# Docker
Docker is an open-source project that automates the deployment of applications inside software containers.

- Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. 
- In a way, Docker is a bit like a virtual machine. But unlike a virtual machine, rather than creating a whole virtual operating system, Docker allows applications to use the same Linux kernel as the system that they're running on and only requires applications be shipped with things not already running on the host computer. This gives a significant performance boost and reduces the size of the application.

## Docker Engine 
It is  a client-server application with these major components:

- A server which is a type of long-running program called a daemon process (the dockerd command).
- A REST API which specifies interfaces that programs can use to talk to the daemon and instruct it what to do.
- A command line interface (CLI) client (the docker command).

<img src="https://docs.docker.com/engine/article-img/engine-components-flow.png" width=400>

# Install Docker and Docker-compose


After logging in your server
1. Update your server
> sudo apt-get update

2. Now let's install Docker. Add the GPG key for the official Docker repository to the system:
>sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

3. Add the Docker repository to APT sources:
>sudo apt-add-repository 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'

4. Update the package database with the Docker packages from the newly added repo:
>sudo apt-get update

5. Make sure you are about to install from the Docker repo instead of the default Ubuntu 16.04 repo:
>apt-cache policy docker-engine

6. Finally, install Docker:
>sudo apt-get install -y docker-engine

8. Installing Docker Compose. First Check and update current release
>sudo curl -o /usr/local/bin/docker-compose -L "https://github.com/docker/compose/releases/download/1.11.2/docker-compose-$(uname -s)-$(uname -m)"

9. Next we'll set the permissions:
>sudo chmod +x /usr/local/bin/docker-compose

10. Install Docker Machine
>curl -L https://github.com/docker/machine/releases/download/v0.10.0/docker-machine-`uname -s`-`uname -m` >/tmp/docker-machine &&
  chmod +x /tmp/docker-machine &&
  sudo cp /tmp/docker-machine /usr/local/bin/docker-machine
  
11. Then we'll verify that the installation was successful by checking the version:
>docker-compose -v

# Using Docker without Sudo 
Add the docker group if it doesn't already exist:
>sudo groupadd docker

Add the connected user "$USER" to the docker group. 
Change the user name to match your preferred user if you do not want to use your current user:

> sudo gpasswd -a $USER docker

Either do a 
> newgrp docker 
or log out/in to activate the changes to groups.

> docker version

```
Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64
 Experimental: false
```

> docker info

Shows information related to docker

# Docker Comamnd Format

```docker <command> <subcomamnd> [option]```

for e.g

```docker conatiner run```


# Image vs Conatiner
- image is the application we are going to run containing all its binaries, libraries, source code
- container is the running instance of that image
- You can have multiple images running off the same image
- We get images from registeries. Default for Docker is hub.docker.com


# Starting a nginx Server
> docker container run --publish 80:80 nginx

go to http://localhost - It will be running an nginx server

- It downloaded nginx image from Docker Hub registry and pulled down latest image
- Started a new container with the image
- Publish part of command exposes local port 80 to container port 80

### Running Docker container in background
> docker container run --publish 80:80 --detach nginx

### List all running containers
> docker container ls

### List all  containers
> docker container ls -a

### Stop running container
> docker container stop |3-4 characters of the container id| 

### Start a container with a defined name
> container run --publish 80:80 --detach --name webhost nginx

### Remove containers
> docker rm cid cid

### Remove containers (including running ones, by force)
> docker rm -f cid cid

## Looking inside the conatiner
Process list of the container
> docker container top nameofcontainer

Inspect a running container
> docker container inspect nameofcontainer

Show Stats of a Container
> docker container stats nameofcontainer

Show Stats of all Container
> docker container stats --all

## Getting into the shell

> docker container run -it --name containerName containerimage bash

i stands for keeping stdin open and t gives is pseudo TTY (simulates a real terminal) and bash will give you a terminal inside the window

> docker container start -ia containerName bash

Conatiners which are stopped can be started, -a is for attach stdout

> docker container exec -it conatinerName bash

Run additional processes in running container


# Docker Network Defaults
- Each container connects to virtual private network "bridge"
- Each virtual private network routes through NAT firewall on host IP
- All containers on a virtual network can talk to each other without -p inside our host
- for e.g. mysql and php can talk to each other without opening their ports to physical network
- Best practice is to create a virtual private network for each app

>NAT Firewall is an additional layer of security for connections. It blocks unrequested inbound traffic when you're connected

# Docker Networking
Which ports are forwarding traffic from the container to the host
> docker container port containerName


ifconfig stands for "interface configuration". It is used to view and change the configuration of the network interfaces on your system.
> ifconfig 

Now find the address of docker machine
>  docker container inspect containerName

or

> docker contaienr inspect --format '{{ .NetworkSettings.IPAddress }}' containerName

You will find that docker and local machine are not on same network


# Networking basics

#### Subnet Mask
the mask is used to determine that which part of IP belonged to network or which part belong to host. E.g. 
- if u have a IP 172.16.25.32 and its subnet mask is 255.255.0.0. then the 172.16 is network part , and 25.16 is host part. 
- if u have a IP 172.16.25.32 and its subnet mask is 255.255.255.0. then the 172.16.25 is network part , and 16 is host part. 

