IT 3300 : Virtualization

Docker

Docker Components

  • Docker Engine: interface for running containers/creating
  • Docker Registry: where images are stored
    • Docker Hub: Cloud service for distributing containers

Docker security

Containers isolate applications from one another and the underlying infrastructure, while providing an added layer of protection for the application.

concepts

Containerization is increasingly popular because containers are:

- Flexible: Even the most complex applications can be containerized.
- Lightweight: Containers leverage and share the host kernel.
- Interchangeable: You can deploy updates and upgrades on-the-fly.
- Portable: You can build locally, deploy to the cloud, and run anywhere.
- Scalable: You can increase and automatically distribute container replicas.
- Stackable: You can stack services vertically and on-the-fly.

Installation

  • I would install on a proxmox vm in your public vlan
  • First, apt install curl
  • Use this command:
  • curl -sSL https://get.docker.com/ | sh
  • Run as normal user:
  • sudo usermod -aG docker joe
  • Reboot, see if docker commands work as normal user.

Images and Containers

  • docker run hello-world
  • docker - indicates to os that we are using this program
  • run - creates and runs a docker container
  • hello-world - which image to put in container

Images and Containers

  • An image is an executable package that includes everything needed to run an application--the code, a runtime, libraries, environment variables, and configuration files.
  • A container is a runtime instance of an image--what the image becomes in memory when executed (that is, an image with state, or a user process).
  • When we ran the command, docker first checked to see if we had a hello-world software image, since we didn't, it found one on docker hub, downloaded it and ran it.

Container vs vm

A container runs natively on Linux and shares the kernel of the host machine with other containers. It runs a discrete process, taking no more memory than any other executable, making it lightweight.

By contrast, a virtual machine (VM) runs a full-blown “guest” operating system with virtual access to host resources through a hypervisor. In general, VMs provide an environment with more resources than most applications need.

Another visual

-

Docker hub

Find and run the whalesay image.

Docker

  • docker images
    • Shows images that are installed or available locally to run
  • docker --help
    • What comands are available to me

Docker Examples

  • docker run debian echo "Hello world"
    • Docker has provisioned and launched our container, executed our echo command, and then shut down the container again. If you were to try to do something similar with a traditional VM, you would be waiting several seconds, possibly minutes.
  • Containers only run as long as their main process

Container isolation

-

Docker Examples

  • docker run -h CONTAINER -i -t debian /bin/bash
    • Gives container a hostname
  • docker ps
  • docker inspect gigantic_leavitt or whatever the name is
  • docker diff gigantic_leavitt #what changes have been made
  • docker logs gigantic_leavitt #cmd history

Docker Examples

  • docker ps -a or docker container ls -a
    • Shows all containers (including stopped ones)
  • docker rm gigantic_leavitt
  • docker commit #save changes to image

Docker image creation

Assume that you have done:

  • docker container run -ti ubuntu bash
  • then you apt update and install something, or create a file
  • now you want to save it.
  • docker container commit CONTAINER_ID
  • tag with docker image tag <IMAGE_ID> sometagname

Container isolation

-

Dockerfile

Dockerfile will define what goes on in the environment inside your container.

  • Map ports to outside world
  • Copy stuff into container
  • Portable to make sure container is same whenever it is run.

Dockerfile Example

   # Use an official Python runtime as a parent image
   FROM python:2.7-slim
   
   # Set the working directory to /app
   WORKDIR /app
   
   # Copy the current directory contents into the container at /app
   COPY . /app
   
   # Install any needed packages specified in requirements.txt
   RUN pip install --trusted-host pypi.python.org -r requirements.txt
   
   # Make port 80 available to the world outside this container
   EXPOSE 80
   
   # Define environment variable
   ENV NAME World
   
   # Run app.py when the container launches
   CMD ["python", "app.py"]

Requirements.txt and app.py.

Build the app

All I have in the directory now is:

  • app.py
  • Dockerfile
  • requirements.txt

Build the app

Build with:

  • docker build -t friendlyhello .

This creates a new image that you should be able to see with docker image ls

Run the app

  • docker run -p 4000:80 friendlyhello
  • docker run -d -p 4000:80 friendlyhello #runs detatched from terminal

Visit the ip:4000 to see your application.

Stop containers

  • docker container stop <id>

Share containers

You can use dockerhub to share. Create an account.

  • docker login
  • docker tag image username/repository:tag
  • docker image ls
  • docker push username/repository:tag

Then others can pull:

  • docker run -p 4000:80 username/repository:tag

Another example

And a good reference to start from is here

Docker Desktop

A nice interface for docker if you don't want to use the command-line.