Docker and Containerization Quiz

Questions and Answers

What command combines the functions of creating and starting a container in Docker?

• docker attach
• docker ps
• docker run (correct)
• docker start

What is the primary function of container management systems like Swarm and Kubernetes?

• They provide a virtual machine environment for user-space instances.
• They provide service-oriented architecture support for container deployments. (correct)
• They replace the need for an operating system.
• They enhance hardware performance for applications.

Which flag can be used with the 'docker ps' command to show all containers, including those that are stopped?

• --all
• -a (correct)
• -l
• -s

What is the enabling mechanism of containerization?

Isolation (A)

What is the purpose of the 'docker stop' command?

To send SIGSTOP or SIGKILL to a container (B)

Which characteristic differentiates containerization from traditional virtualization with virtual machines?

Containers do not share the operating system kernel. (D)

In Docker, which command allows you to retrieve logs from a daemonized container?

docker logs (D)

Which command would you use to re-attach to an interactive session of a running Docker container?

docker attach (C)

In the context of containers, what does resource management aim to control?

Resource usage such as memory and disk quotas (D)

How does containerization affect the deployment of applications in a datacenter?

It decouples application deployment from the operating system. (B)

What is the primary goal of the DevOps movement?

To integrate the release, testing, and deployment processes (A)

Which of the following best describes the use of Docker in the context of DevOps?

An application deployment method that treats everything as code (A)

What feature does Kubernetes provide that is essential for managing applications at scale?

Advanced features like auto-scaling (A)

Which system was NOT mentioned as part of Google's cluster management systems?

Docker Swarm (B)

Which company is known to have used Linux containers at a large scale for over ten years?

Google (B)

What is the primary advantage of containers over traditional virtual machines?

They result in less overhead. (B)

Which component is NOT included in a container's file system?

Hypervisor (C)

What is a significant limitation of containers compared to virtual machines?

Poor support for arbitrary environments. (D)

Which feature is a benefit of using both containers and virtual machines together?

Decoupling hardware and OS management. (D)

Open sourcing by dotCloud in 2013 aimed to solve which problem?

Addressing the portability issue of containers. (B)

What type of virtualization do containers utilize?

OS-level virtualization. (D)

What is an incorrect statement regarding the security of containers?

They have a smaller attack surface than VMs. (C)

What is a notable characteristic of the container concept as implemented by Rivière?

Inclusion of tools for portable container manipulation. (B)

What is one of the primary benefits of file system isolation in Docker containers?

Ensures each container has its own root filesystem (D)

What does the option '-t' do when running a Docker container?

Creates an interactive terminal session (A)

What is a primary function of the cgroups in Docker?

To manage memory allocation across containers (D)

How are logs managed in Docker containers?

Logs are collected independently for each container (A)

What does the command 'docker run -i -t ubuntu /bin/bash' do?

Pulls the latest Ubuntu image and starts a container with bash (B)

Which of the following is TRUE about network isolation in Docker?

Each container can operate with separate virtual interfaces (D)

What characterizes the copy-on-write filesystem used in Docker containers?

Enables shared layers to be stored only once for efficiency (D)

Why is process isolation important in Docker containers?

It enables independent operation of processes within each container (C)

What command is used to create a Docker image?

docker build (C)

What is the purpose of the CMD command in Docker?

To define the command to run when launching the container (A)

When you use the -p option in Docker, what is being achieved?

Mapping the specified port to a local port (C)

What does the VOLUME command do in a Dockerfile?

Designates a data directory shared between containers (C)

What happens if the second RUN command fails during a docker build?

The entire build process restarts from the base image (D)

What is required when exposing a port in a Docker container?

An explicit mapping must be set using -p option (B)

How can a user ensure that the CMD command is not overridden?

Use the ENTRYPOINT instead (D)

What does the ADD command do in a Dockerfile?

Copies files from local file system or URL (D)

Flashcards

Container

A software technology that enables a single Operating System to support multiple isolated user-space instances, each with its own set of processes and resources.

Container Management System

A software system that manages and orchestrates the lifecycle of containers, enabling their deployment, scaling, and networking.

Container Isolation

The practice of isolating and securing container instances, preventing interference between them.

Container Resource Management

The ability to limit resource consumption of individual containers, ensuring proper performance and preventing contention.

Independent Management of Containerized Applications

The concept of decoupling applications from the underlying operating system, enabling portability and independence.

