dsh
1 month ago
committed by
GitHub
parent
51d7dfb0a4
commit
3a1c7e5300
42 changed files with 49 additions and 731 deletions
@ -1,17 +1,9 @@ |
||||
# Bare Metal vs VM vs Containers |
||||
|
||||
## Bare Metal |
||||
|
||||
Bare metal is a term used to describe a computer that is running directly on the hardware without any virtualization. This is the most performant way to run an application, but it is also the least flexible. You can only run one application per server, and you cannot easily move the application to another server. |
||||
|
||||
## Virtual Machines |
||||
|
||||
Virtual machines (VMs) are a way to run multiple applications on a single server. Each VM runs on top of a hypervisor, which is a piece of software that emulates the hardware of a computer. The hypervisor allows you to run multiple operating systems on a single server, and it also provides isolation between applications running on different VMs. |
||||
|
||||
## Containers |
||||
|
||||
Containers are a way to run multiple applications on a single server without the overhead of a hypervisor. Each container runs on top of a container engine, which is a piece of software that emulates the operating system of a computer. |
||||
Bare metal is a term used to describe a computer that is running directly on the hardware without any virtualization. This is the most performant way to run an application, but it is also the least flexible. You can only run one application per server, and you cannot easily move the application to another server. Virtual machines (VMs) are a way to run multiple applications on a single server. Each VM runs on top of a hypervisor, which is a piece of software that emulates the hardware of a computer. The hypervisor allows you to run multiple operating systems on a single server, and it also provides isolation between applications running on different VMs. Containers are a way to run multiple applications on a single server without the overhead of a hypervisor. Each container runs on top of a container engine, which is a piece of software that emulates the operating system of a computer. |
||||
|
||||
You can learn more from the following resources: |
||||
|
||||
- [@article@History of Virtualization](https://courses.devopsdirective.com/docker-beginner-to-pro/lessons/01-history-and-motivation/03-history-of-virtualization) |
||||
- [@article@Bare Metal Machine](https://glossary.cncf.io/bare-metal-machine/) |
||||
- [@article@What is a Virtual Machine?](https://azure.microsoft.com/en-au/resources/cloud-computing-dictionary/what-is-a-virtual-machine) |
||||
|
||||
@ -1,16 +1,8 @@ |
||||
# What are Namespaces? |
||||
|
||||
In the Linux kernel, namespaces are a feature that allows the isolation of various system resources, making it possible for a process and its children to have a view of a subset of the system that is separate from other processes. Namespaces help to create an abstraction layer to keep containerized processes separate from one another and from the host system. |
||||
|
||||
There are several types of namespaces in Linux, including: |
||||
|
||||
- **PID (Process IDs)**: Isolates the process ID number space, which means that processes within a container only see their own processes, not those on the host or in other containers. |
||||
- **Network (NET)**: Provides each container with a separate view of the network stack, including its own network interfaces, routing tables, and firewall rules. |
||||
- **Mount (MNT)**: Isolates the file system mount points in such a way that each container has its own root file system, and mounted resources appear only within that container. |
||||
- **UTS (UNIX Time Sharing System)**: Allows each container to have its own hostname and domain name, separate from other containers and the host system. |
||||
- **User (USER)**: Maps user and group identifiers between the container and the host, so different permissions can be set for resources within the container. |
||||
- **IPC (Inter-Process Communication)**: Allows or restricts the communication between processes in different containers. |
||||
Docker namespaces are a fundamental feature of Linux that Docker uses to create isolated environments for containers. They provide a layer of isolation by creating separate instances of global system resources, making each container believe it has its own unique set of resources. Docker utilizes several types of namespaces, including PID (Process ID), NET (Network), MNT (Mount), UTS (Unix Timesharing System), IPC (InterProcess Communication), and USER namespaces and by leveraging these namespaces, Docker can create lightweight, portable, and secure containers that run consistently across different environments. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Docker Namespaces](https://docs.docker.com/engine/security/userns-remap/) |
