CS代考 2

2
Cloud Computing INFS3208
Updates: On-Campus Teaching&Learning
• Carry a mask with you at all times.
• Masks must be worn – indoors* even when physical distancing is possible (unless alone) and outdoors if you cannot physically distance from others. This includes libraries, retail outlets, buses, work spaces and research and teaching environments. Masks can be removed while eating or drinking.
• Observe physical distancing of 1.5m to the extent possible and check-in to all buildings using the Check In QLD codes.
CRICOS code 00025B 2
17/08/2021
2

3
Cloud Computing INFS3208
Re-cap Lectures 3
• Networking and Virtual Private Cloud
• Load Balancing
– What & Why Load Balancing
– Algorithms
– LB in Cloud Architecture
– LB in Distributed Systems
– LB in Network Communications
– LB in Cloud Product
CRICOS code 00025B 3
17/08/2021
3

4
Cloud Computing INFS3208
Outline
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Layer architecture
– Containers
– Registry
• Docker Commands
• Containerisation and Dockerfile
– Dokcerfile instructions
CRICOS code 00025B 4
17/08/2021
4

Cloud Computing INFS3208
Revisit: Virtual Machines (VMs)
• A virtual machine (VM) is an emulation of a computer system.
• Virtual machines are based on computer architectures and provide functionality of a physical computer: software, specialised hardware, or a combination.
• System virtual machines: provide a substitute for a real machine.
• Process virtual machines
– are designed to execute computer programs in a platform-independent environment.
– provide a high-level abstraction (a high-level programming language abstraction)
Application Middle-ware JVM OS Hardware
– Example: Java virtual machine (JVM)
https://blog.netapp.com/blogs/containers-vs-vms/ https://en.wikipedia.org/wiki/Virtual_machine
5
CRICOS code 00025B
5
17/08/2021
5

6
Cloud Computing INFS3208
Virtual Machines (VM)
• VM could simulate almost anything:
– Hardware (vCPU, vRAM, vHDisk, vGPU, vNetwork, etc.)
– Software (Operating System: Ubuntu, CentOS, Windows Server)
• But…
– Each VM requires its own dedicated OS; Extra hardware and software
overhead
– Performance of VM is not very satisfied (slow to boot up)
– Migration between physical servers is not always smooth.
App 1
Bins/Libs
CRICOS code 00025B 6
App 2
Bins/Libs
17/08/2021
App 3
Bins/Libs
Guest OS
Guest OS
Hypervisor
Guest OS
Host OS
Infrastructure
6
Virtual Machines

Can we run containers on the host that do not share the same kernel?
Containers
• Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they actually run.
• Completely isolated environments: services, network interfaces, mounts
• Multiple containers running atop the OS kernel directly – far more lightweight:
– share the OS kernel
– start much faster (in seconds)
– use a fraction of the memory (compared to booting an entire OS)
– one physical machine/server can run much more containers than VMs
17/08/2021
Cloud Computing INFS3208
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Guest OS
Guest OS
Guest OS
Hypervisor
Host OS
Infrastructure
https://cloud.google.com/containers/ https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers
7
CRICOS code 00025B 7
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Container Runtime
Host OS
Infrastructure
7
Containers Virtual Machines

Container

• •
Before container:
– Chroot system call in 1979 and FreeBSD jails in 2000.
– Cgroups (2006, 2007) and namespaces (2002)
– Linux Containers (LXC) in 2008
Containers virtualise at the operating system level Containerisation provides a clean separation of concerns:
– developers focus on their application logic and dependencies
– IT operations teams focus on deployment and management without bothering with application details (e.g. specific software versions and apps configurations).
https://www.redhat.com/en/blog/history-containers
https://cloud.google.com/containers/
8
17/08/2021
Cloud Computing INFS3208
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Guest OS
Guest OS
Guest OS
Hypervisor
Host OS
Infrastructure
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Container Runtime
Host OS
Infrastructure
CRICOS code 00025B 8
8
Containers Virtual Machines

17/08/2021
Cloud Computing INFS3208
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Guest OS
Guest OS
Guest OS
Hypervisor
Host OS
Infrastructure
Why Containers?
• Run Anywhere:

