Docker
Docker --version to know the version of docker installed.
- Layers of images
- Mostly Linux Base image, because small in size e.g. Alpine
- Application image on top
Docker Ecosystem
- Docker server — where docker is installed
- Docker Client — Cli
- Docker Daemon — Docker Service
- Docker machine — is a tool to create small VM’s on Dcoker
- Docker compose - too to create service, stack of services
- Swarm — Orchestration tool by Docker. Alternatives Kubernetes or Apache Mesos
- Registry — where docker images are available
Cloud:
1
compute — underline hardware we can run applications
AWS: EC2, lambda, Elastic beanstalk, EKS,
GCP: compute-engine, cloud-function App-engine, GKS
Container :
A way to package application with all the necessary dependecies and configuration
Containers live in?
- container Repository
- private repositories
- public repository for Docker — DockerHub
Before containers
- configuration on the sever needed
- dependency version conflicts
- textual guide of deployment
- misunderstandings
Aftr Containers
- Developers and opeartions work together to package the applccation in a container
- no environmental configuration needed on the server
Difference between Docker and VM
Docker virtualizes the applicaiton layer and uses the kernel of the host, while VM virtualizes the OS kernel and Applications
Docker toolbox allows you to run the docker images of windows on linux and viceversa
Docker Image :
Image is a template for creating a environment of our choice. often a snapshot. it contains everything an app needs to run.
remove all the dangling images (
Container :
Running an instance of an image
Docker Hub :
It is simply a registry, where you can download images and push your own images for others to use it.
docker pull image-name : tag-name to pull an image from the dockerhub
docker image rm image-id to delete the pulled images or docker rmi image-id
docker image ls to check the images downloaded locally.
docker run image-name : tag-name to run the container of an image inside docker. it will hang so need to run in detach mode. docker run -d image-name : tag-name
docker container ls or docker ps to check the containers running in the docker.
docker stop container-id or to stop the container running.
Exposing Port:
Mapping the localhost port 8080 to the Container port 80
docker run -d -p 8080:80 nginx:latest
docker run -d -p 8080:80 -p 3000:80 nginx:latest Mapping multiple ports of local host to the docker container.
Managing Containers:
Whenever we run the Docker run command a new container id and name is created. So it is advisable not to use the docker run command once the first container is created.
use the docker start and docker stop commands to start and stop the existing conatainers
docker ps -a to list all the containers which have been created.
docker rm container-id or docker rm container-name to delete the created containers
docker rm $(docker ps -aq) to remove all the containers which have been created. but won’t remove the running container. use force rm to remove the running also docker rm -f $(docker ps -aq)
docker run —name website -d -p 8080:80 -p 3000:80 nginx:latest to name the container user the --name options
Docker PS –Format:
1
docker ps —format="ID\\t{{.ID}}\nName\\t{{.Names}}\nImage\\t{{.Image}}\nPorts\\t{{.Ports}}\nCommand\\t{{.Command}}\nCreated\\t{{.CreatedAt}}\nStatus\\t{{.Status}}\n”
or set FORMAT=’string’. then access the FORMAT env variable in the command
Volumes
For every docker, new volume will be created if not specified. and Stored under /var/lib/docker/volume. To get more storage, mount this directory to the Storage capacity and use the created volumes
docker volume create volume-name
allows sharing of data. Files and Folders.
Between host and container. Between containers
docker run --name website -v source:destination:ro -d -p 8080:80 image-name
docker run --name website -v $(pwd):/usr/share/nginx/html:ro -d -p 8080:80 nginx
Three types :
- Mount with the path from the host file system
- Anonymous volumes
- Named volumes
Mounted volumes are stored in /var/lib/docker/volumes
Volumes between host and container
docker exec -it website bash to open the container in the interactive mode and start with bash terminal
Volumes(Between Containers)
docker run --volumes-from website --name website-copy -d -p 8081:80 nginx
DockerFile
Build own images, it contains list of steps of how to create our image
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession.
FROM nginx:latest
ADD . /usr/share/nginx/html
IAC - Infrastructure as Code
- Ansible
- Teraform
- Powershell
- Chef
- Puppet
- Jenkins Pile Scripting
Docker Build
Dockerfile is used to create custom image
docker build --tag website:latest . —> this command looks for the dockerfile in the current directory and build the image
FROM -
ADD - to add file in the working directory
RUN -
CMD - to copy file from base machine to container
WORKDIR - set the working directory for the container, if not exists, it will create new one
Python implementation of Docker file
FROM python:latest
WORKDIR /app
COPY . /app
RUN pip install —trusted-host pypi.python.org -4 requirements.txt
EXPOSE 80
ENV NAME World
CMD [“python”, “app.py”]
.dockerignore
node_modules
Dockerfile
.git
*.gulp.js
folder/*.exe
Caching and Layers
Every step in dockerfile is a layer, layer can be used to caching
Alpine — linux edition
can be used to reduce the sizze of the image
Pulling alpine images
Docker pull image-name:tag-name
Tags, Versionsing
docker build -t santhosh-website:latest .
docker tag santhosh-website:latest santhosh-website:1
After tag command image id will be same.
