Jump to content


Photo

Docker Webinar Series; Part 1: From Idea to Dev QA


3 replies to this topic

#1 Adam Hawkins

Adam Hawkins

    Newbie

  • Moderators
  • 4 posts

Posted 23 October 2016 - 06:50 AM

Here is the in-depth question/answer from Part 1 of the Docker webinar series. You can watch part 1 here

 

 

 

Containers vs Virtual Machines

  • Do you have a comparison of Docker with VMs?

    • Docker’s about page has a good summary. Here’s the link. https://www.docker.com/what-docker. In a nutshell Docker containers (and other container technologies) work by isolating processes and their resources using kernel features. This allows running multiple containers on a single kernel. Virtual machines are different. In this scenario there are multiple independent kernel with running on a single hypervisor. Each kernel running on the hypervisor sees a complete set of virtualized hardware. Nothing is virtualized in Docker’s case. Containers vs VMs also have different compute footprints--notably in memory. Containers use less memory because they don’t need to run an entire operating system. Containers are also intended to run a single process. Virtual machines on the other hands can run many processes. Docker focuses on “operating system” virtualization while virtual machines focus on hardware virtualization.

  • What’s difference between having an OS inside a VM vs inside a Docker image?

    • None

  • Can we consider docker/docker engine as ESX or any other hypervisor which allows to create the VMs?

    • No because Docker does not virtualize things.

  • What is the value prop of Docker vs VM vs physical machines?

    • Each is different and targets different use cases. They cannot be compared apples to apples. Each all build on top of each other. Physical machines can run virtual machines or containers. Virtual machines can run complicated systems or even Docker containers. Docker containers are excellent at running applications composed of multiple process. Moving from physical machines, to virtual machines, and finally to containers the APIs to manipulate such things become more important because the systems are more elastic. I think it boils down to Docker (and other containers) are much better suited for managing distributed system with many horizontally scalable processes.

Installation / Configuration

  • How do you install Docker?

    • Use Docker for Mac on OSX, or Docker for Windows. You can install Docker through your distribution’s package manager on Linux. Docker composer Docker machine can be installed via curl. Here’s a link.

  • docker for windows relies on hyper-v which is currently experimental and having problems w/ network communication. As hyper-v conflicts with virtualbox which is needed to run linux on windows, what's your recommendation for windows users looking to use Docker?

    • Good question! I face this same issue with the Android emulator at work. It also conflicts with VirtualBox. If you need to run VirtualBox then I suggest a Linux VM running the docker server. Then you can point your docker client to your local VM. This is how boot2docker used to do it.

Core Concepts

  • Where is the Docker image stored on local machine when building images?

    • The Docker server

  • Can you explain CMD ["node", ""] line?

    • This sets the default command when starting the container. Containers can be started with specific commands via docker run. The value CMD is used when none is specified. CMD takes a value as JSON array.

  • Do you an architecture diagram to illustrate the different components like server, registry etc.

    • I don’t have a great diagram so I’ll attempt it in text. There is a docker client. This this it the docker command you interact with. The docker client talks to a server aka a Docker host running the Docker engine (the docker daemon itself . The docker engine manages the containers themselves. Images can be pushed or pulled from a registry. The registry is just an image store which are copied to the docker host when used.

  • Docker Image / Container runs on Docker Engine ?

    • Yes, the Docker engine uses an image to start a container.

  • What is the sdk or platform using to build the image?

    • The docker client and the docker engine

  • How docker assign processing power to specific docker container? Can it be controlled from the outside?

    • Check the command options to “docker run”. You can set compute resource constraints when starting a container.

  • Cgroup, namespace -- are these part of the Kernel or Docker ?

    • The Kernel

  • Do we have crontab kind of scheduler in Docker?

    • No, but you can start a container that runs cron or some other scheduler.

  • What are the basic configuration files while building a docker image and running a container?

    • The Dockerfile defines everything needed to build the image. Configuration files are not required when starting containers.

  • Does docker use http or tcp/ip in client server?

  • If a process is running below the port number 1024, like apache , so from docker container console can we stop that service ?

    • Yes. Run “docker stop” to stop the container. Ports and the like have no impact on starting or stopping containers.

  • How would you compare docker containers with unikernels? Can you use both docker and unikernels at the same time?

    • I’m not experienced enough to answer this question.

  • Does one have to run windows apps (.exe) when running docker on windows? Or can one use linux applications on docker on windows?

    • Windows containers are still a work in progress. Right now all containers are Linux process. Docker for Windows starts a Linux VM to run the Docker engine and points the docker client to the VM.

Networking

  • How to assign IP Address to each container?

    • Simple answer: no. You can do more complex things using a bridged network which may get you closer to static IPs. I believe you can set an IP when using Docker’s internal networking stack, but you cannot have similar behavior like setting a static IP for a network adapter.

  • Can different containers connect to each other on the same host?

    • Yes through a variety of networking concepts.

  • Does Docker container networking works same on docker swarm?

    • Same functionality but much more complex implementation.

  • How can we talk to a container from the outside?

    • Ports can be exposed to the Docker host when starting a container. Say your Docker host has IP address 1.2.3.4. Then start nginx with port 80 exposed. “Docker run -p 80:80 nginx”. This maps container port 80 to host post 80. Now you could curl 1.2.3.4:80 from outside or on 127.0.0.1:80 from localhost.

  • In your example you ran webserver as 8080:8080, How can I run multiple containers are the same port?

    • You cannot run multiple containers exposing the same port on the Docker host. I chose to map host port 8080 to container port 8080 for simplicity. If have multiple containers you need to expose, then you’d need to use different host ports (like 8080, 8081, 8082) but those could be mapped to container_a:8080, container_b:8081, and container_c:8082. If you must expose the same port then you’ll need an external load balance.