Containers are able to run virtually anywhere, greatly easing development
and deployment:
 on Linux, Windows, and Mac operating systems;  on virtual machines;
 on a developer’s machine;
 in data centres on-premises;
 in the public cloud.
• Isolation:
9

Containers virtualise hardware at the OS-level:  CPU,
 memory, storage,
 network resources.
– https://cloud.google.com/containers/
Containers provide developers with a sandboxed view of the OS logically isolated from other applications.
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Container Runtime
Host OS
Infrastructure
CRICOS code 00025B 9
9
Containers Virtual Machines

17/08/2021
Cloud Computing INFS3208
App 1
App 2
App 3
Bins/Libs
Bins/Libs
Bins/Libs
Guest OS
Guest OS
Guest OS
Hypervisor
Host OS
Infrastructure
Containers vs. Virtual Machines
Features
Containers
Virtual Machines
Start-time
In seconds
In minutes
Disk Size
Normally in MB
GB
Efficiency
Fast (close to native)
Very slow
Runnable instances (on one physical server)
More than 1k
Normally 10+
https://cloud.google.com/containers/
10
CRICOS code 00025B 10
App 1
Bins/Libs
App 2
Bins/Libs
App 3
Bins/Libs
Container Runtime
Host OS
Infrastructure
10
Containers Virtual Machines

11
Cloud Computing INFS3208
Outline
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Layer architecture
– Containers
– Registry
• Docker Commands
• Containerisation and Dockerfile
– Dokcerfile instructions
CRICOS code 00025B 11
17/08/2021
11

Cloud Computing INFS3208
What is a “Docker”?
17/08/2021
https://en.wikipedia.org/wiki/Stevedore
12
stevedore (/ˈstiːvɪˌdɔːr/), longshoreman, docker, or dockworker
CRICOS code 00025B 12
12

Cloud Computing INFS3208
What is a “Docker”
• Cargo can be quickly packed at source of production
• Cargo can be quickly shipped from A to B
• Cargo can be quickly unpacked at destination
• Cargo is what it is after shipping
https://en.wikipedia.org/wiki/Stevedore
13
CRICOS code 00025B 13
17/08/2021
13

Cloud Computing INFS3208
Modern Development Practices – DevOps
Continuous Integration
plan code build test release deploy
operate
17/08/2021
Continuous Delivery
Continuous Deployment
• Continuous Integration (CI): automated testing
• Continuous Delivery (CD): automated release
• Continuous Deployment: fully automated
14
CRICOS code 00025B
14
14

Cloud Computing INFS3208
What is Docker
• Docker is
– a job (literally),
– a company providing solutions to containerisation (Google’s LXD),
– a new implementation of container technologies.
• Some definitions:
– Docker is a container image that is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings.
– Docker is an open platform for developing, shipping, and running applications (official documentation). Simply, Docker is a tool deploy applications in a sandbox (called containers) to run on the host operating system i.e. Linux, Windows, Mac OSX, etc.
https://thenewstack.io/solomon-hykes-departs-from- docker/
Docker founders , ,
15
17/08/2021
https://www.docker.com/what-container
https://en.wikipedia.org/wiki/Docker_(software)
15
CRICOS code 00025B
15

16
Cloud Computing INFS3208
Outline
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Containers
– Registry
– Layer architecture
• Docker Commands
• Containerisation and Dockerfile
– Dokcerfile instructions
CRICOS code 00025B 16
17/08/2021
16

Cloud Computing INFS3208
Basic Concepts – Docker Image
• Docker image is an object that contains
– an OS filesystem
– and one or more applications
• An image is a template that is readable only to build a container.
• An image is based on another image (base image) with some
additional customisation
– Example: an image that contains a complete ubuntu 18.04 (LTS) operating system and apache web server
• Docker provides a very good mechanism to build images and can even pull the existing images.
• There are heaps of resources on Docker Hub.
• Many software is released as Docker images, instead of software packages.
https://cloud.google.com/containers/
17
CRICOS code 00025B 17
17/08/2021
17

