In [2]:
from IPython.core.display import display, HTML
display(HTML("<style>.container { width:90% !important; }</style>"))

# Docker

In [111]:
!docker system prune -f

Deleted Containers:
6ba26fef8f0ff7400993cc82e2007ca5df0fd24426b2021d36712d6263fdc1b4
58deadd0fc25664306710383217e6275139927e2342970b0c9bc69dfca049934
af9a3c938a5ebb673d11fe2cf440f8174105c797305f37f9ef95d682ade84417
8261f1c103247fa23a32fc4035b74c15becce36a543ad0be839f14d61d315b2e
015035d657d76a79daa1bea9f7cdb9650c4e25416f26674d160e5cfbef25e2fa
bc663b322a1a3e5cb01a6777f04b0068f824b0b0d7f0166505a318c800fffe21

Deleted Images:
deleted: sha256:c6b9077a0a85fe4d1f477dc0559419811c66149b39b80b5fe922006f0e0c782e

Total reclaimed space: 0B


## First containers

Let's check that docker is installed

In [None]:
!docker version

Let's run our first container:

In [4]:
!docker run ubuntu

That was fast! We can run a `-t`erminal within a container in `-i`nteractive mode with:

In [9]:
!docker run -ti ubuntu

/bin/sh: -c: line 0: syntax error near unexpected token `'apt-get update''
/bin/sh: -c: line 0: `fprintf('apt-get update') | docker run -ti ubuntu'


On Jupyter we can't interact with the container shell. **Let's continue on our machine**

`docker run -ti ubuntu`

Let's now install a package with

`apt-get update && apt-get install figlet`

Let's run 

`figlet hello`

We can exit our container by `Ctrl+D` or 

`exit`

Let's run it again

`docker run -ti ubuntu`

And let's try to run 

`figlet hello`

The command is not installed because this is a fresh container.

## Images and Containers

![container layers](img/container-layers.jpg)

An **image** is a read-only filesystem.

A **container** is an encapsulated set of processes, running in a read-write copy of that filesystem.

`docker run` starts a container from a given image

There are 3 namespaces for images:
* Official (e.g. `ubuntu`)
* User (e.g. `jpetazzo/clock`)
* Self-hosted (e.g. `registry.example.com:5000/my-private/image`)

To see the images present on our host we can run

In [5]:
!docker images

REPOSITORY                                     TAG                                        IMAGE ID            CREATED             SIZE
maerskao.azurecr.io/wondercast                 sv-spark-tests-in-ci-pipeline-ee92866      dc220c8bfed6        2 days ago          5.69GB
maerskao.azurecr.io/wondercast                 sv-spark-tests-in-ci-pipeline-latest       dc220c8bfed6        2 days ago          5.69GB
wondercast                                     sv-spark-tests-in-ci-pipeline-ee92866      dc220c8bfed6        2 days ago          5.69GB
wondercast                                     sv-spark-tests-in-ci-pipeline-latest       dc220c8bfed6        2 days ago          5.69GB
slides                                         latest                                     7112a5f1c019        4 days ago          90.2MB
<none>                                         <none>                                     f965ac424578        4 days ago          90.2MB
<none>                              

## Daemonized containers and logs

Before we ran a container in interactive mode.

Let's now launch one in the background with the flag `-d`aemonized

In [6]:
!docker run -d jpetazzo/clock

bc663b322a1a3e5cb01a6777f04b0068f824b0b0d7f0166505a318c800fffe21


In the output we can see the created container ID

We can list all our running containers with:

In [9]:
!docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
bc663b322a1a        jpetazzo/clock      "/bin/sh -c 'while d…"   4 minutes ago       Up 4 minutes                            lucid_sinoussi


We can stop containers with:

In [8]:
!docker stop 'container_id'

e05


We can see logs with:

In [10]:
!docker logs 'container_id'

