‰‹‰‹¸¶½ ­¸Docker 03042017

  • View
    180

  • Download
    0

Embed Size (px)

Text of ‰‹‰‹¸¶½ ­¸Docker 03042017

  • Philipz()

    2017-03-04

    https://www.facebook.com/broadmissionhttps://www.facebook.com/broadmission

  • Philipz ()

    Docker.Taipei

    Docker

    Docker

    Kubernetes

    2014 COSCUP/iThome Summit

    2015 Microsoft Azure

    2016 COSCUP Docker

    2016 Docker

    https://github.com/philipz/docker_workshophttps://github.com/philipz/docker_workshop

  • Today Topics1. The differents between VMs and Container,

    Container lifecycle.2. Docker ecosystem tools3. Linux CLIDocker CLI 4. Using Docker Engine5. Docker Hub intoduction6. Docker image & Docker hub autobuild7. Docker Network CLI & Docker Compose CLI8. Using Docker Compose9. Docker & Qemu & RPi Raspbian

  • 1. Compare VM with Container

  • Virtualization History IBM zOS Virtual Hardware - VMware, KVM, Xen, VirtualBox Hardware-assisted virtualization Paravirtualization OS-level virtualization

    a. OpenVZb. LXCc. Docker

    IaaS, PaaS, SaaS - Snapshot, Migration

    https://linux.cn/article-8192-1.htmlhttps://linux.cn/article-8192-1.html

  • The Martix of Hell

  • A Brief History of Containers

    1979: Unix V7 2000: FreeBSD Jails

    2005: Open VZ 2008: LXC

    2013: LMCTFY 2013: Docker

    2016: Windows Container

    From: A Brief History of Containers: From 1970s chroot to Docker 2016

    http://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016http://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016http://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016

  • Containers vs. VMs

    Blog description

    https://blog.docker.com/2016/03/containers-are-not-vms/https://blog.docker.com/2016/03/containers-are-not-vms/

  • Containers vs. VMs

    Blog description

    https://blog.docker.com/2016/03/containers-are-not-vms/https://blog.docker.com/2016/03/containers-are-not-vms/

  • Containers are not VMs

    Blog description

    https://blog.docker.com/2016/03/containers-are-not-vms/https://blog.docker.com/2016/03/containers-are-not-vms/

  • Container PrincipleReal Container

    One Container

    One Customer

    One Commodity

    Software Container

    One Container

    One Process

  • http://www.youtube.com/watch?v=PivpCKEiQOQhttp://www.youtube.com/watch?v=YFl2mCHdv24http://www.weibo.com/5894961806/DqKe7oqFe?type=reposthttp://www.weibo.com/5894961806/DqKe7oqFe?type=repost

  • 2. Docker ecosystem tools

  • Docker Tools

  • Still No Silver BulletContainer is one key element, not all.

    DevOps pipeline process

    Microservices, or other service stacks.

    Infrastructure as Code

    Business model

  • Business model

    Microservices

    Infrastructureas Code

    Container Design

    DevOps

  • *

    Kubernetes

  • Docker Datacenter

  • 3.1 Linux command-line

  • Microsoft Azure

    https://portal.azure.com/

  • 3.2 Docker command-line

  • Install Docker

    Install Docker on Ubuntuor

    curl -sSL https://get.docker.com/ | shand

    docker run hello-world

    https://docs.docker.com/engine/installation/linux/ubuntulinux/https://docs.docker.com/engine/installation/linux/ubuntulinux/https://get.docker.com/https://get.docker.com/

  • 2015-01-31 Study-Area

    Gitbook: Docker

    http://philipzheng.gitbooks.io/docker_practice/

  • Docker Management commands

  • Docker image commands

  • Docker container commands (1/2)

  • Docker container commands (2/2)

  • 4. Docker Engine Playground

  • Azure Firewalldocker run -d -p 80:80 nginx

    docker run -ti --rm -p 80:80 nginxdocker run -ti --rm -p 80:80 nginx bash

  • Azure DNS Setting

  • 5. Docker Hub introduction

  • Docker Hub = App Store Public Docker Registry One free private repo. Auto-build & Webhook Security Scanning is not free.

    https://hub.docker.com/https://hub.docker.com/https://docs.docker.com/registry/deploying/https://docs.docker.com/docker-cloud/builds/image-scan/https://docs.docker.com/docker-cloud/builds/image-scan/

  • GitHub & Docker Hub

  • Vulnerability Analysis

    CoreOS Clair

    Anchore

    https://github.com/coreos/clair/tree/master/contrib/analyze-local-imageshttps://github.com/coreos/clair/tree/master/contrib/analyze-local-imageshttps://github.com/anchore/anchorehttps://github.com/anchore/anchore

