Bachelor's Degree in Artificial Intelligence

Computer Architecture & Operating Systems Department

Distributed Programming (2023-24)

Session 9: Containers
Professors: Javier Panadero / Antonio González / Manuel Montoto
Objectives
§ Why Containers?
§ Introduction to containers
§ Evolution of the deployment models
§ What is a Dockers?
§ Docker architecture
§ Docker workflow
§ The Dockerfile
§ The Docker Client (CLI)
§ Docker Registry
§ Persitent Data in Containers
§ Microservices & Containers
§ Kubernetes
§ Amazon ACS & ACR
§ Amazon EKS
Why Containers?
Why Containers?
Why Containers?
Why Containers?
§ Reasons could be:
§ Dependencies
§ Libraries and versions
§ Framework
§ OS Level feautures
§ Microservices
§ Security issues
§ Etc…
§ In conclusion, that the developer
machine has but not there in the
production environment.
Why Containers?
§ We require a standardized method
for packaging the application along
with its dependencies and
deploying it on any environment,
avoiding the underlying host
infrastructure.
§ Containers are packages of
software that include all the
necessary elements to run in any
environment.
§ Dockers is a tool to create, deploy
and run applications by using
containers.
Introduction to containers
§ In the physical world, a container is a
standardized unit of storage.

§ Container sounds like a generic term, but its

importance is clearer if you look at how
containers changed the shipping industry.

§ Their uniform size made it much more

efficient to load, unload, and stack them.
Containers could also be easily moved
between ships, trucks, and railroad cars. In
this way, containers improved efficiency,
increased productivity, and reduced costs.
© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 Introduction to containers
§ A container is a lightweight standardized unit
of software designed to run quickly and
reliably on any computing environment that
runs the containerization platform.

§ Containers provide operating system (OS)

virtualization so that you can run an
application and its dependencies in resource-
isolated processes.

§ For example, it can contain the application

code, runtime engine, system tools, system
libraries, and settings.

§ A single server can host several containers

that all share the underlying host system’s OS
kernel.
 Evolution of the deployment models: Bare-
metal servers
§ In bare-metal servers you had to build the
architectural layers, such as the infrastructure
and application software layers.

§ For example, first you need to install an OS on

top of your server hardware. Then, you install
the shared libraries on the OS, and finally,
install the applications that use those libraries.

§ This architecture is inefficient.

§ All the applications must compete for the

same resources, and you must keep the
versions of your libraries in sync with all your
applications. If one application requires an
updated version of a library that is
incompatible with other applications running
on that host, then you run into problems. © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Evolution of the deployment models: VM
§ Bare-metal servers' shortcomings
led to the use of a virtualization
platform over the host OS.
§ VMs run on a physical machine
and they allow isolating
applications and their libraries.
They have their own full OS inside
a VM.
§ This arrangement improves
utilization because you can add
more VMs to run on top of the
existing hardware, which greatly
reduces your physical footprint.
§ The downside to VMs is that the
virtualization layer is heavy.
Evolution of the deployment models: Containers

§ Containers improve the idea of

virtualization.
§ The container runtime shares the host
operating system’s kernel. You can use
this arrangement to your advantage to
create container images by using
filesystem layers.
§ Containers are lightweight, efficient, and
fast. They can be started up and shut
down faster than VMs.
§ You can share libraries when needed, but
you can also have library isolation for your
applications.
§ Containers are also highly portable.
What is Docker?

§ Docker is an open platform for

developing, shipping, and running
applications.

§ A Docker is not a container, is the

platform to create and executing
containers.

§ Docker provides the ability to package

and run an application in an isolated
environment called a container.

§ Docker provides tooling and a

platform to manage the lifecycle of
your containers.
Docker benefits

§ Portable runtime application

environment.

§ Independent to the target machine.

§ Application and dependencies can be

packaged in a single, immutable artifact.

§ Ability to run different application

versions with different dependencies
simultaneously.

§ Faster development and deployment

cycles.

§ Better resource utilization and efficiency.

Docker Architecture

§ Client: Interface to communicate with the

Docker Host (Graphical or CLI).
§ Docker Daemon: listens for user requests and
manages Docker objects such as images,
containers, networks, and volumes.
§ Image: is an inert and immutable file that is
basically a snapshot of a container. Similar to
the concept of an ISO.
§ Dockerfile: is the file where we define the
necessary instructions to create a Docker
image.
§ Containers: is a running Docker image.
§ Registry: is a repository where Docker images
are uploaded. Docker provides the
DockerHub repository to be used for free.
Docker Workflow

1. Development: Write the application

and list the libraries and dependencies
it needs to run.

2. Image Creation: Once the code is

ready, a Docker image must be created.
To create the image, we need to use a
Dockerfile, which is a plain text file that
provides specific instructions on how
to create the container image. This
image contains everything needed to
run the application, including
dependencies and the execution
environment.
Docker Workflow

3. Image Distribution: Docker images can be

distributed through a registry, such as
Docker Hub or a private registry. This
allows sharing images with other team
members or deployment servers.

4. Deployment: To deploy the application, a

Docker container based on the created
image is created. This container can be
executed in any environment with Docker
installed, providing portability and
consistency.

5. Monitoring and Management: Once the

application is up and running, Docker
provides tools for monitoring and
managing the running containers. This
includes the ability to horizontally scale
by adding more containers as needed.
The Dockerfile

§ A Dockerfile is a text file that

contains all the necessary
commands, arranged in sequence,
required to build a specific image.

§ A Docker image consists of read-only

layers each of which represents a
Dockerfile instruction. The layers are
stacked and each one is a delta of
the changes from the previous layer.

§ The format of a docker file is

INSTRUCTION arguments. The
instruction is not case-sensitive.
However, convention is for them to
be UPPERCASE to distinguish them
from arguments more easily.
Docker Client

§ The Docker client is the primary

interface for interacting with the
underlying Docker Ecosystem.

§ It can be used as a command line

tool, or as a Docker Desktop, which is a
graphical application available for
Windows, MacOS, and Linux.

§ The Docker client uses the Docker API to

communicate with the Docker daemon.
On receiving the commands from the
Docker Client, the required actions are
performed by the Docker daemon which [Link]
actually creates and manages
containers, images, networks, and
volumes.
Docker Client: Docker CLI commands

Command Description Command Description

Build an image from a docker logs View container log output.
docker build Dockerfile.
docker port List container port mappings.
docker images List images on the Docker host.

docker inspect Inspect container information.

Launch a container from an
docker run image.
docker exec Run a command in a container.
docker ps List the running containers. Remove one or more
docker rm containers.
docker stop Stop a running container.
Remove one or more images
docker rmi from the host.
docker start Start a container.
Dynamically update the
docker push Push the image to a registry. docker update container configuration.
Create a new image from a
docker tag Tag an image. docker commit container's changes.
Docker Registry: the first docker run

Docker in Action, Jeff Mickoloff, Manning

Some examples of commands: Example I
Some examples of commands: Example II
Some examples of commands: Example III
Some examples of commands: Example IV
Some examples of commands: Example V
Docker Registry

§ Docker stores images in a

common archive: registry.

§ Registry can contain public and

private images.
o public: DockerHub 10.000
images ready to use (NGINX,
mongoDB, Alpine, nodeJS,
redis, Ubuntu, mariadb,…)

o private: store images with

restricted access code
Docker Registry

[Link]
Containers and volatile data

§ We need to store data for the applications Data

bases, log files, shared folders.

§ Problem: container file system is volátile. Data

stored in container will be lost when we stop it.

§ By default, all files created inside a container

are stored on a writable layer:
o The data does not persist when that
container stop it.
o It is challenging to get the data out of the
container if another process needs it.
o Performance is impacted because the
writable layer requires a kernel driver to
manage the filesystem.
Volumes and persistence

§ Docker has three options to store files with data

persistency in the host machine:
1. Volumes: are stored in a part of the host filesystem,
managed by Docker (on Linux). Non-Docker
processes can not modify this part of the
filesystem. Volumes are the best way to persist data
in a [Link] file.
o Configure Docker to see the host folders: create
volumes
local folder: /home/javier/data
docker volume: /data
sudo docker run –volume =
[/home/javier/data:/data]
o Now read and write /data operations in the
container are stored in /home/javier/data
o Data host folder /home/javier/data is persistent
Volumes and persistence

§ Docker has three options to store files with data

persistency in the host machine:
2. Bind mounts: can be stored anywhere on the
host system. They may even be important
system files or directories.
o Non-Docker processes on the Docker host or a
Docker container can modify them at any
time.
o Are useful for sharing configuration files from
the host machine to containers or sharing
source code between a development
environment on the Docker host and a
container.
3. tmpfs mounts: are available only if you are
hosting in Linux, stored in the host system's
memory, and never written to the host
system's filesystem.
Microservices and containers

§ One of the strongest factors driving the growth of Monolithic

containers is the rise of microservice architectures.

§ Microservices are an architectural and

organizational approach to software development
designed to speed up deployment cycles, where
the software is composed of small independent
services that communicate through well-defined
APIs.

§ The microservices approach improves the

maintainability and scalability of software Microservices
applications.

