Introduction

What is Docker?

• Containerize apps
  • Isolated environment for launching processes
  • Clean separation of environments
  • Sandbox with defined resources
• Simple interface for launching applications

Why should I use Docker?

• Compatibility/dependency management
• Quick dev environment set up
• Easily convert dev environment to staging/prod environment

What is a container?

• Use underlying kernel to run, so any Linux host OS can run any Linux distros in Docker (e.g. CentOS/Alpine on an Ubuntu host)

Hello World

• Hey docker,
  • start a container
  • using the image ubuntu
  • and run the command echo "Hello world"
  • oh, and clean up after you're done
• Docker will
  • look for a local image called ubuntu with tag latest
  • otherwise, look in the default registry (docker.io) and pull it
  • start the container using the specified command
  • remove the container after it terminates

First run:

Subsequent runs:

Images and Containers

• Docker Image
  • Immutable template for containers
  • Can be pulled and pushed to a registry
  • Fixed naming convention:
    • [registry/][user/]name[:tag]
  • Default tag to latest
  • Identified using an image digest (SHA256)
• Docker Container
  • Instance of an image
  • Can be started, stopped, restarted
  • Maintains change within file system

Docker commands

• By default, will run with STDOUT attached to your terminal
• Use CTRL+C to stop
• Alternatively, use -d to run in detached mode

Attach & Detach

Interactive Terminal

• --interactive:  Keep STDIN open even if not attached.

• --tty: Allocate a pseudo-TTY and attach to STDIN.

Port mapping

• Maps a port on the host (localhost:5432) to a port in the docker container
• Can have multiple containers using the same ports, but mapped to different host ports

Port mapping

• todo is a self-hosted todo web app that lets you keep track of your todos in a easy and minimal way. 📝
• Listens on port 8000

• Docker containers are ephemeral. When removed, all data is lost
• We can mount volumes to persist the file system. Docker will overlay the volume onto the image
• Use absolute path for a local volume

Volume mapping

• We can configure the containers using environment variables. This is useful to configure different deployments e.g. staging/prod environments
• todo supports changing the theme:

Environment Variables

• When running in detached mode, we lose access to STDOUT.
• We can use docker logs to look at the logs
  • -f flag to follow the logs

Logs

Inspect

• Useful for troubleshooting
• View information
  • status (running/paused/OOMkilled/dead)
  • image
  • command and args
  • env variables
  • port binds
  • volumes mounts
  • etc

Building your own containers

Why create my own image?

• Cannot find pre-built containers
• Existing containers don't match your requirements
  • e.g. PHP applications that carry their own reverse proxies
• Want to deploy your own applications with Docker

How to create my own image?

1. Plan how to get a working environment from scratch
   • What OS or base image?
   • What dependencies to install?
   • What services does it depend on?
2. Write a Dockerfile using that recipe

Layered architecture

• Each command creates a new layer that builds over the previous
• Helps with incremental building

Choose the right base image

• Reduce build times
• Save disk space if you have multiple images with similar setup

Build it!

• Build the container with a specified tag:

• View the layers using docker history

• Run it

More commands

• Default environment variables

• Declare volumes for mounts

• Declare ports to export

Docker Compose

The Problem

• Deploying a stack of containers with commands is verbose and difficult to maintain
  • Specify all mounts and ports (if bridging to host)
  • Networking between containers
  • Specifying all environment variables
  • How to do version control?
• One solution is to put the configuration into a yaml file
  • e.g. docker-compose.yaml, Kubernetes manifests
  • Check that yaml into a git repository maintained by DevOps team

voting-app

• Python web app for serving front-end for voting
• Node.js web app for showing results
• Redis in-memory DB
• Postgres filesystem DB
• .NET Core worker for consuming votes

Have to link the containers

• Resolves hosts using /etc/hosts
• If "vote" looks for a host called "redis", need to link them for it to resolve

docker-compose.yml

• No need to link
• Docker compose will create a default network and link all services in it

Orchestration

• Manage, scale containerized applications across multiple machines
• Abstracts the concept of individual machines, now think in terms of total resource: CPU, memory
• Containers guarantee they work the same everywhere
• Automatically scale applications up, replace failed containers, perform rolling updates
• e.g.
  • Kubernetes
  • Docker Swarm

Kubernetes

• a.k.a k8s
• Most commonly used orchestration solution
• Use manifest yamls to declare deployment requirements
• Complicated
  • Tools such as Helm and Ksonnet to manage these yamls, allow rolling back entire deployment configs
• Enterprise-grade, offered by cloud solutions
  • e.g. Google Kubernetes Engine, Anthos, Amazon Elastic Kubernetes Service, DigitalOcean Kubernetes
• Not covered today

Docker Swarm

• Docker's solution to orchestration
• Allow using multiple Docker hosts as a single virtual host
• Can use docker-compose.yml almost without change
• Much lighter than k8s, quicker to deploy and lower overhead
• Less complex

Using Docker for Development

Quickly set up a database

• Set up a disposable Postgres or MySQL database quickly
• Restore a database dump if necessary

Mock an S3 endpoint

• MinIO is an S3-compatible block storage solution

Help frontend developers

• No need to understand how the backend is set up
• Just keep a docker-compose.yml in the repository
• Remember to keep secrets off the version control!

Using Docker for Deployment

Reverse Proxies

• Use the request address to proxy HTTP(S) requests to containers
• Just add labels to your containers
• Automatically create configs as containers are added/removed
• Automatically request for and renew LetsEncrypt SSL certs!
• For nginx:
  • jwilder/nginx-proxy
  • jrcs/letsencrypt-nginx-proxy-companion
• For Caddy:
  • lucaslorentz/caddy-docker-proxy

Using GitLab's CI

• GitLab's CI is powerful
• Use it to build your projects
• Deploy to GitLab's container registry
• Even automatically deploy the containers!

Backing up databases

• Don't reinvent the wheel
• Remember to test your backups -- Untested backups are worthless
• For Postgres:
  • prodrigestivill/postgres-backup-local
  • schickling/postgres-backup-s3
• For MariaDB:
  • tiredofit/mariadb-backup

Monitoring Docker

• cAdvisor
  • Collects and exports data about running containers
    • Resource usage
    • Network statistics
• Prometheus
  • Polling time series database, can poll cAdvisor
• Grafana
  • Data visualization and alert system, can use data from Prometheus