Docker Containers Deep Dive
Best of Red Hat Summit
October 4, 2016
• Containerization 101
• Use Cases
• Build, Ship, Run
• DevOps Advisory and Implementation
• Docker Consulting and Integration
• CloudBees Jenkins Consulting
The Container Enablement Company
• Continuous Integration,
Delivery, and Deployment
• Application Modernization
• Cloud Migration
Container Tech Isn’t New
Early container technology
Similar to jails; snapshots, cloning
Google Process Containers
Process aggregation for resource management
Linux Control Groups
Process containers renamed and merged into kernel 2.6.24
LXC Linux Containers
DotCloud Docker Inc.
Introduction of Docker Open Source Project
What is a Docker Container ?
• Method to run applications in isolation
• Isolation includes namespacing pid, network, users, restricting
root, cpu and memory limits, and providing separate
• Many of the technologies are old, but haven't been packaged
in an easy to use toolset before Docker
“Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs
to run: code, runtime, system tools, system libraries – anything you can install on a server.”
Containerized Deployment and Scaling
Each virtual machine
- binaries and
- entire guest
- Include application and all dependencies
- Share kernel with other containers
- Run as an isolated process not tied to any
Virtual Machines Containers
We’re not trying to replace your VMs
Containers are used in
partnership with current IaaS
Docker and other container
platforms still need a host.
Take advantage of the streamlined
process for VM based IaaS and gain
• Higher density workloads
• Containers are designed to be disposable
• New containers go back to a clean image state
• Running containers write to an isolated space
• Data is stored outside of the container
• Separates data from your application
Application Development (Build & Ship)
Problem: Code migration issues: Dev Test Prod. Painful and slow software delivery.
Solution: Developer Self-Service. Automate and consolidate with Docker.
Docker packages applications and their dependencies into containers to allow for easy transport from a
developers laptop to any target test or prod environment. This accelerates the software lifecycle,
increases reliability, and reduces job time.
- Begin with a “Trusted Known State”
- Control and Approve Content
- Track Promotion CryptographicallyDeveloper
QA / QE
Application Modernization / Cloud Migration
Problem: Legacy applications: brittle, and difficult to change/bug fix/upgrade
Hard to scale, obsolete APIs, costly and difficult to support and maintain.
Solution: Microservices architecture. Technology diversity. Modular boundaries.
Mulit-tier applications can be deployed in parts and each tier is an independent container. Each of the containers
can be used for a single service. Legacy applications can be migrated to the cloud through either a “lift & shift” or
“refactoring” methodology, or potentially a combination.
• Images are the definition. They include
the filesystem, environment variables,
and default entry points.
• Containers are an instance of an
image. They isolate the application
from the host, and even from other
• Write your image definition in a Dockerfile
• Turn that Dockerfile into an image with
• Develop a new app or “lift and shift” your current codebase
• Union file system
• Multiple RO layers are stacked
• Containers add a single RW layer to
• Layers are cached for fast builds
• Layers are named with a hash inside
Docker for Mac / Windows
• Docker tools for the developer
• OS native clients using internally
available virtualization: xhyve and
• Full Docker CLI from native OS
Red Hat Container Dev Kit
• Pre-built container development
• Choice of virtualization platforms:
Virtualbox, Hyper-V, Linux KVM
• Eclipse and docker CLI integration
Docker Registry (and Hub)
• Push and pull to central registry
• Organized as repositories that contain
• Multiple options: run your own, Docker
Hub, OpenShift, 3rd parties
• Run your image
• Launches a container base on your image
• Options for:
Volumes: link external data into the container for persistence
Networking: bridged, overlay, access with exposed ports
• Packages multiple containers together
• Defines parameters for ‘docker run’
• Configuration is stored in ‘docker-
• Allows containers to be scaled, but
Docker on Red Hat
Consistent performance and reliability
Certification and Support
• Minimal footprint operating system
• Linux container optimized
• Reliability and security of RHEL
Red Hat OpenShift Container Platform V3
OpenShift and Kubernetes add the ability to orchestrate
docker containers across multi-host installations.
• Self-service Platform
• Multi-language Support
• Application Persistence
• OpenvSwitch Integration
Load Docker Images to OpenShift!
# oc new-project rhsummit
# oc new-app gitlab/gitlab-ce
• Isolated space for a running application
• All containers run on the same kernel unlike a VM
• Eliminates the overhead of an OS and services
Docker Containers – Run… Anywhere?
Kernel Version 3.10+
• Ubuntu 13.10+
• Fedora 20+
• RHEL 7+
• CentOS 7.1+
• openSUSE 13.1+
• CRUX 3.0+
• Docker for Windows
• Windows Server 2016 (TP5)
Docker for ARM!
Production Operations / Data Center
Problem: Inefficiency of VMs .. O/S duplication… Lengthy boot and replication times.
Hardware, Storage, and Hypervisor costs $$.
Solution: Docker’s containers as a service (CaaS) and orchestration platform. Policy driven architecture.
Deployment flexibility (On-Premise, Cloud, Hybrid).
Docker containers share resources with the host OS, which makes them significantly more efficient than VMs.
Containers can be started and stopped in a fraction of a second. They are lightweight, fast, and maximize
consolidation. Swisscom reduced their VM footprint from 400 to 20 for a database as a service offering, driving
tremendous cost savings.
Manage and secure
Movement & Trust
+ +Build Ship Run
• Isolated filesystem
• Namespace for isolating pids
• cgroups for limiting memory and CPU
• Separate network stack
• Restricted root capabilities
• Open source project on github
• Trusted cross platform content
• Platform agnostic in delivering
• Publisher key validates integrity
• Run Docker containers
unchanged in any
environment, on any
• Move applications at
Docker containers spin up and down in seconds,
making it easy to scale application services to
satisfy peak customer demand, and then reduce
running containers when demand ebbs.