Skip to content

Latest commit

 

History

History
executable file
·
1080 lines (835 loc) · 16.7 KB

rivieradev-2018-05-17.md

File metadata and controls

executable file
·
1080 lines (835 loc) · 16.7 KB

title: Containers Patterns name: inverse layout: true class: center, middle, inverse

.bottom-bar[ .left[@mariolet                                                     github.com/l0rd] ]


layout: false template: inverse class: center, middle

.tc-center-column[periodic]

Containers Patterns

There are a Thousand Ways to Use Containers

.bottom-bar[]

layout: false

Who am I?

mario


template: inverse

Containers usages


layout: false

Everybody use containers

.center[dupond1]


layout: false

There are many ways to use containers

.center[dupond2]


Containers Patterns Catalog

.tc-left-column[

Development Patterns

  • Copy Sources
  • Mount Sources
  • Dockerize Your Tools
  • ONBUILD Image
  • Dependencies First Dockerfile
  • Source 2 Image ] .tc-center-column[

Distribution Patterns

  • Build From Scratch
  • Containers Launcher ] .tc-right-column[

Runtime Patterns

  • Mount Sources
  • Docker Socket Mount
  • Containers Launcher
  • Build From Scratch
  • Host Spoofing
  • ENTRYPOINT and CMD combined
  • Exec Form ENTRYPOINT
  • Source 2 Image
  • Sidecar Container
  • Ambassador Container ]

template: inverse

Containers Patterns in Practice


layout: false .center[periodic]


layout: false .center[periodic]


template: inverse

.tc-center-column[Mount Sources]


.left-column[

MS

Example

] .right-column[

Mount 2048

Docker Image
httpd

Source code
https://github.com/gabrielecirulli/2048

Run command

docker run -p 8080:80 \
           -v $(pwd):/usr/local/apache2/htdocs/ \
           httpd

]


.left-column[

MS

Example

Details

] .right-column[

Mount Sources

cp-MS ]


.left-column[

MS

Example

Details

Usages

] .right-column[

Mount Sources

  • Development and Runtime Pattern
  • Source folder is bind mounted when running the container
  • Pattern particularly suited for dynamic languages
  • Not recommended for production
  • No need to rebuild or restart container when sources are updated
  • Build tools are included in the image
  • The same image can be used to compile and run the application ]

template: inverse

.tc-center-column[Dockerize Your Tools]


.left-column[

MS

DYT

Example

] .right-column[

Dockerize maven

Docker Image
maven:3.3.3-jdk-8

Source code
https://github.com/l0rd/containerspatterns/tree/master/DYT

Run command

# Make the alias of the dockerized tool
alias mvn="docker run \
   -w /usr/src        \
   -v $(pwd):/usr/src \
   -v ~/.m2:/root/.m2 \
   maven:3.3.3-jdk-8 \
   mvn"

# Run the tool
mvn -version

]


.left-column[

MS

DYT

Example

Details

] .right-column[

Dockerize Your Tools

.center[cp-DYT] ]


.left-column[

MS

DYT

Example

Details

Usages

] .right-column[

Dockerize Your Tools

  • Development pattern
  • A tool is packaged and distributed as a Docker image
  • Allow to run multiple versions of the same tool
  • The tool version and installation is described in a Dockerfile
  • Files can be shared between the container and the host with volumes
  • alias command can be used to make it easier to run ]

template: inverse

.tc-center-column[Containers Launcher]


.left-column[

MS

DYT

CL

Example

] .right-column[

Start an app and its DB with a single docker run

Docker Image
containerspatterns/rust-launcher

Source code
https://github.com/l0rd/containerspatterns/tree/master/CL

Run command

docker run -v $(pwd):/src/ \
        -v /var/run/docker.sock:/var/run/docker.sock \
        containerspatterns/rust-launcher

]


.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-1](images/cp-CL1.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-2](images/cp-CL2.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-3](images/cp-CL3.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-4](images/cp-CL4.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-5](images/cp-CL5.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

] .right-column[

Containers Launcher


.center[![cp-CL-6](images/cp-CL6.svg)] ]

.left-column[

MS

DYT

CL

Example

Details

Usages

] .right-column[

Containers Launcher

  • Runtime Pattern
  • The Docker socket is bind mounted when the container is started
  • Use to compose multiple containers without Docker compose or similar ]

template: inverse

.tc-center-column[Host Spoofing]