Mon Jul 29 09:40:53 UTC 2019
Mon Jul 29 09:40:54 UTC 2019
Mon Jul 29 09:40:55 UTC 2019
Mon Jul 29 09:40:56 UTC 2019
Mon Jul 29 09:40:57 UTC 2019
Mon Jul 29 09:40:58 UTC 2019
Mon Jul 29 09:40:59 UTC 2019
Mon Jul 29 09:41:00 UTC 2019
Mon Jul 29 09:41:01 UTC 2019
Mon Jul 29 09:41:02 UTC 2019
Mon Jul 29 09:41:03 UTC 2019
Mon Jul 29 09:41:04 UTC 2019
Mon Jul 29 09:41:05 UTC 2019
Mon Jul 29 09:41:06 UTC 2019
Mon Jul 29 09:41:07 UTC 2019
Mon Jul 29 09:41:08 UTC 2019
Mon Jul 29 09:41:09 UTC 2019
Mon Jul 29 09:41:10 UTC 2019
Mon Jul 29 09:41:11 UTC 2019
Mon Jul 29 09:41:12 UTC 2019
Mon Jul 29 09:41:13 UTC 2019
Mon Jul 29 09:41:14 UTC 2019
Mon Jul 29 09:41:15 UTC 2019
Mon Jul 29 09:41:16 UTC 2019
Mon Jul 29 09:41:17 UTC 2019
Mon Jul 29 09:41:18 UTC 2019
Mon Jul 29 09:41:19 UTC 2019
Mon Jul 29 09:41:20 UTC 2019
Mon Jul 29 09:41:21 UTC 2019
Mon Jul 29 09:41:22 UTC 2019
Mon Jul 29 09:41:23 UTC 2019
Mon Jul 29 09:41:24 UTC 2019
Mon Jul 29 09:41:25 UTC 2019
Mon Jul 29

We can see the `--tail` of the logs and even `--follow` the output with:

In [12]:
!docker logs --tail 1 --follow 'container_id'

Mon Jul 29 09:47:11 UTC 2019
Mon Jul 29 09:47:13 UTC 2019
Mon Jul 29 09:47:13 UTC 2019
Mon Jul 29 09:47:15 UTC 2019
Mon Jul 29 09:47:16 UTC 2019
Mon Jul 29 09:47:17 UTC 2019
Mon Jul 29 09:47:18 UTC 2019
Mon Jul 29 09:47:19 UTC 2019
Mon Jul 29 09:47:20 UTC 2019
Mon Jul 29 09:47:21 UTC 2019
^C


`docker stop` will exit the containers 'gracefully'.

To force stop, we can:

In [None]:
!docker kill 'container_id'

We can list `-a`ll containers with:

In [16]:
!docker ps -a

CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS                        PORTS               NAMES
bc663b322a1a        jpetazzo/clock             "/bin/sh -c 'while d…"   17 minutes ago      Up 17 minutes                                     lucid_sinoussi
613d2b5537e8        godatadriven/pyspark       "spark-submit --help"    3 days ago          Exited (0) 3 days ago                             vigorous_agnesi
8309f724d410        ubuntu                     "/bin/bash"              3 days ago          Exited (130) 3 days ago                           serene_lamport
6d5f894457a3        ubuntu                     "/bin/bash"              3 days ago          Exited (127) 3 days ago                           modest_cohen
6d2f9cbc3ee8        ubuntu                     "/bin/bash"              3 days ago          Exited (0) 3 days ago                             jolly_franklin
fd64ff253be2        ubuntu                     "/bin/bash"    

And we can restore it with

In [None]:
!docker start 'container_id'

## Dockerfile

We can design a docker image by writing a `Dockerfile`.

Let's replicate what we did before and build a `figlet` image.

In [23]:
%cd figlet_image

/Users/luca/git/containers-workshop/figlet_image


In [70]:
!git checkout -- Dockerfile
!cat Dockerfile

FROM ubuntu
RUN apt-get update
RUN apt-get install figlet

`FROM` indicate the base image

`RUN` executes commands during the Docker build. 

Let's now `build` our image.

The syntax is `docker build 'building_context' -t 'tag_name'`.

