430 lines
14 KiB
Markdown
430 lines
14 KiB
Markdown
---
|
|
# You can also start simply with 'default'
|
|
theme: seriph
|
|
# random image from a curated Unsplash collection by Anthony
|
|
# like them? see https://unsplash.com/collections/94734566/slidev
|
|
background: https://cover.sli.dev
|
|
# some information about your slides (markdown enabled)
|
|
title: Welcome to Slidev
|
|
info: |
|
|
## Slidev Starter Template
|
|
Presentation slides for developers.
|
|
|
|
Learn more at [Sli.dev](https://sli.dev)
|
|
# apply unocss classes to the current slide
|
|
class: text-center
|
|
# https://sli.dev/features/drawing
|
|
drawings:
|
|
persist: false
|
|
# slide transition: https://sli.dev/guide/animations.html#slide-transitions
|
|
transition: slide-left
|
|
# enable MDC Syntax: https://sli.dev/features/mdc
|
|
mdc: true
|
|
# open graph
|
|
# seoMeta:
|
|
# ogImage: https://cover.sli.dev
|
|
---
|
|
|
|
# Demystifying Docker
|
|
|
|
A beginners guide to containerization and beyond
|
|
|
|
<div @click="$slidev.nav.next" class="mt-12 py-1" hover:bg="white op-10">
|
|
Press Space for next page <carbon:arrow-right />
|
|
</div>
|
|
|
|
<div class="abs-br m-6 text-xl">
|
|
<button @click="$slidev.nav.openInEditor()" title="Open in Editor" class="slidev-icon-btn">
|
|
<carbon:edit />
|
|
</button>
|
|
<a href="https://github.com/slidevjs/slidev" target="_blank" class="slidev-icon-btn">
|
|
<carbon:logo-github />
|
|
</a>
|
|
</div>
|
|
|
|
<!--
|
|
The last comment block of each slide will be treated as slide notes. It will be visible and editable in Presenter Mode along with the slide. [Read more in the docs](https://sli.dev/guide/syntax.html#notes)
|
|
-->
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Who am I?
|
|
|
|
Mike Conrad
|
|
|
|
## 2 Truths and a lie
|
|
|
|
- I have 4 cats, 4 chickens, 2 goats, 2 kids, a wife and a dog
|
|
<br>
|
|
|
|
- I went 7 years with a temporary crown after getting a root canal
|
|
<br>
|
|
|
|
- I was in hardcore/punk bands in my early 20's
|
|
<br>
|
|
|
|
|
|
<!--
|
|
You can have `style` tag in markdown to override the style for the current page.
|
|
Learn more: https://sli.dev/features/slide-scope-style
|
|
-->
|
|
|
|
<style>
|
|
h1 {
|
|
background-color: #2B90B6;
|
|
background-image: linear-gradient(45deg, #4EC5D4 10%, #146b8c 20%);
|
|
background-size: 100%;
|
|
-webkit-background-clip: text;
|
|
-moz-background-clip: text;
|
|
-webkit-text-fill-color: transparent;
|
|
-moz-text-fill-color: transparent;
|
|
}
|
|
</style>
|
|
|
|
<!--
|
|
Here is another comment.
|
|
-->
|
|
|
|
---
|
|
transition: slide-up
|
|
layout: quote
|
|
level: 2
|
|
---
|
|
|
|
# What is a container?
|
|
|
|
> A method for packaging and securely running an application within an application virtualization environment. Also known as an application container or a server application container. [NIST](https://csrc.nist.gov/glossary/term/container)
|
|
|
|
<p style="background:white;height:20px;"></p>
|
|
|
|
> A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. [Docker](https://www.docker.com/resources/what-container/)
|
|
|
|
---
|
|
layout: two-cols
|
|
layoutClass: gap-16
|
|
---
|
|
|
|
# Problems?
|
|
|
|
- 📝 **It works on my machine?!?!** - Code behaves differently in dev, testing, and production due to differences in environment (OS, dependencies, configurations).
