--- # You can also start simply with 'default' theme: seriph # random image from a curated Unsplash collection by Anthony # like them? see https://unsplash.com/collections/94734566/slidev background: https://cover.sli.dev # some information about your slides (markdown enabled) title: Welcome to Slidev info: | ## Slidev Starter Template Presentation slides for developers. Learn more at [Sli.dev](https://sli.dev) # apply unocss classes to the current slide class: text-center # https://sli.dev/features/drawing drawings: persist: false # slide transition: https://sli.dev/guide/animations.html#slide-transitions transition: slide-left # enable MDC Syntax: https://sli.dev/features/mdc mdc: true # open graph # seoMeta: # ogImage: https://cover.sli.dev --- # Demystifying Docker Mike Conrad - SCS 2025

Press Space for next page

--- transition: fade-out layout: center --- ## Why Containers? - "It works on my machine" is a thing of the past - Containers are lightweight and portable - Boot in milliseconds - Ideal for reproducible dev environments --- transition: fade-out layout: center --- ## Containers vs Virtual Machines | Feature | VM | Container | |------------------|----------------|------------------| | Boot time | Minutes | Seconds | | Resource usage | Heavy | Lightweight | | Isolation | Strong | Process-level | | Portability | Medium | Very High | In reality we use containers and vm's together. Containers run inside of VM's for better security and isolation, especially in cloud and multi tenant environments. --- transition: fade-out layout: center --- ## What is Docker? - A tool to build and run containers - Docker engine runs containers using Linux features: - Namespaces - cgroups - Union file systems - Uses images layered from base -> app code --- transition: fade-out layout: center --- ## Docker Architecture Docker Engine (Server) <-- REST API --> Docker CLI (Client)

[https://docs.docker.com/get-started/docker-overview/] --- transition: fade-out layout: center --- ## Docker Under the Hood - **Namespaces**: isolate PID, net, mount, etc. - **cgroups**: control CPU, memory, IO - **UnionFS**: layered filesystem (OverlayFS) ![UnionFS diagram](https://docs.docker.com/engine/storage/drivers/images/overlay_constructs.webp) --- transition: fade-out layout: center --- ## Bind/Volume Mounts - 2 most common storage mechanisms - Different use cases and security implications --- transition: fade-out layout: center --- ## Bind Mounts - Mounting files/directories from the host machine directly into a container (merged overlayfs layer). - Processes inside container can modify files on host system. - Bind mounts are strongly tied to the host - Best for things like dev containers where you need to mount source code into container and have hot reload, etc. ## Bind Mount Example ```bash $ docker run --mount type=bind,src=/home/mikeconrad/projects/example/app,dst=/app,ro # ro for ReadOnly $ docker run --volume /home/mikeconrad/projects/example/app:dst=/app ``` --- transition: fade-out layout: center --- ## Volume Mount Example ```bash $ docker run --name postgrestest \ --mount type=volume,src=postgresData,dst=/var/lib/postgresql/data \ -e POSTGRES_PASSWORD=postgres \ --rm postgres:16 $ docker run --name postgrestest \ --volume postgresData:/var/lib/postgresql/data \ -e POSTGRES_PASSWORD=postgres \ --rm postgres:16 ``` ```bash $ docker volume inspect postgresData [ { "CreatedAt": "2025-06-08T10:39:12-04:00", "Driver": "local", "Labels": null, "Mountpoint": "/var/lib/docker/volumes/postgresData/_data", "Name": "postgresData", "Options": null, "Scope": "local" } ] ``` - Docker creates a volume named postgresData and mounts that directory inside the container. --- transition: fade-out layout: center --- ## Volume mounts - Created and managed by the Docker Daemon - Volume data is stored on host filesystem but managed by Docker. - Used for persistent data. --- transition: fade-out layout: center --- ## Anatomy of a Dockerfile ```dockerfile FROM node:22-slim WORKDIR /app COPY package*.json ./ RUN npm install COPY . . EXPOSE 3000 CMD ["npm", "start"] ``` - Starts with a base image - Copy files and install deps - Set default command ```bash $ docker build -t node-app . ``` --- transition: fade-out layout: center --- ## Multi Stage builds ```dockerfile # Stage 1: Build the Go binary FROM node:22-alpine AS base FROM base AS build # Set working directory inside the build container WORKDIR /app COPY package*.json ./ RUN yarn FROM base AS develop COPY --from=base /app/node_modules /app/node_modules COPY . . ENTRYPOINT ["yarn", "dev"] EXPOSE 3000 ``` - Use specific versions, not `latest` - Combine commands to reduce layers - Use `.dockerignore` - Prefer slim or alpine images - Run as non-root user if possible --- transition: fade-out layout: center --- ## What is Docker Compose? - Define multi-container apps in one file - Great for local dev and staging (and production!) --- transition: fade-out layout: center --- ## Q/A - --- transition: fade-out layout: center --- ## Resources - [Slide Deck (including examples)](https://git.hackanooga.com/mikeconrad/demystifying-docker-v2) - [DocketProxy (Docker socket proxy)](https://git.hackanooga.com/mikeconrad/docketproxy) - [SlimToolkit (Optimize and secure containers)](https://github.com/slimtoolkit/slim) ## VSCode plugins https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-containers