In [60]:
!docker build . -t figlet

Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM ubuntu
 ---> 3556258649b2
Step 2/3 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/3 : RUN apt-get install figlet
 ---> Using cache
 ---> 68ef50eee796
Successfully built 68ef50eee796
Successfully tagged figlet:latest


In this case the building context is the directory `figlet_image` and we tagged the built image with `figlet`. 

Each `RUN` command is run in a container. The output of that container is saved in a new image.

Let's run the image on our shell with

`docker run -ti figlet`

and run 

`figlet hello`

If you build the image again it will be instantaneous:

In [27]:
!docker build . -t figlet

Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM ubuntu
 ---> 3556258649b2
Step 2/3 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/3 : RUN apt-get install figlet
 ---> Using cache
 ---> 68ef50eee796
Successfully built 68ef50eee796
Successfully tagged figlet:latest


The intermediate images obtained by running a certain **sequence** are saved in the Docker cache.

If you change a line so slightly in the Dockerfile, the cache will be broken.

## CMD and ENTRYPOINT

We want to print a welcome message when the image is run.

`CMD` defines an **overwritable** default command.

Let's add to our `Dockerfile` the line

`CMD figlet -f script hello`

In [61]:
!echo '\nCMD figlet -f script hello' >> Dockerfile
!cat Dockerfile

FROM ubuntu
RUN apt-get update
RUN apt-get install figlet
CMD figlet -f script hello


Let's build again and run

In [62]:
!docker build . -t figlet
!docker run figlet

Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM ubuntu
 ---> 3556258649b2
Step 2/4 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/4 : RUN apt-get install figlet
 ---> Using cache
 ---> 68ef50eee796
Step 4/4 : CMD figlet -f script hello
 ---> Using cache
 ---> c6b9077a0a85
Successfully built c6b9077a0a85
Successfully tagged figlet:latest
 _          _   _       
| |        | | | |      
| |     _  | | | |  __  
|/ \   |/  |/  |/  /  \_
|   |_/|__/|__/|__/\__/ 
                        
                        


We can override the `CMD` command by specifying a command after we run the image:

In [46]:
!docker run -ti figlet bash

[K]0;root@8261f1c10324: /root@8261f1c10324:/# ^C

]0;root@8261f1c10324: /root@8261f1c10324:/# 

We now want to be able to specify our own string when running the image.

`ENTRYPOINT` specifies a **non-overwritable** base command.

With `CMD` we can define the default parameters.

Let's add the following lines to the `Dockerfile`:

```
ENTRYPOINT ["figlet", "-f", "script"] 

CMD ["hello world"]
```

In [66]:
!echo '\nENTRYPOINT ["figlet", "-f", "script"] \nCMD ["hello world"]' >> Dockerfile
!cat Dockerfile

FROM ubuntu
RUN apt-get update
RUN apt-get install figlet
ENTRYPOINT ["figlet", "-f", "script"] 
CMD ["hello world"]


Only the last `CMD` and `ENTRYPOINT` entries are considered.

In [67]:
!docker build . -t figlet
!docker run figlet Maersk

Sending build context to Docker daemon  2.048kB
Step 1/5 : FROM ubuntu
 ---> 3556258649b2
Step 2/5 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/5 : RUN apt-get install figlet
 ---> Using cache
 ---> 68ef50eee796
Step 4/5 : ENTRYPOINT ["figlet", "-f", "script"]
 ---> Using cache
 ---> 2178b6378066
Step 5/5 : CMD ["hello world"]
 ---> Using cache
 ---> d3fa49b010ff
Successfully built d3fa49b010ff
Successfully tagged figlet:latest
 ,__ __                        _   
/|  |  |                      | |  
 |  |  |   __,   _   ,_    ,  | |  
 |  |  |  /  |  |/  /  |  / \_|/_) 
 |  |  |_/\_/|_/|__/   |_/ \/ | \_/
                                   
                                   


If now we want to `--override` the entrypoint, we can do:

In [69]:
!docker run  -ti --entrypoint bash figlet

[K]0;root@af9a3c938a5e: /root@af9a3c938a5e:/# ^C

]0;root@af9a3c938a5e: /root@af9a3c938a5e:/# 

## Multi-stage builds

We now want to compile a C application and ship the compiled version in a container.

