4. What we want?
● Scalability, maintainability, Agility, Portability.
● DevOps tools.
● Improved resource utilization.
● A continuum of abstraction levels.
5. Linux Containers
● Use Linux kernel isolation features to give a VM like environment.
● Process isolation /Sandboxing.
● Example: Lxc, lmctfy, Docker, Rkt
6. Docker
● An easy to use Linux container technology.
● Docker image format.
● It helps in application packaging and delivery.
Docker is a tool that can package an application and its dependencies in a virtual
container that can run on any Linux server. This helps enable flexibility and portability
on where the application can run, whether on premises, public cloud, private cloud,
bare metal, etc. (Wikipedia)
7. Docker Vs Virtualization
Positive expects of Docker:
● Lighter than Virtual machines.
● Size of docker images are very small compared
● We can run more docker containers on a reasonably sized host.
● Deploying and scaling is relatively easy.
● Containers have less startup time.
8. Docker Vs Virtualization
Downside:
● Containers share a single kernel on a host.
● Less secure.
● You might need to redesign your application to take benefits.
9. Technologies behind docker
● Control groups:
○ Control Groups are another key component of Linux Containers
○ With Cgroup we can implement resource accounting and limiting.
○ Ensure that each container gets its fair share of memory, CPU, disk I/O.
○ Thanks to Cgroup, we can make sure that single container cannot bring the system down by
exhausting resources.
● Union file systems:
○ Layered file system so you can have a read only part and a write part, and merge those together.
○ Docker images made up with are layers.
10. Technologies behind docker
Namespaces
● It helps to create isolated workspace for each process.
● When you run a container, Docker creates a set of namespaces for that container.
SELinux
● SELinux provides secure separation of containers by applying SELinux policy and
labels.
11. Technologies behind docker
Capabilities:
● By default Docker drops all capabilities except those needed.
● "root" within a container has much less privileges than the real "root".
● The best practice for users would be to remove all capabilities except those
explicitly required for their processes.
● Even if an intruder manages to escalate to root within a container, it will be much
harder to do serious damage, or to escalate to the host
14. Dockerfiles
● Dockerfile is a text document that contains all the commands a user could call on
the command line to assemble an image.
● docker build can build images using Dockerfile.
● https://github.com/fedora-cloud/Fedora-Dockerfiles
17. Let's talk about real life applications first!
● One application consists of multiple containers.
● One container is dependent on another.
● Mutual dependency/ startup order.
● Process involves building containers and then deploy them
● Long docker run commands
● Complexity is proportional to the number of containers involved.
18. But it is supposed to make our life easy, isn’
t it?
19. Docker Compose
● Tool for defining and running multi-container Docker application.
● It is a YML file.
● Compose contains information about how to build the containers and deploy
containers.
● Integrated with Docker Swarm.
● Competes with Kubernetes.