Docker, Container Build Up!: Docker Utilization for Optimal Container Services

Docker, Container Build Up!: Docker Utilization for Optimal Container Services

Author: Lee Hyunryong

Rating:

Pages: 384

Published:

Reading period: ~ (65days)

Category: Domestic, Books, IT/Mobile, Network/Hacking/Security, General, Networking, OS/Database, Cloud/Big, Data, Computer, Science, Software, Engineering

View on Yes24

I started reading this book for Inception, one of the 42 Seoul Circle 5 projects.
I also wanted to read the "Understanding with Illustrations~" book, but someone had already checked it out from the digital library, so I chose this one instead.

The book uses commonly used IT industry keywords without separate explanations, so it might be a challenging read for IT beginners.
e.g.) High availability, IaaS, provisioning, mainframe, etc. Some of these are noted in footnotes or explained later in the book.

Chapter 1#

Chapter 1 explains content related to Docker. It covers the background of why Docker technology became necessary in infrastructure and how DevOps allowed teams to focus more on service development.
It also explains the evolution of Docker, so you can briefly understand how Docker's internal technology changed from LXC through libcontainer OC to runC OCI.

Chapter 2#

I worked in an M1 + Ventura 13.4.1 environment. I used UTM as my virtual machine program and ubuntu-22.04.1-live-server-arm64 as the Linux OS.

Following the book's instructions as-is doesn't install Docker properly. I think it's because of arm64. I think it's because the Ubuntu version is 20.04 or higher.
Use sudo snap install docker instead of sudo apt-get -y install docker-ce.

And perhaps because I installed via snap, I couldn't check sudo systemctl restart docker, sudo systemctl status docker.
Also, sudo usermod -aG docker $(whoami) didn't work either.
I was about to give up, but I was able to solve it through googling.
For detailed instructions, please refer to Installing Docker with Snap on Ubuntu 20.04. Following this process will allow you to use Docker in your environment.

While following along, I wanted to SSH into the virtual machine OS and split my screen with iTerm(4):eBook(6) ratio.

How to connect SSH to UTM

  1. Install ifconfig via sudo apt-get install net-tools
  2. Run the ifconfig command and check the IP address from the output (in my case, enp0s1)
  3. Connect with ssh {username}@{IP} -p22 and enter the password

Chapter 3#

In the Docker Image Detail Query section, there's a part where you change to admin privileges and navigate to /var/lib/docker.
Since I installed via snap, I had to go to /var/snap/docker/common/var-lib-docker instead.

In the Docker Login and Logout section, the part where you check cat ~ /.docker/config.json was also different, so I checked with cat ./snap/docker/2895/.docker/config.json.

Since you need to access the web to generate an Access Token, I recommend doing it via SSH connection for easier copy-pasting.

In the Managing Docker Images as Files section, since I was using an M1 computer with an arm64 environment, I couldn't download mysql5.7. Since this example doesn't actually run mysql, you don't need to worry about issues. You can download either docker pull arm64v8/mysql or docker pull mysql.

You learn Docker container commands: build, image, login, push, pull, commit, run, create, exec, attach, export, import, container, inspect, ps, logs, top, stats, stop, pause, unpause, restart, kill, rm seem to be the main ones.

Using the create and start commands sequentially to control containers has a similar effect to the run command.

I said mysql 5.7 couldn't be installed above, but you can get it this way: docker pull --platform linux/amd64 mysql:5.7. For Lab 3-1, using 5.7 seems easier. It doesn't run...
cAdvisor also doesn't seem to be supported on M1.

When handling volumes, rather than passing source via docker cp to specific paths used by certain Docker containers, it's better to connect a folder from the host path to a volume and work from there.

Volume specification creates a folder even with incorrect names or paths, so you need to be careful about typos. While following the examples as-is, there are parts where the author's /home/hylee path is exposed directly—you should change it to your own path to avoid unexpected results (I haven't actually tried it as-is, so I'm not sure if it would fail).

The reasons I find Docker difficult include not fully understanding Docker's structure, commands, container lifecycle (volatility of data not connected to the host), volume connections, and how Docker is actually used in practice—all of which make me feel burdened.

There may be cases where volumes need to be created on the host or where specific folders need to be designated. Since I don't yet know the best practices for Docker volumes in production, I think you'd need to check existing volumes or folders to decide whether to create new ones.

Since Docker provides isolated environments, it's also convenient for resource allocation. I became curious whether it's common practice to limit resources to only what a specific application recommends. Most Docker containers would be running in the cloud, where you'd want to minimize resource usage to reduce billing costs. I need to look into whether cloud providers' computer resource settings make Docker-level resource limits unnecessary, or whether resource-limiting options are also used within Docker.

Chapter 4#

Now we use Dockerfiles. The book also introduces the concept of IaC.
You Build a Docker Image from a Dockerfile, then Run a Docker Container from it.

