Professional Documents
Culture Documents
Docker
Docker
Docker
● The company, Docker Inc., builds on the work of the Docker community,
makes it more secure, and shares those advancements back to the greater
community.
Docker
https://www.redhat.com/es/topics/containers/what-is-docker
Containers
Containers
https://www.redhat.com/es/topics/containers
What is Docker?
● Docker is a platform designed to make it easier to create, deploy and run
applications by using containers.
● The isolation and security allow you to run many containers simultaneously
on a given host
What is Docker?
Docker works with something called “Linux containers”, these are a set of technologies that
together form (forman) a container (Docker), this set of technologies are called:
● Namespaces: Permite a la aplicación que corre en un contenedor de Docker tener
una vista de los recursos del sistema operativo.
● Cgroups: Permite limitar y medir los recursos que se encuentran disponibles en el
sistema operativo.
● Chroot: Permite tener en el contenedor una vista de un sistema “falso” para el mismo,
es decir, crea su propio entorno de ejecución con su propio root y home.
Thanks to the container, the developer can rest assured (puede estar seguro) that the
application will run on any other Linux machine regardless (sin importar) of any customized
settings that machine might have that could differ from the machine used for writing and
testing the code.
https://opensource.com/resources/what-docker
https://docs.docker.com/engine/docker-overview/
Containers & Virtual Machines
Docker Engine
Docker is a Client - Server Application (un cliente realiza peticiones a otro programa, el
servidor, quien le da respuesta)
A server runs one or more server programs, which share their resources with clients.
Clients request content or service from a server.
- Docker CLI - cliente (command line interface, main way to interact with Docker)
- Rest API (API is the means of communication between client and docker
server)
- Docker Daemon - Server (presta el servicio de docker)
When writing docker in a terminal we are communicating through the API to docker daemon
The daemon creates and manages Docker objects, such as images, containers, networks, and
volumes
Docker Image
● Docker image is a template with instructions for creating containers.
● The layers of the image are created through a file called Dockerfile.
Docker Image
Docker Hub is a public registry that anyone can use, and Docker is configured to look for
images on Docker Hub by default.
https://docs.docker.com/engine/docker-overview/
https://docs.docker.com/get-started/
Dockerfile
● Dockerfile use a simple syntax for defining the steps needed to create the
image and run it.
● When you change the Dockerfile and rebuild the image, only those layers
which have changed are rebuilt.
Dockerfile
The convention is to be UPPERCASE to distinguish them from arguments more easily
https://docs.docker.com/engine/reference/builder/
Dockerfile - container Image
Base Image
FROM centos:7
“Cool_gates” RW
$ docker run apache-centos:apache-cmd
Container LAYER
Dockerfile - container
CMD : Start the service in foreground, if the cmd process dies the container dies
Apache HTTPD is an HTTP server daemon produced by the Apache Foundation. It is a piece
of software that listens for network requests (which are expressed using the Hypertext
Transfer Protocol) and responds to them.
https://geeks.ms/etomas/2019/03/05/curiosidad-esos-nombres-de-contenedores-en-docker/
https://github.com/docker/engine/blob/master/pkg/namesgenerator/names-generator.go
https://docs.docker.com/get-started/
Pull Images
10
Pull Images
Images have tags that are using to versioning the images.
How Can I know what is the name of the image that I need?
- Google : docker centos
Create Images
11
Create Images
FROM centos:7
RUN yum -y install httpd
CMD ["apachectl","-DFOREGROUND"]
12
Layers’ Image
Use of the <history> command:
13
Create Containers
Docker container creation:
14
Create Containers
15
Create Containers
Even though each docker container run command used the same alpine image, each
execution was a separate, isolated container.
Each container has a separate filesystem and runs in a different namespace; by default a
container has no way of interacting with other containers, even those from the same image
Docker users take advantage of this feature not only for security, but to test the effects of
making application changes.
Isolation allows users to quickly create separate, isolated test copies of an application or
service and have them run side-by-side (lado a lado) without interfering with one another.
16
Example of how to the isolation works. If I create a file ‘hello.txt’ this file is only
belongs to the container where I run the instruction.
docker run -it alpine /bin/sh
# echo “hello world” > hello.txt
# ls ; exit
https://training.play-with-docker.com/ops-s1-hello/
Docker Exec
17
1.