  • 6.1 Docker image & Dockerfile

  • Docker Layers

  • Create Docker image1. Docker commit2. Dockerfile - docker build3. Docker Hub auto-build4. FROM scratch5. Based on others, ubuntu, alpine...Example:https://github.com/docker/labs/tree/master/beginner/static-sitedocker save busybox > busybox.tardocker load < busybox.tar

    https://hub.docker.com/https://hub.docker.com/https://docs.docker.com/engine/userguide/eng-image/baseimages/https://docs.docker.com/engine/userguide/eng-image/baseimages/https://alpinelinux.org/

  • Dockerfile ReferenceSame folder, docker build .docker build -f /other/folder/file .Add tag, docker build -t TAG_NAME .Sample:

    FROM debian:jessieMAINTAINER docker "docker@nginx.com"RUN apt-get update && apt-get install -y nginxCMD ["nginx", "-g", "daemon off;"]

    Healthcheck from 1.12

    https://docs.docker.com/engine/reference/builder/https://docs.docker.com/engine/reference/builder/https://github.com/nginxinc/docker-nginx/blob/25a3fc7343c6916fce1fba32caa1e8de8409d79f/stable/jessie/Dockerfilehttps://github.com/nginxinc/docker-nginx/blob/25a3fc7343c6916fce1fba32caa1e8de8409d79f/stable/jessie/Dockerfilehttps://docs.docker.com/engine/reference/builder/#/cmdhttps://docs.docker.com/engine/reference/builder/#/cmdhttps://docs.docker.com/engine/reference/builder/#/healthcheckhttps://docs.docker.com/engine/reference/builder/#/healthcheck

  • Dockerfile Practice1. Must be Dockerfile.2. Use a .dockerignore file, like .gitignore.3. Minimize the number of layers4. Sort multi-line arguments5. ADD or COPY6. CMD or ENTRYPOINT7. ONBUILD8. EXPOSE and USER9. WORKDIR and ENV

    https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/https://github.com/philipz/docker_workshop/blob/master/minimal_nodejs/Dockerfilehttps://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/add-or-copyhttps://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/add-or-copyhttps://hub.docker.com/_/node/https://hub.docker.com/_/node/

  • Use Scenario

    Commit

    Push

    Pull

    Deploy

  • 6.2 Docker Hub Auto-build

  • DockerfileSample:

    FROM debian:jessieMAINTAINER docker "docker@nginx.com"RUN apt-get update && apt-get install -y nginxCMD ["nginx", "-g", "daemon off;"]

    https://github.com/nginxinc/docker-nginx/blob/25a3fc7343c6916fce1fba32caa1e8de8409d79f/stable/jessie/Dockerfilehttps://github.com/nginxinc/docker-nginx/blob/25a3fc7343c6916fce1fba32caa1e8de8409d79f/stable/jessie/Dockerfilehttps://docs.docker.com/engine/reference/builder/#/cmdhttps://docs.docker.com/engine/reference/builder/#/cmd

  • Git Workflow1. git init or init on GitHub.2. git add Dockerfile3. git commit -m First init4. git remote add origin

    https://github.com/YOURNAME/docker_build.git

    5. git push origin master

  • Create Auto-build Repo.

  • Build Settings

    docker pull YOURNAME/IMAGENAME

  • 7.1.1 Docker Network command-line

  • TCP/IP Foundationwww.google.com, www is hostname, google.com is domain name.Localhost: 127.0.0.1TCP/UDP Port: 0-65535 = 2^16,

    but 0 is a reserved port.Private IP:

    10.0.0.0/8172.16.0.0/12 ~172.31.0.0/12192.168.0.0/16

    http://10.0.0.0/8

  • Network and connectivity commands

    https://docs.docker.com/engine/userguide/networking/

    https://docs.docker.com/engine/userguide/networking/https://docs.docker.com/engine/userguide/networking/

  • Docker Built-In Network Drivers

    Bridge Overlay MACVLAN Host NoneNo more link, just use network.Docker Reference Architecture: Designing Scalable, Portable Docker Container Networks

    Docker Plug-In Network Drivers weave calicoDocker Plug-In IPAM Drivers infoblox

    https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/https://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networkshttps://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networkshttps://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networkshttps://success.docker.com/Datacenter/Apply/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks

  • Exercise 1$ docker network ls

    $ ifconfig

    $ docker run -ti --rm busybox sh

    cat /etc/hosts, ifconfig

    $ docker network inspect bridge

    $ docker run -itd --name=container1 busybox$ docker run -itd --name=container2 busybox$ docker exec -ti container2 sh

    ping -w3 172.17.0.2, ping container1

  • Exercise 2$ docker network create vlan_1

    $ docker network inspect vlan_1

    $ ifconfig | more

    $ docker run --network=vlan_1 -itd --name=container3 busybox

    $ docker network inspect vlan_1

    $ docker run --network=vlan_1 -i