17/08/2021
Cloud Computing INFS3208
Images and Layers
Writable Overlay Read Only
• With Union FS (Union Filesystems), Docker is designed as a layer-wise architecture.
• Union FS: create a union of (1) a list of lower directories – read only (2) upper directory – reads and writes
• Each image will not be changed (read-only) after it has been constructed – lower directories.
• Layer-wise architecture makes reuse and customization of images much easier.
– Construct a new image based on the existing images by adding new layers on top of the current layers.
– E.g. Ubuntu + Python + security patch
https://docs.docker.com/storage/storagedriver/
https://blog.netapp.com/blogs/containers-vs-vms/
18
CRICOS code 00025B 18
18

Cloud Computing INFS3208
Copy-on-write Strategy: Example of Updating Files
• Copy-on-write is a strategy of sharing and copying files for maximum efficiency.
• Example: after constructing two layers, three files in Layer 1 and three files in Layer 2. • What will happen if we want to update “File 5” in Layer 2
17/08/2021
https://docs.docker.com/storage/storagedriver/#the-copy-on-write-cow-strategy
19
CRICOS code 00025B 19
19

Cloud Computing INFS3208
Copy-on-write Strategy: Example of Updating Files
• “File 7” in layer 3 is an updated version of “File 5”
• Due to read-only property of each layer, “File 5” is still stored in the image.
• “File 5” is updated as a new layer added into the image.
• Good practice:
– only add required files or apps in the current layer
– Temporary or redundant files must be removed from the current layer before constructing the next layer
– Very important when writing dockerfiles.
20
CRICOS code 00025B 20
17/08/2021
20

Cloud Computing INFS3208
Basic Concepts – Container
– – – –
Independent namespace
 E.g. variable $JAVA_HOME in Container A is different from $JAVE_HOME in Container B
Independent root filesystem
 E.g. /usr/local in Container A is different from /user/local in Container B
Independent networks
 E.g. 192.168.0.1 in Container A is different from 192.168.0.1 in Container B
Independent user space
 E.g. user “John” in Container A is different from “John” in Container B, even user root is different.
17/08/2021
• •
Container: a running instance of an image
– Class vs Instances (in Objective Oriented Programming)
– E.g. House Blueprints vs House
Container is a running process
https://stackoverflow.com/questions/2885385/what-is-the-difference-between-an-instance-and-an-object
21
CRICOS code 00025B 21
21

Cloud Computing INFS3208
can we keep images private in the public registry?
Basic Concepts – Docker Registry
• After releases of docker images, a registry is needed to store and manage images for sharing.
• Docker images are stored in a Docker registry:
– Public Docker registry: Docker Hub and Google Container Registry
– Private Docker registry.
• Each Docker registry can have multiple repositories and each repository can have multiple tags. Each
tag corresponds to an image:
:
– Example: for ubuntu images – ubuntu:16.04 vs ubuntu:18.04
– Tags can be ignored (ubuntu -> ubuntu:latest)
• Registry’s name is normally represented by a path with two components (user/software)
– Example: docker pull microsoft/cntk:2.2-cpu-python3.5
https://hub.docker.com/
https://cloud.google.com/container-registry/ CRICOS code 00025B 22
22
17/08/2021
22

23
Cloud Computing INFS3208
Outline
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Layer architecture
– Containers
– Registry
• Docker Commands
• Containerisation and Dockerfile
– Dokcerfile instructions
CRICOS code 00025B 23
17/08/2021
23

24
Cloud Computing INFS3208
Docker Command Diagram – Image
management
Listimages:
docker images [OPTIONS] [REPOSITORY[:TAG]]
Removeoneormoreimage:
docker rmi [OPTIONS] IMAGE [IMAGE…]
CreateatagTARGET_IMAGEthatrefersto SOURCE_IMAGE
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] Showthehistoryofanimage
docker history [OPTIONS] IMAGE
CRICOS code 00025B 24
17/08/2021
https://philipzheng.gitbook.io/docker_practice/appendix_command
• • •

24

Cloud Computing INFS3208
Docker Command Diagram – Container management
17/08/2021
https://docs.docker.com/engine/reference/commandline/docker/
https://philipzheng.gitbook.io/docker_practice/appendix_command
25
• Kill/Stoponeormorerunningcontainers:
docker container kill/stop [OPTIONS] CONTAINER [CONTAINER…]
Or
docker kill/stop [OPTIONS] CONTAINER [CONTAINER…]
• Startoneormorestoppedcontainers: docker container start [OPTIONS] CONTAINER
[CONTAINER…]
• Pause/Unpauseallprocesseswithinoneormore
containers
docker container pause/unpause [OPTIONS] CONTAINER [CONTAINER…]
• Other container management commands
List containers: docker ps
Attach containers: docker attach [OPTIONS] CONTAINER
Run a bash: docker exec [OPTIONS] CONTAINER COMMAND [ARG…]
and more …
CRICOS code 00025B 25
25

26
Cloud Computing INFS3208
Docker Command Diagram – Docker sharing
17/08/2021
https://philipzheng.gitbook.io/docker_practice/appendix_command
• Exportacontainer’sfilesystemasatararchive: docker export [OPTIONS] CONTAINER
• Importthecontentsfromatarballtocreateafilesystem image:
docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] • LoadanimagefromatararchiveorSTDIN:
docker load [OPTIONS]
• Saveoneormoreimagestoatararchive(streamedto
STDOUT by default)
docker save [OPTIONS] IMAGE [IMAGE…]
CRICOS code 00025B 26
26

Cloud Computing INFS3208
Docker Command Diagram – Build image from dockerfile
• BuildanimagefromaDockerfile: docker build [OPTIONS] PATH | URL | –
https://philipzheng.gitbook.io/docker_practice/appendix_command CRICOS code 00025B 27
27
17/08/2021
27

28
Cloud Computing INFS3208
Docker Command Diagram – Interact with Registry
17/08/2021
https://philipzheng.gitbook.io/docker_practice/appendix_command
CRICOS code 00025B 28
• Pullanimageorarepositoryfromaregistry: docker pull [OPTIONS]
• Pushanimageorarepositorytoaregistry: docker push [OPTIONS] NAME[:TAG]
• SearchtheDockerHubforimages:
docker search [OPTIONS] TERM
28

29
Cloud Computing INFS3208
Docker Command Demo
17/08/2021
https://philipzheng.gitbook.io/docker_practice/appendix_command
• Check the available docker images and running containers
• Pull an existing docker: ubuntu:18.04; run it as a container
• Executeabashcommandinthiscontainer
• Installsomeapps
• Stopandrestartthecontainer
• Test if the apps can be kept without commit
• Commit the images
• Re-test if the apps can be kept
• Checkdifferences
CRICOS code 00025B 29
29

30
Cloud Computing INFS3208
Outline
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Layer architecture
– Containers
– Registry
• Docker Commands
• Containerisation and Dockerfile
– Dokcerfile instructions
CRICOS code 00025B 30
17/08/2021
30

31
Cloud Computing INFS3208
Containerizing an app
The process of taking an application and configuring it to run as a container is called “containerizing” or “Dockerizing”.
Containers are all about apps! In particular, they’re about making apps simple to build, ship, and run.
An sharing example:
• Use docker commands to construct an image layer by layer
• Use docker commit to make changes when necessary
• Use docker pull/push to share with others via public/private registry Any problems that may concern the other users?
• Size of image/container
• Contents of image/container(malicious software)
A simple solution: an “audit” file that lists all contents in this image
https://blog.netapp.com/blogs/containers-vs-vms/
17/08/2021
CRICOS code 00025B 31
31

32
Cloud Computing INFS3208
Containerizing Steps
The process of containerizing an app:
1. Start with your application code.
2. Create a Dockerfile that describes your app, its dependencies, and how to run it.
3. FeedthisDockerfileintothedockerimagebuild command.
4. Sit back while Docker builds your application into a Docker image and push image to Docker Registry
5. Your team mates and you can remotely/locally run the image as a container
https://blog.netapp.com/blogs/containers-vs-vms/
17/08/2021
CRICOS code 00025B 32
32

33
Cloud Computing INFS3208
Dockerfile
• is a text file that defines the environment inside the container
• is a collection of instructions and commands (blueprint)
• clearly tells what are contained in the image.
• Docker can build images automatically by reading the instructions from a Dockerfile
– Usage example: docker build
• Docker image is in form of dockerfile
• http://www.w3big.com/docker/docker- install-nginx.html
https://blog.netapp.com/blogs/containers-vs-vms/
CRICOS code 00025B 33
17/08/2021
33

Cloud Computing INFS3208
Launch a Nginx container with Docker CLI commands
17/08/2021
34
CRICOS code 00025B 34
34

Cloud Computing INFS3208
Launch a Nginx container with a Dockerfile
Index.html
CRICOS code 00025B 35
17/08/2021
dockerfile
35
35

Cloud Computing INFS3208
Union FS in Image Build
Image
17/08/2021
COPY website /var/www/html
RUN apt-get install nginx
RUN apt-get update
FROM ubuntu base layer
Layer Layer Layer
Layer
36
CRICOS code 00025B 36
36

37
Cloud Computing INFS3208
A Dockerfile Example
CRICOS code 00025B 37
17/08/2021
RUN
RUN
RUN
RUN
RUN
RUN
RUN
FROM
• We have a base image as the first layer, “RUN” will add SEVEN different layers:
• Union FS has maximum layer number, so you cannot write as many lines as you write a shell script (e.g. > 128 lines/layers)
• There are many libs/apps that are used as temporary tools, resulting in a big and redundant image.
37

Cloud Computing INFS3208
A Dockerfile Example
• We have a base image as the first layer, “RUN” will add SEVEN There are many libs/apps that are used as temporary tools, resulting in a big and redundant image.
38
CRICOS code 00025B 38
17/08/2021
RUN
FROM
38

39
Cloud Computing INFS3208
Dockerfile: FROM
Syntax:
FROM [–platform=] [AS ]
Example:
FROM ubuntu:18.04
• FROM instruction initializes a new build stage and sets the Base Image for subsequent instructions.
• As such, a valid Dockerfile must start with a FROM instruction. ARG is the only instruction that may precede FROM in the Dockerfile.
– ARG CODE_VERSION=latest
– FROM base:${CODE_VERSION} • The image can be any valid image
– e.g. ubuntu/busybox on Docker Hub.
– scratch: an explicitly empty image, especially for building images “FROM scratch”
CRICOS code 00025B 39
17/08/2021
39

Cloud Computing INFS3208
Dockerfile: RUN
RUN has two forms:
• RUN
– Shell commands (by default is /bin/sh -c on Linux)
– E.g. RUN apt-get update
• RUN [“executable”, “param1”, “param2”] (exec form)
– The exec form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).
– E.g. RUN [“/bin/bash”, “-c”, “echo hello”]
To avoid redundant layers, it’s recommend to concatenate all commands with “&&” and separate them with “\”, which is a line continuation character.
40
CRICOS code 00025B 40
17/08/2021
40

Cloud Computing INFS3208
Dockerfile: COPY
COPY has two forms:
• COPY [–chown=:]
• COPY [–chown=:] [““,… ““]
may contain wildcards and matching will be done using Go’s filepath.Match rules.
• COPY website/*.html /var/www/html
– Copy all html files in website to the destination folder.
• COPY website/in?ex.html /var/www/html
– Copy any file named as in?ex.html to the destination folder. ? Is replaced with any single character, e.g. index.html or in_ex.html.
Option “–chown=:” can change user and group information in destination folder (Not working on Windows-based containers).
41
NOTE:
‘*’ matches any sequence of non-Separator characters
‘?’ matches any single non-Separator character
CRICOS code 00025B 41
17/08/2021
41

42
Cloud Computing INFS3208
Dockerfile: ADD
ADD has two forms:
• ADD [–chown=:]
• ADD [–chown=:] [““,… ““] ADD is similar with COPY, but more powerful.
• ADD
– If source is a remote file URL, ADD can download it into folder and set its permissions of 600 by default.
– 600 (rw-,—,—): Owner(6-110)/Group(0)/Others(0)
– If source is compressed file (tar/gzip/bzip2/gz), ADD can download it and uncompress it into
destination folder.
In Best Practices for Writing Dockerfiles [1], COPY is preferred than ADD due to its semantic transparency.
[1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
CRICOS code 00025B 42
17/08/2021
42

Cloud Computing INFS3208
Dockerfile: VOLUME
VOLUME [“PATH”] or VOLUME
• creates a mount point with the specified name and marks it as holding externally mounted volumes from
native host or other containers.
• the value can be
– either a JSON array, e.g. VOLUME [“/var/log/”],
– or a plain string with multiple arguments, e.g. VOLUME /var/log.
• The docker run command initializes the newly created volume with any data that exists at the specified
location within the base image.
• docker run -it -d -v $PWD/mydata:/myvol [image_name]
43
CRICOS code 00025B 43
17/08/2021
43

Dockerfile: EXPOSE
EXPOSE [/…]
• informs Docker that the container listens on the specified network
ports at runtime.
• can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.
– EXPOSE 80/tcp
– EXPOSE 80/udp
• In dockerfile, EXPOSE 80 is declaring the container will be using
PORT 80, but it won’t actually open the port.
• Use docker run -p : to map ports.
80
TCP: 80, 443, etc.
17/08/2021
44
Cloud Computing INFS3208
Internet
80
Nginx Container
VM
CRICOS code 00025B
44
44

17/08/2021
Cloud Computing INFS3208
Dockerfile: CMD
The CMD instruction has three forms:
• CMD [“executable”,”param1″,”param2″] (exec form, this is the preferred form)
• CMD [“param1″,”param2″] (as default parameters to ENTRYPOINT)
• CMD command param1 param2 (shell form)
The main purpose of a CMD is to provide defaults for an
executing container.
• For example, the default CMD of ubuntu container is “/bin/bash”
• CMD [“sh”, “-c”, “echo /etc/os-release”]
There can only be ONE CMD instruction in a Dockerfile.
• If you list more than one CMD then only the last CMD will take effect.
45
CRICOS code 00025B 45
45

46
Cloud Computing INFS3208
Dockerfile: CMD
• The base image is ubuntu and its default executable is “/bin/bash” (main process)
• CMD [“nginx”,“-g”,“daemon off;”] set the default executable of this container is nginx and set it running in the frontend
• Why not to use “CMD service nginx start”?
– Improper understanding the essence of container (it’s a process not a VM)
– Container does not exist after finishing its main process.
CRICOS code 00025B 46
17/08/2021
46

Cloud Computing INFS3208
Dockerfile: ENTRYPOINT
An ENTRYPOINT allows you to configure a container that will run as an executable. ENTRYPOINT has two forms:
• ENTRYPOINT [“executable”, “param1”, “param2”] (exec form – preferred)
• ENTRYPOINT command param1 param2 (The shell form)
When using both ENTRYPPOINT and CMD in one dockerfile,
• CMD will become the additional parameter -> ENTRYPOINT “CMD”
• CMD can be overridden by command line arguments provided when docker container runs.
17/08/2021
47
CRICOS code 00025B 47
47

Cloud Computing INFS3208
17/08/2021
48
Dockerfile: ENV
The ENV instruction sets the environment variable to the value .
This value will be in the environment for all subsequent instructions in the build stage and can be replaced inline in many as well.
The ENV instruction has two forms:
• ENV
– ENV myName
– ENV mySchoo
– ENV myOffice GPS649
• ENV =
– ENV myName=“Sen Wang” mySchool=“Information Technology and Electrical Engineering”
Electrical Engineering
Sen Wang
l Information Technology and
CRICOS code 00025B 48
48

49
Cloud Computing INFS3208
Dockerfile: ARG
The ARG instruction defines a variable that users can pass at build-time to the builder with the docker build command using the –build-arg = flag.
ARG [=]
Run “docker build –build-arg user1=wang” to build the dockerfile
• user1 will be overridden as “wang” is passed to the first argument
• ver will be 1 as default.
Note: Do not use ARG to save your credentials (e.g. github keys, password) because build-time variable values are visible to any user of the image with the docker history command.
CRICOS code 00025B 49
17/08/2021
49

Cloud Computing INFS3208
Dockerfile: ENV vs ARG
Both ENV and ARG can be used to define variables.
• Their life cycles are different.
– ARG defines variables during build-time;
– ENV defines variables during running container.
• ARG values can be changed when building the image
– –build-arg can be used to over the ARG values
• ENV cannot be directly changed when building the image
50
ARG values available
Dockerfile
docker build
Image
docker run
Container
ENV values available
https://vsupalov.com/docker-arg-vs-env/
CRICOS code 00025B 50
17/08/2021
50

