Parminder Singh
Lead UI Engineer @ Swiggy
Agenda
- Intro
- Architecture & Theory - Deep dive
- Installation
- Docker Images
- Docker Containers
- Docker Compose
- Docker Volume
- Examples - Dev & Prod Setup
What is Docker
"Docker is the only independent container platform that enables organizations to seamlessly - build, share and run any application, anywhere"
Build, Ship and Run
What is Docker
"Docker is the only independent container platform that enables organizations to seamlessly - build, share and run any application, anywhere"
Build, Ship and Run
- Company Docker Inc
- Container runtime & orchestration engine
- Docker open source project Moby
What is Docker
Build, Ship and Run
- Based out of SF by Solomon Hykes
- Started as PaaS provider called "dotCloud"
- dotCloud used LXC (Linux Containers)
- Later, they created a tool for building images named as Docker
- dotCloud rebranded to Docker
- Has Enterprise Edition and Community Edition
- Available as Open Source Project Moby
Docker Inc
Why use Docker?
- Dev/Prod parody
- Exactly same environments guarantee
- Decouple Infra from Application development
- CI/CD out of the box
- Developer productivity - Onboarding
- App isolation - DDoS attack limits to one container, building microservices
- Debugging capabilties - Running prod env on dev
Architecture Deep Dive
Containers
Architecture
- Client - Server architecture
- Client CLI talks to the docker daemon (server)
- Demon handles - building, running, managing docker objects
- They communicate using Rest API using Unix sockets or network interface
- Docker Registry - Store docker images
Docker Objects
Images
- Read only template for creating docker container.
- An Image could be based out of other images.
- It consists of instructions and app binaries, filesystems.
Containers
- Runnable instance of Docker Image
- Attached to network and volumes.
- We can create new images based on a running container
- Level of isolation among containers can be configured
Virtualization
- Emulation or Full Virtualisation
- Host OS intercepts Guest OS software instructions
- Entirely software centric, no hardware
- System resource overhead, slow low performance
- Eg: VMware Player, VirtualBox
- Para Virtualisation
- Runs directly on the hardware, or “bare-metal”
- Guest OS are modified to work with VM
- Eg: Xen, KVM
- Container based or OS Level Virtualisation
- Multiple isolated executions on single Kernel
- Best performance & dynamic resource management
- Eg: Docker, LXC, OpenVZ, Warden
Docker Engine
Docker vs VM
Docker Engine
Docker Engine
Docker Engine
- Container runtime code was taken out from docker demon & put in OCI layer
- runc became the implementation of the OCI runtime spec
- It was light wrapper around libcontainer only
- containerd manages images and lifecycle of the containers - stop, pause, start, delete
- containerd forks the instance of runc for new containers
- runc process exits after creating container
- shim becomes the parent of the running container
Docker Engine
Docker Image
- Read only template for creating containers.
- A bunch of files and a manifest
- Build time construct
- Can't delete image till all it's containers are deleted
- Built using Dockerfile
- Multiple layers - Each layer is extension to previous layer
- Each layer has app binaries, file systems and libraries
Manifest File
Docker Container
- Containers add a run time read-write layer on top of the image file system.
- All changes done during runtime are made in the top writable layer.
- These changes can be saved and committed to create new image.
Docker Container
Containerising the App - Dockerfile
- Create Dockerfile for the application
- Build a docker image using it
- Run the docker image to run container for the app.
Multi-Stage Build
- Keep the docker images size small
- Multiple FROM instructions
- Selectively copy artifacts from one stage to another
Docker Compose
- For defining and running multi-container Docker application
- Commands used to start, stop, pause etc all containers at once
Docker Volume
- Preferred mechanism for persisting data generated by and used by Docker containers
-
Can be used to
- Mount/Map directory or file from host to container
- Create a shared space or directory for containers
docker run -it -p 3000:3000 -v ${PWD}/src:/app/src image-nameversion: '3'
services:
server:
build: ./
ports:
- 5000:5000
volumes:
- ./server/src:/server/src
Examples
Thank You
@paramsingh_66174
Docker
By Param Singh
