Docker Talk

Check out a recording of the talk here

Check out the original slides here

What is docker?

In order to fully explain what docker is, there are a few technologies we should go over first!

Virtualization

“In computing, virtualization or virtualisation is the act of creating a virtual version of something at the same abstraction level, including virtual computer hardware platforms, storage devices, and computer network resources. “

TLDR: Put as much of a computer as is necessary to emulate an operating system, piece of software, etc - and put that on top of your computer/server

Virtual Machines

“A computer system created using software on one physical computer in order to emulate the functionality of another separate physical computer.”

TLDR: Virtualization of a FULL computer on top of yours (includes everything from BIOS/UEFI and TPM to top level programs)

Containers

“Containers are a form of operating system virtualization. A single container might be used to run anything from a small microservice or software process to a larger application. Inside a container are all the necessary executables, binary code, libraries, and configuration files.”

TLDR: Virtualization of a(n) OS/Program on top of part of your host operating system

So What's Docker?

“Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. The software that hosts the containers is called Docker Engine”

TLDR: Container orchestrating software that makes making, using, managing, and destroying containers sleepy mode

How Docker Works

  • Images
    • Templates
  • Containers
    • Your program, an OS, whatever you want
  • Networks
    • How you connect your container to the internet (or not), your network (or not), and other containers (or not)
  • Volumes
    • How you connect your container to storage

Basic Docker Usage

Using docker can be as simple as:

Pull/Make a container image

docker pull <image>
# or
docker build <context>

Run the image

docker run <image>

A Better way to use docker

Pull/Make a container image

docker compose pull
# or
docker compose build <context>

Run the image

docker compose up
# /\ to run it in the forground or \/ to run it in the background
docker compose up -d

This is a lot all at once, why would I even use this?

  • Deployments tend to be simpler
    • A lot of times, you can find the program or service you want to run in already made containers that you can just deploy
  • Quicker to get up and running
    • premade containers are very fast to get running
  • Performs well without any tinkering
    • Containers don't have much overhead and don't require special tuning like virtual machines sometimes do
  • Can have more support than native systems
    • If docker supports your OS, you can run any container for your architecture. If there's a program you want to run that only works on arch or debian, they work on your system now too
  • Easy services
    • If you can get docker to run as a service, then anything that runs in docker can be made to act as a service too. Run it in the background and have it start with your machine!
  • Easy cleanup
    • When you're done with your docker setup you can delete it completely with prune and down commands

Stuff that makes docker complicated

  • Networks

    • Bridge
      • The default network type
      • NAT based
      • DNS through docker, which allows you to connect to other containers with their hostnames (requires a custom network)
    • Host
      • Uses your hosts network connection, shares all ports
    • IPvlan
      • IP based networking with support for VLANs
    • MACvlan
      • MAC based networking with support for VLANs
    • None
      • Network without access to anything
    • Overlay
      • This network is used for docker swarm, we aren't talking about clusters today, so this is out of scope

  • Dockerfiles

    • Make docker images

  • Docker Compose

    • Automatically build images, spawn containers, connect the containers to volumes and networks, and more! Really powerful!

  • Volumes

    • Maps system files and folders to container files and folders
    • Types: Volumes, binds, and tmpfs - Oh my!

  • Devices

    • Maps system devices to container devices (but necessarily privs to access them)

  • Capabilities

    • Gives containers special privileges (CAN BE DANGEROUS)

Stuff that makes docker weird sometimes

  • OS images and docker compose
    • TTY likes to break when you're using OS images with docker compose
  • Volumes
    • Docker tends to get confused when you reference places that don't exist
  • Docker daemon socket
    • The docker socket is a file, but takes tcp connections to communicate with the docker daemon
  • apt vs apt-get
    • If you're using a debian image with your dockerfile, make sure you're using apt-get and not apt
  • Docker on windows
    • Docker on Windows acts really funky in general. In order for docker to work on Windows at all, Windows virtualizes linux, and then runs docker on that, which doesn't always work as expected. I recommend using or virtualziing your own unix-based system to play with docker.
  • KASM????
    • Uses docker to create graphical containers for OS's, games, programs, etc - Not really sure how it works completely but I imagine it uses X11 forwarding and then redisplays that on the kasm instance's site. The code is proprietary so it's hard to know 100% for sure.

Things for you to try

  • Browse hub.docker.com or github.com/explore
  • Create a basic httpd site
  • Get a terminal in an OS you aren’t using (debian, kali, arch, etc)
  • Run a python2 script
  • Make a minecraft server
  • Get my DNS setup running on your machine