Cloud Computing INFS3208
Dockerfile: WORKDIR
The WORKDIR instruction sets the working directory (or current working directory)
WORKDIR /path/to/workdir
• If the WORKDIR doesn’t exist, it will be created even if it’s not used in any
subsequent Dockerfile instruction.
• The WORKDIR instruction can be used multiple times in a Dockerfile.
• If a relative path is provided, it will be relative to the path of the previous WORKDIR instruction.
17/08/2021
Why do we need WORKDIR?
51
RUN echo “hello” > world.txt RUN cd /app
CRICOS code 00025B 51
51

52
Cloud Computing INFS3208
Dockerfile: USER
The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile.
• USER [:] or USER [:]
• Similarly, USER just change the current user for the next layer.
• The must be pre-defined, otherwise you cannot change.
CRICOS code 00025B 52
17/08/2021
52

Cloud Computing INFS3208
Building Solutions
Before Docker 17.05, there are two ways to build docker images:
• Pack everything into ONE Dockerfile:
– Dockerfile could be lengthy and not easy to maintain
– Too many layers result in fatty images and long time of deployment.
– Code leaks risks
• Distribute to multiple Dockerfiles:
– One dockerfile is to build the image
– One dockerfile is to copy all the required
libs/programs
– One script to run dockerfiles
– Can significantly reduce image size, but hard to maintain two dockerfiles synchronised.
Dockerfile.build
Dockerfile.copy
Build.sh
17/08/2021
53
CRICOS code 00025B 53
53

Cloud Computing INFS3208
Multistage Builds
• • • •
Use multiple FROM statements in one Dockerfile Each FROM can use a different base image
Each FROM indicates a new stage of the build Selectively copy artifacts from one stage to another
– COPY –from=0 /go/src/xxx .
https://docs.docker.com/develop/develop-images/multistage-build/
54
Multistage Build with one dockerfile Multiple Dockerfiles with a script
Single lengthy dockerfile CRICOS code 00025B 54
17/08/2021
54

Cloud Computing INFS3208
Best practices for writing Dockerfiles
• Exclude with .dockerignore – like .gitignore
• Use multi-stage builds
• Don’t install unnecessary packages • Decouple applications
• Minimize the number of layers
• Sort multi-line arguments
•…
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#exclude-with-dockerignore
55
CRICOS code 00025B 55
17/08/2021
55

Cloud Computing INFS3208
Revisit: How does Dockerfile work in the Cloud?
17/08/2021
process
Docker Engine
OS Libs
Dockerfile
process
Docker Image
docker build
docker run
Process
Docker Engine
Operating System Operating System
Docker Tutorial – Part 1 – What is Docker, and Key Concepts, https://www.youtube.com/watch?v=T25Z4CUwYjE 56
Hardware
Hardware
CRICOS code 00025B 56
56

57
Cloud Computing INFS3208
Summary
• Container
• What is Docker
• Basic concepts in Docker
– Images
– Layer architecture
– Containers
– Registry
• Docker Commands
• Containerisation and Dockerfile
– Dokckerfile instructions
CRICOS code 00025B 57
17/08/2021
57

58
Cloud Computing INFS3208
Tutorial & Practical for Week 4
Tutorial 3 (Week 4)
1. What is Docker? Discuss the motivations of using Docker technology.
2. What are Docker Image, Docker Container, and Docker Registries? Please give brief descriptions of these concepts
3. What is Dockerfile? Please discuss what the good practices for writing Dockerfiles are.
4. How to make the image built from dockerfile as lean as possible?
Practical 3 (Week 4)
1. Based on the existing VM created on GCP, install and set up Docker environment 2. Docker commands for beginners
3. Set up a personal blog website with WordPress and MariaDB dockers on GCP.
4. Write a dockerfile to build your own Nginx image
CRICOS code 00025B 58
17/08/2021
58

59
Cloud Computing INFS3208
Next (Week 5) Topic:
Docker II: Docker Compose and Docker Swarm
CRICOS code 00025B 59
17/08/2021
59