Docker Registry
Highly scalable server side application that stores and lets you distribute Docker images
Used in CD/CI pipeline
Run your applications
Private/Public Registries available.
- Docker Hub
- quay.io
- Amazon ECR
pushing images to docker hub
You can push a new image to this repository using the CLI
docker tag local-image:tagname new-repo:tagname
docker push new-repo:tagname
Pulling own images
docker pull santozkumar/website:latest
Inspect command
docker inspect image-id or docker inspect container-id
Docker Logs
docker logs container-id
docker logs -f container-id
Docker EXec
docker exec -it container-id /bin/bash
Docker Network
| ifconfig -a | more |
below docker0 supplies the ip-address to all the containers in the netwok
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:48ff:feb2:c741 prefixlen 64 scopeid 0x20 ether 02:42:48:b2:c7:41 txqueuelen 0 (Ethernet) RX packets 17 bytes 5206 (5.2 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 51 bytes 7535 (7.5 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker network ls to check the list of docker netword created
docker network create new-network-name to create a new docker netword
docker network inspect new-network-name to inspect the subnet of the created network
docker network disconnect network-name container-name to disconnect
docker network connect network-name container-name to connect
docker network rm network-name to delete the created network
docker network prune remove all unused networks
1
2
3
4
docker run -d --network some-network --name some-mongo \
-e MONGO_INITDB_ROOT_USERNAME=mongoadmin \
-e MONGO_INITDB_ROOT_PASSWORD=secret \
mongo
Docker Compose
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
Docker-compose up
Docker Swarm
Hardware requirements
- manager/master node
- worker nodes(atleast 2)
Software requirments
- in all machine docker must run ( systemctl status docker)
- all machines are interconnected
- (ip a) to check ip address of all machines
- cat /etc/hosts add other hosts ip in this file with names
- ping -c 3 docker-master
- all the machines are ssh enabled
docker node ls to check the nodes connected in the docker-swarm cluster (i.e. status of cluster)
docker swarm leave to leave from the cluster
docker swarm init --advertise-addr ip-address-value to initialize the cluster, this node will be assigned as manager. and it shows the command to add the worker and other manager node to this cluster
Deplying a service into the swarm cluster.docker service create —replicas 7 -p 80:80 nginx
above command creates 7 containers of nginx in the cluster.
docker stack deploy -c docker-compose.yaml myapp-stach
docker node inspect self to check the ip-address and name and configs of the host
docker node inspect docker-worker1 configs of other host in cluster
docker node update —availability drain docker-worker1
Kubernetes
- Provisioning and deployment of containers
- Redundancy and availability of containers
- Scaling up or removing containers to spread application load evenly actoss
- Movement of containers from one host to another if there is a shortage
- Allocation of resources between containers
- External exposure of services running in a container with the outside world
- Load balancing of service discovery b/w containers
- Health monitoring and logs
In Docker Swarm containers split including master nodes, but in kubernetes master node doesn’t run any app containers, it run maximun no of internal processes
Kubernetes is the most popular container orchestration tool
Official definition :
open source container orchestration tool, developed by google.
helps you manage containerized applications in different deployment environments (physical, virtual and hybrid)
what problem does Kubernetes solve?
increasing usage of Microservices and able to solve the increased usage of containers
what features do orchestration tool offer?
High availability or no downtime
Scalability or high performance
Disaster recovery - backup and restore
Kubernetes Architecture
Cluster
group of application instances - SWARM, Kubernetes, Apache mesos
group of database instances - RAC
group of servers - SUN, Veritas, Redhat Cluster, IBM cluster
Advantages of cluster :
- High availaility
- auto-scaling
- auto-healing
- load-balancing
Master node will be connected to the couple of worker nodes, where each worker node has the Kubelet process running it.
Kubelet is a kubernetes process that makes it possible for the cluster to talk to each other and execute some tasks on nodes.
On worker Nodes our applications are running. Much bigger more resources.
On Master Nodes, important K8s processes are running. more important. so have the backup of master in prod environments.
Kubernetes master: the master manages the scheduling and deployment of application instances across nodes, and the full set of services the master node runs is know as the control plane. The master communicates with nodes through the kubernetes API server. The scheduler assigns nodes to pods depending on the resource and policy constraints you’ve defined.
Kubelet : Each node runs an agent process called a kubelet, that’s responsible for managing the state of the node: starting, stopping and maintaining application containers based on instructions from control plane. It receives information from the kubernetes API server.
- API Server - which also a contianer, entrypoint to K8S cluster, different kubernetes clients will talk to this via UI, API, or CLI.
- Controller manager - keeps track of whats happening in the cluster. detects cluster changes i.e. if any pod dies. Controller Manager —> Scheduler —> where(node) to put pod? —> Kubelet
- Scheduler - scheduling containers on different nodes based on work load, available server resources. ensures Pods placement. Schedule new pod —> API Server —> Scheduler —> where to put the pod? —> kubelet starts the pod
- etcd — basically holds anytime the current state of the cluster. holds all the configuration data, state data of each container on each node. Backup and restore is made from this etcd snapshots kubernetes backing key-value store. What resources are available? Did the cluster state change? is the cluster healthy? all these informations are stored in etcd.
Virtual Network which enables master and work nodes to talk to each other. Creates on unified machine.
- each node has multiple Pods on it
- 3 processes must be installed on every Node, that are used to schedule and manage those pods
- Container runtime — like Docker or something
- Kubelet interacts with both - the container and node. it schedules the process. it starts the pod with a container inside
- Kube Proxy - forwarding requests from services to Pods.
Chapter 2. The Transport Layer: TCP, UDP, and SCTP - Shichao’s Notes
Services — communication between the Pods is handled
How do you interact with this cluster?
Kubectl setup :
1
2
echo "source <(kubectl completion bash)" >> ~/.bashrc
source .bashrc
https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/10:18
kubernetes.io/docs/tutorials/stateless-application/guestbook10:19
https://labs.play-with-k8s.com/10
Job
A Job creates one or more Pods and ensures that a specified number of them successfully terminate. As pods successfully complete, the Job tracks the successful completions. When a specified number of successful completions is reached, the task (ie, Job) is complete. Deleting a Job will clean up the Pods it created.
Pod, Services and Ingress
Node — physical or virtual server
Pod —
- smallest unit of K8s
- Abstraction over container
- usually 1 application per Pod
- Each Pod gets it’s own IP address
- New IP address on re-creation — it;s a disadvantage when Pod is dead, new ip created. So service helps to overcome this
Service :
- Permanent IP address attached to each Pod
- Also acts as a load balancer
- lifecycle of Pod and Service not connected. even pod dies, ip address stay.
Ingress :
request first goes to ingress, it does the forward invent to the service.
allows to name the website.
image
![Docker%20and%20Kubernetes%20e856bd0eb3074698a7c7fbeaf0c2d051/Untitled%201.png]()
Config Map and Secret
ConfigMap : external configuration of your application DB_URL = mongo-db
Secret : used to store secret data, stored in base64 encoded. DB_USER = mongo-user or DB_PASSWORD = mongo-password
Use the above as environment variables or as a properties file.
Volumes:
if the DB restarted, data is gone. so attach a local or remote storage volume to the DB Pod.
K8S doesn’t manage data persistance, our responsible to backup or replicate the data in external hardware
Deployment and Stateful Set
Replicate Everything on multiple nodes
Deployment :
Replica is connected to the same Service(permanent Ip, load balancer)
define blueprints for my-app pods —> which is called as deployments
deployment is the abstraction of pods.
DB can’t be replicated via Deployment. because DB have state, so use Statefulset to avoid data inconsistencies.
StatefulSET :
for StateFull apps or Databases. which read and writes are synchronized.
Deploying Statefulset not easy, so often host DB outside of K8s cluster and do deployents of Stateless applications.
Benefits of K8s.
High availability and scalability
Every component is replicated, load balanced, no bottleneck that slows down the responses
Components summary:
POD - abstraction of containers
Service - Communication
Ingress - route traffic into cluster
ConfigMap and Secrets - External Configuration
Volumes - Data persistance
Deployment and StatefulSet — Replicating mechanisms
Minikube and Kubectl
kubeadm is utility to create multi-node cluster
minikube is utility to create single-node cluster
kubectl is a cli/utility to communicate with k8s cluster
Structure
![Docker%20and%20Kubernetes%20e856bd0eb3074698a7c7fbeaf0c2d051/Untitled%202.png]()
What is Minikube?
