Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
References
● Docker Documentaton htps://docs.docker.com/
● Mastering Docker Second Editon - Russ
McKendrick, Scot Gallagher – Packt Publishing –
July 2017
Containers & VMs
Containers
“a lightweight, stand-alone, executable package of a
piece of sofwaae that includes eveaything needed to
aun it: code, auntme, system tools, system libaaaies,
setngs.“
Why Containers? Lightweight
● Containers running on a single machine share
that machine's operatng system kernel; they
start instantly and use less compute and RAM.
● Images are constructed from flesystem layers
and share common fles. his minimizes disk
usage and image downloads are much faster.
Why Containers? Standard
● Containers are based on open standards and run
on all major Linux distributons, Microsof
Windows, and on any infrastructure including
VMs, bare-metal and in the cloud.
Why Containers? Secure
● Docker containers isolate applicatons from one
another and from the underlying infrastructure.
Docker provides the strongest default isolaton to
limit app issues to a single container instead of
the entre machine.
Comparing Containers & VMs (1)
Comparing Containers & VMs (2)
● Containers are an abstracton at the app layer that
packages code and dependencies together. Multple
containers can run on the same machine and share
the OS kernel with other containers, each running as
isolated processes in user space. Containers take up
less space than VMs (container images are typically
tens of MBs in size), and start almost instantly.
● Virtual machines (VMs) are an abstracton of physical
hardware turning one server into many servers. he
hypervisor allows multple VMs to run on a single
machine. Each VM includes a full copy of an
operatng system, one or more apps, necessary
binaries and libraries - taking up tens of GBs. VMs
can also be slow to boot.
Containers & VMs Together
Install Docker
Docker Release Schedule
Startng with Docker 17.03, Docker uses a tme-
based release schedule.
● Docker CE Stable releases generally happen
specifed.
● he Dockerfle is available to anyone with access
to your Docker Hub repository.
● Your repository is kept up-to-date with code
changes automatcally.
Automated Builds are supported for both public and
private repositories on both GitHub and Bitbucket.
Build Statuses
● Queued: in line for image to be built.
● Building: he image is building.
● Success: he image has been built with no issues.
● Error: here was an issue with your image.
Volumes
Bind Mounts & Volumes
Share Data Among Machines
Networking
Network Drivers
● Bridge, uses a sofware bridge which allows
containers connected to the same bridge
network to communicate.
● Host, use the host’s networking directly.
● Overlay, creates a distributed network among
multple Docker daemon hosts.
● Macvlan, assign a MAC address to a container,
making it appear as a physical device on your
network.
● Network Plugins, third-party network plugins
with Docker.
Bridge Network
Overlay Network
Compose
Compose
“Compose is a tool foa defning and aunning mult-
containea Dockea applicatons. With Compose, you
use a YAML fle to confguae youa applicaton’s
seavices. Then, with a single command, you caeate
and staat all the seavices faom youa confguaaton. “
File Format Compatbility
docker-compose.yml
Swarm
Swarm
“The clustea management and oachestaaton
featuaes embedded in the Dockea Engine aae built
using swaamkit. Swaamkit is a sepaaate paoject
which implements Dockea’s oachestaaton layea and
is used diaectly within Dockea.”
Swarm Features
● Cluster management integrated with Docker Engine
● Decentralized design
● Declaratve service model
● Scaling
● Desired state reconciliaton
● Mult-host networking
● Service discovery
● Load balancing
● Secure by default
● Rolling updates
Swarm Architecture
Services and Tasks
● Service, defniton of the tasks to execute on the
manager or worker nodes.
● Replicated services, the swarm manager distributes
a specifc number of replica tasks among the nodes
based upon the scale you set in the desired state.
● Global services, the swarm runs one task for the
service on every available node in the cluster.
● Task, carries a Docker container and the commands
to run inside the container.
Load Balancing
● Ingress load balancing is used by swarm manager
to expose the services you want to make available
externally to the swarm.
● PublishedPort, service port assigned automatcally
by swarm manager (port 30000-32767) or
assisgned manually.
● Internal load balancing is used by swarm manager
to distribute requests among services within the
cluster based upon the DNS name of the service.
PublishedPort
dockea seavice caeate --name my-web --publish
published=8080,taaget=80 --aeplicas 2 nginx
ELB With Routng Mesh (1)
ELB With Routng Mesh (2)
Secrets
Secret
“A secaet is a blob of data that should not be
taansmited ovea a netwoak oa stoaed unencaypted in
a Dockeafle oa in youa applicaton’s souace code. “
Data such as:
● Usernames and passwords
size)
Secret in Compose