.left-column[

DYT

CL

HS

Example

] .right-column[

Get host info from a container

Docker Image
alpine

Source code
https://github.com/l0rd/containerspatterns/tree/master/HS

Run command

docker run --net=host                               \
           -v /:/hostfs/                            \
           --pid=host                               \
           --uts=host                               \
           --ipc=host                               \
           -v $(pwd):/src/                          \
           alpine sh -c ". /src/print_host_info.sh"

]


.left-column[

DYT

CL

HS

Example

Details

] .right-column[

Host Spoofing



.center[cp-HS] ]


.left-column[

DYT

CL

HS

Example

Details

Usages

] .right-column[

Host Spoofing

  • Runtime Pattern
  • Run commands inside a container to inspect or alter the Docker host
  • Access to host network, filesystem, processes, users etc...
  • Break container isolation
  • Won't work when security hardening the Docker install ]

template: inverse

.tc-center-column[Source To Image]


.left-column[

CL

HS

S2I

Example

] .right-column[

Multi-stage build to package a Java App

Docker Images

  • maven:3.5-jdk-8 (build)
  • openjdk:8-jre (run)

Source code
https://github.com/l0rd/containerspatterns/tree/master/S2I

Build command

docker build -t s2i .

Run command

docker run -t --rm s2i

]


.left-column[

CL

HS

S2I

Example

Details

] .right-column[

Source To Image

.center[cp-S2I] ]


.left-column[

CL

HS

S2I

Example

Details

Usages

] .right-column[

Source To Image

  • One unique Dockerfile for build and run
  • Build tools are not in the final image
  • Existed since a long time in OpenShift, recently integrated in Docker (17.05)
  • Combine 2 patterns (Copy Source and Copy Executable)
  • Suited for static programming languages
  • Allow to use the Docker Hub as a CI platform ]

template: inverse

.tc-center-column[Sidecar Container]


.left-column[

HS

S2I

SC

Example

] .right-column[

SC for PID and FS

Docker Images httpd and ubuntu

Source code
https://github.com/l0rd/containerspatterns/tree/master/SC

Run command

# Run apache httpd in the background
cid=$(docker run -dit -p 8080:80 \
      -v /usr/local/apache2/htdocs/ httpd:2.4)

# Run a sidecar container that updates index.html
docker run --volumes-from ${cid} -ti --rm ubuntu \
sh -c "echo I am the sidecar >> /usr/local/apache2/htdocs/index.html"

# Run a sidecar container that shares the same PID namespace
docker run --pid=container:${cid} -ti --rm ubuntu \
    bash -c "echo -n pid 1 is \$(ps -p 1 -o comm=), killing it...;
            kill 1;
            echo done."

]


.left-column[

HS

S2I

SC

Example

Details

] .right-column[

Sidecar Container

cp-CS ]


.left-column[

HS

S2I

SC

Example

Details

Usages

] .right-column[

Sidecar Container

  • Provide extra functionalities to a running container
  • Popular for the Service Mesh model
  • Not all namespace are sharable (e.g. userns/uts/filesystem) ]

template: inverse

Conclusion


layout: false .center[periodic]


layout: false .center[periodic]


layout: false






.center[


## [l0rd.github.io/containerspatterns](https://l0rd.github.io/containerspatterns)

]

layout: false .center[

Thank you

dupond-dupont-final

@mariolet ]



template: inverse

Copy Sources

A development pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

Pattern

] .right-column[ .center[cp-CS] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

Pattern

] .right-column[

Copy Sources Docker

  • development pattern
  • Sources are copied inside the image
  • Simplest development pattern
  • A new image should be built for every code change
  • Build tools are included in the image
  • Usually a different image is used to run the application ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

Pattern

Example

] .right-column[

Copy 2048 Docker

Docker Image
2048

Source code
https://github.com/l0rd/containerspatterns/tree/master/CS/

Build and run commands

docker build -t 2048  .
docker run -d -p 8080:80 2048

]

??? In this pattern it's particularly important to separate in 2 distinct steps:

  • fetching the dependencies
  • build of the application

template: inverse

Docker Socket Mount

A runtime pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

MS

DSM

Pattern

] .right-column[

.center[cp-DSM] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

MS

DSM

Pattern

] .right-column[

Docker Socket Mount

  • Runtime Pattern
  • The Docker socket is bind mounted when the container is started
  • Allow to manage containers from another container
  • Usages:
    • Container monitoring tools
    • CI/CD tools
    • Containers launchers ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