In [71]:
%cd ../c_image

/Users/luca/git/containers-workshop/c_image


In [75]:
!cat hello.c

int main () {
  puts("Hello, world!");
  return 0;
}

In [93]:
!git checkout -- Dockerfile
!cat Dockerfile

FROM ubuntu
RUN apt-get update
RUN apt-get install -y build-essential
COPY hello.c /
RUN make hello
CMD /hello

We use `ubuntu` as base image and we install `build-essential` as it includes a C compiler.

When we do `RUN apt-get install` we specify `-y` to give our consent for dependencies installation since interaction is not permitted.

We copy the source to the container, we compile it and we run the compiled binary.

In [77]:
!docker build . -t hello

Sending build context to Docker daemon  3.072kB
Step 1/6 : FROM ubuntu
 ---> 3556258649b2
Step 2/6 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/6 : RUN apt-get install -y build-essential
 ---> Running in 297c573a934a
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu cpp cpp-7 dirmngr
  dpkg-dev fakeroot g++ g++-7 gcc gcc-7 gcc-7-base gnupg gnupg-l10n
  gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
  libasan4 libasn1-8-heimdal libassuan0 libatomic1 libbinutils libc-dev-bin
  libc6-dev libcc1-0 libcilkrts5 libdpkg-perl libfakeroot
  libfile-fcntllock-perl libgcc-7-dev libgdbm-compat4 libgdbm5 libgomp1
  libgssapi3-heimdal libhcrypto4-heimdal libheimbase1-heimdal
  libheimntlm0-heimdal libhx509-5-heimdal libisl19 libitm1 libkrb5-26-heim

Get:46 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 patch amd64 2.7.6-2ubuntu1.1 [102 kB]
Get:47 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 dpkg-dev all 1.19.0.5ubuntu2.1 [608 kB]
Get:48 http://archive.ubuntu.com/ubuntu bionic/main amd64 build-essential amd64 12.4ubuntu1 [4758 B]
Get:49 http://archive.ubuntu.com/ubuntu bionic/main amd64 libassuan0 amd64 2.5.1-2 [35.0 kB]
Get:50 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 gpgconf amd64 2.2.4-1ubuntu1.2 [123 kB]
Get:51 http://archive.ubuntu.com/ubuntu bionic/main amd64 libksba8 amd64 1.3.5-2 [92.6 kB]
Get:52 http://archive.ubuntu.com/ubuntu bionic/main amd64 libroken18-heimdal amd64 7.5.0+dfsg-1 [41.3 kB]
Get:53 http://archive.ubuntu.com/ubuntu bionic/main amd64 libasn1-8-heimdal amd64 7.5.0+dfsg-1 [175 kB]
Get:54 http://archive.ubuntu.com/ubuntu bionic/main amd64 libheimbase1-heimdal amd64 7.5.0+dfsg-1 [29.3 kB]
Get:55 http://archive.ubuntu.com/ubuntu bionic/main amd64 libhcrypto4-heimdal amd

Selecting previously unselected package cpp.
Preparing to unpack .../25-cpp_4%3a7.4.0-1ubuntu2.3_amd64.deb ...
Unpacking cpp (4:7.4.0-1ubuntu2.3) ...
Selecting previously unselected package libcc1-0:amd64.
Preparing to unpack .../26-libcc1-0_8.3.0-6ubuntu1~18.04.1_amd64.deb ...
Unpacking libcc1-0:amd64 (8.3.0-6ubuntu1~18.04.1) ...
Selecting previously unselected package libgomp1:amd64.
Preparing to unpack .../27-libgomp1_8.3.0-6ubuntu1~18.04.1_amd64.deb ...
Unpacking libgomp1:amd64 (8.3.0-6ubuntu1~18.04.1) ...
Selecting previously unselected package libitm1:amd64.
Preparing to unpack .../28-libitm1_8.3.0-6ubuntu1~18.04.1_amd64.deb ...
Unpacking libitm1:amd64 (8.3.0-6ubuntu1~18.04.1) ...
Selecting previously unselected package libatomic1:amd64.
Preparing to unpack .../29-libatomic1_8.3.0-6ubuntu1~18.04.1_amd64.deb ...
Unpacking libatomic1:amd64 (8.3.0-6ubuntu1~18.04.1) ...
Selecting previously unselected package libasan4:amd64.
Preparing to unpack .../30-libasan4_7.4.0-1ubuntu1~18.04.1_

