docker and dockerfiles

Containers help with:
 Dependency management of applications
 Writing secure application code
 Efficient use of hardware resource
Open container initiative runtime specifications (OCI)
Run basic containers
Docker desktop
Docker version
Docker hub
 Building container images is based on iso 668 standardization
 Dockerfile contains instructions on how to build container images with docker.
 Processes are isolated using namespaces and cgroups.
 Container images make containers portable and easy to reuse. It contains everything need to run an application. The code, runtime, system tools. System libraries and settings.
 DOCKERFILE::
Container images
FROM UBUNTU 20:4 ## this is the base image
RUN apt-get update && apt-get -y install python python3-pip #Run commands to add soft and lib
COPY my-app.py /app/ #copy commands copy code to image filesystem
WORKDIR /app #define the workdir in which the app runs
CMD [“python 3”, “my-app-py”] #process that should be started when the container runs,
# we are running our python app “my-app-py”

To Build this image
Docker build -t my-python-image -f Dockerfile
-t my-python-image = specifies a name tag for the image
-f Dockerfile = specifies where your dockerfile can be found
To distribute the images use a container registry
Docker push my-registry.com/my-python-image
Docker pull my-registry.com/my-python-image

CONTAINER ORCHESTRATION
With large amounts of containers, one needs a system that helps wit the management of these containers.

1. Providing compute resources like virtual machines where containers can run on
2. Schedule containers to servers in an efficient way
3. Allocate resources like CPU and Memory to containers
4. Manage the availability of containers and replace them if they fail
5. Scale if load increases
6. Provide networking to connect containers together
7. Provision storage if containers need to persist data.

In most container orchestration system consists of control plane and work node

1. Responsible for the management of the containers – control plane
2. Work notes - host the containers Kubernetes is the standard system to orchestrate containers Networking Container networking implementation is based on the container network interface (CNI). It guide network plugins and how they can be swapped in different orchestration platforms. Network namespaces allow each container to have its own ip address, Need to map a port from the container to port from the host system to open access from outside the host system. Overlay network – puts container across hosts in a virtual network that is spanned across the host systems. Host network may be 172.16.4.x Container network – 192.168.8.X
3. Server in this network may have 172.16.4.11, 172.16.4.12, 172.16.4.13 containers inside these each of these servers may derive a wide range of ips – 192.168.1.1, 192.168.1.4

Service Discovery and DNS
In container orchestration platforms there are 1000s of containers with individual ip addresses,
Containers deployed in different hosts, data centers and even geolocations.
Use of ip to communicate is nearly impossible to communicate, DNS is used to communicate
All this information is automated through use of service registry.
Finding about other services in the network and requesting info about them is service discovery.
Approaches to service discovery
DNS - Register new services as they are created
Key-value store - data stores like etcd, consul, apache zookeeper

Service Mesh
Service describes how traffic in container platforms is handled by proxies. (SMI)
Proxy is a server application that sits between a client and server. Used to manage network traffic
Popular proxies - Nginx, haproxy or envoy.
A service mesh adds a proxy server to every container that you have in the architecture
Therefore, it helps manage complex and opaque networking, implement monitoring, access control and encryption of networking traffic as containers communicate with each other.
When service meshes are used, traffic is routed through proxies instead of application talking to each other directly
Istio and linkerd are popular service meshes
The proxies in a service mesh form the data plane, where rules centrally managed in the control plane of the service mesh are implemented and shape traffic flow.
Config files are written and uploaded to the control plane to enforce new rules. e.g. service A and service B should always communicate encrypted.

Storage
Containers are ephemeral
They are read only and read-write is lost when container is stopped or deleted.
To persist container, a volume is used.
Often multiple containers are started on different host systems or a container started on a different container still needs to access its volume.
A robust storage system that is attached to the host servers. Storage is provisioned via a storage system. Server A and server B can share a volume to read and write data.
 Container storage interface (CSI) offers a uniform interface which allows attaching different storage systems no matter if its on premise or cloud.