Docker
Docker⌗
These are required from fresher DevOps.
Used in deployment using containerization method. To run an application in isolated environment.
-
Docker engine is connected to host kernel
-
No need to allocate resources, Uses shared resources.
-
Components:
- dockerd -> Executed in background and use containerd to manage containers.
- dockercli -> an interface for docker.
- containerd -> lowest level.
Docker engine is service which allow you to run any OS, which uses dockercli and dockerd
Basic commands:⌗
-
Run a container by pulling image:
-
To get lists running containers:
You can use
-a
option to list stopped containers aswell. -
To get access to container use below command:
-
Command to stop & remove container
-
To remove all unused images.
-
To remove all stopped containers.
prune, can be used to remove unused images, containers, network, etc. Mostly used to clear the disk space.
- We can also force to remove
Docker Advanced.⌗
These are required from senior DevOps.
- Volumnes
- Network
- Compose (2/3 tier)
- Multistage docker build
- Docker push to docker hub
1. Docker Volumes⌗
It stores a copy of your container to your system too. So whenever docker container crashes this copy can be used.
Data is stored in container till it is in running status, after container is exited data is gone. That’s why docker volume is used to save data.
Example:
-
Clone an app and deploy with docker.
Now when if we create new container of same image, our data will be vanished. So to avoid this we can create and mount volume devices to containers to continue with same data.
-
Create directory, where we will store data.
-
Create volume
- device: location, s3, disk or direcory
- o=bind: two way communication, if you update someting on device or container both will be synced.
-
List volumes,
local
is default volume. -
Mount volume to container.
- target: to which we want to you want to store in volumnet
Volume device data and container’s data is synced in real time.
Example:
-
Get into container:
-
Do some changes, like create new file:
Now, check on device location, and changes will be reflected there. Every data will be synced. This is called data persistence.
2. Docker networking⌗
Used to create a network where we can connect multiple application.
Types:
- Default bridge
- Custom bridge (User defined)
- Host network
- Mac VLAN network
- None
- Overlay
- IPVLan
When you install docker new interface is created something like docker0
.
When you create new container, it is gone through docker network to access on other interfaces.
- List docker networks
By default 3 types of network are already present in docker, Other needs to be created. Bridge is used by default.
1. Default bridge:⌗
Provide internet access from inside, other can’t access from outside until you publish any port. when you bridge network is used docker0 interface create a bridge network with your active interface and then we have to bind ports to access.
2. Custom bridge⌗
Used to create isolated network environment. It is used to created a application group, where containers can access each other who are in that network
Create custom bridge:
Run container using custom bridge:
Now nginx & mysql can communicate easily, even with name of container.
3. Host⌗
When you using host network container directorly connects to your systems networks instead of docker0, This means that container is running same as an application which is using some port like nodejs app or mysql which are accessible on your host network. It is running on hosts ip.
4. Mac VLAN⌗
Modes: bridge & 802.1q
If you want to associate your container with Mac address, to pretend like a device not container. It simply allows containers to have a Mac address this allow containers to appear as physical device.
Directly connect you docker container with your physical network. (router,switch)
bridge (default):⌗
Create network
-o
for options.- parent is the physical network interface like wlan0, eth0. enp5s0, etc.
User network
Now, if you try to ping your other network device from container you might face issue,
This is the downside of Macvlan
:
Your containers have different mac but they share same port socket on physical network, It breaks the security because you can have only 1 or 2 mac address on one port and that’s what cause the issue.
To fix this we have to enable promiscuous mode.
- First enable it on physical network
- reboot your host.
Now it is directly connected to your home network/ physical network, You can directly use the ip.
802.1q:⌗
By using second type you can create a subinterface from your physical which contains there own network.
- Create Macvlan with 802.1q mode network
5. None⌗
Used to create an application with no internet access, with no incoming and outgoing traffic. If you want to create a dummy data container you can use this.
6. Overlay⌗
Used for communication between multiple docker daemon hosts. This helps containers running on different hosts to communicate easily. Example: k8s cluster, docker swarm, etc.
Create and use:
7. IPVLan⌗
This solves the Macvlan problem promiscuous stuffs.
Modes: L2 & L3
L2:⌗
Its same like Macvlan, there are assingned mac, they allow the host to share its macaddress with the containers, It means your mac address with exactly match with your host but will have ip address on network.
Create network:
Use in containers:
L3:⌗
Its all about layer3, We are connecting to host, host as a router. they connect to host physical network interfac. they connect to host physical network interface, This means no broadcast traffic not going to repond arp requests. The problem is, it cannot access internet and not anyone can access it. Because it is not in routing table, then why to deploy? Everyting is a game of more control you can do some crazy isolation with your containers.
Create network:
- Here we used two subnets, because we have to do that if want to create more than 1 network which are going to use the same physical interface
Use in container:
If you have more than one subnet you need to specify the ip address, Here both the subnet can talk to each other.
Now, to give access to the internet we need add a new static routing in your router page.
3. Docker compose.⌗
Used to run multiple container/microservices and different tier application.
3 tier application architecture:
1. presentation layer/tier (UI/Frontend)
2. Business layer/tier (Backend)
3. Database layer/tier
2 tier application
1. Backend
2. DB
Configuration language: YML/YAML (key: value)
We need YAML language to write docker-compose file, which contains all the stages and everything including ports, volumes, networks, etc.
Syntax:
Create env file:
To start container run:
To stop run:
4. Multistage docker build⌗
Multistage is used to reduce the size of docker image.
We use multiple FROM
or base images for different steps as per requirements.
Dockerfile is single stage build.
we use FROM
to get base image, after the work of base image is done, use another FROM
.
So the first FROM
becomes stage1 and compressed to binary, and is injected to next stage by using COPY
.
Normal Single stage build:⌗
size: 1.01GB
After making it Multistage build:⌗
Build:
size: 135M
Check the difference:
5. Docker push⌗
-
Create new account in Dockerhub
-
Login with your username and password.
-
Tag your image correctly to push, replace
user
with your username: -
Finally push it.