Test/Local cluster setup
creates virtual box on your laptop
Node runs in that Virtual Box
1 Node k8s cluster
for testing purposes
what is Kubectl?
command line tool for any type for k8s cluster
Minikube master :
- kube-apiserver
- Etcd
- Node-Controller
- Replica-controller
Worker node
- Kubelet
- Container runtime
- kube-proxy
Kube
minikube start —vm-driver=hyperkit to start the kubernetes cluster
kubectl get nodes or kubectl get nodes -o wideget the status of the nodes of the k8s cluster
minikube status
kubectl version to find the version of kubernetes
Minikube CLI … for start up/deleting the cluster
Kebectl CLI …for configuring the Minikube cluster
Create Deployment
kubectl get all to get all the components running inside the cluster
kubectl get nodes
kubectl get pod
kubectl get services
kubectl create deployment NAME —image=image [—dry-run] [options]
e.g. kubectl create deployment nginx-depl —image=nginx
kubectl get deployment
kubectl get pod
kubectl delete deployment to delete the deployment along with pods and replicaset related to the deployment
Debugging Pods
kubectl logs pod-name
kubectl describe pod pod-name
kubectl exec -it pod-name — bin/bash entr the container and look at the terminal
Kubectl apply -F
instead of create deployment with using command line, we can use the configuration files
kubectly apply -f config-file.yaml if deployment already created/ it updates with the new configs
kubectl delete -f config-file.yaml to delete the deployment
Yaml Configuration file explained
Each configuratioin file has 3 parts
- Metadata
- Specs —> attributes are specific to the type of components
- Status —> automatically generated and added by kubernetes
First two lines will be what component we want to create
apiVersion field
kind Version
pod v1
service v1
Replicaset apps/v1
Deployment apps/v1
Kind —- refers to the type of different objects, it may be pod, ReplicaSet, ReplicationController, Deployment
metadata — the data about the object. useful when we have a lot of pods, and we can use these to substitue ports for those objects
spec —- Additional information of the object
Kubectl service:
kubectl apply -f nginx-service.yaml — to create Service using config file
kubectl describe service nginx-service — to get thee information of port, target port and and pods ip which it will forward the requests
kubectl get pod -o wide to check the ip addresses of the pod. shows more info
kubectl get deployment nginx-deployment -o yaml > nginx-deployment.yaml to get the current deployment configs in the yaml file, could be used to copy and do other deployments, but needs to be cleaned some of the unique attributes
To get the base 64 encoded strings like username and password to use in the secret
echo -n 'someSecretString' | base64
Order of creation of components in the Kubernetes matter.
- Create Secrets or configmaps if defined
- Create deployment
Types of Service
- Internal Service or Cluster IP is Default
- Load Balance is for External communication service. needs to be defined in servic config file as type
Templates
MongoDB and internal service and secrets
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
apiVersion: apps/v1 kind: Deployment metadata: name: mongodb-deployment labels: app: mongodb spec: replicas: 1 selector: matchLabels: app: mongodb template: metadata: labels: app: mongodb spec: containers: - name: mongodb image: mongo ports: - containerPort: 27017 env: - name: MONGO_INITDB_ROOT_USERNAME valueFrom: secretKeyRef: name: mongodb-secret key: mongo-root-username - name: MONGO_INITDB_ROOT_PASSWORD valueFrom: secretKeyRef: name: mongodb-secret key: mongo-root-password --- apiVersion: v1 kind: Service metadata: name: mongodb-service spec: selector: app: mongodb ports: - protocol: TCP port: 27017 targetPort: 27017
1 2 3 4 5 6 7 8
apiVersion: v1 kind: Secret metadata: name: mongodb-secret type: Opaque data: mongo-root-username: dXNlcm5hbWU= mongo-root-password: cGFzc3dvcmQ=
Mongo express and External service and configmap
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
apiVersion: apps/v1 kind: Deployment metadata: name: mongo-express labels: app: mongo-express spec: replicas: 1 selector: matchLabels: app: mongo-express template: metadata: labels: app: mongo-express spec: containers: - name: mongo-express image: mongo-express ports: - containerPort: 8081 env: - name: ME_CONFIG_MONGODB_ADMINUSERNAME valueFrom: secretKeyRef: name: mongodb-secret key: mongo-root-username - name: ME_CONFIG_MONGODB_ADMINPASSWORD valueFrom: secretKeyRef: name: mongodb-secret key: mongo-root-password - name: ME_CONFIG_MONGODB_SERVER valueFrom: configMapKeyRef: name: mongodb-configmap key: database_url --- apiVersion: v1 kind: Service metadata: name: mongo-express-service spec: selector: app: mongo-express type: LoadBalancer ports: - protocol: TCP port: 8081 targetPort: 8081 nodePort: 30000
1 2 3 4 5 6
apiVersion: v1 kind: ConfigMap metadata: name: mongodb-configmap data: database_url: mongodb-service
After the external service is created, external ip will be shown in kubectl get services, in minikube need to run the kubectl service external-service-name to get the ip.
NAMESPACE:
What is a Namespace?
organise resources in namespace
virtual cluster inside a kubernetes cluster
4 names per Default
- kube-system : do not create or modify in kube-system, Sytem process, Master and kubectl processes
- Kube-public : public acccessible data; A configmap, which contains cluster information
Why to use the namespace?
Ingress:
to use the ingress, need the ingress controller to evaluate the rules and forward the request.
minikube addons enable ingress
Helm
package manager for kubernetes