Container

(Kuliah Pekan 5 Komputasi Awan)

DR. HENDRA RAHMAWAN, S.KOM, MT
Outline
Motivations
Containers and Cloud Computing
Dedicated Machine vs. VM vs. Container
Introduction to Docker
Motivations: The Problems
The dependency hell problem, typical of complex distributed applications
The application portability problem
The "works on my machine" problem
Software/software versions conflicts, compatibility issues
For example, a developer using the macOS version of, say, PHP will probably not
be running the same version as the Linux server that hosts the production code.
◦ Even if the versions match, you then have to deal with differences in the
configuration and overall environment the version of PHP is running on
All of this comes to head when it is time for a developer to deploy their code to
the host and it doesn't work
Motivations: The Problems (contd.)
Should the production environment be configured to match the developer's
machine, or should developers only do their work in environments that match
productions?
In an ideal world, everything should be consistent, from the developer's laptop
all the way through to your production servers
◦ However, traditionally this utopia has been difficult to achieve
Everyone has their own way of working and personal preferences
Containers and Cloud Computing
Container: A software environment where one can install an application or application
component (the so called microservice) and all the library dependencies, the binaries, and a
basic configuration needed to run the application.
Container: A standard unit of software that packages up code and all its dependencies so the
application runs quickly and reliably from one computing environment to another
(https://www.docker.com/resources/what-container/)
Cloud and containers are currently the leading approaches to implementing multitenant
environments.
Typically, a single tenant (a user or group of users) is granted access to deploy guests in an
orchestrated fashion across a cloud or cluster made up of hundreds or thousands of physical
machines located in the same data center or across multiple data centers, to facilitate
operational flexibility in areas such as capacity planning, resiliency, and reliable performance
under variable load.
Containers and Cloud Computing (contd.)
Containers isolate an application from the underlying infrastructure and from other applications
and support performance and security isolation.
Multiple containers running on the same machine share the OS kernel thus, have a smaller
memory footprint and a shorter start-up time than VMs.
Cloud computing has embraced containerization.
◦ Containers-as-a-Service (CaaS) is geared toward efficiently running a single application.

Several CSPs including Heroku, OpenShift, dotCloud and CloudFoundry use containers to support
PaaS delivery model.
Amazon, Google, Microsoft, Open-Stack, Cloudstack and other CSPs offering the IaaS cloud
delivery model support containers.
VM vs Container

https://cs.gmu.edu/~yuecheng/teaching/cs795_fall18/_static/talks/lightvm.ppt
Baremetal
(Dedicated
Machine) vs VM
vs Container
 Virtual Machine Container
Examples VMware, KVM, Xen Docker, LXC
Design Have Guest OS and Hypervisor. No Guest OS
Difference Hypervisor  creates and runs VM. or
It allows multiple OS and Hypervisor
applications share a single
hardware process.
VM vs Container Interface VM used x86 ABI (Application Binary Use Kernal Syscall API for security.
Interface). API is used by programmer, Syscall API is more difficult to
and ABI is used by compiler. secure than regular x86 ABI.
Difference at ABI offered better memory Isolation Weaker Isolation.
end users and CPU protection rings. Process and network namespace,
root jails, seccomp etc. are there
but isolation is not equivalent to
VM.
Concerns More secure but heavy weight. Less secure but light weight.
How to Make it light weight? Make it more secure?
make it  Improvise Hypervisor  Securing with Syscall API has
optimal? limitation.

https://cs.gmu.edu/~yuecheng/teaching/cs795_fall18/_static/talks/lightvm.ppt
VM, Container Docker Boot Debian Boot Debian Create
105
and Process
Creation Times 104

103

Time [ms]
102

101

100
0 200 400 600 800 1000
Number of running guests

https://cs.gmu.edu/~yuecheng/teaching/cs795_fall18/_static/talks/lightvm.ppt
https://doi.org/10.1145/3365199
Container Tools:
Some Examples
Application Containers vs. System
Containers
Application containers (as provided by, for System containers simulate a full operating
example, Docker or Kubernetes) package a system and let you run multiple processes at
single process or application. the same time.
Application containers are suitable to provide System containers provide a full solution of
separate components libraries, applications, databases and so on

https://linuxcontainers.org/lxd/introduction/
Virtual Machines vs. System Containers
Virtual machines emulate a physical machine, System containers use the OS kernel of the
using the hardware of the host system from a host system instead of creating their own
full and completely isolated operating system. environment.
LXD provides support for system containers If you run several system containers, they all
and virtual machines. share the same kernel, which makes them
faster and more light-weight than virtual
machines.

