Mount 2048

Docker Image
2048

Source code
https://github/l0rd/containerspatterns/MS/

Run command

docker run -p 8080:80 \
           -v $(pwd):/usr/local/apache2/htdocs/ \
           httpd

Mount Sources

Mount Sources

• Development and Runtime Pattern
• Source folder is bind mounted when running the container
• Pattern particularly suited for dynamic languages
• Not recommended for production
• No need to rebuild or restart container when sources are updated
• Build tools are included in the image
• The same image can be used to compile and run the application

Dockerize maven

Docker Image
maven:3.3.3-jdk-8

Source code
https://github/l0rd/containerspatterns/DYT

Run command

# Make the alias of the dockerized tool
alias mvn="docker run \
   -v $(pwd):/usr/src \
   -v ~/.m2:/root/.m2 \
   -w /usr/src  \
   maven:3.3.3-jdk-8 \
   mvn"
# Run the tool
mvn -version

Dockerize Your Tools

Dockerize Your Tools

• Development pattern
• A tool is packaged and distributed as a Docker image
• Allow to run multiple versions of the same tool
• The tool version and installation is described in a Dockerfile
• Files can be shared between the container and the host with volumes
• alias command can be used to make it easier to run

Start an app and its DB with a single docker run

Docker Image
containerslanguages/rust-launcher

Source code
https://github/l0rd/containerspatterns/CL

Run command

docker run -v $(pwd):/src/ \
        -v /var/run/docker.sock:/var/run/docker.sock \
        containerslanguages/rust-launcher

Containers Launcher

Containers Launcher

Containers Launcher

Containers Launcher

• Runtime Pattern
• The Docker socket is bind mounted when the container is started
• Use to compose multiple containers without Docker compose or similar

Get host info from a container

Docker Image
alpine

Source code
https://github/l0rd/containerspatterns/HS

Run command

docker run --net=host                               \
           -v /:/hostfs/                            \
           --pid=host                               \
           --uts=host                               \
           --ipc=host                               \
           -v $(pwd):/src/                          \
           alpine sh -c ". /src/print_host_info.sh"

Host Spoofing

Host Spoofing

• Runtime Pattern
• Run commands inside a container to inspect or alter the Docker host
• Access to host network, filesystem, processes, users etc...
• Break container isolation
• Won't work when security hardening the Docker install

Multi-stage build to package a Java App

Docker Images

• maven:3.5-jdk-8 (build)
• openjdk:8-jre (run)

Source code
https://github/l0rd/containerspatterns/S2I

Build command

docker build -t s2i .

Run command

docker run -t --rm s2i

Source To Image

Source To Image

• One unique Dockerfile for build and run
• Build tools are not in the final image
• Existed since a long time in OpenShift, recently integrated in Docker (17.05)
• Combine 2 patterns (Copy Source and Copy Executable)
• Suited for static programming languages
• Allow to use the Docker Hub as a CI platform

SC for PID and FS

Docker Images httpd and ubuntu

Source code
https://github/l0rd/containerspatterns/SC

Run command

# Run apache httpd in the background
cid=$(docker run -dit -p 8080:80 \
      -v /usr/local/apache2/htdocs/ httpd:2.4)
# Run a sidecar container that updates index.html
docker run --volumes-from ${cid} -ti --rm ubuntu \
sh -c "echo I am the sidecar >> /usr/local/apache2/htdocs/index.html"
# Run a sidecar container that shares the same PID namespace
docker run --pid=container:${cid} -ti --rm ubuntu \
    bash -c "echo -n pid 1 is \$(ps -p 1 -o comm=), killing it...;
            kill 1;
            echo done."

Sidecar Container

Sidecar Container

• Provide extra functionalities to a running container
• Popular for serverless architectures
• Not all namespace are sharable (e.g. userns/uts/filesystem)

Copy Sources

• development pattern
• Sources are copied inside the image
• Simplest development pattern
• A new image should be built for every code change
• Build tools are included in the image
• Usually a different image is used to run the application

Copy 2048

Docker Image
2048

Source code
https://github/l0rd/containerspatterns/CS/

Build and run commands

docker build -t 2048  .
docker run -d -p 8080:80 2048

Dockerize Your Tools

• Development pattern
• A tool is packaged and distributed as a Docker image
• Allow to run multiple versions of the same tool
• The tool version and installation is described in a Dockerfile
• Files can be shared between the container and the host with volumes
• alias command can be used to make it easier to run

Dockerize maven

Docker Image
maven:3.3.3-jdk-8

Source code
https://github/l0rd/containerspatterns/DYT

Run command

# Make the alias of the dockerized tool
alias mvn="docker run \
   -v $(pwd):/usr/src \
   -v ~/.m2:/root/.m2 \
   -w /usr/src  \
   maven:3.3.3-jdk-8 \
   mvn"
# Run the tool
mvn -version

Docker Socket Mount

• Runtime Pattern
• The Docker socket is bind mounted when the container is started
• Allow to manage containers from another container
• Usages:
  • Container monitoring tools
  • CI/CD tools
  • Containers launchers

Docker Socket Mount

Docker Image
containerslanguages/golang

Source code
https://github/l0rd/containerspatterns/DSM

Run command

docker run -v /var/run/docker.sock:/var/run/docker.sock \
        containerslanguages/golang

Build From Scratch

• Distribution and Runtime Pattern
• The base image is the smallest possible: Scratch
• Use to make ridiculously small images
• Works well with statically linked applications (Go, Rust, C etc...)

Go HTTP server built from scratch

Docker Image
emilevauge/tictac

Source code
https://github/emilevauge/tictac/

Run command

docker build -t tictac .
# Compare tictac binary size with tictac docker image size

ENTRYPOINT and CMD Combined

• Runtime Pattern
• Instructions ENTRYPOINT and CMD are used together
• ENTRYPOINT is the fixed part of the command
• CMD is the variable part (usually the parameters)

Asciiart generator with ENTRYPOINT and CMD

Docker Image
ecc

Source code
https://github/l0rd/containerspatterns/ECC

Run command

docker run -ti --rm ecc
docker run -ti --rm ecc -f lean docker

Exec Form ENTRYPOINT

• Runtime Pattern
• JSON is used to define the command and its parameters
• It's the alternative to the Shell Form (/bin/sh -c on Linux or cmd /S /C on Windows)
• No varialbe substitution and the command is PID 1
• Unix signals are notified directly to the program (not the shell)

Exec and Shell form compared

Docker Image
httpd

Source code
https://github/l0rd/containerspatterns/EFE/

Build and Run commands

docker build -t httpd-exec -f Dockerfile.exec .
docker build -t httpd-shell -f Dockerfile.shell .
docker run -i -P --rm httpd-exec
# Stop it using ^C
docker run -i -P --rm httpd-shell
# (Try to) stop it using ^C

ONBUILD Images

• Development pattern
• Build behaviour inherited from base image
• Avoid duplicate code in Dockerfiles
• Can make Dockerfile difficult to read

Build a Java app with ONBUILD

Docker Image
obi-java

Source code
https://github/l0rd/containerspatterns/OBI

Build/Run commands

docker build -t obi-java .
docker run --rm obi-java

Dependencies First Dockerfile

• Development pattern
• Dependencies should not be fetched at every change in source code
• In Dockerfile dependency list should be copied before source code

Packaging a python application with Docker

Docker Image dfd

Source code
https://github/l0rd/containerspatterns/dfd
https://github/polyfunc/flask-todolist

Build command

docker build -t dfd .
docker build -t dfd-orig -f Dockerfile.orig .
touch onefile
docker build -t dfd .
docker build -t dfd-orig -f Dockerfile.orig .