Deployments / Infrastructure

  • How many docker containers can run on single host of Docker engine?

    • This depends on the compute resources required for each container. Host resources are still shared between containers.

  • How can we manage configuration for different environment using docker?

    • The code in the Docker image should read settings via environment variables. The environment variables are then set container when starting it. More info on the 12 Factor application guide.

  • How could we do build + deployment. Is it like we have command inside docker file to checkout from version tool and another run command to do compile and when can we deploy?

    • Best practice is to build a new image for every deployable artifact. Your build process would check out the commit from SCM, run docker build, tag the image with the commit (e.g. the SHA), then push a new docker image. Then that image can be deployed to your infrastructure whenever you require.

  • How does load balancing work with docker? Do you load balance containers?

    • It depends on your particular setup. Docker itself can do round robin load balancing via DNS. However if you are not using Docker’s networking containers then you’ll need an external load balancer like HAproxy.

  • How can we manage the containers if they are running with high N/W & Load balancing?

    • I’m not exactly sure what the question is here. You can use any deploy techniques you may be using now such as canary deploys or blue/green deploys.

  • Is Docker and Amazon ECS container are same?

    • No. Amazon ECS is an orchestration tool for running Docker based applications on AWS.

  • As far as I understand, I need to install docker engine on each server I want to run container on. Wouldn't that be hard to manage if I have a large number of docker hosts?

    • This problem is not unique to docker. This where configuration management tools come into the picture. It’s the same problem if you had N number of web servers, LDAP,

  • Is there any api /open source tool available to monitor various stats?

    • Yes there are plenty of tools to hook into the various APIs. Most monitoring tools have plugins/support for Docker containers.

  • What monitoring tools are best for docker container monitoring?

    • I don’t think there is one best tool. Monitoring approaches vary between push (StatsD) and pull (Prometheus). Find the tool that you have the most experience with and integrates with Docker.

  • How can I have the Docker high availability enabled in the event of server failures?

    • The same approach you’re using before Docker: have multiple instances.

Docker Ecosystem

  • How can I implement the dependencies in docker-compose? Let's say my web container depends on the db container, how can i make sure that db container is up and running before my web container attempts to connect to the db?

    • You use the “depends_on” key. This way you can say “web” depends on “db”. Then docker-compose will start them in dependency order.

  • What's the difference between the docker file that was based on ubuntu image and the docker-compose? What’s the importance of the docker-compose.yml file?

    • The Dockerfile defines how to build a single image. Docker compose is a tool for composing applications from multiple containers. Docker compose can also instruct Docker to build images. Thus you can define something like build my web server from the Dockerfile in this folder, build my job queue from the Dockerfile in this folder, and start a database using this image. Docker compose also allows you to define dependencies between containers and a bunch of other useful thing. Everything you can do with “docker run” you can do with docker-compose.

  • How is the connection between container established in the yaml file?

    • Docker compose uses the lower level Docker networking features to ensure containers can talk to each other using their defined names.

Career Related

  • A DevOps engineer need to know about Docker?

    • Definitely the concept. Containers (and Docker) are going to become more relevant and common in IT companies. In my opinion people working in operations, infrastructure engineering, or as system administrators should be able to build a Docker image and start a Docker container at a minimum.

  • A DevOps engineer is a backend or middleware or front administrator of Cloud Computing Admin?

    • This is a difficult question to answer because “DevOps Engineer” is not a valid job title. DevOps refers to a set of organizational principles and culture values. The job market as unfortunately co-opted this title to refer to people who usually work in infrastructure engineering, systems administrator, or operations. Their work may or may not involve cloud systems.

Misc

  • Docker image includes basic OS too, if I want to run a security scan or code quality analysis on my code. Wouldn't this be overhead? I have to scan all files in the Docker image!

    • There are some existing tools out there to scan docker images for potential vulnerabilities such as outdated packages. I believe the official registry has integrated support for this. It can do a scan whenever a new image is pushed. Code quality analysis should happen outside of the Docker image however.

  • Docker is preferred on Linux or windows?

    • Linux as you’ll have a native docker experience. Docker for OSX and Windows both start a VM to run the docker server.

  • If my database (Oracle) requires certain kernel parameters but on the other hand the application requires other parameters, can 2 sets of kernel parameters be active on a Docker system ?

    • Probably not because there is a conflict at the kernel level. You’d have the same problem if you were trying to run the DB and application on bare metal or inside a VM.

  • Do you have to shut down a container in order to create image snapshot?

    • No, I don’t believe. “Docker export” can create a new image from a running container.

  • As the basic difference are between the VMs and a Docker container architecture and obvious benefits using Docker Containers over VMs, How do we address security issue? since they uses the same Kernel at the core.

    • I am not a security expert here; however I think the kernel itself has our back here. The Docker Security page can tell you much more.


Edited by Adam Hawkins, 23 October 2016 - 06:51 AM.

  • Alex Casalboni and Diego Tiziani like this

#2 Habtamu Asfaw

Habtamu Asfaw

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 December 2016 - 11:33 PM

Hi Adam,

Do you have a simple instruction or Lab for Docker installation and configutation

 

Thank you



#3 Smart Don

Smart Don

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 07 January 2017 - 11:10 PM

Where do I start to learn cloud computing

#4 Diego Tiziani

Diego Tiziani

    Staff

  • Administrators
  • 215 posts

Posted 10 January 2017 - 12:00 PM

Hi, you can find suggestions on this subforum with some additional resources.

Hope it helps. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users