Complete Intro to Containers (feat. Docker)
Learning Paths:
Topics:
Table of Contents
Introduction
Containers
Containers
Brian gives a brief history of why containers are useful tools that host controlled and isolated environments, thanks to a frozen file system. The latter allowed engineers to have access to ready to use containers without having to recreate all the dependencies and file system on a local machine.
chroot
Brian explains that chroot is a Linux kernel feature that allows the containment of processes, restricts a process to a certain file tree, and uses chroot to add bash commands to the bash directory. A chroot operation is necessary to understand how containers are layered to limit or deny access outside of a designated directory tree.
chroot Exercise
Students are instructed to use the chroot process to make the bash command cat function within the bash directory.
chroot Solution
Brian live codes the solution to the chroot exercise.
Namespaces
Brian explains that namespaces are useful to hide processes, networks, and other configurations from other environments, and demonstrates how to configure namespaces and use a command nammed unshare to seperate environments. The parent process has access to the child process, but the child cannot access the parent.
cgroups
Brian explains that cgroups were invented by Google to limit what resources a process can access to avoid entire servers shutting down, and demonstrates how to manually use cgroups to restrict processes.
Docker
Getting Set Up with Docker
Brian explains that Docker is a command line tool that makes building and managing containers easier, and that has environments built in various languages. Docker allows engineers to build a container in less time and fewer lines of code because it manages chroot, namespaces, and cgroups for the engineer.
Docker Images without Docker
Brian demonstrates how to download a container, unpack it, and run it on its own without involving Docker.
Docker Images with Docker
Brian demonstrates how to use a one line command to build a container instead of using the longer process live coded in the previous section, explains that images take memory space, and shows how to prune them.
Node.js on Docker
Brian demonstrates how to create a Node.js container that uses Debian instead of Ubuntu after mentioning that there is a wide variety of containers using different libraries and laguages. Debian is used instead of Ubuntu because Node images were created in Debian.
Tags
Brian explains that it is important to tie tags to specific versions when creating environments to avoid dependency issues that would break the code, and shares the rules of thumb when picking tags to build a container.
Docker CLI
Brian shares a few commands in the Docker CLI that give the container's history, pause the container, erase the container, or run a container with, and how to prune stopped containers.
The Dockerfile
Dockerfiles Preamble
Brian demonstrates how to create a Dockerfile, adds a series of instructions in the Dockerfile that will give information about how the container should run, and how to tag a container and run it.
Build a Node.js App
Brian demonstrates how to build a Node.js application within a container, and writes a Dockerfile for a Node app.
Run a Node.js App
Brian explains how to add publishing ports, how to stop a running container, and how to set up a secure user within the container that is different from the root user.
Add Dependencies to a Node.js App
Brian demonstrates how to install dependencies into the new Node.js app, making the app more complex, and adds a Dockerfile to the app.
EXPOSE
Brian explains what port mapping is using EXPOSE, a Dockerfile command that explicitly instructs users to check a specific port, and demonstrates that it is more convinient to add this information to the markdown of a specific app, instead of Dockerfile.
Layers
Brian demonstrates that a Docker container is composed of layers, and explains how to add a COPY command to the Docker file that will cache the layers of the built container and skip right to the new added layers when rebuilding a container.
Docker Ignore
Brian demonstrates how to add a dockerignore file, and explains that the files mentioned within the dockerignore document are files that should not be copied from the host operating system into the container, but that are still necessary within a project.
Making Tiny Containers
Alpine Linux
Brian demonstrates how to use Alpine Linux, and explains that Alpine Linux is the smallest barebone distribution of Linux, it is therefore more secure because there are less files and less vulnerabilities.
Alpine Node.js Container
Brian demonstrates how to build a container from scratch using Alpine Linux, and explains that the goal is to build a container that is smaller than the standard Alpine container, and simpler. A Node.js app is added to the container.
Multi-Stage Builds
Brian demonstrates how to create a multistage build, and explains that it is more secure to build smaller Alpine Node.js containers and only gives the tools necessary to build the container. Multi-stage builds are useful to optimize Dockerfiles by keeping them easy to read and maintain.
Static Assets Project Exercise
Students are instructed to create a multi stage build, copy a React project, build it, and transfer it to an NGINX container.
Static Assets Project Solution
Brian live codes the solution to the static assets project exercise.
Features in Docker
Bind Mounts
Brian explains that bind mounts ship files from the host computer into the container. Bind mounts allow access to preexisting development environments, which fast forwards the work of engineers.
Volumes
Brian describes volume mounts as tools that maintain state between runs by saving the results from the previous run.
Containers & Dev Environment
Brian builds a Hugo static site within a container, and explains that containers can also be development environments, which makes them shareable and recreatable.
Dev Containers with Visual Studio Code
Brian demonstrates how to set up dev containers using VS Code and explains that one can open a remote container using VS Code.
Networks & Docker: MongoDB Container
Brian introduces networking in Docker by connecting multiple containers to each other, and builds a container using MongoDB.
Networks & Docker: Client Side Container
Brian demonstrates how to connect two different containers by live coding a Node.js application in a container and connecting it to the container created in the previous section.
Multi Container Projects
Docker Compose
Brian explains how to build a docker-compose.yml file which sets up multiple containers without needing to build a development environment for each container.
Docker Compose & nodemon
Brian adds nodemon, a file watcher that restarts Node every time it notices a file change, making development more seemless, and demonstrates how to start multiple containers at the same time.
Kubernetes Fundamentals
Brian explains that Kubernetes is used for production workload and is useful when a lot of containers and different services are involved with complex relationships with each other, and goes over the fundamental terminology and concepts of Kubernetes.
Kubernetes & kubectl
Brian demonstates how to interact with Kubernetes, explains that using Kubernetes is a complex task that generally happens during production, and demonstrates how to use kubectl. Kubectl is a command line interface that manages a Kubernetes cluster.
Kompose
Brian introduces the Kompose tool, and demonstrates how to convert docker-compose.yml into a Kubernetes file. Kompose is a conversion tool that transforms Docker Compose to container orchestrators such as Kubernetes.
Multiple Containers with Kompose
Brian demonstrates how to run multiple containers using Kompose, how to delete all of the newly created containers, and how to convert all files to Kubernetes files.
OCI
Buildah
Brian explores alternatives to Docker, starting with Buildah. Buildah allows users to build containers using bash scripts or to build an OCI container with a Dockerfile via Buildah.
Buildah & Docker
Brian demonstrates how to build a Buildah container within a Docker container.
Podman
Brian introduces Podman which allows users to run OCI or Docker container, and runs the previously built container with Podman.
