Docker and Containerization Quiz

Questions and Answers

What command combines the functions of creating and starting a container in Docker?

docker attach

docker ps

docker run (correct)

docker start

What is the primary function of container management systems like Swarm and Kubernetes?

They provide a virtual machine environment for user-space instances.

They provide service-oriented architecture support for container deployments. (correct)

They replace the need for an operating system.

They enhance hardware performance for applications.

Which flag can be used with the 'docker ps' command to show all containers, including those that are stopped?

--all

-a (correct)

-l

-s

What is the enabling mechanism of containerization?

Isolation

What is the purpose of the 'docker stop' command?

To send SIGSTOP or SIGKILL to a container

Which characteristic differentiates containerization from traditional virtualization with virtual machines?

Containers do not share the operating system kernel.

In Docker, which command allows you to retrieve logs from a daemonized container?

docker logs

Which command would you use to re-attach to an interactive session of a running Docker container?

docker attach

In the context of containers, what does resource management aim to control?

Resource usage such as memory and disk quotas

How does containerization affect the deployment of applications in a datacenter?

It decouples application deployment from the operating system.

What is the primary goal of the DevOps movement?

To integrate the release, testing, and deployment processes

Which of the following best describes the use of Docker in the context of DevOps?

An application deployment method that treats everything as code

What feature does Kubernetes provide that is essential for managing applications at scale?

Advanced features like auto-scaling

Which system was NOT mentioned as part of Google's cluster management systems?

Docker Swarm

Which company is known to have used Linux containers at a large scale for over ten years?

Google

What is the primary advantage of containers over traditional virtual machines?

They result in less overhead.

Which component is NOT included in a container's file system?

Hypervisor

What is a significant limitation of containers compared to virtual machines?

Poor support for arbitrary environments.

Which feature is a benefit of using both containers and virtual machines together?

Decoupling hardware and OS management.

Open sourcing by dotCloud in 2013 aimed to solve which problem?

Addressing the portability issue of containers.

What type of virtualization do containers utilize?

OS-level virtualization.

What is an incorrect statement regarding the security of containers?

They have a smaller attack surface than VMs.

What is a notable characteristic of the container concept as implemented by Rivière?

Inclusion of tools for portable container manipulation.

What is one of the primary benefits of file system isolation in Docker containers?

Ensures each container has its own root filesystem

What does the option '-t' do when running a Docker container?

Creates an interactive terminal session

What is a primary function of the cgroups in Docker?

To manage memory allocation across containers

How are logs managed in Docker containers?

Logs are collected independently for each container

What does the command 'docker run -i -t ubuntu /bin/bash' do?

Pulls the latest Ubuntu image and starts a container with bash

Which of the following is TRUE about network isolation in Docker?

Each container can operate with separate virtual interfaces

What characterizes the copy-on-write filesystem used in Docker containers?

Enables shared layers to be stored only once for efficiency

Why is process isolation important in Docker containers?

It enables independent operation of processes within each container

What command is used to create a Docker image?

docker build

What is the purpose of the CMD command in Docker?

To define the command to run when launching the container

When you use the -p option in Docker, what is being achieved?

Mapping the specified port to a local port

What does the VOLUME command do in a Dockerfile?

Designates a data directory shared between containers

What happens if the second RUN command fails during a docker build?

The entire build process restarts from the base image

What is required when exposing a port in a Docker container?

An explicit mapping must be set using -p option

How can a user ensure that the CMD command is not overridden?

Use the ENTRYPOINT instead

What does the ADD command do in a Dockerfile?

Copies files from local file system or URL

Study Notes

Course Information

• Course Title: Cloud Computing
• Course Code: LINFO2145
• Instructor: Pr. Etienne Rivière
• Contact Email: [email protected]
• University: Université catholique de Louvain (UCL)

Lesson 2: OS-Level Virtualization and Containers

• Objectives:
  • Understand the history and principles of OS-level virtualization and containers.
  • Detail container building and deployment using Docker.
  • Introduce container composition, networking, and management frameworks for cloud environments.

Announcements

• Quiz: The first quiz covering lectures 1 and 2 will be available on Moodle following this lecture.
• Individual Work: Students will have one week to answer questions, and one additional week for reviewing other's answers.
• Grading: Grading guidelines are provided. Students who answer questions will be invited to grade other submissions. The indicative grade range is 0–60 points, plus 20 points for each review. A certificate grade is awarded for participation.

Outline

• Introduction
• History of OS-level virtualization
• Linux containers
• Containers vs. Virtual Machines
• Docker containers and usage examples
• Containers composition, discovery, orchestration, and management
• DevOps overview

A Thousand-Mile Perspective

• Independent Container Management: Containers can be managed independently from their underlying operating system (OS).
• Decoupling Deployment: The deployment and management of the operating system are decoupled from application deployment.
• Application-Oriented Datacenter: This shifts from a machine-oriented to an application-oriented approach.
• Container Management: Swarm and Kubernetes are container management systems similar to OpenStack, but focused on containers and have support for service-oriented architectures.

Containers: A Definition

• Single OS: A single operating system with a single kernel, file system, and device drivers is used.
• Multiple User-Spaces: Multiple user-space instances can be supported, over a single kernel-space instance.
• Isolation: This feature enables isolation across user-space instances.
• Resource Management: The use of resources is limited for each container (e.g., memory, network, disk).

Containers: Some History

• UNIX/Linux Kernel Features: Containers rely on UNIX/Linux kernel features.
• Early Development: Isolation mechanisms for processes were developed before cloud computing for debugging and testing.
• Windows Adoption: Windows operating systems have also adopted similar mechanisms.
• Milestones: Key moments in the development of containers are highlighted (e.g., UNIX chroot, FreeBSD jails, Linux cgroups and namespaces).

Chroot

• UNIX Kernel Call: Used since the 1970s with wrapper programs.
• File Isolation: Changes the apparent root directory for the running process and its children.
• Not Security Isolation: Provides basic file system isolation but not security isolation.
• Testing Use: Used for build farms or unit, dependency, regression and compatibility testing.

FreeBSD Jails

• Secure Isolation: The first example of securely isolated containers.
• Root Privilege Isolation: Includes root privilege isolation, similar to chroot.
• Mini-OS Systems: Splits a FreeBSD OS into independent mini-OS systems (jails).
• Honeypot Application: One application is a honeypot for intruders.

Namespaces and Control Groups

• Namespaces: Group system resources (like processes, users, network interfaces) in namespaces.
• Dynamic Creation: Namespace instances can be created or joined dynamically.
• Resource Level Handling: Logical separation is done at the level of the resource type (files, processes, etc.).
• Chrome Isolation: Example use: Isolating Chrome processes connected to the Internet.
• Control Groups: (cgroups) is used for resource accounting and limitation between processes, such as memory and prioritization.

Linux Containers

• Generic Name: General term for Linux containers, based on namespaces and control groups.
• Open-Source Projects: Active open-source projects exist (e.g., OpenVZ, LXC, Linux-VServer, runC) with varying dates of initial release.

Docker

• Complete Applications: Wraps applications.
• OCI Support: Supports the Open Container Initiative and other container technologies.
• Standalone Applications: Files containing applications, runtime, system tools, and libraries.
• Portable Containers: Solved the problem of deploying containers on different OS types.
• PaaS: Open sourced by dotCloud PaaS (Platform as a Service) in 2013.

Docker Components

• Execution Environment: Docker manages containers based on specifications provided by Open Container Initiative (OCI).
• Application Deployment Engine: Includes a client to interact with resources that are hosted by a server. This server is a daemon for managing the containers.
• Docker Images: An entire file system needed to instantiate and run a container including metadata and configuration.
• Container Creation Tools: Tools like Dockerfiles are used to create images.

Docker Hub

• Docker Registry: Central location for storing Docker images.
• Public and Private Repositories: Docker Hub provides public repositories while individuals or companies can also have their own.
• Image Retrieval: The docker pull command is used to retrieve an image.
• Image Search: The docker search command is used to find available images.

Creating Images

• Base Image Usage: An image is generally built from an existing base image.
• Dockerfile: A text file with instructions for assembling the image.
• Docker Build: The docker build command runs in the Dockerfile directory to create images.
• Publishing Images: Publishing images on Docker Hub is a common activity.

Creating a Simple Web Server

• Base Image: The starting point for building the web server image.
• Layers: New features are added as new layers on top of the base image.
• Dockerfile Instructions: The Dockerfile contains instructions for installing web server software (like nginx) and creating the web page itself.

Creating the Image Command

• Docker Build Command: The command to build a docker image.
• Docker Run Command: The command to run a Docker image.
• Mismatched Quotes: Some examples indicate a problem with mismatched single or double quotes inside the Dockerfile.

Running a First Container

• -t and -i options: used for interactive mode.
• docker run command: The basic command to launch a container.
• ubuntu/bin/bash: This starts a bash session inside the container, and is used to interact with the virtual machine.

Running the New Image

• -p option: This option is used to specify ports to use for security of exposed ports, and to allow them to be opened outside of the container.
• Local Port Mapping: For example, 8080:80 maps port 8080 on the host machine to port 80 on the container.
• Containers ps command The docker ps -l command.

Dockerfile Commands

• CMD: The command executed when the container starts.
• ENTRYPOINT: A replacement for CMD.
• WORKDIR: Sets the working directory inside the container.
• ENV: Sets environment variables.
• USER: Sets the user inside the container.
• ADD: Copies files or directories from the host to the container.
• COPY: Similar to ADD but handles multiple files or directories.
• VOLUME: Defines a volume that can be shared with other containers or the host system.

Docker Networking

• Connecting Containers: Enables connection between containers (like web and database). This can be either on the same host or across multiple hosts.
• Abstraction and Separation: The networking environment between containers is managed separately.
• Inter-Container Networking Configuration: Done outside of the container.
• Docker Network Creation: The docker network create command is used.
• Linking Containers: The docker network connect command connects containers to a network.
• Higher-Level Tools: Orchestration tools such as Compose, Swarm, and Kubernetes manage containers networking.

Composing and Orchestrating Containers

• Managing Multiple Containers Manually: A complex process.
• Container Composition: Containers can be grouped together as a single entity.
• Example: docker compose tool aids in managing containers.
• Coordination: Coordination is required between different containers.
• Resource Management: Resource allocation and management is needed in scenarios with multiple containers.
• Service Discovery: Discovering containers and their availability is an essential feature.

Docker Compose Example

• YAML File Configuration: docker-compose.yml file configures containers and their interactions.
• Service Definitions: Define containers (e.g., web, redis for a web server and database).
• Links Between Containers: Define relationships between container services.
• Port Mapping: Mapping between host ports and container ports.

Consul: Service Discovery

• Distributed Applications: Manage service discovery in distributed container applications.
• Service Registration: Containers register their services.
• Contact Information: Containers register service names and contact information (IP addresses and ports). This assists with service discovery.
• Service Availability Monitoring: Consul monitors the liveness and availability of services.
• Service Catalog: Consul provides a catalog of services.

Docker Swarm

• Managing Multiple Hosts: Docker Swarm is used to manage containers on multiple hosts as a single entity.
• Docker API: Docker API is exposed.
• Manager Nodes: A cluster has one or more manager nodes to orchestrate container operations.
• Worker Nodes: Contain containers for applications.
• Replicated Services: Replicates and distributes containers and services across different nodes.

Docker and the DevOps Movement

• Traditional Role Separation: Traditional separation of development (Dev) and operations (Ops) roles exist.
• Agile Development: Fast development processes, often leading to quick releases but potential instability.
• DevOps Integration: The DevOps approach aims to eliminate the separation in roles from development to operations. This approach integrates development and operations.
• Integrated Process: Creating a more integrated release, testing, and deployment process. Treating everything as code.

Kubernetes

• Large Scale Container Management: Designed for managing a large number of hosts.
• Advanced Features: Supports dynamic configuration, service discovery, autoscaling, and quota management.
• Google's Borg: This is the foundational system that preceded Kubernetes.

Conclusions

• OS-Level Virtualization Growth: OS-level virtualization has gained popularity for large-scale deployment.
• Container Usage Growth: Container technologies simplified software development, and deployment.
• Containers and VMs: Containers and Virtual Machines (VMs) are complementary technologies (not opposing).
• DevOps Role: DevOps plays a key role in streamlining container processes.

References

• The course includes a variety of resources, references and citations.

Description

Test your knowledge on Docker commands, container management systems like Swarm and Kubernetes, and the principles of containerization. This quiz covers key topics such as logging, resource management, and the role of DevOps in modern application deployment.