Frequently Used Dockerfile Commands#

FROM

  • Specifies the base image for the image you want to create. Image tags are provided like version information on Docker Hub. If no tag is specified, it defaults to latest. When using a Python image, having the Debian Buster keyword is advantageous.
  • Example) FROM ubuntu:20.04

MAINTAINER

  • Generally includes the name and email of the author who built the image.
  • Example) MAINTAINER sungjun.hwang <someone@gmail.com>

LABEL

  • Lists image metadata such as version, title, description, and license information. Multiple entries are possible.
  • Example) LABEL purpose = 'Nginx for webserver'. Multiple LABELs can be specified separately. When using multiple ones, the following format is recommended:
Recommended
LABEL purpose = 'Nginx for webserver' \
	  version = '1.0' \

RUN

  • Used for package updates, installing various packages, and executing commands on the configured base image. Multiple entries are possible.
  • RUN apt update
  • Recommendation: Use multi-stage builds, build with individual Dockerfiles per image. Chaining multiple install commands reduces the number of image layers. Using autoremove, autoclean, rm -rf /var/lib/apt/lists/* deletes stored apt cache, reducing image size.
  • Example) Shell format (RUN apt update && apt install -y nginx) and Exec format (RUN ["/bin/bash", "-c", "apt update"])

CMD

  • The command executed when a created image is run as a container, used to specify default parameters to pass to the command specified by the ENTRYPOINT directive. Even if multiple CMDs are written, only the last one is processed. Generally useful when you want an application daemon to run when the image's container starts.
  • Example) Shell format (CMD apachectl -D FOREGROUND) and Exec format (CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"])

ENTRYPOINT

  • Like CMD, used when a created image is run as a container, but differs in that it passes and executes commands and argument values when the container runs. When using multiple CMDs, use them together with the ENTRYPOINT directive. ENTRYPOINT specifies the command, and CMD specifies the default command for flexible image execution.
# Example
 
ENTRYPOINT ["python"]
CMD ["runapp.py"]
  • ENTRYPOINT specifies commands that must always be executed when running a Docker container.
  • CMD is useful when specifying various commands during Docker container execution.

COPY

  • Used when copying files or folders from the host environment into the image.
  • Supports only simple copy operations. Files outside the build context cannot be COPYed.
  • Example) COPY <host OS file path> <path inside Docker container>

ADD

  • Used not only for copying files and folders from the host environment into the image, but also for downloading directly from URLs and adding them to the image. Compressed files are extracted to the specified path.
  • Files outside the build context cannot be ADDed, and folder additions must end with /.
  • Example) ADD <host OS file path> <path inside Docker container>

ENV

  • Used to set various environment variables inside the image. There are environment variables that need to be pre-configured to make application usage easier.
  • Example) ENV JAVA_HOME /usr/lib/jvm/java-8-oracle

EXPOSE

  • Used to specify the port and protocol on which the container listens for incoming traffic through the host network.
  • Example) EXPOSE 80 or EXPOSE 80/tcp

VOLUME

  • Used when pre-setting volumes in the image build.
  • Container paths specified with VOLUME are automatically linked to the volume's default path /var/lib/docker.
  • Example) VOLUME /var/log or VOLUME ["/project"]

USER

  • The container's default user is root.
  • If an application can run services without privileges, use USER to switch to a different user.
  • Example) USER sunhwang

WORKDIR

  • Used to switch the working directory within the container.
  • When WORKDIR is set, RUN, CMD, ENTRYPOINT, COPY, and ADD commands execute relative to that directory.
  • If the specified path doesn't exist, it's automatically created, and connecting to the container after execution leads to the specified path.
  • Example) WORKDIR /workspace

ARG

  • Used to pass variable values at docker build time by defining --build-arg=argument.
  • Caution: sensitive information like secret keys or account passwords will remain in the image and risk exposure.
  • Example) ARG db_name (written in Dockerfile)
  • Can be passed with docker build --build_arg db_name=jpub_db .
  • Can be used as CMD db_start.sh -h 127.0.0.1 -d ${db_name}.

ONBUILD

  • Included in the initial image build but not executed; used to specify commands that will run when the image is used as a base image for another image.
  • The ONBUILD command is a method where the parent Dockerfile passes instructions to the child Dockerfile.
  • Example) ONEBUILD ADD websource.tar.gz /urs/share/nginx/html/

STOPSIGNAL

  • The docker stop command sends SIGTERM to the container to stop it. Used when you want to send a different signal.
  • Example) STOPSIGNAL SIGKILL # Enter the signal number or name.

HEALTHCHECK

  • Used when you want to check the process status of a container.
  • Only one HEALTHCHECK command is valid, and only the last declared one applies.
  • Example) HEALTHCHECK --interval=1m --timeout=3s --retries=5 CMD curl -f http://localhost || exit 1

SHELL

  • Used to specify the default shell used within the Dockerfile. The default is "/bin/sh".
  • Example) SHELL ["/bin/bash", "-c"]

Thoughts After Finishing the Book#

In the beginning, the concepts and explanations about Docker were great and very educational. The latter part was more hands-on focused, but the final exercise before Docker Swarm didn't work well due to AWS version differences. I fixed issues along the way, but there was an issue at the final cluster deployment that I couldn't resolve.

Even after finishing the book, the reason Docker is still difficult for me is that I keep wondering how and in what situations to use Docker. If I were given a blank Dockerfile and told to do something, could I handle it without difficulty? To use Docker well, I think you need to clearly define what you want to achieve with this technology. If I don't even know what I can do with Docker or what I should be doing, learning good technology won't help me use it well. It's frustrating not being able to freely utilize it due to lack of infrastructure experience.

I was reading midway through when I participated in the 42 Seoul startup bootcamp in August, and I was so busy building things during that time that I couldn't focus on anything else.
Still, when I returned to reading in early September, I found it somewhat difficult to understand because I couldn't remember the content I had read before.
Nevertheless, I think learning from other books, videos, or official documentation would be a better approach than this book.