§ Each service is built as an independent component

that communicates using lightweight API
operations. Each service performs a single function
that could support multiple applications.
Microservices and containers

Microservices design Container characteristics

• Decentralized, evolutionary • Each container uses the language and technology that are best suited for the service.
design • Each component or system in the architecture can be isolated, and can evolve
• Smart endpoints, dumb pipes separately, instead of updating the system in a monolithic style.

• Independent products, not • You can use containers to package all of your dependencies and libraries into a single,
projects immutable object.
• Designed for failure • You can gracefully shut down a container when something goes wrong and create a
• Disposable new instance. You start fast, fail fast, and release any file handlers.
• The development pattern is like a circuit breaker. Containers are added and removed,
workloads change, and resources are temporary because they constantly change.

• Development and production • Containers can make development, testing, and production environments consistent.
parity • This consistency facilitates DevOps, in which a containerized application that works on
a developer's system will work the same way on a production system.
Kubernetes
Kubernetes

§ Kubernetes is an orchestration tool

for managing containers across a
distributed cluster of nodes.

§ Provides container grouping, load

balancing and scaling features.

§ Kubernetes itself follows a client-

server architecture with a master and
worker nodes.

§ Users define rules for how container

management should occur.
Kubernetes Architecture

§ It is based on a master-worker schema.

§ The master server consists of various
components including a:
1. API server: contains various methods to
directly access the Kubernetes.
2. Scheduler: assigns to each worker node
a container.
3. Controller manager: Keeps track of
worker nodes and Handles node failures
and replicates if needed.
4. Etcd: works as backend for service
discovery that stores the cluster’s state
and its configuration.
Kubernetes Architecture

§ It is based on a master-worker schema.

§ The worker server consists of various
components including a:
o A Pod: is a Kubernetes abstraction that
represents a group of one or more
containers sharing common resources.
o Container runtime: pulls a specified
Docker image and deploys it on a worker
node.
o Kubelet: talks to the API server and
manages containers on its node.
o Kube-proxy: balances the network traffic
between application components and
the outside world.
Amazon ACS

§ Amazon ECS is a highly scalable, highly performing

container orchestration service that supports Docker
containers.

§ Users can use the service to run and scale containerized

applications on AWS.
Amazon ACS
§ Amazon ECS allows to schedule the placement of
containers across a managed cluster of EC2/Serverless
instances.

§ Amazon ECS provides its own schedulers, but it can also

integrate with third-party schedulers to meet business or
application-specific requirements.

§ Amazon ECS is also tightly integrated with other AWS

services, such as AWS Identity and Access Management
(IAM), Amazon CloudWatch, and Amazon Route 53.
Amazon ACS: Architecture

§ Cluster: is the core of ECS.

§ A cluster is a logical grouping of

EC2 instances or Fargate tasks on
Amazon ACS
which containers are deployed and
managed.

§ Clusters provide the compute

resources needed to run your
containers.
Amazon ACS: Architecture

§ ECS container Instance: are EC2

instances or Fargate tasks that are
part of an ECS cluster.

§ These instances host the Docker

Amazon ACS
containers.

§ ECS manages the lifecycle of these

instances, ensuring that they are
healthy and available to run tasks.

§ You can deploy Container Instances

within different availability zones of
the same region.
Amazon ACS: Architecture

§ Task: It represents a running

container or a group of related
containers that make up your
application.

§ Service: allows to run andAmazon

maintainACS
a specified number of instances of
a task simultaneously in an ECS
cluster.
§ They ensure that the desired
number of tasks are running and
automatically restart any failed
tasks.
§ Services are ideal for long-running
applications or microservices that
need to be highly available.
Amazon ACR

§ Amazon ECR is a fully managed, cloud-based Docker image

registry that makes it easy for you to store, manage, and
deploy Docker container images.
§ Amazon ECR integrates with Amazon ECS and the Docker CLI,
which simplifies your development and production
workflows.
§ You can push your container images to Amazon ECR by using
the Docker CLI from your development machine. Then,
Amazon ECS can pull them directly for production
deployments.
§ Amazon ECR hosts your images in a highly available and
scalable architecture, which enables you to reliably deploy
containers for your applications.
§ You can configure policies to manage permissions for each
repository and restrict access to IAM users, roles, or other
AWS accounts.
Amazon EKS

§ Amazon Elastic Kubernetes Service

(Amazon EKS) is a managed Kubernetes
service that enables running
Kubernetes in the AWS cloud.

§ EKS removes the operationalAmazon

overheadACS
of managing a Kubernetes cluster,
allowing developers to focus on writing
code and building applications without
worrying about the underlying
infrastructure.

§ Kubernetes manages clusters of EC2

instances, and it runs containers on
those instances with processes for
deployment, maintenance, and scaling.