Docker

Docker is a platform for building, sharing, and running containerized applications. It is a popular tool for developers and DevOps teams.

OS-Level Virtualization

Containers virtualize at the operating system level, isolating applications within a shared kernel. They create lightweight environments with minimal overhead compared to virtual machines.

Machine-Level Virtualization

Virtual machines provide complete isolation by emulating hardware. They run a separate operating system for each virtual machine, making them more resource-intensive.

Security: Containers vs. VMs

Containers provide a lightweight and efficient way to run applications, but they rely on the shared host operating system, making them potentially less secure than virtual machines.

Flexibility: Containers vs. VMs

Docker is designed to be lightweight and efficient, but it can be less flexible than virtual machines in certain scenarios. It might have limited support for specific applications or operating systems.

Hybrid Approach: Containers & VMs

Combining containers with virtual machines creates a hybrid approach that offers the benefits of lightweight isolation for applications (containers) and complete hardware-level separation for security and flexibility (virtual machines).

Containers & DevOps

The DevOps movement embraces tools and practices that streamline software development, deployment, and operations. Containers are a fundamental part of this movement, enabling faster and more efficient application delivery.

docker run -d

A command used to launch a container in the background without an interactive session.

docker ps -a

A command that lists both running and stopped Docker containers.

docker logs

A command that retrieves logs from a daemonized container.

docker attach

A command that attaches to a running container and provides a shell for interacting with it.

Container Identifier (UID)

An identifier that uniquely refers to a Docker container.

What is DevOps?

DevOps emphasizes integrating development and operations, breaking down traditional silos.

Why is everything treated as code in DevOps?

Treating configuration, hardware descriptions, and deployments as code allows for reproducibility and consistency in setting up environments.

What role does Docker play in DevOps?

Docker is used to package and run applications in containers, making them portable and independent of the underlying operating system.

What is Kubernetes?

Kubernetes is a container orchestration system used for managing and scaling containers at large scale.

How does DevOps improve software development?

The shift from traditional separation of roles to a collaborative, integrated process leads to faster release cycles and improved application stability.

Docker Container

A mechanism for defining and running processes, resources, libraries, and dependencies in a way that they are isolated from the host Operating System.

Docker Image

The basic unit in Docker, defining the environment and dependencies needed to run an application. Images are built from a series of layers with instructions on what software to install and configure.

Pulling a Docker Image

A process that copies a specific Docker image from a registry to the local machine, making it available to run containers.

Running a container

The process of starting a new container instance from a Docker image on your machine.

Docker Registry

A central repository to share and download Docker images, making it easy to reuse existing software packages. It contains pre-built images of commonly used applications, tools, and operating systems.

Interactive Shell

A feature that allows running interactive commands within a container, giving you access to its filesystem and environment. You can also run utilities and scripts inside the container.

Docker Client

A command used to interact with the Docker engine, allowing you to manage Docker images and containers. It allows you to pull images, build containers, start and stop them, etc.

docker build

Docker's command for building a container image from a Dockerfile. It iterates through each instruction in the Dockerfile, creating and modifying layers in the final image.

Docker -p option

A container image can be launched using the specified port using the -p option. This option is crucial for security, as exposed ports are not automatically opened.

CMD command

A special Docker command that defines the process to run when a container is launched. Can be overridden by a docker run argument, but if you want the command always to be executed, use ENTRYPOINT instead.

WORKDIR command

A special Docker command that sets the working directory used by the container. This directory is used for all file operations performed inside the container.

ENV command

A special Docker command that sets environment variables for the container. These variables can be used by applications running inside the container to configure their behavior.

USER command

A special Docker command that defines the user to run the container with. This helps set up proper permissions and security within the container.

ADD Command

A special Docker command that copies files from the host system or a URL into the container. This command is useful for adding source code, configurations, or other files to the container.

VOLUME Command

A special Docker command that defines a specific directory within the container that can be shared with other containers. This allows containers to communicate and share data with each other.

Study Notes

Course Information

• Course Title: Cloud Computing
• Course Code: LINFO2145
• Instructor: Pr. Etienne Rivière
• Contact Email: [email protected]
• University: Université catholique de Louvain (UCL)

Lesson 2: OS-Level Virtualization and Containers

• Objectives:
  • Understand the history and principles of OS-level virtualization and containers.
  • Detail container building and deployment using Docker.
  • Introduce container composition, networking, and management frameworks for cloud environments.