Basic
Command for
Docker
Basic Commands ▸ Download CentOS image
● docker pull
docker pull centos
● docker images
● docker rmi
▸ Download CentOS image version 6.7
docker pull centos:6.7
19
Basic Commands ▸ Dockerfile
● docker build
● docker build --help FROM centos
RUN yum install httpd -y
CMD apachectl -DFOREGROUND
▸ Create image
$ docker build -t apache-centos .
20
Basic Commands ▸ Create container
● docker run
$ docker run --name apache-centos -p
● docker run --help 81:80 apache-centos
● docker ps
▸ List containers
$ docker ps (running)
$ docker ps -a (all)
21
EXAMPLES OF
USE THE
DOCKERFILE
INSTRUCTIONS
Dockerfile Instructions
23
●
●
FROM
RUN
▸ Relative path
● COPY
● CMD FROM centos
RUN yum install httpd -y
COPY sb-admin /var/www/html
CMD apachectl -DFOREGROUND
24
If you use COPY /home/yourname/file1, Docker build interprets it as ${docker build working
directory}/home/yourname/file1, if no file with same name here, no file or directory error is
thrown.
● FROM
● RUN FROM centos
● COPY RUN yum install httpd -y
● ENV COPY sb-admin /var/www/html
● CMD ENV foo “hello world!”
RUN echo “$foo” > /var/www/html/test.html
CMD apachectl -DFOREGROUND
25
http://www.sigt.net/general/el-significado-de-foo-bar-y-foobar.html
Basic Commands WORKDIR <path> (cd /path)
● FROM
● RUN FROM centos
● COPY RUN yum install httpd -y
● ENV WORKDIR /var/www/
● WORKDIR COPY sb-admin html/
● CMD ENV foo “hello world!”
RUN echo “$foo” > html/test.html
CMD apachectl -DFOREGROUND
26
Basic Commands EXPOSE <port>
● FROM
● RUN FROM centos
● COPY RUN yum install httpd -y
● EXPOSE COPY sb-admin /var/www/html/
● CMD EXPOSE 8080
CMD apachectl -DFOREGROUND
27
Basic Commands CMD <command>
run.sh
● FROM
● RUN #!/bin/bash
● COPY echo "Iniciando container..."
● CMD apachectl -DFOREGROUND
FROM centos
RUN yum install httpd -y
COPY sb-admin /var/www/html/
COPY run.sh /run.sh
CMD sh /run.sh
28
Build Context
Is the set of files at a specified location PATH or URL.
● The PATH is a directory on your local filesystem. The URL is a Git repository
location.
● Warning: Do not use your root directory ‘/’ as the PATH as it causes the
build to transfer the entire contents of your hard drive to the Docker
daemon.
29
Build Context
When you issue a docker build command, the current working directory is called the build
context
https://docs.docker.com/engine/reference/builder/
.dockerignore File
startbootstrap-sb-admin-2-gh-pages.zip
30
.dockerignore File
Inadvertently including files that are not necessary for building an image results in a
larger build context and larger image size. This can increase the time to build the
image, time to pull and push it, and the container runtime size
Best practices for writing Dockerfiles
31
1. (Decouple applications) One service by image, i.e. do not have a Apache and
MySQL installed in the same image because this was difficult to maintain
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
Multi-line sentences
32
Pipe Dockerfile Through stdin
Docker allow us to build images by piping through stdin.
The hyphen (-) takes the position of the PATH, and instructs Docker to read the
build context (which only contains a Dockerfile) from stdin instead of a directory
33
BusyBox originally aimed to put a complete bootable system on a single floppy disk that
would serve both as a rescue disk and as an installer for the Debian distribution (Wikipedia)
$ touch somefile.txt
34
Dangling Images
It is a image that doesn’t have name <repository> nor tag <none> but they take up
space.
This happen when you create an image with the same name and tag but with
different content.
● Allows to use several FROM within the same Dockerfile to create multiples
images with dependencies.
● Each FROM instruction can use a different base image, you can copy artifacts
from one stage to another, leaving behind you don’t want in the final image.
