Web Application Containers and Deployment

Questions and Answers

What occurs when dockerd runs a container?

• The container does not have access to the image's files.
• The source image is deleted after running the container.
• A read-only filesystem is created for the container.
• A writable filesystem layer is created separate from the image. (correct)

What command is used to fetch an image from Docker Hub?

• $ docker pull ubuntu:latest (correct)
• $ docker get ubuntu:latest
• $ docker fetch ubuntu:latest
• $ docker download ubuntu:latest

Which command will display the locally available images?

• $ docker available images
• $ docker list
• $ docker show images
• $ docker images (correct)

What is the purpose of running '$ docker run debian /bin/echo "Hello World"'?

To execute a command within a temporary container from the Debian image. (A)

What is notable about the filesystem layer created for a container?

It can be modified but will not affect the original image. (B)

What command is used to stop a Docker container named 'nginx'?

docker stop nginx (D)

What happens to the status of the 'nginx' container after it is started?

It is updated to Running. (B)

Which command would you use to list all Docker containers, including those that have exited?

docker ps -a (A)

What is the primary use of Docker volumes?

To persist data for data-intensive applications. (B)

What is a drawback of relying heavily on the overlay filesystem for containers?

It is not an efficient solution for data-intensive applications. (D)

What is the primary function of a container image?

To package an application along with its prerequisites (A)

Which kernel feature prevents runaway containers from consuming all available resources?

Control groups (cgroup) (A)

What task does the Docker command 'dockerd' perform?

Implement container and image operations (C)

In what manner do containers access system resources?

They are restricted to their private root filesystem and process namespace (D)

What is a unique characteristic of container images?

They are union filesystems resembling a typical Linux root filesystem (B)

How do containers manage their network connections by default?

Using a bridge and private IP addresses within a network namespace (C)

What happens to the changes made by processes within a container?

They are saved within the read/write layer of the container (C)

Which of the following is NOT a feature of container technology?

They require modifications to host operating systems (D)

What is the purpose of capabilities in container management?

To provide permission for processes to execute sensitive operations (B)

Why do containers improve storage efficiency?

They can share the same immutable base layers (D)

What command can be used to start an interactive bash shell within a container?

$ docker run --hostname debian -it debian /bin/bash (C)

Which command is used to display the current running processes in a container?

$ ps aux (D)

What is the purpose of the '-d' option when running a container?

It runs the container in detached mode in the background. (D)

How is the port mapping configured in the command '$ docker run -p 8080:80 --hostname nginx --name nginx -d nginx'?

It maps port 8080 on the host to port 80 in the container. (B)

What is the expected output when you curl 'localhost:8080' after successfully starting an nginx container?

Welcome to nginx! (C)

Which command is used to create a new process in a running container for troubleshooting?

$ docker exec -ti nginx bash (B)

What indicates that an image has been pulled successfully when running a Docker container?

Digest shows the SHA256 checksum. (B)

What does the 'docker ps' command display?

A summary of currently running containers with their statuses. (D)

What is the primary function of the 'bridge' network in Docker?

It creates a private network for containers on the host. (B)

What happens when 'host' networking is utilized?

The container shares the network stack with the host. (D)

What does 'none' networking in Docker indicate?

No networking configuration should be applied to the container. (A)

When using the bridge network, how does Docker handle traffic routing?

It sets up iptables rules that route traffic from the host to the container. (D)

What command line argument is used to select a container's network when running Docker?

--net (B)

What is the role of the Linux bridge in Docker networking?

To connect two network segments. (C)

What does the 'docker0' bridge do?

It acts as a switch linking containers to the host. (C)

What is the function of the command 'docker inspect' as shown in the example?

To retrieve information about a container's network settings. (C)

Flashcards are hidden until you start studying

Study Notes

Problem

• In a typical web application running on a server, numerous dependencies, such as application code, libraries, interpreters, and operating system settings, need to be present and configured correctly.
• Complexities arise as different web applications can have incompatible dependencies, leading to inefficient resource allocation and limited sharing between systems.

Containers

• Introducing container images simplify the deployment of web applications by packaging an application and its prerequisites into a portable file.
• Examples of container management tools include Docker, rkt, and systemd-nspawn.
• Containers work by leveraging kernel features such as namespaces, control groups (cgroups), capabilities, and secure computing mode (seccomp) to isolate and manage processes.
• Each container utilizes its own private root filesystem and operates in a restricted process namespace, ensuring that applications within containers cannot access files or resources outside their container environment.

Kernel support

• Containers rely on kernel features to ensure isolation and security:
  • Namespaces: Used to isolate resources like process IDs, network interfaces, and user IDs.
  • Control groups (cgroups): Prevent containers from consuming excessive system resources like CPU and memory.
  • Capabilities: Allow processes to execute specific, restricted kernel operations.
  • Secure computing mode (seccomp): Provide fine-grained control over system calls that containers can make.

Images

• A container image acts as a template for creating containers.
• These images utilize a union filesystem, allowing the container to work with a layered filesystem.
• The layout of binaries, libraries, and supporting files within a container image conforms to standard Linux filesystem hierarchy specifications.
• During container creation, the Docker engine combines a read-only image with a writable layer, enabling containers to modify files and store changes transparently.
• This layered filesystem approach allows for efficiency in storage usage as multiple containers can share immutable base layers, reducing startup times.

Networking

• Containers connect to the network through a combination of network namespaces and a bridge network within the host.
• Containers have private IP addresses within the host, which are not reachable from outside the host.

Docker

• An open-source container engine that includes the docker command-line interface for managing tasks related to container operations.
• The dockerd daemon provides persistent system-level processes to manage container and image operations.
• When dockerd runs a container, it creates a writable filesystem layer separate from the source container image.
• Containers can still access files and metadata from the image, but writes are confined to their individual namespaces.

The container experience

• Downloading Images:
  • The docker pull command downloads images from Docker Hub.
  • Example: docker pull ubuntu:latest
• Listing Images:
  • The docker images command displays locally available images.
• Testing a Container:
  • The docker run command creates and runs a container.
  • The -it flag initiates an interactive shell within the container.
  • Example: docker run debian /bin/echo "Hello World"
• Running a Container in the Background:
  • The -d flag runs a container in the background.
  • Example: docker run -p 8080:80 --hostname nginx --name nginx -d nginx
• Listing Running Containers:
  • The docker ps command lists currently running containers.
• Executing Commands within a Container:
  • The docker exec command creates a new process within an existing container.
  • Example: docker exec -ti nginx bash
• Stopping and Starting Containers:
  • The docker stop command stops a container.
  • The docker start command starts a stopped container.
• Removing Containers:
  • The docker rm command removes a container.
• Volumes:
  • Docker volumes provide a mechanism for persistent storage for data-intensive applications.
  • They are independent of the container’s writable filesystem layers, preserving data even after a container is removed.

Networking

• Docker Networks:
  • docker network ls lists available networks:
    • bridge: The default network for connecting containers to the host network.
    • host: Shares the host’s network namespace with the container.
    • none: No network configuration.
  • The --net argument in docker run allows selecting a specific network for a container.
• Bridge Network:
  • A bridge is a Linux kernel feature that connects network segments.
  • Docker uses a bridge called docker0 on the host, where each container has a private virtual network interface within the bridged network range.

Image Building

• Building container images allows for the packaging of applications and their dependencies.
• Steps for Building an Image:
  • Base Image: Start by selecting a base image.
  • Application Code: Add application code, libraries, and dependencies.
  • Commit Changes: Commit any changes as new layers, saving the image to the local image database.
• Using the Built Image:
  • Create containers from the built image.
  • Push the image to a registry for sharing.