Docker on Windows E-Book

BIRMINGHAM - MUMBAI

Docker on Windows

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: July 2017

Production reference: 1120717

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN 978-1-78528-165-5

www.packtpub.com

Credits

Author

Elton Stoneman

Copy Editor

Stuti Srivastava

Reviewer

Shashikant Bangera

Project Coordinator

Virginia Dias

Commissioning Editor

Kartikey Pandey

Proofreader

Safis Editing

Acquisition Editor

Rahul Nair

Indexer

Aishwarya Gangawane

Content Development Editor

Sharon Raj

Graphics

Kirk D'Penha

Technical Editors

Mohit Hassija

Komal Karne

Production Coordinator

Aparna Bhagat

About the Author

Elton Stoneman has been a Microsoft MVP for 8 years and a Pluralsight author for 5 years, and now he works for Docker, Inc. Before joining Docker, he spent 15 years as a consultant, architecting and delivering very large and very successful solutions built on .NET and powered by Windows and Azure.

All the years he worked with Windows, Elton had a secret Linux server in his attic or garage, running core services for the home, such as music servers and file servers. When Docker started to take hold in the Linux world, Elton had early experience in a cross-platform project he worked on, got hooked, and started to focus on containers. He was made a Docker Captain, and for a time, was one of only two people in the world who were both a Microsoft MVP and a Docker Captain.

Elton blogs about Docker, tweets about Docker, and speaks about Docker all the time. He is a regular at local events and user groups; you will often see him at Docker London, London DevOps, and WinOps London. He's also had great fun speaking at fantastic conferences around the world, including DockerCon, NDC London, SDD, DevSum, and NDC Oslo.

About the Reviewer

Shashikant Bangera is a DevOps architect with 17 years of IT experience. He has vast experience of DevOps tools across the platform, with core expertise in CI, CD, and aPaaS. He has helped his customers adopt DevOps, and has architected and implemented Enterprise DevOps for various domains, such as banking, e-commerce, and retail. He has also contributed to many open sources platforms, such as DevOps Publication. He has designed an automated on-demand environment with a set of open source tools and also an environment booking tool, which is available on GitHub.

He has reviewed two Docker books for Packt: Learning Docker and Docker High Performance.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at http://www.amazon.in/dp/1785281658. If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