|
|
- 🎨 **Dependency conflicts** - Different applications require conflicting versions of the same dependency (e.g., Python 2 vs 3, different Node versions).
|
|
- 🧑💻 **Slow and error-prone deployments** - Traditional deployments involve manual steps or configuration drift between environments.
|
|
|
|
::right::
|
|
# Solutions
|
|
|
|
- Containers package the application and its dependencies in a consistent, isolated environment, ensuring it behaves the same everywhere.
|
|
- Containers isolate applications and their dependencies from each other and the host system, preventing conflicts.
|
|
- Containers provide predictable, repeatable, and scriptable deployments through container images.
|
|
---
|
|
transition: slide-right
|
|
layout: two-cols
|
|
layoutClass: gap-16
|
|
---
|
|
|
|
# Problems?
|
|
|
|
- 📝 **Inefficient resource usage in virtual machines (VMs)** - VMs have high overhead due to running full operating systems, leading to inefficiency.
|
|
- 🎨 **Difficult scalability and orchestration** - Scaling applications manually is hard and error-prone.
|
|
- 🧑💻 **Inconsistent development workflows** - devs all have different setups, leading to inconsistent builds and bugs.
|
|
|
|
::right::
|
|
# Solutions
|
|
|
|
- Containers share the host OS kernel and are more lightweight, enabling faster startup and denser packing of applications.
|
|
- Containers integrate well with orchestrators (like Kubernetes), enabling automated scaling, rolling updates, and fault tolerance.
|
|
- Containers standardize development environments using tools like Docker Compose or dev containers.
|
|
|
|
|
|
---
|
|
transition: fade-out
|
|
layout: two-cols-header
|
|
title: Differences between VM and Container?
|
|
---
|
|
|
|
# Differences between VM and Containers?
|
|
|
|
::left::
|
|
## Virtual Machine
|
|
- Virtualizes hardware
|
|
- Runs a full guest OS (e.g., Linux or Windows)
|
|
- Heavier: includes the OS, libraries, and application
|
|
- Slow to start, uses more resources
|
|
|
|
**Example**: Running Ubuntu with Apache inside a VM on a Windows host
|
|
|
|
::right::
|
|
|
|
## Container
|
|
- Virtualizes at the OS level
|
|
- Shares the host OS kernel
|
|
- Isolates *only the application and its dependencies*
|
|
- Lightweight: faster startup, lower resource use
|
|
|
|
**Example:** Running a Node.js app in a container using the host's Linux kernel
|
|
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# How do they work?
|
|
|
|
|
|
## Containers are just processes
|
|
|
|
If you don't take anything else away from this talk, I hope you walk away with a better understanding of this fundamental. As far as the OS is concerned, a container is just another process/set of processes to the operating system.
|
|
|
|
<br />
|
|
<br />
|
|
<br />
|
|
<br />
|
|
<br />
|
|
<br />
|
|
<br />
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Container runtimes vs. container engines
|
|
> While a container runtime is responsible for running containers, a container engine is a broader system that manages even more of the life cycle of containers, including image distribution, container orchestration, and runtime management.
|
|
|
|
> One common misconception is that Docker and container runtimes are the same. While Docker Engine includes a container runtime, it also offers a suite of tools for building, shipping, and running containerized applications, making it much more than just a runtime. [source wiz.io](https://www.wiz.io/academy/container-runtimes)
|
|
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Docker: Runtime or engine?!?
|
|
Docker Engine uses containerd for managing the container lifecycle, which includes creating, starting, and stopping containers. By default, containerd uses runc as its container runtime.
|
|
|
|
<br/>
|
|
|
|
## Wait, aren't they all runtimes? If docker engine uses containerd and containerd uses runc, whats the deal?
|
|
|
|
<br >
|
|
<small><em>**Chatgpt generated content below</em></small>
|
|
|
|
### 🔧 High-Level Definitions
|
|
|
|
- Runtime = Low-level component that actually creates and runs containers.
|
|
|
|
- Engine = Higher-level component that manages the full container lifecycle (build, run, network, volume, etc.) and talks to the runtime.
