Introduction to Building Containerized Applications on AWS
by Hasan
Containers Described
- Virtual Machine is generally mimick die hardware environment. Each Virtual Machine (VM) has its own operating system
- In case of VM we have lot of control. However sometime VM is a waste of resources.
- In those cases Containerzation additional layer of virtualization is added on top of guest os.
- Different virtulaized container can share underlying operating system and even additional binaries and drivers
- Therefore much lighter instantiation is necessary.
- So it is getting instantiation like VM. However with containerazation enables replication, backup, restroation, deployment and underlying resource utilization lighter.
- Images of container are more focused on just what it is needed.
Terminology
- Container
- Image
- Registry
Container
- Applications will run inside Container. Everything applications need will be baked into container from dependencies to environment variables. It’s all packaged inside the container. Very similar to virtual machine like EC2 container allows to create a isolate and set up environment specially for a specific application. Each different Application which needs to be isolated have diffrent containers.
Image
- Before launching a container one needs to define everything inside the container similiar to dependencies, source code and configurations. This Information will be captured in somthing called dockerfile. One can take this docker file and build an image. A packaged configuration that one needs for launching and deploying container. Blueprint of the container.
Often an image contains only the application. So when its deployed it only takes a small amount of space in the disk.
Registry
-
The images will be stored in somethind called registry. Registry specially used to hold the container images that are fully built out.
-
When it comes run container image, there is no need to build, it’s already built and stored in Registry. AWS docker hub is the registry.
Docker basics
- Docker noromally has three components
- Docker Daemon
- Docker CLI
- Docker Image registry
Docker CLI
- Docker client provides a way to initerect with Docker through a command line Interface (CLI). So CLI is the way to run, stop , build your containers
- Normally in CLI command starts with docker. example docker stop
- docker create - creates a container but don’t run the container
- docker run - creates and start the container
- docker rm - deletes the container
Docker Daemon (Secratory)
- So we have some commands for docker. but how docker listen to them. So docker Daemon is the player here. Which normally situated on the host machine. So it actully run the commands which client issues. So when a developer issue a
docker stop
command for particular container, the daemon will find that container and stop that container. So Daemon works like secratory for you. :) - Also anytime your coatainer needs access network ports, storage volume or any other components in the operating system level, the docker daemon will provide that.
Docker Image Registery (Bank)
- It actually a space to store your Docker images. It allows you to push and pull your container images. Here push and pull is like github. push means publishing and pull means, anything from cloud to in your place (local or server).
-
So registries can be public or private
-
A registry makes it possible for docker daemon to retrieve and run docker images. Docker images are the blueprints of containers which we already said before. It is like requirement text in virtual environement, the difference is that, in requirement it was only instlled packages, however here it everthing needed including operating system, configureation etc.
-
Docker image is read only, so once a image is built, it can not be changed, unless you build a new image.
- How to run this conatainer on a docker host ?
- Docker cli
docker run
. Docker client will delicate this to docker Daemon. -
Docker daemon first try to check whether the image is available or not on Docker host. If doesnot then it downloads it from docker image registry and downloads it to docker host using that image. So a container is the running instance of docker image.
- So how we get the image.
- from a docker file.
Docker file
is actually a plain text with standardize templates, which normally one will be created based on anyones wish. -
It’s a actually script that contains a list of commands.
Docker client
will call, when putting the image together. It includes the instruction to include the operating system, any other relevant software and making sure all the necessary dependencies are in place for a container to run properly. - when
docker build
cli is issued on a particular docker file , it results a docker image.
TL:DR
- starting with a docker file and list everything is necessary for a container
- build this docker file and rusults in docker image.
- docker run than results in a container on docker host.
Docker Files and semantics
- FROM is the first command
- FROM ubuntu:16.04. –> after colon normally version or tag, if it is empty then it is latest version.
-
Next MAINTAINER instruction –> author LABEL maintainer=”morgan@notarealemail.com”
- Run apt-get update -y &&
apt-get install -y python-pip python-dev- RUN normllay execute the command in a shell
-
COPY ./requirement.txt /app/requirement.txt this will copy file into a image and directory in that iamge, app/requirement.txt
- WORKDIR /app
- WORKDIR –> set working directory, if not exist, it will be created
- RUN pip install -r requirement.txt
- COPY . /app
- copy all the thing to ./app directory
- EXPOSE 8080 –> expose a port to the conatainer to communicate on
- if you want to listen also something, you need to add those ports.
- ENTRYPOINT [ “python”] –> what scripts to run when the container starts up
- CMD [ “app.py” ]–> execute command or script at runtime. Similar to ENRYPOINT instruction at high level. Differece is that, CMD one can use default value, here app.py you can later override those entry point.
Docker Images: Union File Systems and Copy on Write
- Each instruction in docker file creates a layer
- This layers are read only and stacked together to build images.
- First go the directory where docker file is availble.
docker build -t image_name docker_file_folder
. exampledocker build -t pyhtongwebapp .
docker inspect image_id
exampledocker inspect 238334
Union File Systems
-
Allows you to overlay multiple file system so they appear as unified views to the container. If a lower layer file which is modified at the upper layer, the container will use the modified file
- Images are read only, so what happens if a process run in a container requires to modify a file. By defaul Docker actually run a writable layer on top of union layers. These writeable layers allow any processes or applications running inside a container allows you to modify or create files. If you want to change a file, it will copy from read only layer to write only layer and modify there. The read only files remains unchanged. But this is hidden underneath the copy. This is called Copy on Write Strategy. The writable layer stays small by only bringing the data when it is needed. By default, all files created in a conatainer are stored in this writable container layer.
- If container is removed, all of the data in writable container will also be lost. If you need data, you need to use docker volumes and volume exist outside of lifecycle of container and managed by Docker.
- To have a persistent or shareable data use docker volumes
*TL:DR
- docker file creates layers.
- These layers create image by stacking together
- Each layer is read only and shared across images, when common layers exist.
- When container run from an image, a writable layer is added to the top, where files can be modified.
- A union file system and copy on write strategy to manage the lae in a efficient way
Docker CLI and Logging
- After docker installtion try docker run hello-world
- docker build -t pythonapp .
- docker images –> shows available images in that host
- docker run -d –> detached mood container run in backround. otherwise commman line terminal can be hijacked.
- docker run -d -p 8080:8080–> p is port normally host port and container port
- docker run -d -p 8080:8080 docker_imageid.
- to check whether your container is running, docker container ls
- docker exec -it id bash will create a new bash shell. here id will be image id
- Inside new shell command one cand run anything like shelll command echo or create file
exit
command will exit this shell- docker logs –container_id ``
- where the logfile is
sudo su
- and can change directory
cd /var/lib/docker/containers/
andls
cd containers_id
will show the information of the container.docker stop container_id
docker rm container_id
to removedocker container ps-a
shows all continers whether running or stop
Amazon Elastic Container Registry (ECR)
- secure, scalable and reliable
- allows private Docker repositories with resource based permissions using
AWS IAM
so that specific users can access on it
Elastic Beanstalk
- For deploying and scaling webapplications and services developed with various languages and applications servers. You don’t need to get any provisons and manage any infrastructure to get you code hosted on
EC2
. Simply upload your code and Elastic Beanstalk will automatically handle deployment from capacity provisioning to load balancing, and auto scaling to application health monitoring. Also Application stakc manages so don’t need to spend time or develop expertise.