Getting Started with Docker on Windows

Docker and Windows containers

Windows licensing

Understanding the key Docker concepts

The Docker service and Docker command-line

Docker images

Image registries

Docker containers

Docker swarm

Running Docker on Windows

Docker for Windows

Docker as a Windows Service

Docker in an Azure VM

Learning Docker with this book

Summary

Packaging and Running Applications as Docker Containers

Running a container from an image

Doing one thing with a task container

Connecting to an interactive container

Keeping a process running in a background container

Building a Docker image

Understanding the Dockerfile

Building an image from a Dockerfile

Examining how Docker builds an image

Packaging your own applications

Compiling the application during the build

Compiling the application before the build

Compiling with multi-stage builds

Using the main Dockerfile instructions

Understanding temporary containers and image state

Working with data in Docker images and containers

Data in layers and the virtual C drive

Sharing data between containers with volumes

Sharing data between container and host with volumes

Mounting volumes from host directories

Using volumes for configuration and state

Packaging a traditional ASP.NET web app as a Docker image

Writing a Dockerfile for NerdDinner

Summary

Developing Dockerized .NET and .NET Core Applications

Building good citizens for Docker

Hosting Internet Information Services (IIS) applications in Docker

Configuring IIS for Docker-friendly logging

Promoting environment variables

Building Docker images that monitor applications

Separating dependencies

Creating Docker images for SQL Server databases

Managing database files for SQL Server containers

Running databases in containers

Connecting to database containers from application containers

Breaking up monolithic applications

Extracting high-value components from monoliths

Hosting a UI component in an ASP.NET Core application

Connecting to application containers from other application containers

Summary

Pushing and Pulling Images from Docker Registries

Understanding registries and repositories

Examining image repository names

Building, tagging, and versioning images

Pushing images to a registry

Running a local image registry

Building the registry image

Running a registry container

Pushing and pulling images with a local registry

Configuring Docker to allow insecure registries

Storing Windows image layers in a local registry

Using a commercial registry

Docker Hub

Docker Cloud

Docker Store

Docker Trusted Registry

Other registries

Summary

Adopting Container-First Solution Design

Design goals for NerdDinner

Dockerizing NerdDinner's configuration

Splitting out the create dinner feature

Packaging .NET console apps in Docker

Running a message queue in Docker

Starting a multi-container solution

Adding new features in containers

Using Elasticsearch with Docker and .NET

Building hybrid .NET Framework and .NET Core solutions in Docker

Compiling the hybrid NerdDinner solution

Packaging .NET Core console apps in Docker

Providing analytics with Kibana

From monolith to distributed solution

Managing build and deployment dependencies

Summary

Organizing Distributed Solutions with Docker Compose

Defining applications with Docker Compose

Capturing service definitions

Defining infrastructure services

Configuring application services

Specifying application resources

Managing applications with Docker Compose

Running applications

Scaling application services

Stopping and starting application services

Upgrading application services

Monitoring application containers

Managing application images

Configuring application environments

Specifying external resources

Using multiple Compose files

Summary

Orchestrating Distributed Solutions with Docker Swarm

Creating a swarm and managing nodes

Creating and managing services in swarm mode

Running services across many containers

Global services

Deploying stacks to Docker swarm

Docker secrets

Defining a stack using Compose files

Deploying a stack from a Compose file

Running Docker swarm in the cloud

Managed Docker services in the cloud

Docker on Amazon Elastic Container Service

Docker on Google Container Platform

Docker on Azure Container Service

Docker cloud editions

Deploying updates with zero downtime

Load balancing across swarm nodes

Updating application services

Rolling back service updates

Configuring update behavior

Updating swarm nodes

Mixing hosts in hybrid swarms

Summary

Administering and Monitoring Dockerized Solutions

Managing containers with Windows tools

IIS Manager

SQL Server Management Studio

Event logs

Server Manager

Managing containers with Docker tools

Docker visualizer

Portainer

CaaS with Docker EE

Understanding UCP

Navigating the UCP UI

Managing nodes

Volumes

Images

Networks

Deploying stacks

Creating services

Monitoring services

RBAC

Summary

Understanding the Security Risks and Benefits of Docker

Understanding container security

Container processes

Container user accounts and ACLs

Running containers with resource constraints

Running containers with restricted capabilities

Isolation in Hyper-V containers

Securing applications with secure Docker images

Building minimal images

Docker Security Scanning

Managing Windows updates

Securing the software supply chain with DTR

Repositories and users

Organizations and teams

Image Signing and Content Trust

Golden images

Understanding security in swarm mode

Nodes and join tokens

Encryption and secrets

Node labels and external access

Summary

Powering a Continuous Deployment Pipeline with Docker

Designing CI/CD with Docker

Running shared development services in Docker

Packaging a Git server into a Windows Docker image

Running the Bonobo Git server in Docker

Packaging a CI server into a Windows Docker image

Running the Jenkins automation server in Docker

Configuring CI/CD using Jenkins in Docker

Setting up Jenkins credentials

Configuring the Jenkins CI job

Building the solution using Docker Compose in Jenkins

Multi-stage builds in CI pipelines

Running and verifying the solution

Running end-to-end tests in Docker

Tagging and pushing Docker images in Jenkins

Deploying to a remote Docker swarm using Jenkins

Summary

Debugging and Instrumenting Application Containers

Working with Docker in integrated development environments

Docker in Visual Studio 2017

Debugging with Docker Compose in Visual Studio 2017

Docker in Visual Studio 2015

Docker in Visual Studio Code

Instrumentation in Dockerized applications

Instrumentation with Prometheus

Adding a Prometheus endpoint to .NET projects

Adding a Prometheus exporter alongside existing apps

Running a Prometheus server in a Windows Docker container

The bug fixing workflow in Docker

Bug fixing before Docker

Bug fixing with Docker

Summary

Containerize What You Know - Guidance for Implementing Docker

Dockerizing what you know

Selecting a simple Proof-of-Concept app

Generating an initial Dockerfile with Image2Docker

Engaging other stakeholders

Case studies for implementing Docker

Case study 1 - an in-house WebForms app

Case study 2 - a database integration service

Case study 3 - an Azure IoT app

Summary

Preface

Docker is a platform for running server applications in lightweight units called containers. You can run Docker on Windows Server 2016 and Windows 10, and run your existing apps in containers to get significant improvements in efficiency, security, and portability. This book teaches you all you need to know about Docker on Windows, from 101 to deploying highly available workloads in production.

What this book covers

Chapter 1, Getting Started with Docker on Windows, introduces the Docker runtime and walks through the options for running Docker on Windows, covering Docker Toolbox for older client versions, native Docker for Windows 10 and Windows Server 2016, and running Docker hosted on an Azure VM.