||||
- [@article@Linux Namespaces](https://man7.org/linux/man-pages/man7/namespaces.7.html) |
||||
|
||||
@ -1,10 +1,9 @@ |
||||
# cgroups |
||||
|
||||
**cgroups** or **control groups** is a Linux kernel feature that allows you to allocate and manage resources, such as CPU, memory, network bandwidth, and I/O, among groups of processes running on a system. It plays a crucial role in providing resource isolation and limiting the resources that a running container can use. |
||||
|
||||
Docker utilizes cgroups to enforce resource constraints on containers, allowing them to have a consistent and predictable behavior. Below are some of the key features and benefits of cgroups in the context of Docker containers: |
||||
cgroups or "control groups" are a Linux kernel feature that allows you to allocate and manage resources, such as CPU, memory, network bandwidth, and I/O, among groups of processes running on a system. It plays a crucial role in providing resource isolation and limiting the resources that a running container can use. Docker utilizes cgroups to enforce resource constraints on containers, allowing them to have a consistent and predictable behavior. Below are some of the key features and benefits of cgroups in the context of Docker containers: |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Control Groups](https://www.docker.com/resources/what-container/#control-groups) |
||||
- [@article@Control Groups - Medium](https://medium.com/@furkan.turkal/how-does-docker-actually-work-the-hard-way-a-technical-deep-diving-c5b8ea2f0422) |
||||
- [@video@An introduction to cgroups, runc & containerD](https://www.youtube.com/watch?v=u1LeMndEk70) |
||||
@ -1,6 +1,6 @@ |
||||
# Installation Setup |
||||
|
||||
Docker provides a desktop application called **Docker Desktop** that simplifies the installation and setup process. There is also another option to install using the **Docker Engine**. |
||||
Docker provides a desktop application called*Docker Desktop that simplifies the installation and setup process. There is also another option to install using the Docker Engine but be aware that installing just the Docker Engine will not provide you with any GUI capabilites. |
||||
|
||||
- [@official@Docker Desktop website](https://www.docker.com/products/docker-desktop) |
||||
- [@official@Docker Engine](https://docs.docker.com/engine/install/) |
||||
|
||||
@ -1,19 +1,8 @@ |
||||
# Ephemeral FS |
||||
|
||||
By default, the storage within a Docker container is ephemeral, meaning that any data changes or modifications made inside a container will only persist as long as the container is running. Once the container is stopped and removed, all the associated data will be lost. This is because Docker containers are designed to be stateless by nature. |
||||
|
||||
This temporary or short-lived storage is called the "ephemeral container file system". It is an essential feature of Docker, as it enables fast and consistent deployment of applications across different environments without worrying about the state of a container. |
||||
|
||||
## Ephemeral FS and Data Persistence |
||||
|
||||
As any data stored within the container's ephemeral FS is lost when the container is stopped and removed, it poses a challenge to data persistence in applications. This is especially problematic for applications like databases, which require data to be persisted across multiple container life cycles. |
||||
|
||||
To overcome these challenges, Docker provides several methods for data persistence, such as: |
||||
|
||||
- **Volumes**: A Docker managed storage option, stored outside the container's FS, allowing data to be persisted across container restarts and removals. |
||||
- **Bind mounts**: Mapping a host machine's directory or file into a container, effectively sharing host's storage with the container. |
||||
- **tmpfs mounts**: In-memory storage, useful for cases where just the persistence of data within the life-cycle of the container is required. |
||||
By default, the storage within a Docker container is ephemeral, meaning that any data changes or modifications made inside a container will only persist as long as the container is running. Once the container is stopped and removed, all the associated data will be lost. This is because Docker containers are designed to be stateless by nature. This temporary or short-lived storage is called the "ephemeral container file system". It is an essential feature of Docker, as it enables fast and consistent deployment of applications across different environments without worrying about the state of a container. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Data Persistence - Docker Documentation](https://docs.docker.com/get-started/docker-concepts/running-containers/persisting-container-data/) |