#### Router
A router is a device that is capable of sending and receiving data packets between computer networks, also creating an overlay network. The router connects two or more data line, so when a packet comes in through one line, the router reads the address information on the packet and determines the right destination, it then uses the information in its routing table or routing policy to direct the packet to the next network.


#### Gateway 
Gateway is also a router, which forwards the traffic of a subnetwork to other or to the internet. Gateway acts as a intermediary device between computers in the subnet with other computers outside the subnet. All the traffic to the outside of subnet must go through the gateway.


> e.g 
ip = your first name...
sub mask = surname...
gateway = person whom u rush to when u need to go out ...


#### IPAM
IPAM allow administrator to ascertain and update many information about their network such 

- How many ip address space exists
- What subnet are in use
- Host name associated with each ip address
- Secific hardware associated with each IP address


# CLI Management

Study IPAM and individual containers IPaddresses
> docket netwok ls

Creating a new docker network
> docker network create new_app

List all networks
> docker network list

Running a container with custom netwrok
> docker container run -p 8888:80 --name webhost11 -d --network my_app nginx 

Connecting/Attaching an existing container with a custoem network
> doccker network connect NETWORK_NAME CONTAINER_NAME

Disconnecting
> docker network disconnect NETWORK_NAME CONTAINER_NAME

# Docker DNS
For inter-container communications

> Forget IPs - Static IPs or even using IPs is an anti-pattern. Avoid it

#### Docker DNS
Docker Daemon has a built-in DNS server that containers use by default. You can aslso create aliases

It will resolve second conatiner name as DNS. This is very helpful in Swarm production
> docker container exec -it CONTAINER1 ping CONTAINER2



# DNS Round robin
Round robin works on a rotating basis in that one server IP address is handed out, then moves to the back of the list; the next server IP address is handed out, and then it moves to the end of the list; and so on, depending on the number of servers being used. This works in a looping fashion.

- On Docker, we can have multiple containers on a created/custom network respond to smae DNS netowk by using alias 

Step1: Create a new network
> docker network create searchnetwork

Step 2: Start docker containers with same network alias --net-alias
With --net-alias, one container can access the other container only if they are on the same network. 

> docker container run -d --name search1 --net searchnetwork --net-alias search elasticsearch:2

> docker container run -d --name search2 --net searchnetwork --net-alias search elasticsearch:2

Step 3: We need to use a nslookup of a third docker container. 
nslookup, which stands for "name server lookup", is a useful tool for finding out information about a named domain. By default, nslookup will translate a domain name to an IP address (or vice versa). 

> docker container run --rm --net searchnetwork alpine nslookup search

Step 4: Starting another docker container of centos and calling the network with port. 
> docker container run --rm --net dude centos curl search:9200

Step 5: Call this multiple times, and you will find  "elasticsearch" name to be different, showing its calling different servers every time



# Docker Images
Docker images has apps and dependecnies along with its metadata telling docker how to run that image.
- Image is not a complete OS, no kernel or drivers since host machine provides all that.
- Images is just booting an application and not a OS


Check history of a image
> docker image history IMAGE_NAME

You can add a new tag on an existing image
> docker image ls

List all docker images

Tag docker image with "nginx" tag to "ankitone/nginx" tag. You will find both images will have same Image ID and diffrerent tags.
> docker tag nginx ankitone/nginx

> docker tag SOURCE_IMAGE[Tag] TARGET_IMAGE[Tag]


Log into your docker account
> docker login

Now push this image to your repo
> docker image push IMAGE_Name

Make sure you logout 
> docker logout


Build an image from docker file which is present in same directory( you will use "." for symbiolising that)
> docker image build -t tagName .

# Union File System
Docker images are stored as series of read-only layers. When we start a container, Docker takes the read-only image and adds a read-write layer on top. If the running container modifies an existing file, the file is copied out of the underlying read-only layer and into the top-most read-write layer where the changes are applied. 

The version in the read-write layer hides the underlying file, but does not destroy it — it still exists in the underlying layer. When a Docker container is deleted, relaunching the image will start a fresh container without any of the changes made in the previously running container — those changes are lost. Docker calls this combination of read-only layers with a read-write layer on top a Union File System.

<img src="http://container-solutions.com/content/uploads/2014/12/image_layers-1.png" widtth="400px">

# Container Lifetime & Persistent Data

Docker works on a concept called 'seperation of concerns'

- The persistent data (like database data etc) is seperated from the immutable container via Volumes and Bind Mount
- Volumes make special location outside UFS (Union File System)
>

- Bind Mounts: links container path to host path 

> docker container inspect CONTAINER_ID

> docker volume ls


# Difference between Named Volumes and Bind Mount

A volume can be created in two ways:

- Specifying VOLUME /some/dir in a Dockerfile
- Specying it as part of your run command as docker run -v /some/dir

Having VOLUME in Dockerfile allows you to specify that a path inside the image should always be created as a volume (to bypass the union filesystem Docker uses by default). e.g., this is common for database images where writing to /var/lib/postgresql


The host-dir can either be an absolute path such as /dst/docs or a name value. 
- If you supply an absolute path for the host-dir, Docker bind-mounts to the path you specify. 
- If you supply a name, Docker creates a named volume by that name.


You also need to chown your host directory 
> chown -R jovyan:staff /dir

> chown -R user:group DIR_PATH

Bind mounting is mapping a host file or directory to a container file or directory