Docker Overview: Docker is an open-source platform that automates the deployment of applications inside lightweight and portable containers. Containers allow developers to package up an application with all the parts it needs, such as libraries and other dependencies, and ship it out as one package.
Core Concepts:
- Images: Read-only templates used to create containers. Images are created with the
docker buildcommand, usually from a Dockerfile that contains instructions on how to build them. - Containers: Runnable instances of images that encapsulate the application and its environment at the point of execution.
- Volumes: Mechanisms for persisting data generated by and used by Docker containers. They are managed outside the lifecycle of a given container.
- Dockerfile: A script with various commands and instructions to automatically build a given Docker image.
- Docker Compose: A tool for defining and running multi-container Docker applications.
- Key Docker Commands:
docker build: Builds Docker images from a Dockerfile and a context.docker run: Runs a command in a new container.docker ps: Lists running containers.docker pull: Pulls an image or a repository from a registry.docker push: Pushes an image or a repository to a registry.docker stop: Stops one or more running containers.docker rm: Removes one or more containers.docker rmi: Removes one or more images.docker exec: Runs a command in a running container.docker logs: Fetches the logs of a container.docker network: Manages networks – connect, disconnect, list, remove, etc.
Docker Networking:
- Containers can communicate with each other through networking.
- Docker provides network drivers to manage the scope and behavior of the network.
Docker Storage:
- Data volumes can be used for persistent or shared data.
- Volume drivers allow you to store volumes on remote hosts or cloud providers.
Docker Security:
- Containers should run with the least privileges possible.
- Image provenance (ensuring the images come from a trusted source) is critical.
- Docker Content Trust provides the ability to use digital signatures for data sent to and received from remote Docker registries.
Best Practices:
- Keep your images as small as possible.
- Use multi-stage builds.
- Minimize the number of layers.
- Use
.dockerignorefiles. - Leverage the build cache.
Dockerfile Instructions:
FROM: Set the base image for subsequent instructions.RUN: Execute any commands in a new layer on top of the current image.CMD: Provide defaults for an executing container.LABEL: Add metadata to an image.EXPOSE: Inform Docker that the container listens on the specified network ports at runtime.ENV: Set environment variables.ADDandCOPY: Copy new files or directories into the Docker image.ENTRYPOINT: Configure a container that will run as an executable.
Example:
# Use the official Tomcat base image with JDK 11
FROM tomcat:9-jdk11-openjdk-slim
# Set the working directory inside the container to the Tomcat webapps directory
WORKDIR /usr/local/tomcat/webapps/
# Download the WAR file from the GitHub repository and add it to the webapps directory of Tomcat
ADD https://github.com/AKSarav/SampleWebApp/raw/master/dist/SampleWebApp.war /usr/local/tomcat/webapps/SampleWebApp.war
# Expose port 8080
EXPOSE 8080
# Start Tomcat server
CMD [“catalina.sh”, “run”]
Docker Compose:
- Purpose: Docker Compose is used to define and run multi-container Docker applications. You define services, networks, and volumes in a
docker-compose.ymlfile, and then usedocker-compose upto start the whole application stack. - docker-compose.yml: The configuration file where you define your application’s services, networks, and volumes.
- Commands:
docker-compose up: Starts and runs the entire app.docker-compose down: Stops and removes containers, networks, volumes, and images created byup.
Docker Swarm:
- Description: Docker Swarm is a clustering and scheduling tool for Docker containers. With Swarm, IT administrators and developers can establish and manage a cluster of Docker nodes as a single virtual system.
- Key Features: Easy to use, declarative service model, scaling, desired state reconciliation, multi-host networking, service discovery, and load balancing.
- Commands:
docker swarm init: Initializes a swarm.docker swarm join: Joins a machine to a swarm.docker service create: Creates a new service.
Docker Security:
- Namespaces: Docker uses namespaces to provide isolation between containers.
- Control Groups (cgroups): Limit and prioritize the resources a container can use.
- Secure Computing Mode (seccomp): Can be used to filter a container’s system calls to the kernel.
- Capabilities: Grant specific privileges to a container’s root process without granting all the privileges of the host’s root.
- Docker Bench for Security: A script that checks for dozens of common best practices around deploying Docker containers in production.
Docker Registries and Repositories:
- Docker Hub: The default registry where Docker looks for images. It’s a service provided by Docker for finding and sharing container images.
- Private Registry: You can host your own registry and push images to it.
- Docker Trusted Registry (DTR): Offers a secure, private registry for enterprises.
Docker Volumes and Storage:
- Bind Mounts: Allows you to map a host file or directory to a container file or directory.
- tmpfs mounts: Store data in the host system’s memory only, which is not written to the host’s filesystem.
- Volume Plugins: There are various volume plugins available that allow you to store data on remote hosts or cloud providers, such as Amazon EBS, Azure Blob Storage, or a network file system.
Docker Engine:
- Components:
dockerd: The Docker daemon that runs on the host machine.REST API: An API for interacting with the Docker daemon.CLI: The command-line interface (CLI) that allows users to interact with Docker.
Container Orchestration:
- Kubernetes: An open-source system for automating deployment, scaling, and management of containerized applications, commonly used with Docker.
- Docker Swarm: Docker’s native clustering system, which turns a group of Docker engines into a single, virtual Docker engine.
Docker Networking:
- Network Types:
bridge: The default network type. If you don’t specify a network, the container is connected to the default bridge network.host: Removes network isolation between the container and the Docker host, and uses the host’s networking directly.overlay: Connects multiple Docker daemons together and enables swarm services to communicate with each other.
- Custom Networks: You can create custom networks to define how containers communicate with each other and with the external network.
This additional information provides an intermediate understanding of Docker’s capabilities, typical use cases, and the functionalities provided by the ecosystem around Docker. If you want to go deeper into any particular area, feel free to ask!
Single stage VS Multi satge Docker FIle
Single Stage:
# Use an image that includes both JDK and Maven
FROM maven:3.6.3-jdk-8
# Set the working directory in the container
WORKDIR /app
# Copy the source code and pom.xml file
COPY src /app/src
COPY pom.xml /app
# Build the application and package it into a JAR file
# and list the contents of the target directory
RUN mvn clean package -DskipTests && ls /app/target
# Expose the port the app runs on
EXPOSE 8080
# Run the JAR file (update this if the JAR name is different)
ENTRYPOINT ["java", "-jar", "/app/target/sample-0.0.1-SNAPSHOT.jar"]
Multi-stage Docker file
# Stage 1: Build the application
FROM maven:3.6.3-jdk-8 AS build
WORKDIR /app
# Copy the pom.xml and source code
COPY pom.xml .
COPY src ./src
# Build the application
RUN mvn clean package -DskipTests
# Stage 2: Create the runtime image
FROM openjdk:8-jdk-alpine
WORKDIR /app
# Copy the JAR from the build stage
COPY --from=build /app/target/sample-0.0.1-SNAPSHOT.jar /app
# Expose the port the app runs on
EXPOSE 8080
# Run the JAR file
ENTRYPOINT ["java","-jar","sample-0.0.1-SNAPSHOT.jar"]
Sample Java App Coede https://github.com/buildpacks/sample-java-app/tree/main