https://linuxcontainers.org/lxd/introduction/
Docker
An open platform for developing, shipping, and running applications.
Enables you to separate your applications from your infrastructure so you can deliver software
quickly.
With Docker, you can manage your infrastructure in the same ways you manage your
applications.
By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly,
you can significantly reduce the delay between writing code and running it in production.
Docker provides the ability to package and run an application in a loosely isolated environment
called a container.
Containers are lightweight and contain everything needed to run the application, so you do not
need to rely on what is currently installed on the host.

https://docs.docker.com/get-started/overview/
Docker (contd.)
The isolation and security allows you to run many containers simultaneously on a given host.
You can easily share containers while you work, and be sure that everyone you share with gets
the same container that works in the same way.
Docker provides tooling and a platform to manage the lifecycle of your containers:
◦ Develop your application and its supporting components using containers.
◦ The container becomes the unit for distributing and testing your application.
◦ When you’re ready, deploy your application into your production environment, as a container or an
orchestrated service. This works the same whether your production environment is a local data center, a
cloud provider, or a hybrid of the two.

https://docs.docker.com/get-started/overview/
What can I use Docker for?
Fast, consistent delivery of your applications
Docker streamlines the development lifecycle by allowing developers to work in standardized
environments using local containers which provide your applications and services.
Containers are great for continuous integration and continuous delivery (CI/CD) workflows.
Consider the following example scenario:
◦ Your developers write code locally and share their work with their colleagues using Docker containers.
◦ They use Docker to push their applications into a test environment and execute automated and manual
tests.
◦ When developers find bugs, they can fix them in the development environment and redeploy them to
the test environment for testing and validation.
◦ When testing is complete, getting the fix to the customer is as simple as pushing the updated image to
the production environment.

https://docs.docker.com/get-started/overview/
What can I use Docker for?
Responsive deployment and scaling
Docker’s container-based platform allows for highly portable workloads.
Docker containers can run on a developer’s local laptop, on physical or virtual machines in a data
center, on cloud providers, or in a mixture of environments.
Docker’s portability and lightweight nature also make it easy to dynamically manage workloads,
scaling up or tearing down applications and services as business needs dictate, in near real time.

https://docs.docker.com/get-started/overview/
What can I use Docker for?
Running more workloads on the same hardware
Docker is lightweight and fast.
It provides a viable, cost-effective alternative to hypervisor-based virtual machines, so you can
use more of your server capacity to achieve your business goals.
Docker is perfect for high density environments and for small and medium deployments where
you need to do more with fewer resources.

https://docs.docker.com/get-started/overview/
 Docker uses a client-server architecture.
The Docker client talks to the Docker daemon, which does
the heavy lifting of building, running, and distributing your
Docker containers.
Docker The Docker client and daemon can run on the same system,
Architecture or you can connect a Docker client to a remote Docker
daemon.
The Docker client and daemon communicate using a REST
API, over UNIX sockets or a network interface.
Another Docker client is Docker Compose, that lets you work
with applications consisting of a set of containers.

https://docs.docker.com/get-
started/overview/
 Docker
Architecture
(contd.)

https://docs.docker.com/get-
started/overview/
 The Docker daemon
◦ The Docker daemon (dockerd) listens for Docker API requests and
manages Docker objects such as images, containers, networks,
Docker and volumes.

Architecture ◦ A daemon can also communicate with other daemons to manage

Docker services.
(contd.) The Docker client
◦ The Docker client (docker) is the primary way that many Docker
users interact with Docker.
◦ When you use commands such as docker run, the client sends
these commands to dockerd, which carries them out.
◦ The docker command uses the Docker API.
◦ The Docker client can communicate with more than one daemon.

https://docs.docker.com/get-
started/overview/
 Docker Desktop
◦ Docker Desktop is an easy-to-install application for your Mac,
Windows or Linux environment that enables you to build and
Docker share containerized applications and microservices.

Architecture ◦ Docker Desktop includes the Docker daemon (dockerd), the

Docker client (docker), Docker Compose, Docker Content Trust,
(contd.) Kubernetes, and Credential Helper. For more information, see
Docker Desktop.