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Breakdown
|
|
|
|
Docker CLI & Docker API rely on Docker Engine under the hood
|
|
-> Docker Engine is an engine (High level functionality like managing networking, images, registries, etc)
|
|
-> Docker Engine relies on `containerd` runtime to manage lifecyle of containers
|
|
-> `containerd` uses `runc` as the runtime to run containers
|
|
|
|
## Super clear?!
|
|
The `engine` is the higher level component responsible for orchestration and lifecycle management.
|
|
|
|
The `runtime` is a component responsible for the low level process execution/isolation.
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Popular Runtimes
|
|
|
|
## - [containerd](https://containerd.io/): An industry-standard container runtime with an emphasis on simplicity, robustness and portability. <span style="font-size:12px;font-style:italic;">CNCF Graduated Project. Default runtime used by Docker Engine. By default, containerd uses runc as its container runtime.</span>
|
|
## -[cri-o](https://cri-o.io/): Lightweight container runtime for Kubernetes. <span style="font-size:12px;font-style:italic;"> CNCF Graduated Project</span>
|
|
## - [runc](https://github.com/opencontainers/runc): CLI tool for spawning and running containers on Linux according to the OCI specification. <span style="font-size:12px;font-style:italic;">Open Container Initiative</span>
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# What is Docker Desktop?
|
|
Docker Desktop is an integrated container development environment for Windows and macOS. It's a packaged product that includes several components:
|
|
|
|
| Component | Description |
|
|
| ------------------------------ | --------------------------------------------------------------------------- |
|
|
| **Docker Engine** | The actual engine that runs and manages containers. |
|
|
| **containerd** + **runc** | The container runtime stack used by Docker Engine. |
|
|
| **VM (e.g. `docker-desktop`)** | On macOS and Windows, Linux containers need to run inside a lightweight VM. |
|
|
| **Docker CLI** | Command-line tool to interact with Docker Engine. |
|
|
| **Docker Compose** | Tool for defining and running multi-container apps. |
|
|
| **GUI** | Visual interface for managing containers, volumes, settings, etc. |
|
|
| **Kubernetes** (optional) | Comes with optional single-node K8s cluster for testing. |
|
|
| **Networking components** | Manages host-to-VM and container networking. |
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
# Alternatives to Docker
|
|
- Podman
|
|
- Firecracker - AWS
|
|
- LXC/LXD - Canonical (Ubuntu)
|
|
- Buildah - Redhat
|
|
---
|
|
transition: fade-out
|
|
layout: two-cols-header
|
|
---
|
|
# Let's get started
|
|
|
|
::left::
|
|
## Windows/Mac
|
|
Install Docker Desktop from: https://docs.docker.com/desktop/
|
|
|
|
::right::
|
|
## Linux
|
|
Find installation instructions for Docker Engine here: https://docs.docker.com/engine/install/ubuntu/
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
# Running our first container
|
|
|
|
## First run the container
|
|
|
|
We are running an nginx webserver container in daemon (background mode). We are forwarding connections from localhost:8088 to port 80 *inside* the container. This is the default port that nginx is running on.