Announcements

• Quiz: The first quiz covering lectures 1 and 2 will be available on Moodle following this lecture.
• Individual Work: Students will have one week to answer questions, and one additional week for reviewing other's answers.
• Grading: Grading guidelines are provided. Students who answer questions will be invited to grade other submissions. The indicative grade range is 0–60 points, plus 20 points for each review. A certificate grade is awarded for participation.

Outline

• Introduction
• History of OS-level virtualization
• Linux containers
• Containers vs. Virtual Machines
• Docker containers and usage examples
• Containers composition, discovery, orchestration, and management
• DevOps overview

A Thousand-Mile Perspective

• Independent Container Management: Containers can be managed independently from their underlying operating system (OS).
• Decoupling Deployment: The deployment and management of the operating system are decoupled from application deployment.
• Application-Oriented Datacenter: This shifts from a machine-oriented to an application-oriented approach.
• Container Management: Swarm and Kubernetes are container management systems similar to OpenStack, but focused on containers and have support for service-oriented architectures.

Containers: A Definition

• Single OS: A single operating system with a single kernel, file system, and device drivers is used.
• Multiple User-Spaces: Multiple user-space instances can be supported, over a single kernel-space instance.
• Isolation: This feature enables isolation across user-space instances.
• Resource Management: The use of resources is limited for each container (e.g., memory, network, disk).

Containers: Some History

• UNIX/Linux Kernel Features: Containers rely on UNIX/Linux kernel features.
• Early Development: Isolation mechanisms for processes were developed before cloud computing for debugging and testing.
• Windows Adoption: Windows operating systems have also adopted similar mechanisms.
• Milestones: Key moments in the development of containers are highlighted (e.g., UNIX chroot, FreeBSD jails, Linux cgroups and namespaces).

Chroot

• UNIX Kernel Call: Used since the 1970s with wrapper programs.
• File Isolation: Changes the apparent root directory for the running process and its children.
• Not Security Isolation: Provides basic file system isolation but not security isolation.
• Testing Use: Used for build farms or unit, dependency, regression and compatibility testing.

FreeBSD Jails

• Secure Isolation: The first example of securely isolated containers.
• Root Privilege Isolation: Includes root privilege isolation, similar to chroot.
• Mini-OS Systems: Splits a FreeBSD OS into independent mini-OS systems (jails).
• Honeypot Application: One application is a honeypot for intruders.

Namespaces and Control Groups

• Namespaces: Group system resources (like processes, users, network interfaces) in namespaces.
• Dynamic Creation: Namespace instances can be created or joined dynamically.
• Resource Level Handling: Logical separation is done at the level of the resource type (files, processes, etc.).
• Chrome Isolation: Example use: Isolating Chrome processes connected to the Internet.
• Control Groups: (cgroups) is used for resource accounting and limitation between processes, such as memory and prioritization.

Linux Containers

• Generic Name: General term for Linux containers, based on namespaces and control groups.
• Open-Source Projects: Active open-source projects exist (e.g., OpenVZ, LXC, Linux-VServer, runC) with varying dates of initial release.

Docker

• Complete Applications: Wraps applications.
• OCI Support: Supports the Open Container Initiative and other container technologies.
• Standalone Applications: Files containing applications, runtime, system tools, and libraries.
• Portable Containers: Solved the problem of deploying containers on different OS types.
• PaaS: Open sourced by dotCloud PaaS (Platform as a Service) in 2013.

Docker Components

• Execution Environment: Docker manages containers based on specifications provided by Open Container Initiative (OCI).
• Application Deployment Engine: Includes a client to interact with resources that are hosted by a server. This server is a daemon for managing the containers.
• Docker Images: An entire file system needed to instantiate and run a container including metadata and configuration.
• Container Creation Tools: Tools like Dockerfiles are used to create images.

Docker Hub

• Docker Registry: Central location for storing Docker images.
• Public and Private Repositories: Docker Hub provides public repositories while individuals or companies can also have their own.
• Image Retrieval: The docker pull command is used to retrieve an image.
• Image Search: The docker search command is used to find available images.

Creating Images

• Base Image Usage: An image is generally built from an existing base image.
• Dockerfile: A text file with instructions for assembling the image.
• Docker Build: The docker build command runs in the Dockerfile directory to create images.
• Publishing Images: Publishing images on Docker Hub is a common activity.

