SlideShare ist ein Scribd-Unternehmen logo

Tips and Tricks of the Docker Captains

Docker, Inc.
Docker, Inc.

Docker Captain Adrian Mouat will present a grab bag of tips and tricks for getting the most out of Docker. These tips are aimed at avoiding common pitfalls, addressing common misunderstandings and making common operations easier. Topics covered will include: - Build Processes - Security - Volumes - Databases - Debugging and Maintenance - Calling Docker from Docker Whilst aimed primarily at new and intermediate users, even advanced users should pick up some new information. This talk will make your daily life with Docker easier!

Technologie
1 von 47
Downloaden Sie, um offline zu lesen
Tricks of the Captains Adrian Mouat Chief Scientist @ Container Solutions
Tricks of the Captains ● A hodgepodge of tricks from members of the Docker Captains Programme ● And other luminaries of microservices and containers
Daily Development
Configure docker ps Output Default output of docker ps (or docker container ls) $ docker ps CONTAINER ID IMAGE COMMAND ... 0f1f72c9aac0 nginx "nginx -g 'daemon ... Takes up too much width, difficult to read
Configure docker ps Output Solution is to use the --format argument $ docker ps --format "table {{.Names}}t{{.Image}}t{{.Status}}" NAMES IMAGE STATUS web nginx Up 25 minutes https://docs.docker.com/engine/reference/commandline/ps/#formatting
Configure docker ps Output Make it a permanent default by adding it to config.json $ cat ~/.docker/config.json {... "psFormat": "table {{.ID}}t{{.Names}}t{{.Image}}t{{.Status}}"} https://docs.docker.com/engine/reference/commandline/cli/#configuration-file s
File Mounting Gotcha Beware when mounting a single file as a volume $ cat index.html Moby Rules! $ docker run -d -p 8000:80 -v $PWD/index.html:/usr/share/nginx/html/index.html nginx 0cdacef2cbaea960f710d90900b23c57550aaf626ccd2752f3a9287b7e5 $ curl localhost:8000 Moby Rules!
File Mounting Gotcha $ vi index.html ... $ cat index.html Gordon Rules! $ curl localhost:8000 Moby Rules! ?
File Mounting Gotcha Volumes are mounted at the inode level Text editors save to a new inode Solutions: ● mount parent directory ○ -v $PWD:/usr/share/nginx/html ● copy modified file ○ cp new.html index.html ● overwrite with > ○ echo “bla” > index.html Thanks Antonis Kalipetis!
Cleaning Up Delete “dangling” images (<none> images) $ docker image prune WARNING! This will remove all dangling images. Are you sure you want to continue? [y/N] y Deleted Images: deleted: sha256:708624719836212ccb681d5898a64ebfcc4569f37460537609f6db6 … Total reclaimed space: 3.677 GB
Cleaning Up Delete stopped containers$ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c48112959 … Total reclaimed space: 304.6 MB $ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c481129 59 … Total reclaimed space: 304.6 MB
Cleaning Up $ docker volume prune WARNING! This will remove all volumes not used by at least one container. … Total reclaimed space: 3.494 GB $ docker network prune WARNING! This will remove all networks not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Networks: ...
Cleaning Up All in one$ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c48112959 … Total reclaimed space: 304.6 MB $ docker system prune WARNING! This will remove: - all stopped containers - all volumes not used by at least one container - all networks not used by at least one container - all dangling images
Building Images Sidenote: Also see Abby Fuller “Creating Effective Docker Images”
The Build Context The . in $ docker build -t myimage . ● Tarballed and sent to the Docker Daemon ● Don’t run a build from ~/ or Downloads! ● Use .dockerignore to exclude large directories
Don’t Bust the Build Cache To keep builds fast, add dependencies before source code in Dockerfiles ... COPY ./ /usr/src/ RUN npm install ... ... COPY package.json /usr/src/ RUN npm install COPY ./ /usr/src/ ...
Minimal Images ● Good for security ○ Less software that can be exploited ● Good for distribution ○ Faster updates, less network costs
Minimal Images ● Alpine ○ Only ~ 5MB! ○ Uses musl, smaller package manager ● Debian Slim ○ Around 55MB
Minimal Images ● Scratch and static binaries FROM rust:1.20 as builder … RUN cargo build --release --target x86_64-unknown-linux-musl FROM scratch COPY --from=builder /.../release/mybin /mybin USER 65534 CMD ["/mybin"]
Beware of “latest” ● Nothing special about tag ○ Not guaranteed to be “new” ○ Not guaranteed to exist Default used when no tag specified docker push/pull/build myimage == docker push/pull/build myimage:latest
Use Meaningful Tags ● Semantic versioning ○ docker build -t myimage:1.2.1 . ● Git hash ○ docker tag myimage:1.2.1 myimage:$(git rev-parse --short HEAD) Make it obvious what is running in production!
And Labels for the Rest $ docker build --label org.opencontainers.image.created= "$(date --rfc-3339=s)" -t myimage . ... $ docker inspect -f "{{json .ContainerConfig.Labels}}" myimage {"org.opencontainers.image.created":"2017-10-05 16:21:00+01:00"} See Annotations in the OCI image spec and Gareth Rushgrove on why standard metadata is important
Container Lifecycle
Start-up Dependably ● Do not require containers to start in sequence ● If a container depends on another service: ○ It should wait for that service ○ Do not crash - back off ● Do this in application code ○ or start-up script if you can’t See 12 Fractured Apps by Kelsey Hightower
Shutdown Gracefully When Docker stops a container, it will: ● Send the container a SIGTERM signal ● Wait 10s for the container to stop ● Hard kill the container with a SIGKILL
Shutdown Gracefully Proper handling of SIGTERM will mean: ● The application gets a chance to “tidy up” ○ close network connections, sockets, handles ○ write data to file or database ○ output to log ● Faster shutdown of the container Sreenivas Makam on Docker Features for Handling Container Death
Shutdown Gracefully To ensure your application receives signals either: ● Run it as PID 1 ○ Use exec in any start-up scripts ● Or forward signals to it ○ tini can help https://github.com/krallin/tini ● Prefer node to npm for starting node.js apps ○ Bret Fisher Node and Docker Good Defaults
Healthchecks Used by Docker to determine “health” of container FROM nginx RUN apt-get update && apt-get install -y curl HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost/ || exit 1 Thanks Laura Frank!
Healthchecks Used by Docker to determine “health” of container FROM nginx RUN apt-get update && apt-get install -y curl HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost/ || exit 1
Healthchecks Give better status output $ docker ps CONTAINER ID ... STATUS 79616fdd4308 Up 3 seconds (health: starting) $ docker ps CONTAINER ID ... STATUS 79616fdd4308 Up 16 seconds (healthy)
Healthchecks ● Docker Swarm Mode will only route to healthy containers ○ Essential for zero-downtime deploys ● Healthcheck event for integration with other services
Healthchecks ● Note command runs in the container ○ Not on the host ● Using curl is a good start but ○ Extra dependency ○ Can be limiting ○ Consider writing bespoke tool Elton Stoneman on Docker Healthchecks Thanks Michael Irwin!
Security Sidenote: Also see pretty much anything by Diogo Monica & Nathan McCauley
Read Only Filesystem An easy way to improve security $ docker run -d --name n1 --read-only -p 8000:80 --tmpfs /var/run --tmpfs /var/cache/nginx nginx c1da395bec73ef7933fecb6d8d821140ce203c426c433e5102d25e46cdb66 $ docker exec n1 /bin/bash -c 'echo "HACKED" > /usr/share/nginx/html/index.html' /bin/bash: /usr/share/nginx/html/index.html: Read-only file system
Don’t Run as Root Set a USER in Dockerfiles e.g: FROM debian RUN groupadd -r mygroup && useradd -r -g mygroup myuser … USER myuser Or use the nobody user
Don’t Run as Root Sometimes need to change user at run-time sudo works, but has a drawback: $ docker run debian-with-sudo sudo -u nobody ps ax PID TTY STAT TIME COMMAND 1 ? Rs 0:00 sudo -u nobody ps ax 7 ? R 0:00 ps ax
Don’t Run as Root Instead use gosu by Tianon Gravi $ docker run debian-with-gosu gosu nobody ps ax PID TTY STAT TIME COMMAND 1 ? Rs 0:00 ps ax https://github.com/tianon/gosu
Other stuff
Docker-in-Docker ● A lot of people want to run Docker in Docker ○ Often for CI/CD ● Normally this is a bad ideaTM ○ Issues with filesystems ○ Also caching, image stores Jérôme Petazzoni Do Not Use DinD For CI
Docker-in-Docker Instead, mount the Docker socket: $ docker run -v /var/run/docker.sock:/var/run/docker.sock docker docker ps CONTAINER ID IMAGE COMMAND ... 8bdba5bc5c7a docker "docker-entrypoint.sh" ...
Docker-in-Docker If you really need true DinD $ docker run --privileged --name dind -d docker:dind 4b78ae49d77dcf3c2e169c9e4440ace0813676f76e998f0aea2ef065a4b $ docker run --link dind:docker docker docker run -d nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx ... $ docker run --rm --link dind:docker docker docker ps CONTAINER ID IMAGE COMMAND ... 983cd6cb5a82 nginx "nginx -g 'daemon off" ...
Docker and GUIs You can run GUI apps in containers! $ docker run -d -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY --device /dev/snd:/dev/snd --name spotify jess/spotify Jessie Frazelle Docker Containers on the Desktop
Thanks for listening! @adrianmouat
References Good Defaults for Node and Docker - Bret Fisher 12 Fractured Apps - Kelsey Hightower Least Privilege Containers - Nathan McCauley and Diogo Monica Gosu - sudo for containers by Tianon Gravi tini - minimal init system for containers by Thomas Orozco Docker Containers on the Desktop - Jessie Frazelle
References Docker Features for Handling Container Death and Resurrection by Sreenivas Makam Creating Effective Docker Images - Abby Fuller, DockerConEU 2017 Multi-stage builds - Alex Ellis Do Not Use DinD For CI - Jérôme Petazzoni Docker Healthchecks - Elton Stoneman Annotations in the OCI image spec Thanks to all the captains for discussions!

Empfohlen

DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...Docker, Inc.
 
DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2Docker, Inc.
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1Docker, Inc.
 
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22Ajeet Singh Raina
 
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境謝 宗穎
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
What's New in Docker 1.12?
What's New in Docker 1.12?What's New in Docker 1.12?
What's New in Docker 1.12?Ajeet Singh Raina
 

Empfohlen

DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...Docker, Inc.
 
DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2DockerCon EU 2017 - General Session Day 2
DockerCon EU 2017 - General Session Day 2Docker, Inc.
 
DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1DockerCon EU 2017 - General Session Day 1
DockerCon EU 2017 - General Session Day 1Docker, Inc.
 
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22
Service Discovery & Load-Balancing under Docker 1.12.0 @ Docker Meetup #22Ajeet Singh Raina
 
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境謝 宗穎
 
Container Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeContainer Orchestration from Theory to Practice
Container Orchestration from Theory to PracticeDocker, Inc.
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
What's New in Docker 1.12?
What's New in Docker 1.12?What's New in Docker 1.12?
What's New in Docker 1.12?Ajeet Singh Raina
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGAjeet Singh Raina
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET AppsDocker, Inc.
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeAjeet Singh Raina
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Docker on Docker
Docker on DockerDocker on Docker
Docker on DockerDocker, Inc.
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep DiveDocker, Inc.
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupAjeet Singh Raina
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 
Moby and Kubernetes entitlements
Moby and Kubernetes entitlements Moby and Kubernetes entitlements
Moby and Kubernetes entitlements Docker, Inc.
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtimeDocker, Inc.
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Docker, Inc.
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
The state of containerd
The state of containerdThe state of containerd
The state of containerdDocker, Inc.
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 

Weitere ähnliche Inhalte

Andere mochten auch

Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGAjeet Singh Raina
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET AppsDocker, Inc.
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeAjeet Singh Raina
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep DiveDocker, Inc.
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupAjeet Singh Raina
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerDocker, Inc.
 
Moby and Kubernetes entitlements
Moby and Kubernetes entitlements Moby and Kubernetes entitlements
Moby and Kubernetes entitlements Docker, Inc.
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtimeDocker, Inc.
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Docker, Inc.
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker, Inc.
 
The state of containerd
The state of containerdThe state of containerd
The state of containerdDocker, Inc.
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsDocker, Inc.
 

Andere mochten auch (19)

Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUG
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET Apps
 
Deep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm ModeDeep Dive into Docker Swarm Mode
Deep Dive into Docker Swarm Mode
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
 
Docker on Docker
Docker on DockerDocker on Docker
Docker on Docker
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & Microservices
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep Dive
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore Meetup
 
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, DockerUnder the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker
 
Moby and Kubernetes entitlements
Moby and Kubernetes entitlements Moby and Kubernetes entitlements
Moby and Kubernetes entitlements
 
Containerd internals: building a core container runtime
Containerd internals: building a core container runtimeContainerd internals: building a core container runtime
Containerd internals: building a core container runtime
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
The state of containerd
The state of containerdThe state of containerd
The state of containerd
 
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT SystemsIntegrating Docker EE into Société Générale's Existing Enterprise IT Systems
Integrating Docker EE into Société Générale's Existing Enterprise IT Systems
 

Mehr von Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

Mehr von Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Kürzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Tips and Tricks of the Docker Captains

  • 1. Tricks of the Captains Adrian Mouat Chief Scientist @ Container Solutions
  • 2.
  • 3. Tricks of the Captains ● A hodgepodge of tricks from members of the Docker Captains Programme ● And other luminaries of microservices and containers
  • 5. Configure docker ps Output Default output of docker ps (or docker container ls) $ docker ps CONTAINER ID IMAGE COMMAND ... 0f1f72c9aac0 nginx "nginx -g 'daemon ... Takes up too much width, difficult to read
  • 6. Configure docker ps Output Solution is to use the --format argument $ docker ps --format "table {{.Names}}t{{.Image}}t{{.Status}}" NAMES IMAGE STATUS web nginx Up 25 minutes https://docs.docker.com/engine/reference/commandline/ps/#formatting
  • 7. Configure docker ps Output Make it a permanent default by adding it to config.json $ cat ~/.docker/config.json {... "psFormat": "table {{.ID}}t{{.Names}}t{{.Image}}t{{.Status}}"} https://docs.docker.com/engine/reference/commandline/cli/#configuration-file s
  • 8. File Mounting Gotcha Beware when mounting a single file as a volume $ cat index.html Moby Rules! $ docker run -d -p 8000:80 -v $PWD/index.html:/usr/share/nginx/html/index.html nginx 0cdacef2cbaea960f710d90900b23c57550aaf626ccd2752f3a9287b7e5 $ curl localhost:8000 Moby Rules!
  • 9. File Mounting Gotcha $ vi index.html ... $ cat index.html Gordon Rules! $ curl localhost:8000 Moby Rules! ?
  • 10. File Mounting Gotcha Volumes are mounted at the inode level Text editors save to a new inode Solutions: ● mount parent directory ○ -v $PWD:/usr/share/nginx/html ● copy modified file ○ cp new.html index.html ● overwrite with > ○ echo “bla” > index.html Thanks Antonis Kalipetis!
  • 11. Cleaning Up Delete “dangling” images (<none> images) $ docker image prune WARNING! This will remove all dangling images. Are you sure you want to continue? [y/N] y Deleted Images: deleted: sha256:708624719836212ccb681d5898a64ebfcc4569f37460537609f6db6 … Total reclaimed space: 3.677 GB
  • 12. Cleaning Up Delete stopped containers$ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c48112959 … Total reclaimed space: 304.6 MB $ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c481129 59 … Total reclaimed space: 304.6 MB
  • 13. Cleaning Up $ docker volume prune WARNING! This will remove all volumes not used by at least one container. … Total reclaimed space: 3.494 GB $ docker network prune WARNING! This will remove all networks not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Networks: ...
  • 14. Cleaning Up All in one$ docker container prune WARNING! This will remove all stopped containers. Are you sure you want to continue? [y/N] y Deleted Containers: 6e5033be3e106d04912fb91b966abc693b77ae47d85946190bdbe73c48112959 … Total reclaimed space: 304.6 MB $ docker system prune WARNING! This will remove: - all stopped containers - all volumes not used by at least one container - all networks not used by at least one container - all dangling images
  • 15. Building Images Sidenote: Also see Abby Fuller “Creating Effective Docker Images”
  • 16. The Build Context The . in $ docker build -t myimage . ● Tarballed and sent to the Docker Daemon ● Don’t run a build from ~/ or Downloads! ● Use .dockerignore to exclude large directories
  • 17. Don’t Bust the Build Cache To keep builds fast, add dependencies before source code in Dockerfiles ... COPY ./ /usr/src/ RUN npm install ... ... COPY package.json /usr/src/ RUN npm install COPY ./ /usr/src/ ...
  • 18. Minimal Images ● Good for security ○ Less software that can be exploited ● Good for distribution ○ Faster updates, less network costs
  • 19. Minimal Images ● Alpine ○ Only ~ 5MB! ○ Uses musl, smaller package manager ● Debian Slim ○ Around 55MB
  • 20. Minimal Images ● Scratch and static binaries FROM rust:1.20 as builder … RUN cargo build --release --target x86_64-unknown-linux-musl FROM scratch COPY --from=builder /.../release/mybin /mybin USER 65534 CMD ["/mybin"]
  • 21. Beware of “latest” ● Nothing special about tag ○ Not guaranteed to be “new” ○ Not guaranteed to exist Default used when no tag specified docker push/pull/build myimage == docker push/pull/build myimage:latest
  • 22. Use Meaningful Tags ● Semantic versioning ○ docker build -t myimage:1.2.1 . ● Git hash ○ docker tag myimage:1.2.1 myimage:$(git rev-parse --short HEAD) Make it obvious what is running in production!
  • 23. And Labels for the Rest $ docker build --label org.opencontainers.image.created= "$(date --rfc-3339=s)" -t myimage . ... $ docker inspect -f "{{json .ContainerConfig.Labels}}" myimage {"org.opencontainers.image.created":"2017-10-05 16:21:00+01:00"} See Annotations in the OCI image spec and Gareth Rushgrove on why standard metadata is important
  • 25. Start-up Dependably ● Do not require containers to start in sequence ● If a container depends on another service: ○ It should wait for that service ○ Do not crash - back off ● Do this in application code ○ or start-up script if you can’t See 12 Fractured Apps by Kelsey Hightower
  • 26. Shutdown Gracefully When Docker stops a container, it will: ● Send the container a SIGTERM signal ● Wait 10s for the container to stop ● Hard kill the container with a SIGKILL
  • 27. Shutdown Gracefully Proper handling of SIGTERM will mean: ● The application gets a chance to “tidy up” ○ close network connections, sockets, handles ○ write data to file or database ○ output to log ● Faster shutdown of the container Sreenivas Makam on Docker Features for Handling Container Death
  • 28. Shutdown Gracefully To ensure your application receives signals either: ● Run it as PID 1 ○ Use exec in any start-up scripts ● Or forward signals to it ○ tini can help https://github.com/krallin/tini ● Prefer node to npm for starting node.js apps ○ Bret Fisher Node and Docker Good Defaults
  • 29. Healthchecks Used by Docker to determine “health” of container FROM nginx RUN apt-get update && apt-get install -y curl HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost/ || exit 1 Thanks Laura Frank!
  • 30. Healthchecks Used by Docker to determine “health” of container FROM nginx RUN apt-get update && apt-get install -y curl HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost/ || exit 1
  • 31. Healthchecks Give better status output $ docker ps CONTAINER ID ... STATUS 79616fdd4308 Up 3 seconds (health: starting) $ docker ps CONTAINER ID ... STATUS 79616fdd4308 Up 16 seconds (healthy)
  • 32. Healthchecks ● Docker Swarm Mode will only route to healthy containers ○ Essential for zero-downtime deploys ● Healthcheck event for integration with other services
  • 33. Healthchecks ● Note command runs in the container ○ Not on the host ● Using curl is a good start but ○ Extra dependency ○ Can be limiting ○ Consider writing bespoke tool Elton Stoneman on Docker Healthchecks Thanks Michael Irwin!
  • 34. Security Sidenote: Also see pretty much anything by Diogo Monica & Nathan McCauley
  • 35. Read Only Filesystem An easy way to improve security $ docker run -d --name n1 --read-only -p 8000:80 --tmpfs /var/run --tmpfs /var/cache/nginx nginx c1da395bec73ef7933fecb6d8d821140ce203c426c433e5102d25e46cdb66 $ docker exec n1 /bin/bash -c 'echo "HACKED" > /usr/share/nginx/html/index.html' /bin/bash: /usr/share/nginx/html/index.html: Read-only file system
  • 36. Don’t Run as Root Set a USER in Dockerfiles e.g: FROM debian RUN groupadd -r mygroup && useradd -r -g mygroup myuser … USER myuser Or use the nobody user
  • 37. Don’t Run as Root Sometimes need to change user at run-time sudo works, but has a drawback: $ docker run debian-with-sudo sudo -u nobody ps ax PID TTY STAT TIME COMMAND 1 ? Rs 0:00 sudo -u nobody ps ax 7 ? R 0:00 ps ax
  • 38. Don’t Run as Root Instead use gosu by Tianon Gravi $ docker run debian-with-gosu gosu nobody ps ax PID TTY STAT TIME COMMAND 1 ? Rs 0:00 ps ax https://github.com/tianon/gosu
  • 40. Docker-in-Docker ● A lot of people want to run Docker in Docker ○ Often for CI/CD ● Normally this is a bad ideaTM ○ Issues with filesystems ○ Also caching, image stores Jérôme Petazzoni Do Not Use DinD For CI
  • 41. Docker-in-Docker Instead, mount the Docker socket: $ docker run -v /var/run/docker.sock:/var/run/docker.sock docker docker ps CONTAINER ID IMAGE COMMAND ... 8bdba5bc5c7a docker "docker-entrypoint.sh" ...
  • 42. Docker-in-Docker If you really need true DinD $ docker run --privileged --name dind -d docker:dind 4b78ae49d77dcf3c2e169c9e4440ace0813676f76e998f0aea2ef065a4b $ docker run --link dind:docker docker docker run -d nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx ... $ docker run --rm --link dind:docker docker docker ps CONTAINER ID IMAGE COMMAND ... 983cd6cb5a82 nginx "nginx -g 'daemon off" ...
  • 43. Docker and GUIs You can run GUI apps in containers! $ docker run -d -v /tmp/.X11-unix:/tmp/.X11-unix -e DISPLAY=unix$DISPLAY --device /dev/snd:/dev/snd --name spotify jess/spotify Jessie Frazelle Docker Containers on the Desktop
  • 44.
  • 46. References Good Defaults for Node and Docker - Bret Fisher 12 Fractured Apps - Kelsey Hightower Least Privilege Containers - Nathan McCauley and Diogo Monica Gosu - sudo for containers by Tianon Gravi tini - minimal init system for containers by Thomas Orozco Docker Containers on the Desktop - Jessie Frazelle
  • 47. References Docker Features for Handling Container Death and Resurrection by Sreenivas Makam Creating Effective Docker Images - Abby Fuller, DockerConEU 2017 Multi-stage builds - Alex Ellis Do Not Use DinD For CI - Jérôme Petazzoni Docker Healthchecks - Elton Stoneman Annotations in the OCI image spec Thanks to all the captains for discussions!