Get Started. It's Free
or sign up with your email address
Docker by Mind Map: Docker

1. Use cases

1.1. protect computer

1.1.1. container jail defense in depth security thread limited to the scope of app

1.2. faster delivery of apps

1.2.1. improve portability vs JVM regardless of programming language

1.2.2. help with dev lifecycle developers write code locally push docker image to a test env push docker images to prod

1.3. deploy and scale more easily

1.3.1. getting organized Untitled

1.3.2. simplify deployment before Untitled after Untitled

1.4. achieve higher density and run more workloads

1.4.1. Improve efficiency convergence on Linux vs VM complementary technologies design

1.5. concrete examples

1.5.1. yes web servers word processors email clients

1.5.2. not Run an OS X or windows native app

2. why important

2.1. abstraction

2.1.1. install

2.1.2. remove

2.1.3. will change sysadmin/dev workflow

2.2. adoption

2.2.1. since 2013

2.2.2. Amazon, Google, Microsoft

2.3. Microservice architecture

2.3.1. lightweight nature tasks less space

2.3.2. speed of containers

2.4. Immutable infrastructure

2.4.1. reduce size of configuration management code base

2.5. works best for stateless applications

2.6. externalizing state

2.6.1. storing things in container's filesystem limited

2.6.2. will not preserve state across lifecycle

2.7. disadvantages

2.7.1. Limited isolation by default share CPU and memory like colocated unix process might compete for resources many containers share one or more common filesystem layers many containers use UID 0 to launch process everything running on the same kernel security vulnerabilities / simple misconfigurations

2.8. opinionated

2.8.1. particular workflow revision control filesystem layers image tags build each command in dockerfile generates a new layer build logic inside dockerfile easy to create standard build jobs in systems like Jenkins test Docker ensures the consistency between dev and prod env much better than java war package multi-layered image as build artifact deploy Untitled

3. history

3.1. Google develope CGroups for linux kernel

3.2. Linux Containers Project

3.2.1. brought together CGroups, kernel namespaces, and chroot technology

3.3. Docker platform

3.3.1. docker engine

3.3.2. docker hub

3.4. dotCloud

3.4.1. language agnostic Paas

3.4.2. Google App Engine support Java/Python

3.4.3. Heroku supported Ruby

4. eco system

4.1. surrounding technologies

4.1.1. swarm

4.1.2. docker engine docker engine accepts docker commands from CLI

4.1.3. compose

4.1.4. machine docker machine start why start docker machine? use cases I have an older desktop and want to run docker on mac / windows I want to provision docker hosts on remote systems provisioning and managing dockerized hosts Untitled

4.1.5. kitematic

4.1.6. docker trusted registry

4.2. emerging technologies

4.2.1. Networking Weave Calico Overlay

4.2.2. service discovery consul registrator skyDNS etcd

4.2.3. orchestration/cluster mana kubernetes marathon fleet swarm

4.3. underlying technologies

4.3.1. namespaces pid namespace process isolation net namespace network interface ipc namespace access to IPC resources mnt namespace mounting points uts namespace isolating kernel and version identifiers

4.3.2. chroot prevents anything running inside the container from referencing any other part of host file system

4.3.3. control groups access control for resources

4.3.4. union file systems

4.3.5. container format default format libcontainer

5. architecture

5.1. Untitled

5.2. Daemon

5.2.1. commands start using -d

5.2.2. daemon command is run on port 2375

5.2.3. restart policies what happens to the service if it fails what happens to the service when it terminates what happens if the service keeps failing over and over Untitled

5.3. server is integrated into same binary as client

5.4. Client

5.4.1. docker command is client docker build docker pull docker run Specify PID namespaces

5.4.2. Untitled

5.5. Registry

5.6. Images

5.7. Containers

5.7.1. state Untitled docker ps docker ps -a

5.7.2. connect host use port mapping to map internal ports to host ports docker run -d -p 10001:80 --name blog1 tutum/wordpress -p host_port : container_port links between containers links won't wait for services to start precond for links Untitled Untitled

6. the process of containerizing

6.1. move config state into env vars

6.2. always decreasing he size of containerized application

7. images

7.1. package software in images

7.1.1. packaging hello world

7.1.2. preparing packaging for git

7.1.3. reviewing file system changes

7.1.4. commit a new image

7.1.5. configurable image attributes

7.2. image identifier

7.2.1. image tags

7.2.2. UID 65 bits 12 bits for human users

7.3. build images

7.3.1. build context . http/https git repo

7.3.2. cache --no-cache flag for disable

7.3.3. base images first instruction FROM scratch FROM ubuntu

7.3.4. dockerfile instructions ONBUILD defines instructions to execute if resulting image is used as a base for another build inject downstream build-time behavior Meta instruction FROM MAINTAINER ENV LABEL WORKDIR EXPOSE USER ENTRYPOINT Untitled file system instruction COPY VOLUME ADD Untitled

7.4. based on union file system

7.4.1. layers def Untitled Untitled upper bound 42 layers for AUFS system solve size problem with branches attributes env vars working dir set of exposed ports volume defs container entrypoint commands and arguments inheritance from parents if not specified add a layer to an image: docker commit what happens when docker run Untitled viewing changes added as a layer: docker diff Untitled view all historical changes as layers: docker history Untitled benefits of layers common layers installed only once coarse tool for managing dependencies easy to create software specializations weaknesses of ufs make implementing memory-mapped files difficult different file systems have different rules about file attributes, sizes, names and characters backing file system

7.4.2. mechanism: copy-on-write whole layer copied from read-only layer to writable layer before change made Untitled all layers below writable layers are immutable common layers can be shared when new change is made, a new layer is added and old layer is not removed

7.5. dockerfile

7.5.1. environmental precondition validation

7.5.2. use init process

7.6. versioning best practices

7.6.1. Untitled

7.7. image layering accomplished by union mounts

7.7.1. mount multiple file systems

7.7.2. combine into one file system

8. repos

8.1. Untitled

8.2. repo structure

8.3. create tags

8.3.1. applied to existing images docker tag

8.3.2. applied to new images docker commit docker build

8.4. tagging principles

8.4.1. every repo contains multi tags

8.4.2. multi tags can reference same images

8.5. Untitled

8.6. Untitled

9. network

9.1. four archetypes

9.1.1. closed containers

9.1.2. joined containers

9.1.3. bridged containers

9.1.4. open containers

9.2. Untitled

10. volumes

10.1. position within the ecosystem

10.1.1. Untitled

10.2. when a volume is mounted on a container file system, it replaces the content that the image provides at that location

10.3. types

10.3.1. Untitled

10.3.2. bind mount volume useful if want to share data with other processes not limited to directories, can mount to individual files creates potential for conflict

10.3.3. docker-managed volume created when use -v option on docker run

10.4. sharing

10.4.1. host dependent sharing two/more containers use bind mount volume for a single known location on the host

10.4.2. generalized sharing --volumes-from

10.5. clean up volumes

10.5.1. Untitled

11. work with containers

11.1. create containers

11.2. start containers

11.3. stop containers

11.4. kill containers

11.5. pause/unpause containers

11.6. clean up containers

12. Commands

12.1. docker run

12.1.1. Untitled

12.1.2. -d

12.1.3. -i

12.1.4. -tty