Created
November 25, 2020 17:16
-
-
Save cflynn07/a53b9f19cb179f9ef22998af62f7842a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ch 2. Docker | |
Three things to be aware of when referring to docker as a tech | |
Runtime | |
Lowest level, starts/stops containers. Builds OS constructs like namespaces and cgroups | |
Containerd & runc | |
runc - low-level runtime, interface with OS start/stop. Every container has a runc instance managing it. | |
containerd - higher-level runtime, manages entire lifecycle including pulling images | |
Daemon | |
Orchestrator | |
OCI - governance council, standardizes low-level fundamental components of container infrastructure | |
Ch 3. Installing Docker | |
Ch 4. The big picture | |
Default communication IPC/Unix socket /var/run/docker.sock | |
Image: object w/ OS filesystem, app, dependencies | |
Ch 5. The Docker Engine | |
Original docker arch: daemon -> LXC -> linux stuff (namespaces, cgroups, etc) | |
Modern docker arch: client -> daemon -> containerd -> runc + plugins | |
Libcontainer developed as replacement for LXC to aid in multi-platform | |
runc - reference implementation of OCI container-runtime-spec | |
containerd presents images to runc as valid OCI bundles | |
runc is basically wrapper for libcontainer | |
Docker daemon communicates with containerd via gRPC | |
runc starts container as child process and exits, also interfaces with OS for namespaces/cgroups/etc | |
Docker-containerd-shim - keeps STDIN/STDOUT streams open and reports container’s exit status back to daemon | |
/etc/docker/daemon.json configuration file | |
Ch 6. Images | |
Dangling image, image that no longer has a tag. Happens most often when building new image and reusing a tag | |
Storage driver - responsible for stacking layers, presenting as unified filesystem/image | |
Distribution hash - hash of the compressed version of the layer | |
Manifest lists - list of architectures supported by a particular image tag, each supported arch has a “manifest” detailing its specific layers | |
“Docker manifest” command lets you inspect manifest of any image on docker hub | |
Ch 7. Containers | |
Restarts restart current container, do not create new container | |
Ch 8. Containerizing an app | |
COPY & ADD instructions perform checksums on files when determining whether or not to use cache | |
Tip: apt-get install command flag “no-install-recommends” | |
Ch 9. Deploying Apps with Docker Compose | |
Docker-compose is a python binary (originally was “fig”) | |
Docker-compose “overlay” networks allow stand alone containers to attach to it | |
Ch 10. Docker Swarm | |
Nodes divided managers/workers | |
Etcd used for configuration and state storage | |
Nodes join swarm as managers or workers depending on their “token” value | |
Managers active-passive, commands forwarded to active | |
Swarm uses Raft consensus algorithm | |
Tip: use odd number of managers, avoid split-brain | |
Services can be created declaratively or imperatively, a la k8s | |
Background reconciliation loop | |
Ch 11. Docker Networking | |
CNM - container network model. Open-source pluggable architecture for networking. | |
Libnetwork - dockers implementation of CNM | |
CNM 3 parts, sandboxes, endpoints, networks | |
Endpoints connect sandbox to network (virtual network interfaces) | |
Networks are software switches | |
“Bridge” default network driver (replicates a switch) | |
Default docker “bridge” network doesn’t support docker-dns lookups of containers? (why?) but user-defined bridge networks do | |
Port mappings (host port to container port) | |
Overlay networks - multi-host | |
MACVLAN/transparent(windows) driver connects to existing networks, makes containers first-class citizens on existing network (mac address, ip address) | |
Possible to config swam services + containers with custom DNS resolvers (just edits /etc/resolv.conf) | |
Ch 12. Docker overlay networking | |
Overlay networks only extend to worker nodes when they are tasked with running a container in the network (lazy) | |
Docker overlay networking uses VXLAN tunnels to create virtual layer 2 overlay networks | |
VTEP - VXLAN Tunnel Endpoint | |
Ch. 13 Volumes and persistent data | |
Additional drivers available hub.docker.com | |
Ch. 14 Deploying apps with Docker Stacks | |
Secrets, “external” means required to exist before stack can be deployed | |
Stacks, unlike compose, do not support builds | |
Secrets mounted to containers as regular files (/run/secrets) | |
Placement constraints limit which nodes a service runs on | |
Ch. 15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment