3. What does Docker do technically?
So:ware
Container
Image
Containeriza>on
DataCenter
Developer
PC
Instan>a>on
Dockerfile
„docker-‐compose“
„docker
run“
Orchestra>on
of
Compound
Services
4. A
Dockerfile
describes
how
to
turn
any
so;ware
ar<fact
Into
a
Docker
Image
# A basic apache server. To use either add or bind mount content
under /var/www
FROM ubuntu:12.04
MAINTAINER Kimbro Staken version: 0.1
RUN apt-get update && apt-get install -y apache2 && apt-get clean
&& rm -rf /var/lib/apt/lists/*
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 80
CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
Install
Apache
into
Ubuntu
Image
Dockerfile by example
hEps://github.com/kstaken/dockerfile-‐examples
Base
Image
Metadata
Basic
Apache2
configura<on
Tell
Docker
that
the
container
exposes
HTTP
How
to
start
it
up
5. Docker Images
• Important:
Docker
executes
Docker
Images,
not
Dockerfiles
• A
Docker
image
contains
everything
to
run
the
so:ware
• Binaries
(Think
/usr/bin)
• Configura>on
(Think
/etc)
• System
Libraries,
Auxiliary
Files,
System
Content
• Layered
File
System
• Each
write
opera>on
adds
a
layer
to
the
file
system
• Image
Inheritance
6. Docker Registry
• Central
repository
for
Docker
images
• docker push <name>
• docker pull <name>
• Enables
sharing
of
executable
images
• Public
Docker
Registry:
Docker
Hub
(14000+
images)
• Enterprise
use:
Need
for
a
private
registry
7. Docker Links
• Wish:
Separa>on
of
Concerns
into
different
containers
• Manual
“composi>on”
via
Docker
Links:
à Containers
need
to
be
started
in
the
right
order
à Even
more
complexity
with
cross-‐host
links
mysql:3306
1) docker pull mysql:latest
docker pull httpd:latest
2) docker run -e MYSQL_ROOT_PASSWORD=123 --name mydb mysql
3) docker run –name web –link mydb:mydb httpd
8. The need for orchestra-on
Some
„Fic>on“:
13
Containers
with
15
links
Challenges
Container/Service
Dependencies
Star>ng
Order
Network
Dynamics
Ressource
Alloca>on
Let‘s
do
this
manually
with
Docker
9. Docker Orchestra-on Tools
Container
Instan>a>on
&
Order
Communica>on
between
containers
&
link
management
Wish
list:
• Transparent
Container
placement
on
infrastructure
• Support
for
service
redundancy
fail-‐over
Docker
orchestra>on
tools
automate
the
instan>a>on
of
service
landscapes.
16. CoreOS Example: High Availability Apache
$
fleetctl
submit
apache@.service
$
fleetctl
start
apache@1
$
fleetctl
start
apache@2
$
fleetctl
list-‐units
UNIT
MACHINE
ACTIVE
SUB
apache@1.service
491586a6.../10.10.1.2
ac>ve
running
apache@2.service
148a18ff.../10.10.1.1
ac>ve
running
Source:
CoreOS
Documenta>on
17.
18. Eight golden Rules for Docker Containers
1. One
Purpose:
Each
container
does
exactly
one
job
2. Working:
The
container
is
func>onal
3. Fix
Dependencies:
All
dependencies
of
the
container
are
sound
4. Minimal:
Contains
only
bare
essen>als
5. Whitebox
Sources
for
the
container
must
be
available
6. Secure
The
container
is
tested
and
checked
regularly
7. Limited
The
container
requires
only
limited
resource
8. Trust
The
maintainer
of
the
container
is
trustworthy.
Its
content
is
not
tampered.
19. Summary
• Docker
provides
mobility
for
so:ware
ar>facts
• „Build
once,
ship
anywhere“
• Deployment
of
compound
services:
Orchestra>on
needed!
• Different
toolchains
available.
• Claim:
We
need
guidelines
for
Docker
use
at
Haufe.
• Many
ques>ons
(unsorted)
• Use
of
private/public
Docker
registries?
• Should
we
containerize
everything?
• How
to
handle
cer>ficates?
• Which
orchestra>on
platorm
to
use?
Which
backend
to
use
for
container
management?