CS

MS

DSM

Pattern

Example

] .right-column[

Docker Socket Mount

Docker Image
containerslanguages/golang

Source code
https://github.com/l0rd/containerspatterns/tree/master/DSM

Run command

docker run -v /var/run/docker.sock:/var/run/docker.sock \
        containerslanguages/golang

]


template: inverse

Build From Scratch

A Distribution and runtime pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

DSM

BFS

Pattern

] .right-column[

.center[cp-BFS] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

DSM

BFS

Pattern

] .right-column[

Build From Scratch

  • Distribution and Runtime Pattern
  • The base image is the smallest possible: Scratch
  • Use to make ridiculously small images
  • Works well with statically linked applications (Go, Rust, C etc...) ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

DSM

BFS

Pattern

Example

] .right-column[

Go HTTP server built from scratch Docker Docker

Docker Image
emilevauge/tictac

Source code
https://github/emilevauge/tictac/

Run command

docker build -t tictac .
# Compare tictac binary size with tictac docker image size

]


template: inverse

ENTRYPOINT and CMD Combined

A runtime pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

ECC

Pattern

] .right-column[

.center[cp-ECC] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

ECC

Pattern

] .right-column[

ENTRYPOINT and CMD Combined Docker

  • Runtime Pattern
  • Instructions ENTRYPOINT and CMD are used together
  • ENTRYPOINT is the fixed part of the command
  • CMD is the variable part (usually the parameters) ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

ECC

Pattern

Example

] .right-column[

Asciiart generator with ENTRYPOINT and CMD Docker

Docker Image
ecc

Source code
https://github.com/l0rd/containerspatterns/tree/master/ECC

Run command

docker run -ti --rm ecc
docker run -ti --rm ecc -f lean docker

]


template: inverse

Exec Form ENTRYPOINT

A runtime pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

EFE

Pattern

] .right-column[

.center[cp-EFE] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

EFE

Pattern

] .right-column[

Exec Form ENTRYPOINT Docker

  • Runtime Pattern
  • JSON is used to define the command and its parameters
  • It's the alternative to the Shell Form (/bin/sh -c on Linux or cmd /S /C on Windows)
  • No varialbe substitution and the command is PID 1
  • Unix signals are notified directly to the program (not the shell) ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

BFS

EFE

Pattern

Example

] .right-column[

Exec and Shell form compared Docker

Docker Image
httpd

Source code
https://github.com/l0rd/containerspatterns/tree/master/EFE/

Build and Run commands

docker build -t httpd-exec -f Dockerfile.exec .
docker build -t httpd-shell -f Dockerfile.shell .

docker run -i -P --rm httpd-exec
# Stop it using ^C
docker run -i -P --rm httpd-shell
# (Try to) stop it using ^C

]


template: inverse

ONBUILD Images

A development pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

OBI

Pattern

] .right-column[

.center[cp-OBI] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

OBI

Pattern

] .right-column[

ONBUILD Images Docker

  • Development pattern
  • Build behaviour inherited from base image
  • Avoid duplicate code in Dockerfiles
  • Can make Dockerfile difficult to read ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

OBI

Pattern

Example

] .right-column[

Build a Java app with ONBUILD Docker

Docker Image
obi-java

Source code
https://github.com/l0rd/containerspatterns/tree/master/OBI

Build/Run commands

docker build -t obi-java .
docker run --rm obi-java

]


template: inverse

Dependencies First Dockerfile

A development pattern


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

DFD

Pattern

] .right-column[ .center[cp-DFD] ]


.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

DFD

Pattern

] .right-column[

Dependencies First Dockerfile Docker

  • Development pattern
  • Dependencies should not be fetched at every change in source code
  • In Dockerfile dependency list should be copied before source code ]

.left-column[ .footnote[@hguemar, @mariolet, @mjbright ]

...

EFE

DFD

Pattern

Example

] .right-column[

Packaging a python application with Docker Docker

Docker Image dfd

Source code
https://github.com/l0rd/containerspatterns/tree/master/dfd
https://github/polyfunc/flask-todolist

Build command

docker build -t dfd .
docker build -t dfd-orig -f Dockerfile.orig .

touch onefile

docker build -t dfd .
docker build -t dfd-orig -f Dockerfile.orig .

]