Snakes on a Ship
What docker containers can do for the Python developer
Let's start filling your head!
(Short) History
- A bunch of .go files, released 2013-01-19 on github
- A global OSS community and enterprise SaaS/PaaS hype since summer 2014
- IANA-assigned ports 2375 and 2376 in 2014
- Supported by every modern Linux distro
- Supported by lots of $money from major tech investors
What does Docker do?
Vs
OS vs. Process Virtualization
Inside a Container
- Run multiple Linux distros in the same Kernel space
on your docker host system, meaning:- Low memory consumption
- Quick startup time for new container instances
- Production and development environments can be exactly the same (finally!)
- Every container is based on an immutable filesystem image and the changes needed to run your app get stacked and isolated on top of this base image using aufs
- Your application lives in a single container, based on an image
- Your application's dependencies like DBs and stuff run in other containers. They are interlinked at runtime with --link
- Every part of the stack is cached on the docker host to make starting, stopping and building containers fast
Some Dockerspeak
- What is an image?
- A portable blueprint for your container
based on a single textfile called Dockerfile
- A portable blueprint for your container
- What is a container?
- A running Linux server based on an image which is
usually executing a single application in a small
pidspace and may be interlinked with other containers
- A running Linux server based on an image which is
- What is a volume?
- Space on disk which gets mounted to one or multiple containers during their runtime for data persistence
- What is a Docker registry?
- Github for Dockerfiles
What is Github?
Mindset
- Don't think of virtualization, think of running processes
- Containers are tiny and should only run one process
- Software in containers shouldn't be updated at runtime but replaced by a new version (=immutable deployments)
- Containers are isolated from each other by default
- Build complex stacks by interlinking containers
- Data is stored outside the container on the Docker host
- Exception: Container Volumes
- Containers can be exported and imported as tarfiles. With docker, you just deal with files, not with disk images
- docker cp jenkins_container:/var/jenkins_home - \
>./jenkins_home.tar.gz
- docker cp jenkins_container:/var/jenkins_home - \
Lets run...
$> docker run -i -t python:2 $> docker run -i -t python:3
Note:
- We just instantiated a Docker container on our remote Docker host based on an Docker image for Python
- Our local `docker` client attached an interactive pseudo-TTY for in and output
- Strg+c kills the container
Start a module
$> docker run -it -p 8888:8888 \ python:3 python -m http.server 8888 $> curl -i <server>:8888
- We just instantiated a Docker container on our remote Docker host based on an Docker image for Python
- Our local `docker` client attached an interactive pseudo-TTY for in and output
- We overwrite the default CMD with our own command
A bit of introspection
$> docker info
$> docker stats $> docker run -it -d --name utnubu ubuntu $> docker inspect utnubu | jq '.' $> docker exec -it utnubu /bin/bash $> # ps, top, uname -a, apt-get, what you want
- We just instantiated a Docker container on our remote Docker host based on an Docker image for Ubuntu
- We check some information about the container
Lets dockerize a flask web app
using a little Dockerfile to build our own image
Our application
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello World!"
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000)
./Dockerfile
FROM python:3 ADD ./app.py app.py RUN pip install flask EXPOSE 5000 CMD ["python", "app.py"]
We now have:
/tmp/flaskapp $> tree . ├── Dockerfile └── app.py
Build, check & run
our new container
$> docker build -t demoapp . $> docker images $> docker run -d -p 8888:5000 demoapp $> docker ps $> open http://$(docker-machine ip):8888/
The good
-
User friendly & lightweight
-
Solves the dependency hell
-
Reusability by design
-
Client/server RESTful communication API
-
Promotes github-like community and collaboration through a public registry (or your private registry)
-
Data in- and output is
(tar-)file based -
Massive, growing ecosystem
The bad (IMHO)
-
Dockerfiles feel restrictive and dowdy compared to ansible playbooks for example
-
Then again: Integration in Ansible is great!
-
-
No orchestration built in,this has been solved by docker swarm -
The Docker volumes are an afterthought, not a first class citizen,this has been addressed by the `docker volume` subcommand -
Security (more room for privilege-escalation and human error)
Snakes on a Ship
By Stefan Antoni
Snakes on a Ship
An introduction to Docker from the perspective of a Python developer.
- 2,602