|
|
````md magic-move
|
|
```shell
|
|
$ docker run --rm -p 8088:80 --name nginx-container -d nginx:alpine
|
|
```
|
|
```shell
|
|
$ docker run --rm -p 8088:80 --name nginx-container -d nginx:alpine
|
|
cd4302edce965beb95fdb9ecb19ff7432758f1e505d792e368fd401ea9abab65
|
|
```
|
|
```shell
|
|
$ docker container ps
|
|
```
|
|
```shell
|
|
$ docker container ps
|
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
|
cd4302edce96 nginx:alpine "/docker-entrypoint.…" 15 seconds ago Up 14 seconds 0.0.0.0:8088->80/tcp, [::]:8088->80/tcp nginx-container
|
|
```
|
|
````
|
|
|
|
# Now run docker container ps to list running containers
|
|
|
|
|
|
<br />
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
## View the logs for our container
|
|
````md magic-move
|
|
|
|
```shell
|
|
$ docker container logs --follow nginx-container
|
|
```
|
|
|
|
|
|
```shell
|
|
$ docker container logs --follow nginx-container
|
|
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
|
|
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
|
|
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
|
|
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
|
|
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
|
|
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
|
|
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
|
|
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
|
|
/docker-entrypoint.sh: Configuration complete; ready for start up
|
|
2025/04/30 23:02:32 [notice] 1#1: using the "epoll" event method
|
|
2025/04/30 23:02:32 [notice] 1#1: nginx/1.27.5
|
|
2025/04/30 23:02:32 [notice] 1#1: built by gcc 14.2.0 (Alpine 14.2.0)
|
|
2025/04/30 23:02:32 [notice] 1#1: OS: Linux 6.12.10-76061203-generic
|
|
2025/04/30 23:02:32 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1024:524288
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker processes
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 30
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 31
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 32
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 33
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 34
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 35
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 36
|
|
2025/04/30 23:02:32 [notice] 1#1: start worker process 37
|
|
|
|
```
|
|
````
|
|
|
|
---
|
|
transition: fade-out
|
|
---
|
|
|
|
## Interacting with our container
|
|
|
|
Now let's try interacting with the Nginx server. By default it should serve a default page.
|
|
|
|
````md magic-move
|
|
|
|
```shell
|
|
# Hitting Ctrl+Z on Linux will put our logs process into the background
|
|
|
|
$ ^Z
|
|
```
|
|
```shell
|
|
$ ^Z
|
|
|
|
[1]+ Stopped docker container logs --follow nginx-container
|
|
```
|
|
```shell
|
|
# Now send a curl request to localhost:8080. This should be forwarded to port 80 in our container
|
|
$ curl localhost:8088
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Welcome to nginx!</title>
|
|
<style>
|
|
html { color-scheme: light dark; }
|
|
body { width: 35em; margin: 0 auto;
|
|
font-family: Tahoma, Verdana, Arial, sans-serif; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<h1>Welcome to nginx!</h1>
|
|
<p>If you see this page, the nginx web server is successfully installed and
|
|
working. Further configuration is required.</p>
|
|
|
|
<p>For online documentation and support please refer to
|
|
<a href="http://nginx.org/">nginx.org</a>.<br/>
|
|
Commercial support is available at
|
|
<a href="http://nginx.com/">nginx.com</a>.</p>
|
|
|
|
<p><em>Thank you for using nginx.</em></p>
|
|
</body>
|
|
</html>
|
|
```
|
|
````
|
|
---
|
|
transition:fade-out
|
|
---
|
|
|
|
## Topics
|
|
- `docker events`
|
|
- `docker exec`
|
|
- `docker logs`
|
|
- `docker container logs --filter name=[regexmatch]`
|
|
- ENTRYPOINT vs CMD in Dockerfile
|
|
- Multistage Dockerfile
|
|
- Layer caching
|
|
- Networking between containers and with host
|
|
- Containers are just processes
|
|
- Debugging containers by attaching to namespaces
|
|
- Docker compose
|
|
- Example of frontend/backend/database/proxy
|
|
- EnvironmentPerPr
|
|
- Docker swarm
|
|
- Setting up logging properly
|
|
- Tagging images
|
|
- Security
|
|
- Optimizing images
|
|
- What are containers?
|
|
- What is Docker (set of tooling to make things easier)
|
|
- Difference between runtimes
|
|
- git clone https://github.com/docker/getting-started-todo-app
|