intro to containerization

INTRODUCTION TO CONTAINERIZATION

BALINT PATO

SOFTWARE CRAFTSMANSHIP NYC MEETUP 11/17/2016

CURRICULUM FOR TODAY

▸ slides: curriculum

▸ hands-on: install docker, hello-world

▸ slides: containerization foundations

▸ hands-on: build an image from an app, run it, peak into the container

▸ slides: isolation and resource management

▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments!

▸ discussion



LET’S START HANDS-ON

TEST> docker run hello-world


WHAT IS CONTAINERIZATION?

▸ metaphor I. shipping container

▸ standard packaging

▸ isolation method

▸ composability


WHAT IS CONTAINERIZATION?

▸ metaphor II.lightweight, fast virtualization

▸ a container is like a virtual machine but magnitudes faster to spin it up

▸ own networking stack

▸ own filesystem

▸ own process IDs

▸ …but it runs on a host machine!


BENEFITS: WHAT ARE CONTAINERS GOOD FOR?

▸ repeatability: I build the image once, and deploy (roughly) the same thing prod

▸ portability: as long as the runtime is available for a platform, the container can run there too.

▸ reusable filesystem setup: layers are the base of reuse

▸ standard execution and distribution: most (I consider windows preview only) software stacks are supported

▸ density: I can deploy multiple instances next to each other and split up the resources


BENEFITS: CLOUD NATIVE ARCHITECTURE

an important piece in the cloud puzzle


DEFINITIONS

▸ containerization platform: a family of technologies to isolate processes from each other, so that processes run as if they are running in a normal operating system while - enforced by the container runtime - they actually share the resources of a single host without having the ability to see each other's or the host's processes and resources. A platform also has opinion about the runtime and the lifecycle of the image, from building to distribution. Examples: LXC, Rkt, Docker

▸ container runtime: container execution environment, which enforces the limited shares of resources (e.g. cpu, memory, disk) allocated to the containerized application, also exposes API and tools around managing containers. Examples: LXD, Docker daemon, Rkt process

▸ image: an image defines the filesystem and execution parameters for the container. Images can be layered, composable, depending on the format. Examples: Docker image, appc, LXC image format

EXERCISE: LET’S BUILD AN IMAGE!


FROM alpine RUN apk add --no-cache bash curl py-pip RUN pip install --upgrade pip RUN pip install flask COPY ./app.py / ENTRYPOINT python /app.py

2. create docker-start/Dockerfile with the following content

> git clone https://github.com/balopat/docker-starter

1. get some sample code, discuss the flask app

> docker build -t nanoservice .

3. build the image and discuss: What can these instructions mean?

EXERCISE: LET’S RUN IT!


> docker images

1. list images on your machine, discuss: what can you see?

> docker run -d -p 1234:5000 nanoservice

2. spin up a container, discuss: what’s the output?

> docker ps

3. list running containers, discuss the output

> docker logs <container-id>

4. get the logs, discuss the output - try accessing the app

EXERCISE: WHAT’S IN THE BOX?


> docker exec <container-id> ls /

1. run this and discuss

> docker exec -ti <container-id> bash

2. run this and experiment around

container> ps ax

3. how many processes are in the container? what are their PIDs?

container> curl localhost:5000

4. try accessing the app from inside


KEEP IN MIND: THE DOCKER ARCHITECTURE: CLIENT-SERVER


ISOLATION AND RESOURCE SHARING

▸ linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html ▸ hostname

▸ net

▸ pid

▸ users

▸ mounts

▸ …

▸ linux cgroups https://en.wikipedia.org/wiki/Cgroups ▸ CPU share

▸ CPU set

▸ memory

▸ block I/O

▸ network priority

▸ …


EXERCISE: PUNCH A WHOLE ON THE CONTAINER

> docker run -d -p 1234:5000 nanoservice

1. spin up a container with port mapping and discuss: what’s the output? what does docker ps show?

2. On Mac + Ubuntu desktops just access http://localhost:5000,

[on Windows with Docker Toolbox:

a.) find the boot2docker VM’s IP: run ‘docker-machine ls’ this will give you

a tcp://<boot2dockerVMIP>:XXXX in the response

b.) you can access the app at http://<boot2dockerVMIP>:1234


https://hub.docker.com

1. Register on docker hub

> docker login

2. login

> docker tag nanoservice <username>/nanoservice

3. re-tag our service to setup the repository (check with docker images)

> docker push <username>/nanoservice

4. push!

EXERCISE: PUSH IT TO DOCKERHUB

EXERCISE: TALKING TO THE DAEMON


> docker run -it --privileged -v /var/run/docker.sock:/var/run/docker.sock appropriate/curl sh > curl google.com

1. we’ll need curl

> ls /var/run/docker.sock

2. find /var/run/docker.sock

> curl --unix-socket /var/run/docker.sock http://localhost/images/json

3. let’s query the daemon!

EXERCISE: LIMIT MEMORY


> docker run -ti -m 300M debian bash

1.Let’s get a shell limited to 300M of memory

> docker stats

2. another window, let’s see the amount of RAM you have!

https://docs.docker.com/engine/reference/run/

Loads of options to manage resource usage of apps:

> cat <(yes | tr \\n x | head -c $((1024*1024*300))) <(sleep 10) | grep n

3. let’s load stuff in the memory, follow the action in the docker stats!

EXERCISE: MAX OUT YOUR CPU - ONLY DO THIS IF YOU HAVE MORE THAN 1 CORE!


> docker run -ti --cpuset-cpus="1" --cpu-quota=10000 debian bash

1.Let’s get a shell limited to 1 cpu and only 10% of it

> :(){ :|:& };:

2. Let’s drop the fork bomb

> docker stats

3. on another tab - let’s see the stats

> docker kill <container-id>

4. kill the cpu killer

CURRICULUM FOR TODAY

▸ slides: curriculum

▸ hands-on: install docker, hello-world

▸ slides: containerization foundations

▸ hands-on: build an image from an app, run it, peak into the container

▸ slides: isolation and resource management

▸ hands-on: talking to the daemon, pushing the image to DockerHub, isolation experiments!

▸ well done! we can get to the discussion :)


intro to containerization

Technology