Containers

Learning outcomes:

• Able to describe the advantages and disadvantages of containers such as Docker
• Able to identify describe the reasons we might use a container and then implement one
• Able to implement and use container management software such as Kubernetes (K8)

Would you like to download my PowerPoint to follow along?

• What is a container?
• Virtual isolated place on your machine
• Every time you use Google (Gmail, search, etc) You are using a container
• Example: Think of shipping, standardized containers to ship goods makes transport easier and cheaper. In this case you don't ship the OS & the software, you only need to ship the code and the dependencies
• Why use containers?
• Developers will use them to know their software will run regardless of where it's sent.
• Microservices (Instead of a monolithic application) break applications into small parts so many teams can easily work on pieces of a whole project and then put them together quickly
• Guaranteed reproducibility because you have your container already set up to spec
• Isolation, by keeping your applications separated (Database, web server, front end etc.) you can save yourself from conflicts and dependency issues
• Repository gives us well maintained containers pre-made for us to use
• Easily disposable and quick to boot and stop, in case something goes wrong, containers are cheap and not resource heavy to make and discard
• Container vs Virtual machine
• Containers virtualize the OS
• Virtual Machines virtualize the hardware
• Container options and some data
• Docker is the most popular with 81% of the market
• Currently Docker is used a lot when talking about containers in general. Think Tissue vs Kleenex, or Band-aid vs plaster or Xerox vs Copy
• Kubernetes with 13% market share
• CoreOS, Apache Mesos, VMWare Tanzu and others have less then 2% market share per technology
• Official Kubernetes Page
• Official Docker Page
• Red Hat on Containers
• Container image management options
• Container Registry is a service to hold and distribute container images
• Can be public, private or third party
• Examples include Docker Hub, AWS container registry, Google Container Registry, or self-hosted
• Container repository is a collection of related images with the same name and different tags (Providing different versions of an application)
• Example: Docker Hub is one of the largest
• Example: Docker Hub Repository for Python Official Image
• Example: Docker Hub repository for Apache Official Image
• Docker
• What is Docker?
• Container Software
• A way to run applications, technically open source but moving more closed
• Everything is considered encapsulated (stay in their own area)
• Docker for Beginners
• How to Use Docker for pre-built containers
• Install Docker on Linux box
• Run command to start container build
• Usually looks like this:
When you enter your command it will look like this:
• Example: More detail on Docker with examples from my Smart Home project
• Example: Intro to Docker from hackaday
• Docker Engine vs Docker Desktop
• Docker Engine - Create an run pieces of docker to create containers
• Docker Desktop - GUI options and interacts with containers for windows people
• Container Management software
• This is when you organize, add or replace large numbers of containers. Also referred to as container orchestration engines
• Useful for scheduling functions, distributing containers among pooled resources, easy health checks, load balancing and high availability
• Examples:
• Kubernetes
• Docker Swarm (Popular because it's native to docker. YAML based deployment. Doesn't do load balancing or auto-scaling by itself)
• Mesosphere (Distributed Approach. Uses multiple masters and uses Zookeeper to keep track of the cluster. Highly scalable (tens of thousands of nodes) used by Twitter, Yelp and eBay)
• Kubernetes vs Docker Swarm
• Kubernetes Basics
• Also referred to as K8
• Open source
• Started by Google, Still used as it's Container as a Service (CaaS). Used and developed by them because of their production use of containers.
• Runs some of the largest software services by scale.
• Currently the most popular option.
• YAML based deployment.
• Users include Google, Spotify, Bose, CapitalOne, Comcast, ebay, IBM, Pinterest, Pokemon Go, Spotify, Squarespace and more
• Tutorials from VWare
• Example: More detail on Kubernetes with examples from my Smart Home project
• What is Kubernetes and why do we use it
• What is Kubernetes?
• Think of Kubernetes like a magic Robot that helps us build the boxes, so instead of building the boxes ourselves (Docker) we ask the robot to build it for us. The Magic robot also helps us manage our little boxes. I like to call the Robot Mechi :)
• The Children's Illustrated Guide to Kubernetes
• What is Yaml?
• Human Readable data-serialization Language
• YAML ain't Markup Language
• YAML is used to write the recipes the magic robot follows to make our boxes.
• How is this different then Docker?
• If Docker allows us to build little boxes, Kubernetes is a magic robot that builds boxes based on recipes we give it instead of doing it ourselves.
• Kubernetes Vocab
• Nodes - Computer we're running Kubernetes on
• Control Plane - How we manage the boxes
• Pods - Wrapper around the box
• Namespace - A way to isolate groups, resources must be uniquely named within a namespace but not everywhere
• Think of Kubernetes like a magic robot building boxes for us using recipes (written in yaml). The name of the ship the robot is using is the namespace, the boxes piled on the ship are the containers that have our items (servers), the pods is the wrapper around our item to protect it, and the control plane is how we can manage our little boxes on the ship as it floats
• Kubectl
• What is Kubectl
• A way to interact with the Kubernetes cluster from any computer
• Can be run on your local machine to talk to Kubernetes (Mechi) on a server elsewhere.
• Allows us to interact with the little boxes we've created
• How to use it
• Install on your machine
• Create a folder on your machine and go to it, this is where your files will live
• If you haven't already made a namespace that's first, then we create the boxes in the namespace
• Then we apply the yaml files, which is like saying "Mechi please go make this box from this recipe for me, thank you."
• More detail on Kubectl with examples from my Smart Home project
• Kubernetes Vulnerabilities
• Increased attack service, each container might have different vulnerabilities to exploit.
• Because Kubernetes can be difficult to configure right, it's easy to leave holes
• Services like Shodan make it easy to find places to attack. For example, port 2379 is indexed by Shodan, etcd which Kubernetes uses as it's cluster database listens on port 2379
• Tesla exposed part of the dashboard for their main Kubernetes API to the internet without authentication by accident
• Found a bug? Report it! Open Source and willing to update, more information on Kubernetes and Security can be found HERE
• Official CVE feed for Kubernetes
• A compromised container = compromised cluster. It's turtles all the way down

Suggested Activities and Discussion Topics:

• Run through this tutorial on one of your servers
• Go through this tutorial for Kubernetes Basics.
• Complete the lab that is found on This PDF Make sure you are paying careful attention to the requirements.

Would you like to see some more classes? Click here