Docker registries
◦ A Docker registry stores Docker images.
◦ Docker Hub is a public registry that anyone can use, and Docker is
configured to look for images on Docker Hub by default.
◦ You can even run your own private registry.
◦ When you use the docker pull or docker run commands, the
required images are pulled from your configured registry.
◦ When you use the docker push command, your image is pushed
to your configured registry.

https://docs.docker.com/get-
started/overview/
 Docker Objects
When you use Docker, you are creating and using
images, containers, networks, volumes, plugins,
and other objects.

https://docs.docker.com/get-
started/overview/
 A read-only template with instructions for creating a Docker
container.
Often, an image is based on another image, with some additional
customization.
Docker Objects: ◦ For example, you may build an image which is based on the ubuntu
image, but installs the Apache web server and your application, as
well as the configuration details needed to make your application
Images run.
You might create your own images or you might only use those
created by others and published in a registry.
To build your own image, you create a Dockerfile with a simple
syntax for defining the steps needed to create the image and run
it.
Each instruction in a Dockerfile creates a layer in the image.
When you change the Dockerfile and rebuild the image, only
those layers which have changed are rebuilt.
This is part of what makes images so lightweight, small, and fast,
when compared to other virtualization technologies.

https://docs.docker.com/get-
started/overview/
 A container is a runnable instance of an image.
You can create, start, stop, move, or delete a container using
the Docker API or CLI.
You can connect a container to one or more networks, attach
Docker Objects: storage to it, or even create a new image based on its current
state.
Containers
By default, a container is relatively well isolated from other
containers and its host machine.
You can control how isolated a container’s network, storage,
or other underlying subsystems are from other containers or
from the host machine.
A container is defined by its image as well as any
configuration options you provide to it when you create or
start it.
When a container is removed, any changes to its state that
are not stored in persistent storage disappear.

https://docs.docker.com/get-
started/overview/
 Example docker run command
The following command runs an ubuntu container, attaches interactively to
your local command-line session, and runs /bin/bash.
Docker Objects: docker run -i -t ubuntu /bin/bash

Containers When you run this command, the following happens (assuming you are using
the default registry configuration):

(contd.) 1. If you do not have the ubuntu image locally, Docker pulls it from your
configured registry, as though you had run docker pull ubuntu manually.
2. Docker creates a new container, as though you had run a docker
container create command manually.
3. Docker allocates a read-write filesystem to the container, as its final layer.
This allows a running container to create or modify files and directories
in its local filesystem.
4. Docker creates a network interface to connect the container to the
default network, since you did not specify any networking options. This
includes assigning an IP address to the container. By default, containers
can connect to external networks using the host machine’s network
connection.
5. Docker starts the container and executes /bin/bash. Because the
container is running interactively and attached to your terminal (due to
the -i and -t flags), you can provide input using your keyboard while the
output is logged to your terminal.
https://docs.docker.com/get- 6. When you type exit to terminate the /bin/bash command, the container
stops but is not removed. You can start it again or remove it.
started/overview/
 Docker Objects:
Containers
(contd.)

https://docs.docker.com/get-
started/overview/
 Build an image from a Dockerfile
Usage:
Docker ◦ docker build [OPTIONS] PATH | URL | -

Commands: The docker build command builds Docker images from a

Dockerfile and a “context”.
docker build A build’s context is the set of files located in the specified
PATH or URL.
Example of a Dockerfile

https://docs.docker.com/engine/re
ference/commandline/build/
 Docker
Commands:
docker build
(contd.)

Five directives, five new layers

https://docs.docker.com/engine/refe
rence/commandline/build/
 Create and run a new container from an image
Usage:
Docker ◦ docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Commands: The docker run command first creates a writeable container

layer over the specified image, and then starts it using the
docker run specified command.
A stopped container can be restarted with all its previous
changes intact using docker start

https://docs.docker.com/get-
started/overview/
 1. Install Docker atau gunakan https://labs.play-with-
docker.com/
2. Jalankan 2 buah container bebas

Tugas Mandiri 3. Akses kedua container tersebut. Akses dapat melalui CLI
atau web browser, tergantung container yang dijalankan.
Pekan 5 4. Laporkan langkah 1-3 dalam bentuk tulisan ringkas
5. Kumpulkan dalam bentuk file PDF melalui form:
https://forms.gle/B8e8nb9bV5XaNdZP8