Chapter 2, Packaging and Running Applications as Docker Containers, focuses on the Docker image: a packaged application with all its dependencies that will run in the same way on any host that can run Docker. We'll see how to build Docker images with a Dockerfile for a simple website, and then run it on Windows.

Chapter 3, Developing Dockerized .NET and .NET Core Applications, shows how we can build applications with Microsoft technologies that can run on any operating system. .NET Core apps run equally on Windows (including Nano Server) and Linux, and they are ideally suited for packaging into a portable Docker container.

Chapter 4, Pushing and Pulling Images from Docker Registries, will look at publishing images we build in development and using automated builds, hooking Docker Hub into GitHub so new container image versions are built when code gets pushed. The chapter will also cover running your own private Docker registry for internal use.

Chapter 5, Adopting Container-First Solution Design, builds on the previous chapters, showing how the range of high-quality Docker images makes it straightforward to design distributed solutions, and mixing off-the-shelf images with custom ones. The Windows slant here is that you can run Windows hosts and manage them in the same way as other machines, but they could be running Linux software inside a Docker container.

Chapter 6, Organizing Distributed Solutions with Docker Compose, takes the ad hoc distributed solution from Chapter 5, Adopting Container-First Solution Design and builds it into a deployable package using Docker Compose--with a Docker Network so containers can communicate using hostnames. The chapter will also cover the structure of the Docker Compose YAML file and the runtime for Docker Compose.

Chapter 7, Orchestrating Distributed Solutions with Docker Swarm, covers production-ready clustering with Docker Swarm, briefly introducing the old Docker Swarm product for awareness, but focusing on the new Swarm Mode built into Docker from version 1.12. We'll set up a Swarm running on Windows in Azure, explore how the Routing Mesh works, and look at service discovery and reliability by deploying the solution from Chapter 6, Organizing Distributed Solutions with Docker Compose as Swarm services.

Chapter 8, Administering and Monitoring Dockerized Solutions, covers management of distributed Docker solutions. You'll see how to set up log shipping so container logs are sent to a central location, use both free and commercial tools to visualize the containers in a Swarm, and learn how to do rolling upgrades of a running service.

Chapter 9, Understanding the Security Risks and Benefits of Docker, covers the key aspects of Docker security: the risks of having multiple containers on one node, the potential for an attacker to compromise one container and access others, and how to mitigate that. We'll also look at how Docker improves security, with vulnerability scanning for images built into Docker Hub and Docker Trusted Registry and flagging security issues with the software inside images. Lastly, we'll cover built-in security between nodes in Docker Swarm.

Chapter 10, Powering a Continuous Deployment Pipeline with Docker, covers Docker in a DevOps workflow, where everything is automated. We'll build out a whole deployment pipeline using Docker, running GitLab for source control and builds, which will package a new Docker image when code is pushed, run automated tests, and deploy to a test environment.

Chapter 11, Debugging and Instrumenting Application Containers, looks at troubleshooting Docker containers during both build and run. We will cover how to structure the Dockerfile so that infrequently changing layers are preserved and containers are quicker to build, and see the best way to build up an image. For running containers, we'll cover viewing the logs, checking process performance, and connecting to the container for exploratory checks.

Chapter 12, Containerize What You Know: Guidance for Implementing Docker, will look at containerizing existing software stacks for non-production deployment, and also extracting a vertical slice from an application that can run in Docker, as a first move toward a microservice architecture.

What you need for this book

To execute the examples given in this book, you will need the following:

Docker for Windows 17.06 or later

Windows 10 or Windows Server 2016

Who this book is for

If you want to modernize an old monolithic application without rewriting it, smooth the deployment to production, or move to DevOps or the cloud, then Docker is the enabler for you. This book gives you a solid grounding in Docker so you can confidently approach all of these scenarios.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "If you run docker container ls, which lists all the active containers, you won't see this container."

A block of code is set as follows:

FROM

microsoft/nanoserver

COPY

scripts/print-env-details.ps1 c:\\print-env.ps1

CMD

[

"powershell.exe"

,

"c:\\print-env.ps1"

]

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

FROM

microsoft/nanoserver

COPY

scripts/print-env-details.ps1 c:\\print-env.ps1

CMD ["powershell.exe", "c:\\print-env.ps1"]

Any command-line input or output is written as follows:

docker container run dockeronwindows/ch01-whale

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "In order to download new modules, we will go toFiles | Settings | Project Name | Project Interpreter."

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you. You can download the code files by following these steps:

Log in or register to our website using your e-mail address and password.

Hover the mouse pointer on the

SUPPORT

tab at the top.

Click on

Code Downloads & Errata

.

Enter the name of the book in the

Search

box.

Select the book for which you're looking to download the code files.

Choose from the drop-down menu where you purchased this book from.

Click on

Code Download

.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR / 7-Zip for Windows

Zipeg / iZip / UnRarX for Mac

7-Zip / PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Docker-on-Windows. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/DockeronWindows_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Getting Started with Docker on Windows

Docker is an application platform. It's a new way of running applications in isolated, lightweight units called containers. Containers are a very efficient way of running apps - they start in seconds, and the container doesn't add any overhead to the memory and compute requirements of the app. Docker is completely agnostic to the type of apps it can run. You can run a brand new .NET Core app in one container and a 10-year old ASP.NET 2.0 WebForms app in another container on the same server.

Containers are isolated units, but they can integrate with other components. Your WebForms container can access a REST API hosted in your .NET Core container. Your .NET Core container can access a SQL Server database running in a container or a SQL Server instance running on a separate machine. You can even set up a cluster with a mixture of Linux and Windows machines all running Docker, and have Windows containers transparently communicate with Linux containers.

Companies big and small are moving to Docker to take advantage of this flexibility and efficiency. The case studies from Docker, Inc. - the company behind the Docker platform - show that you can reduce your hardware requirements by 50% when you move to Docker, while still supporting high availability for your applications. These significant reductions apply equally to on-premises data centers and to the cloud.

Efficiency isn't the only gain. When you package your application to run in Docker, you get portability. You can run your app in a Docker container on your laptop, and it will behave in exactly the same way on a server in your data center and on a virtual machine (VM) in any cloud. This means your deployment process is simple and risk-free because you're deploying the exact same artifacts that you've tested, and you're also free to choose between hardware vendors and cloud providers.

The other big motivator is security. Containers add secure isolation between applications, so you can be confident that if one application is compromised, the attacker can't move on to compromise other apps on the same host. There are wider security benefits in the platform too. Docker can scan the contents of packaged applications and alert you to security vulnerabilities in your application stack. And you can digitally sign packages and configure Docker to run containers only from package authors that you trust.

Docker is built from open source components and is shipped as Docker Community Edition (Docker CE) and Docker Enterprise Edition (Docker EE). Docker CE is free to use and has monthly releases. Docker EE is a paid subscription, it comes with extended features and support and has quarterly releases. Docker CE and Docker EE are available on Windows, and both versions use the same underlying platform, so you can run your apps in containers on Docker CE and EE in the same way.

Docker and Windows containers

Docker originally ran on Linux, taking advantage of core Linux features but making it simple and efficient to use containers for application workloads. Microsoft saw the potential and worked closely with the Docker engineering team to bring the same functionality to Windows. Windows Server 2016 and Windows 10 are the first versions of Windows that can run Docker containers. Right now, you can run only Windows containers on Windows, but Microsoft is adding support for Linux containers to run on Windows too.

There is no integration between containers and the Windows UI, though. Containers are only for server side applications - workloads like websites, APIs, databases, message queues, message handlers, and console applications. You can't use Docker to run a client app, like a .NET WinForms or WPF application, but you could use Docker to package and distribute the application, which would give you a consistent build and release process for all your apps.

There is also a distinction between how containers run on Windows Server 2016 and Windows 10. The user experience for working with Docker is the same, but the way containers are hosted is different. On Windows Server, the process that serves your application actually runs on the server, and there's no layer between the container and the host. In the container, you may see w3wp.exe running to serve a website, but that process is actually running on the server - if you had ten web containers running, you would see ten instances of w3wp.exe in task manager on the server.

Windows 10 doesn't have the same operating system kernel as Windows Server 2016, so in order to provide containers with the Windows Server kernel, Windows 10 runs each container in a very light VM. These are called Hyper-V containers, and if you run a web app in a container on Windows 10, you won't see w3wp.exe running on the host - it's actually running inside a dedicated Windows Server kernel in the Hyper-V container.

It's good to understand this distinction. You use the same Docker artifacts and the same Docker commands on Windows 10 and Windows Server 2016, so the processes are the same, but there is a slight performance hit in using Hyper-V containers on Windows 10. Later in this chapter, I'll show you the options for running Docker on Windows, and you can choose the best approach for you.