Selecting previously unselected package gpg-wks-client.
Preparing to unpack .../73-gpg-wks-client_2.2.4-1ubuntu1.2_amd64.deb ...
Unpacking gpg-wks-client (2.2.4-1ubuntu1.2) ...
Selecting previously unselected package gpg-wks-server.
Preparing to unpack .../74-gpg-wks-server_2.2.4-1ubuntu1.2_amd64.deb ...
Unpacking gpg-wks-server (2.2.4-1ubuntu1.2) ...
Selecting previously unselected package gpgsm.
Preparing to unpack .../75-gpgsm_2.2.4-1ubuntu1.2_amd64.deb ...
Unpacking gpgsm (2.2.4-1ubuntu1.2) ...
Selecting previously unselected package gnupg.
Preparing to unpack .../76-gnupg_2.2.4-1ubuntu1.2_amd64.deb ...
Unpacking gnupg (2.2.4-1ubuntu1.2) ...
Selecting previously unselected package libalgorithm-diff-perl.
Preparing to unpack .../77-libalgorithm-diff-perl_1.19.03-1_all.deb ...
Unpacking libalgorithm-diff-perl (1.19.03-1) ...
Selecting previously unselected package libalgorithm-diff-xs-perl.
Preparing to unpack .../78-libalgorithm-diff-xs-perl_0.04-5_amd64.deb ...
Unpacking libalgorit

Setting up libkrb5-26-heimdal:amd64 (7.5.0+dfsg-1) ...
Setting up libheimntlm0-heimdal:amd64 (7.5.0+dfsg-1) ...
Setting up gpg (2.2.4-1ubuntu1.2) ...
Setting up binutils-x86-64-linux-gnu (2.30-21ubuntu1~18.04.2) ...
Setting up cpp (4:7.4.0-1ubuntu2.3) ...
Setting up gpg-agent (2.2.4-1ubuntu1.2) ...
Setting up gpg-wks-server (2.2.4-1ubuntu1.2) ...
Setting up perl (5.26.1-6ubuntu0.3) ...
Setting up libfile-fcntllock-perl (0.22-3build2) ...
Setting up libalgorithm-diff-perl (1.19.03-1) ...
Setting up binutils (2.30-21ubuntu1~18.04.2) ...
Setting up libgssapi3-heimdal:amd64 (7.5.0+dfsg-1) ...
Setting up gcc-7 (7.4.0-1ubuntu1~18.04.1) ...
Setting up g++-7 (7.4.0-1ubuntu1~18.04.1) ...
Setting up libdpkg-perl (1.19.0.5ubuntu2.1) ...
Setting up gcc (4:7.4.0-1ubuntu2.3) ...
Setting up libalgorithm-merge-perl (0.08-3) ...
Setting up dpkg-dev (1.19.0.5ubuntu2.1) ...
Setting up libalgorithm-diff-xs-perl (0.04-5) ...
Setting up libldap-2.4-2:amd64 (2.4.45+dfsg-1ubuntu1.2) ...
Setting up g++ (4:7.4.

In [78]:
!docker run hello

Hello, world!


In the resulting image we have:
* Binary
* Source code
* Compiler

We actually need to ship only the first one. 

We can't just append `RUN make clean` or `RUN apt-get remove` because they would only be added as further layers, **not reducing image size**.

One solution to this is **collapsing layers**. We could write:
```
FROM ubuntu
RUN apt-get update \
 && apt-get install xxx \
 && ... \
 && apt-get remove xxx \
 && ...
 ```
This would result in one unique layer, not increasing image size.

