nginx2 -d nginx Load http://localhost:80/ in your browser Inspect the host network: docker network inspect host Inspect the container: docker container inspect nginx2

Docker Storage By default all files created inside a container are stored on a writable container layer. Docker has options for containers to store files in the host machine, so that the files are persisted even after the container stops: o volumes o bind mounts o tmpfs mount https://docs.docker.com/storage/

Choose the right type of mount Volumes are stored in a part of the host filesystem which is managed by Docker (/var/lib/docker/volumes/ on Linux). Non- Docker processes should not modify this part of the filesystem. Volumes are the best way to persist data in Docker. Bind mounts may be stored anywhere on the host system. They may even be important system files or directories! Non-Docker processes on the Docker host or a Docker container can modify them at any time. tmpfs mounts are stored in the host system s memory only, and are never written to the host system s filesystem. https://docs.docker.com/storage/

Docker Storage examples Start an nginx container with a bind mount: docker run --rm --name nginx3 -p 8080:80 \ -v /home/dong/html:/usr/share/nginx/html:ro -d nginx ## or docker run --rm --name nginx3 -p 8080:80 \ --mount type=bind,source=/home/dong/html,target=/usr/share/nginx/html,readonly \ -d nginx Load http://localhost:8080/ in your browser Enter the container: docker exec -it nginx3 bash Inspect the container: docker container inspect -f "{{json.mounts }}" nginx3

Develop with Docker You can create a new Docker image from a container's file changes. Generally, it is better to use Dockerfiles to manage your images in a documented and maintainable way. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image.

Nginx Dockerfile # Pull base image. FROM dockerfile/ubuntu # Install Nginx. RUN add-apt-repository -y ppa:nginx/stable && apt-get update && apt-get install -y nginx && \ rm -rf /var/lib/apt/lists/* && echo "\ndaemon off;" >> /etc/nginx/nginx.conf && \ chown -R www-data:www-data /var/lib/nginx # Define mountable directories. VOLUME ["/etc/nginx/sites-enabled", "/etc/nginx/certs", "/etc/nginx/conf.d", "/var/log/nginx", "/var/www/html"] # Define working directory. WORKDIR /etc/nginx # Define default command. CMD ["nginx"] # Expose ports. EXPOSE 80 EXPOSE 443

A very simple Dockerfile # Pull base image. FROM nginx # Copy static content COPY html /usr/share/nginx/html

Build an Image from a Dockerfile Build an image from a Dockerfile: docker build -t static-nginx. List images: docker images Run the new Docker image static-nginx: docker run --rm --name nginx4 -p 8080:80 -d nginx Load http://localhost:8080/ in your browser Enter the container: docker exec -it nginx4 bash

Manage Docker Images What good is your Docker image if nobody else can use it? There are several ways to get your images out to the work. Docker in Action, by Jeff Nickoloff

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback