2. Agenda
What is Docker
Docker for development
◦ Runtime
◦ Middleware
Docker in CI/CD
◦ Build environments
Docker in production
◦ Docker Swarm
◦ AWS ECS
◦ Kubernetes
5. Docker History
1979: chroot
2007: control groups (Google)
2008: LXC Linux container manager
2013: Docker (dotCloud -> Docker Inc.)
2014: Kubernetes (Google) and ECS (Amazon)
2016: Docker Swarm
2016: Docker native on Windows
december 2017: Amazon goes Kubernetes?
7. Docker Images
Layers of libraries, utilities and a main application
Reuse shared layers
Does not include kernel
Can include Full OS like RedHat EL, Ubuntu, …
Or dedicated OS like Alpine Linux
Minimal linux distribution (130MB)
Limited libc, limited shell tools
Supports Java only since 8u133
8. Dockerfile
Recipe for Docker image
FROM <image>
COPY <src> <dest>
RUN <command>
EXPOSE <port>
ENTRYPOINT <command interpreter, default: ‘/bin/sh -c’>
CMD <command passed to ENTRYPOINT>
9. Docker Registry
Similar to Maven repository for docker images
DockerHub is the default repository
Alternative registry in docker name
docker pull nexusd.hi10.cloud/openjdk:8-jdk-alpine
Push to registry
docker login nexusd.hi10.cloud
docker tag a2a00e606b82 nexusd.hi10.cloud/openjdk:8-jdk-alpine
docker push nexusd.hi10.cloud/openjdk:8-jdk-alpine
10. Docker Registry implementations
Docker Hub (only for open source)
Official ‘registry’ image (Free, Docker based, no GUI)
Docker Enterprise (Commercial)
Nexus Repository Manager (Free or Commercial)
Artifactory (Commercial only)
Amazon ECR
14. Docker Storage
- Anonymous volumes
- When no mapping is
specified
- Created by docker
engine when container
is created
- Named volumes
- Created before
container
- Can be shared
between containers
- Local directory mapping
- Share data between
host and containers
15. Docker for Windows
Windows <= 8 or Windows 10 Home:
VirtualBox
Windows 10 Professional:
Native Docker on MS Hyper-V with Linux Kernel
Also supports a ‘Windows Kernel’ for e.g. Microsoft Server 2016
17. Run development middleware in
Docker
Run MongoDB, PostgresQL, ActiveMQ as docker images.
No need to worry about different OS, different versions, local settings, …
Create one image with all settings that are correct for your application
Also run dependencies as docker images
Maybe mocked versions of it, using Wiremock or Hoverfly
18. Docker-compose
Command-line tool to manage docker projects.
Reads YAML file to run multiple docker containers
Docker command line parameters converted to yaml
Gives internal DNS service names to containers
21. Docker in a CI/CD pipeline
Docker images can be used to package any process, so can be used for
- Build Tools (gradle/maven/go/npm/...)
- Automated tests (JMeter/…)
- Mocked dependencies (Hoverfly/Wiremock/…)
Deliverables also as Docker image instead of war
- Same runtime libraries in DEV/TEST/ACC/PROD
Fully supported in Jenkins
Basis for Amazon CodeBuild
22. Docker multi-stage build
FROM node:latest AS storefront
WORKDIR /usr/src/atsea/app/react-app
COPY react-app .
RUN npm install
RUN npm run build
FROM maven:latest AS appserver
WORKDIR /usr/src/atsea
COPY pom.xml .
RUN mvn -B -f pom.xml -s /usr/share/maven/ref/settings-docker.xml dependency:resolve
COPY . .
RUN mvn -B -s /usr/share/maven/ref/settings-docker.xml package -DskipTests
FROM java:8-jdk-alpine
RUN adduser -Dh /home/gordon gordon
WORKDIR /static
COPY --from=storefront /usr/src/atsea/app/react-app/build/ .
WORKDIR /app
COPY --from=appserver /usr/src/atsea/target/AtSea-0.0.1-SNAPSHOT.jar .
ENTRYPOINT ["java", "-jar", "/app/AtSea-0.0.1-SNAPSHOT.jar"]
CMD ["--spring.profiles.active=postgres"]
Compile your app during Docker build
Avoid sources + build tools in final image
-> Multiple FROM
New since 17.05
24. Risks
Security?
All containers running in PROD should verified
Avoid containers running as root
https://hub.docker.com/r/projectatomic/dockerfile-lint/
Storage Critical applications?
MongoDB ok for standalone, not for a cluster
ElasticSearch does not support instances on Docker
26. Docker standalone
Install default linux with docker engine
Run docker images with individual port mapping
Use DNS + Load Balancer port mapping to name services.
Contra:
Not High Available
Single point of failure
Not easy to scale
27. Docker Swarm
Uses same format as docker-compose
Adds ‘deploy’ properties
Distribute load across different nodes
Detect new nodes
Routes traffic to correct instance
Make sure volumes can be mounted on all nodes
Special Docker for AWS bundle
AutoScalingGroup for worker and manager nodes
Application Load Balancer for traffic routing
Elastic Block Storage for shared volumes
29. Amazon AWS ECS / ECR
ECR: Elastic Container Registry
Free docker registry with IAM authentication
ECS: Elastic Container Services
‘Task definition’ similar to docker-compose project
AWS ECS will handle distribution over availability zones, VPC etc.
AWS ECS will auto-scale on demand (based on CloudWatch alarms)
30. Kubernetes
Container orchestrator from Google, rewrite of internal cluster management system
First deployment option for Google Cloud Platform
Now, they also support simple VM’s
Kubernetes manager for free on Google Cloud Platform
Maybe also on AWS after next week
Existed before Docker Swarm
Docker Swarm functionalities built as docker images
32. Kubernetes Pods
Pod:
● Set of Containers
● Always on the same node
● Have their own IP address
● Can share volumes
● Always scaled together
33. OpenShift
Kubernetes with developer tools added
Built-in Docker Registry
Image Build Scheduler
User Mgmt
Self-hosted or cloud solution (openshift.com)
Cloud solution free for small project (1 GB total RAM)
35. Conclusion
Use docker for projects without microservices? Nope.
Use docker for Development? Sure!
Use docker for CI/CD? Sure!
Use docker for production? Only if you are careful.
- Docker Swarm: easier to use, not a long record of stability.
- Kubernetes: very complicated to use, known to be stable if configured correctly.
- AWS ECS: Somewhere in the middle.