Windows licensing

Windows containers don't have the same licensing requirements as servers or VMs running Windows. Windows is licensed at the host level, not the container level. If you have 100 Windows containers running on one server, you only need a license for the server. There are considerable savings to be had if you currently use VMs to isolate application workloads. Removing the VM layer and running apps in containers directly on the server removes the licensing requirement for all the VMs.

Hyper-V containers have separate licensing. On Windows 10, you can run multiple containers, but not for production deployments. On Windows Server, you can also run containers in Hyper-V mode to get increased isolation. This can be useful in multi-tenant scenarios, where you need to expect and mitigate for hostile workloads. Hyper-V containers are separately licensed, but in a high-volume environment, you would use a Datacenter license run Hyper-V containers without individual licenses.

Microsoft and Docker, Inc. have partnered to provide Docker EE at no cost with Windows Server 2016. The price of the Windows Server license includes Docker EE Basic, which gives you support to run applications in containers. If you have problems with a container or with the Docker service, you can raise it with Microsoft and they can go on to escalate it to Docker engineers.

Understanding the key Docker concepts

Docker is a very powerful but very simple application platform. You can get started with running your existing apps in Docker in just a few days, and be ready to move to production in a few days more. This book will take you through lots of examples of .NET Framework and .NET Core applications, running in Docker. You'll learn how to build, ship, and run applications in Docker and move on to advanced topics like solution design, security, administration, instrumentation, and continuous integration and continuous delivery (CI/CD).

To start with, you need to understand the core Docker concepts: images, registries, containers, and swarms--and understand how Docker actually runs.

The Docker service and Docker command-line

Docker runs as a background Windows service. This service manages all the running containers and exposes a REST API for consumers to work with containers and other Docker resources. The main consumer of that API is the Docker command-line tool, which is what I use for most of the code samples in this book.

The Docker REST API is public, and there are alternative management tools that are powered by the API, like Portainer (which is open source) and Docker Universal Control Plane (UCP) (which is a commercial product). The Docker CLI is very simple to use; you use commands like docker container run to run an application in a container and docker container rm to remove a container.

You can also configure the Docker API to be remotely accessible and configure your Docker CLI to connect to a remote service. This means you can manage a Docker host running in the cloud using Docker commands on your laptop. The setup to allow remote access should also include encryption, so your connection is secure--and in this chapter, I will show you an easy way to configure that.

When you have Docker running, you'll start by running containers from images.

Docker images

A Docker image is a complete application package. It contains one application and all of its dependencies, the language runtime, the application host, and the underlying operating system. Logically, the image is a single file, and it's a portable unit—you can share your application by pushing your image to a Docker registry. Anyone who has access can pull that image themselves and run your application in a container. It will behave in exactly the same way for them as it does for you.

Here's a concrete example. An ASP.NET WebForms app is going to run on Internet Information Services (IIS) in Windows Server. To package that application in Docker, you build an image that is based on Windows Server Core, add IIS, add ASP.NET, copy your application, and configure it as a website in IIS. You describe all these steps in a simple script called a Dockerfile, and you can use PowerShell or batch files for each step you need to perform.

You build the image by running docker image build. The input is the Dockerfile and any resources that need to be packaged into the image (like the web application content). The output is a Docker image. In this case, the image will have a logical size of about 11 GB, but 10 GB of that is the Windows Server Core image you're using as a base, and that image can be shared as the base across many other images (I will cover image layers and caching more in Chapter 4, Pushing and Pulling Images from Docker Registries).

The Docker image is like a snapshot of the filesystem for one version of your application. The image is static, and you distribute it using a registry.

Image registries

A registry is a storage server for Docker images. Registries can be public or private, and there are free public registries and commercial registry servers that allow fine-grained access control for images. Images are stored with a unique name within the registry. Anyone with access can upload an image by running docker image push and download an image by running docker image pull.

The most popular registries are the public ones hosted by Docker:

Docker Hub is the original registry, which has become hugely popular for open source projects in the Linux ecosystem. It has over 600,000 images stored and has hosted over 12 billion image pulls.

Docker Cloud is where you store images you build yourself, and you can configure images to be public or private. It's suitable for internal products, where you can limit access to the images. You can set up Docker Cloud to automatically build images from Dockerfiles stored in GitHub

—

currently, this is supported only for Linux-based images, but Windows support is coming soon.

Docker Store is where you get commercial software, pre-packaged as Docker images. Vendors are increasingly supporting Docker as a platform for their own applications, and you will find software from Microsoft, Oracle, HPE, and more on Docker Store.