36
Multi-stage-build
https://docs.docker.com/develop/develop-images/multistage-build/
Multi-stage-build
Create a jar from Maven image and use this jar in a Java image
# Create a folder
mkdir multi-stage && cd multi-stage
# Dockerfile
FROM maven:3.5-alpine as builder
COPY simple-java-maven-app/ /app
RUN cd /app && mvn package
37
Multi-stage-build
Docker images tags with alpine the make reference tha using Alpine Linux distribution and
the reason is because this distribution is minimalist based on Busybox and Musl-libc, what
makes that the final size is much less than an image with Ubuntu or Debian.
# Dockerfile
FROM maven:3.5-alpine as builder
COPY simple-java-maven-app/ /app
RUN cd /app && mvn package
FROM openjdk:8-alpine
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar /opt/app.jar
CMD java -jar /opt/app.jar
38
Multi-stage-build
El peso de la imagen resultante va dado por el tamaño del ultimo FROM definido en el
Dockerfile.
Docker asume que las sentencias previas al FROM son sentencias temporales que no se
requieren en su totalidad en la imagen resultante.
Multi-stage-build
● Create a container and see the logs
# Container creation
$ docker run -d --name c-my-app my-app
The simple-java-maven-app app only print a “Hello World” and the process
Finish. For this reason the container not appears in the running containers.
39
Containers
40
Docker Container
● A container is an additional layer that contains an execution in real-time of an
image.
● The container will execute CentOS that has installed Apache and it will run
the Apache service.
41
Test de docker
localhost:3306
42
this environment, which is isolated from the rest of your system, so you need to map ports
to the outside world
Shell’s container
● When we create a container we can enter to the shell terminal of that
container.
43
root@53e0e38db15c:/# whoami
root
root@53e0e38db15c:/# hostname
53e0e38db15c Inside the terminal
root@53e0e38db15c:/# exit container
44
What is a TTY? It's a terminal interface that supports color output, escape
sequences, moving the cursor around, etc,
Docker exec
● Enter to the terminal with a specific user.
root@53e0e38db15c:/# whoami
root
root@53e0e38db15c:/# hostname
53e0e38db15c
root@53e0e38db15c:/# exit
45
MySQL Database with
Docker
Pull Image
Check DB
status
Create
Container Use the DB
46
IP 172.17.0.2
mysql-db centos
show databases;
Information_schema, mysql,
performance_schema, sys
172.17.0.2:3306
127.0.0.1:3306
47
Host (127.0.0.1)
- 3305 (MySQL-DB)
IP 172.17.0.2
mysql-db centos
172.17.0.2:3306
127.0.0.1:3305
48
Generate
an image
49
50
You can start and stop the container and all the data will remain inside the container,
but, if you need to update the image you will probably to lost the data because you
need to create a new container pointing to the newest image. To solve this problem
you are able to use volumenes.
Any change that you made inside the image you need to recreate the container
Docker users managements
In the Dockerfile you can specify the creation and use of users
FROM centos
ENV BAR foo
RUN useradd daniel
USER daniel
51
Docker users managements
Create a user but not leave it as main user
FROM centos
RUN useradd daniel
52
Limit Container Resources
Create a user but not leave it as main user
53
# List images # Show layers of an image
docker images docker history -H <image>:<tag>
--no-trunc
# Filter images based on conditions
docker images -f dangling=true # Build a images using a different
Dockerfile
# Delete images docker build -t <image_name> -f
docker rmi <image id> </PATH/Dockerfile_name> .
docker rmi <repository>:<tag>
If you have 2 o more image with different
tags and you don’t put the tag in the moment
of delete the image it will delete the
latest version
54
# Create a container # Delete container
docker run -d <image> docker rm <container_name>
# Start container
docker start <container_name> | <container_id>
# Stop container
docker stop <container_name> | <container_id>
# Restart container
docker restart <container_name>|<container_id>
55
# Create a container and database # Commit container
docker run -d --name postgres -e docker commit <container id>
"POSTGRES_PASSWORD=12345678" -e
"POSTGRES_USER=docker" -e # List images
"POSTGRES_DB=docker-db" -p 5432:5432 docker images
postgres
# Tagging the image
# Enter to the container docker image tag <image id> <repository
docker exec -ti postgres bash name>
56
SlidesCarnival icons are editable shapes.
Examples:
57
https://training.play-with-docker.com/ops-stage1/