Creating a Simple Web Server

• Base Image: The starting point for building the web server image.
• Layers: New features are added as new layers on top of the base image.
• Dockerfile Instructions: The Dockerfile contains instructions for installing web server software (like nginx) and creating the web page itself.

Creating the Image Command

• Docker Build Command: The command to build a docker image.
• Docker Run Command: The command to run a Docker image.
• Mismatched Quotes: Some examples indicate a problem with mismatched single or double quotes inside the Dockerfile.

Running a First Container

• -t and -i options: used for interactive mode.
• docker run command: The basic command to launch a container.
• ubuntu/bin/bash: This starts a bash session inside the container, and is used to interact with the virtual machine.

Running the New Image

• -p option: This option is used to specify ports to use for security of exposed ports, and to allow them to be opened outside of the container.
• Local Port Mapping: For example, 8080:80 maps port 8080 on the host machine to port 80 on the container.
• Containers ps command The docker ps -l command.

Dockerfile Commands

• CMD: The command executed when the container starts.
• ENTRYPOINT: A replacement for CMD.
• WORKDIR: Sets the working directory inside the container.
• ENV: Sets environment variables.
• USER: Sets the user inside the container.
• ADD: Copies files or directories from the host to the container.
• COPY: Similar to ADD but handles multiple files or directories.
• VOLUME: Defines a volume that can be shared with other containers or the host system.

Docker Networking

• Connecting Containers: Enables connection between containers (like web and database). This can be either on the same host or across multiple hosts.
• Abstraction and Separation: The networking environment between containers is managed separately.
• Inter-Container Networking Configuration: Done outside of the container.
• Docker Network Creation: The docker network create command is used.
• Linking Containers: The docker network connect command connects containers to a network.
• Higher-Level Tools: Orchestration tools such as Compose, Swarm, and Kubernetes manage containers networking.

Composing and Orchestrating Containers

• Managing Multiple Containers Manually: A complex process.
• Container Composition: Containers can be grouped together as a single entity.
• Example: docker compose tool aids in managing containers.
• Coordination: Coordination is required between different containers.
• Resource Management: Resource allocation and management is needed in scenarios with multiple containers.
• Service Discovery: Discovering containers and their availability is an essential feature.

Docker Compose Example

• YAML File Configuration: docker-compose.yml file configures containers and their interactions.
• Service Definitions: Define containers (e.g., web, redis for a web server and database).
• Links Between Containers: Define relationships between container services.
• Port Mapping: Mapping between host ports and container ports.

Consul: Service Discovery

• Distributed Applications: Manage service discovery in distributed container applications.
• Service Registration: Containers register their services.
• Contact Information: Containers register service names and contact information (IP addresses and ports). This assists with service discovery.
• Service Availability Monitoring: Consul monitors the liveness and availability of services.
• Service Catalog: Consul provides a catalog of services.

Docker Swarm

• Managing Multiple Hosts: Docker Swarm is used to manage containers on multiple hosts as a single entity.
• Docker API: Docker API is exposed.
• Manager Nodes: A cluster has one or more manager nodes to orchestrate container operations.
• Worker Nodes: Contain containers for applications.
• Replicated Services: Replicates and distributes containers and services across different nodes.

Docker and the DevOps Movement

• Traditional Role Separation: Traditional separation of development (Dev) and operations (Ops) roles exist.
• Agile Development: Fast development processes, often leading to quick releases but potential instability.
• DevOps Integration: The DevOps approach aims to eliminate the separation in roles from development to operations. This approach integrates development and operations.
• Integrated Process: Creating a more integrated release, testing, and deployment process. Treating everything as code.

Kubernetes

• Large Scale Container Management: Designed for managing a large number of hosts.
• Advanced Features: Supports dynamic configuration, service discovery, autoscaling, and quota management.
• Google's Borg: This is the foundational system that preceded Kubernetes.

Conclusions

• OS-Level Virtualization Growth: OS-level virtualization has gained popularity for large-scale deployment.
• Container Usage Growth: Container technologies simplified software development, and deployment.
• Containers and VMs: Containers and Virtual Machines (VMs) are complementary technologies (not opposing).
• DevOps Role: DevOps plays a key role in streamlining container processes.

References

• The course includes a variety of resources, references and citations.

Description

Test your knowledge on Docker commands, container management systems like Swarm and Kubernetes, and the principles of containerization. This quiz covers key topics such as logging, resource management, and the role of DevOps in modern application deployment.