||||
- [@video@Docker Concepts - Persisting container data](https://www.youtube.com/watch?v=10_2BjqB_Ls) |
||||
|
||||
@ -1,27 +1,8 @@ |
||||
# Efficient Layer Caching |
||||
|
||||
When building container images, Docker caches the newly created layers. These layers can then be used later on when building other images, reducing the build time and minimizing bandwidth usage. However, to make the most of this caching mechanism, you should be aware of how to efficiently use layer caching. |
||||
|
||||
## How Docker Layer Caching Works |
||||
|
||||
Docker creates a new layer for each instruction (e.g., `RUN`, `COPY`, `ADD`, etc.) in the Dockerfile. If the instruction hasn't changed since the last build, Docker will reuse the existing layer. |
||||
|
||||
For example, consider the following Dockerfile: |
||||
|
||||
```dockerfile |
||||
FROM node:14 |
||||
|
||||
WORKDIR /app |
||||
|
||||
COPY package.json /app/ |
||||
|
||||
RUN npm install |
||||
|
||||
COPY . /app/ |
||||
|
||||
CMD ["npm", "start"] |
||||
``` |
||||
When building container images, Docker caches the newly created layers. These layers can then be used later on when building other images, reducing the build time and minimizing bandwidth usage. However, to make the most of this caching mechanism, you should be aware of how to efficiently use layer caching. Docker creates a new layer for each instruction (e.g., `RUN`, `COPY`, `ADD`, etc.) in the Dockerfile. If the instruction hasn't changed since the last build, Docker will reuse the existing layer. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Docker Layer Caching](https://docs.docker.com/build/cache/) |
||||
- [@video@Layer Caching](https://www.youtube.com/watch?v=_nMpndIyaBU) |
||||
@ -1,45 +1,8 @@ |
||||
# Runtime Configuration Options |
||||
|
||||
Runtime configuration options allow you to customize the behavior and resources of your Docker containers when you run them. These options can be helpful in managing container resources, security, and networking. |
||||
|
||||
Here's a brief summary of some commonly used runtime configuration options: |
||||
|
||||
- **CPU:** You can limit the CPU usage of a container with the `--cpus` and `--cpu-shares` options. `--cpus` limits the number of CPU cores a container can use, while `--cpu-shares` assigns relative share of CPU time for the container. |
||||
|
||||
```bash |
||||
docker run --cpus=2 --cpu-shares=512 your-image |
||||
``` |
||||
|
||||
- **Memory:** You can limit and reserve memory for a container using the `--memory` and `--memory-reservation` options. This can help prevent a container from consuming too many system resources. |
||||
|
||||
```bash |
||||
docker run --memory=1G --memory-reservation=500M your-image |
||||
``` |
||||
|
||||
- **User:** By default, containers run as the `root` user. To increase security, you can use the `--user` option to run a container as another user or UID. |
||||
|
||||
```bash |
||||
docker run --user 1000 your-image |
||||
``` |
||||
|
||||
- **Read-only root file system:** To prevent unwanted changes to the container file system, you can use the `--read-only` option to mount the root file system as read-only. |
||||
|
||||
```bash |
||||
docker run --read-only your-image |
||||
``` |
||||
|
||||
- **Publish Ports:** You can use the `--publish` (or `-p`) option to publish a container's ports to the host system. This allows external systems to access the containerized service. |
||||
|
||||
```bash |
||||
docker run -p 80:80 your-image |
||||
``` |
||||
|
||||
- **Hostname and DNS:** You can customize the hostname and DNS settings of a container using the `--hostname` and `--dns` options. |
||||
|
||||
```bash |
||||
docker run --hostname=my-container --dns=8.8.8.8 your-image |
||||
``` |
||||
Docker runtime configuration options give you powerful control over your containers' environments. By tweaking resource limits, network settings, security profiles, and logging drivers, you can optimize performance and enhance security. You'll also find options for setting environment variables, mounting volumes, and overriding default behaviors – all crucial for tailoring containers to your specific needs. For more advanced users, there are tools to adjust kernel capabilities and set restart policies. Whether you're using command-line flags or Docker Compose files, these options help ensure your containers run smoothly and consistently, no matter where they're deployed. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Docker Documentation](https://docs.docker.com/engine/reference/run/) |