Cons:
* Not very readable
* Expensive layer
* Some files might remain if cleanup is not thorough

A better solution is using multi-stage build. 
We can add another `FROM` to create a new stage.
We can `COPY` files from one stage to the other.

In [94]:
!echo '\nFROM ubuntu\
\nCOPY --from=0 /hello /hello\
\nCMD /hello' >> Dockerfile
!cat Dockerfile

FROM ubuntu
RUN apt-get update
RUN apt-get install -y build-essential
COPY hello.c /
RUN make hello
CMD /hello
FROM ubuntu 
COPY --from=0 /hello /hello 
CMD /hello


We can also name the stages with e.g. `FROM ubuntu as compiler`.

We can refer to it later with `COPY --from=compiler`.

Let's build the image with a new tag and compare image sizes.

In [97]:
!docker build . -t hello:multistage
!docker run hello:multistage

Sending build context to Docker daemon  3.072kB
Step 1/9 : FROM ubuntu
 ---> 3556258649b2
Step 2/9 : RUN apt-get update
 ---> Using cache
 ---> 8a0c8ffe9755
Step 3/9 : RUN apt-get install -y build-essential
 ---> Using cache
 ---> d3e61e8b947d
Step 4/9 : COPY hello.c /
 ---> Using cache
 ---> 843f3a355587
Step 5/9 : RUN make hello
 ---> Using cache
 ---> 79446449e57e
Step 6/9 : CMD /hello
 ---> Using cache
 ---> e2b964d1eb78
Step 7/9 : FROM ubuntu
 ---> 3556258649b2
Step 8/9 : COPY --from=0 /hello /hello
 ---> Using cache
 ---> 8ce723db3f20
Step 9/9 : CMD /hello
 ---> Using cache
 ---> 6b028ad316d0
Successfully built 6b028ad316d0
Successfully tagged hello:multistage
Hello, world!


In [103]:
!docker images hello

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello               multistage          6b028ad316d0        2 minutes ago       64.2MB
hello               latest              e2b964d1eb78        31 minutes ago      296MB


In [104]:
!docker images ubuntu

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              latest              3556258649b2        5 days ago          64.2MB


## Efficient Dockerfiles: dependencies and unit tests

```
FROM python
WORKDIR /src
COPY . .
RUN pip install -qr requirements.txt
EXPOSE 5000
CMD ["python", "app.py"]
```

Using this `Dockerfile`, dependencies are installed every time.

```
FROM python
COPY requirements.txt /tmp/requirements.txt
RUN pip install -qr /tmp/requirements.txt
WORKDIR /src
COPY . .
EXPOSE 5000
CMD ["python", "app.py"]
```

This stores an image in cache with dependencies installed and only runs the python script.

When a change in `requirements.txt` is detected, the cache is broken and new dependencies are installed.

We can apply the same concept with unit tests:

```
FROM <baseimage>
RUN <install dependencies>
COPY <code>
RUN <build code>
RUN <install test dependencies>
COPY <test data sets and fixtures>
RUN <unit tests>
FROM <baseimage>
RUN <install dependencies>
COPY <code>
RUN <build code>
CMD, EXPOSE ...
```

If `RUN <unit tests>` fails, it will not build the image. If it succeeds, it will ship a clean image without test data and libraries.

## Networking

We want to run a web server in a container and access it from our host.

In [None]:
!docker run -d -P nginx

`-P` stands for Publish and will expose the web server.

To see where it is running we can:

In [106]:
!docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                   NAMES
58deadd0fc25        nginx               "nginx -g 'daemon of…"   4 minutes ago       Up 4 minutes        0.0.0.0:32771->80/tcp   tender_yalow
af9a3c938a5e        figlet              "bash"                   About an hour ago   Up About an hour                            nervous_franklin
8261f1c10324        c6b9077a0a85        "bash"                   2 hours ago         Up 2 hours                                  wonderful_cocks
015035d657d7        68ef50eee796        "/bin/bash"              3 hours ago         Up 3 hours                                  dazzling_wescoff
bc663b322a1a        jpetazzo/clock      "/bin/sh -c 'while d…"   4 hours ago         Up 4 hours                                  lucid_sinoussi


The web server runs on port 80 inside the container and is mapped on port 32771 on our host.

We can access the web server by accessing http://localhost:32771.

We can specify the mapping of ports ourselves.

In [107]:
!docker run -d -p 30123:80 nginx

6ba26fef8f0ff7400993cc82e2007ca5df0fd24426b2021d36712d6263fdc1b4


In [108]:
!curl localhost:30123

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


### Virtual networks

We now want to run an app which requires two containers connected to the same network.

<img src="img/networking.png" alt="Networking" style="width: 800px;"/>

In [112]:
!docker network create dev

0af32ab638020d23df32efe72accfd75a24492b25114dff3765e06ef2bfb7448


Let's run a simple Flask Python web server (https://github.com/jpetazzo/trainingwheels/blob/master/www/Dockerfile) which counts the number of received requests.

The requests are stored in a redis database.

In [113]:
!docker run --net dev -d -P jpetazzo/trainingwheels

Unable to find image 'jpetazzo/trainingwheels:latest' locally
latest: Pulling from jpetazzo/trainingwheels

[1Bada9c7bb: Pulling fs layer 
[1B7faec825: Pulling fs layer 
[1B419a96b1: Pulling fs layer 
[1B51e26e75: Pulling fs layer 
[1B5374cd04: Pulling fs layer 
[1B5f770184: Pulling fs layer 
[1B2f2c6005: Pulling fs layer 
[1B20185d1e: Pulling fs layer 
[1B35822e4d: Pulling fs layer 
[1Bfcdac342: Pulling fs layer 
[1B50465967: Pulling fs layer 
[1B0d20abd2: Pulling fs layer 


[1BDigest: sha256:43e6fea8c035e881bfaa46667c687d5a91e397b5d9f9104479f2362305f86bbcA[1K[K[12A[1K[K[11A[1K[K[11A[1K[K[13A[1K[K[11A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[11A[1K[K[12A[1K[K[11A[1K[K[11A[1K[K[13A[1K[K[11A[1K[K[11A[1K[K[13A[1K[K[13A[1K[K[12A[1K[K[12A[1K[K[13A[1K[K[12A[1K[K[13A[1K[K[12A[1K[K[13A[1K[K[13A[1K[K[10A[1K[K[12A[1K[K[13A[1K[K[10A[1K[K[10A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[10A[1K[K[13A[1K[K[12A[1K[K[12A[1K[K[12A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[13A[1K[K[12A[1K[K[10A[1K[K[12A[1K[K[12A[1K[K[10A[1K[K[10A[1K[K[12A[1K[K[10A[1K[K[12A[1K

Let's see status of the `-l`ast container started:

In [114]:
!docker ps -l

CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS              PORTS                     NAMES
7dbde7ebedb9        jpetazzo/trainingwheels   "/bin/sh -c 'gunicor…"   30 seconds ago      Up 28 seconds       0.0.0.0:32772->5000/tcp   elastic_turing


We can see the webapp at http://localhost:32772.

The error message says that the `redis` service is unknown.

Let's start a `redis` database connected to the same network.

In [121]:
!docker run --net dev --net-alias redis -d redis

9440b6f166e98bafadcf3c48f572e848057add6b4ff6a6fbed1e412efb6498d0


In the `counter.py` script (https://github.com/jpetazzo/trainingwheels/blob/master/www/counter.py) the database is referenced with a generic `redis`.

### Ambassador design pattern

<img src="img/ambassador.png" alt="Ambassador" style="width: 800px;"/>

DB ambassador:
- The database container is moved (or a failover happens). Its new location will be tracked by the ambassador container and the web application container will still be able to connect, without reconfiguration.
- The web application code does not have credentials. They are passed to the ambassador to perform authentication before forwarding traffic to the DB container

Web host ambassador:
- (When running multiple web containers) Run a load balancer and dispatch requests across all backends

## Volumes

We want to deploy an application in a container, change the source files and see the changes.

## Docker Compose

You can se environment variables e.g. `DEBUG: 1`