||||
- [@article@Docker Runtime Arguments](https://galea.medium.com/docker-runtime-arguments-604593479f45) |
||||
|
||||
@ -1,23 +1,8 @@ |
||||
# Docker Images |
||||
|
||||
Docker images are lightweight, standalone, and executable packages that include everything needed to run an application. These images contain all necessary dependencies, libraries, runtime, system tools, and code to enable the application to run consistently across different environments. |
||||
Docker images are lightweight, standalone, and executable software packages that include everything needed to run a piece of software, such as the application code, runtime, libraries, and system tools. They serve as the blueprint for creating containers and are built in layers, where each layer represents a file system change, allowing for efficient storage and distribution. Docker images can be stored in and pulled from container registries like Docker Hub, enabling developers to share, deploy, and version their applications consistently across different environments, ensuring reproducibility and simplifying the process of managing dependencies. |
||||
|
||||
## Working with Docker Images |
||||
Learn more from the following resources: |
||||
|
||||
Docker CLI provides several commands to manage and work with Docker images. Some essential commands include: |
||||
|
||||
- `docker image ls`: List all available images on your local system. |
||||
- `docker build`: Build an image from a Dockerfile. |
||||
- `docker image rm`: Remove one or more images. |
||||
- `docker pull`: Pull an image from a registry (e.g., Docker Hub) to your local system. |
||||
- `docker push`: Push an image to a repository. |
||||
|
||||
For example, to pull the official Ubuntu image from Docker Hub, you can run the following command: |
||||
|
||||
```bash |
||||
docker pull ubuntu:latest |
||||
``` |
||||
|
||||
## Sharing Images |
||||
|
||||
Docker images can be shared and distributed using container registries, such as Docker Hub, Google Container Registry, or Amazon Elastic Container Registry (ECR). Once your images are pushed to a registry, others can easily access and utilize them. |
||||
- [@article@What’s the Difference Between Docker Images and Containers?](https://aws.amazon.com/compare/the-difference-between-docker-images-and-containers/) |
||||
- [@video@What is an image?](https://www.youtube.com/watch?v=NyvT9REqLe4) |
||||
@ -1,19 +1,9 @@ |
||||
# Docker Networks |
||||
|
||||
Docker networks provide an essential way of managing container communication. It allows containers to talk to each other and to the host machine using various network drivers. By understanding and utilizing different types of network drivers, you can design container networks to accommodate specific scenarios or application requirements. |
||||
|
||||
## Managing Docker Networks |
||||
|
||||
Docker CLI provides various commands to manage the networks. Here are a few useful commands: |
||||
|
||||
- List all networks: `docker network ls` |
||||
- Inspect a network: `docker network inspect <network_name>` |
||||
- Create a new network: `docker network create --driver <driver_type> <network_name>` |
||||
- Connect containers to a network: `docker network connect <network_name> <container_name>` |
||||
- Disconnect containers from a network: `docker network disconnect <network_name> <container_name>` |
||||
- Remove a network: `docker network rm <network_name>` |
||||
Docker networks enable containers to communicate with each other and with external systems, providing the necessary connectivity for microservices architectures. By default, Docker offers several network types such as bridge, host, and overlay, each suited for different use cases like isolated environments, high-performance scenarios, or multi-host communication. Using the Docker CLI, you can create, inspect, and manage networks with commands like `docker network create` to define custom networks, `docker network ls` to list existing networks, and `docker network connect` to attach a container to a network. This flexibility allows developers to control how containers interact, ensuring secure and efficient communication across distributed applications. |
||||
|
||||
Visit the following resources to learn more: |
||||
|
||||
- [@official@Docker Networks](https://docs.docker.com/network/) |
||||
- [@official@Docker Network Commands](https://docs.docker.com/engine/reference/commandline/network/) |
||||
- [@video@Docker Networking](https://www.youtube.com/watch?v=bKFMS5C4CG0) |
||||
|
||||
Loading…
Reference in new issue