In a typical workflow, you might build images as part of a CI pipeline and push them to a registry if all the tests pass. The image is then available for other users to run your application in a container.

Docker containers

A container is an instance of an application created from an image. The image contains the whole application stack, and it also specifies the process to start the application, so Docker knows what to do when you run a container. You can run multiple containers from the same image, and you can run containers in different ways (I describe them all in the next chapter). You start your application with docker container run, specifying the name of the image and your configuration options. Distribution is built into the Docker platform, so if you don't have a copy of the image on the host where you're trying to run the container, Docker will pull the image first. Then it starts the specified process, and your app is running in a container.

Containers don't need a fixed allocation of CPU or memory, and the processes for your application can use as much of the host's compute power as they need. You can run dozens of containers on modest hardware, and unless the applications all try and use a lot of CPU at the same time, they will happily run concurrently. You can also start containers with resource limits to restrict how much CPU and memory they have access to.

Docker provides the container runtime as well as image packaging and distribution. In a small environment and in development, you will manage individual containers on a single Docker host, which would be your laptop or a test server. When you move to production, you'll need high availability and the option to scale, and that comes with Docker swarm.

Docker swarm

Docker has the ability to run on a single machine or as one node in a cluster of machines all running Docker. This cluster is called a swarm, and you don't need to install anything extra to run in swarm mode. You install Docker on a set of machines, and on the first you run docker swarm init to initialize the swarm, and on the others you run docker swarm join to join the swarm.

I will cover swarm mode in depth in Chapter 7, Orchestrating Distributed Solutions with Docker Swarm, but it's important to know before you get much further that the Docker platform has high availability, scale, and resilience built in. Your Docker journey will hopefully lead you to production, where you'll need all these attributes.

In swarm mode Docker uses exactly the same artifacts, so you can run your app across 50 containers in a 20-node swarm, and the functionality will be the same as when you run it in a single container on your laptop. On the swarm, your app is more performant and tolerant of failure, and you'll be able to perform automated rolling updates to new versions.

Nodes in a swarm use secure encryption for all communication, using trusted certificates for each node. You can store application secrets as encrypted data in the swarm too, so database connection strings and API keys can be saved securely, and the swarm will deliver them only to containers that need them.

Docker is an established platform. It's new to Windows Server 2016, but it arrived on Windows after four years of releases on Linux. Docker is written in Go, which is a cross-platform language, and only a minority of code is specific to Windows. When you run Docker on Windows, you're running an application platform that has had years of successful production use.

Running Docker on Windows

It's easy to install Docker on Windows 10 and Windows Server 2016. On these operating systems, you can use the Docker for Windows installer, which sets up all the prerequisites, deploys the latest version of Docker CE, and gives you some useful options to manage image repositories and remote swarms with Docker Cloud.

In production, you should ideally use Windows Server 2016 Core, the installation with no UI. This reduces the attack surface and the amount of Windows updates your server will need. If you move all your apps to Docker, you won't need any other Windows features installed; you'll just have Docker EE running as a Windows service.

I'll walk through both these installation options and show you a third option using a VM in Azure, which is useful if you want to try Docker but don't have access to Windows 10 or Windows Server 2016.

Docker for Windows

Docker for Windows is available from Docker Store—navigate to https://dockr.ly/docker-for-windows. You can choose between the Stable channel and the Edge channel. Both channels give you Docker CE, but the Edge channel follows the monthly release cycle, and you will get experimental features. The Stable channel follows the EE release cycle, with quarterly updates.

Download and run the installer. The installer will verify that you can run Docker in your setup and will configure the Windows features needed to support Docker. When Docker is running, you will see a whale icon in the notification bar, which you can click on for options:

You need to select Switch to Windows containers before you do anything else. Docker for Windows can run Linux containers by running Docker inside a Linux VM on your machine. That's great to test out Linux apps to see how they run in containers, but this book is all about Windows containers - switch over, and Docker will remember that setting in future.

While Docker for Windows is running, you can open Command Prompt or a PowerShell session and start working with containers. First, verify that everything is working as expected by running docker version. You should see output similar to this:

> docker version

Client:

Version: 17.06.0-ce

API version: 1.30

Go version: go1.8.3

Git commit: 02c1d87

Built: Fri Jun 23 21:30:30 2017

OS/Arch: windows/amd64

Server:

Version: 17.06.0-ce

API version: 1.30 (minimum version 1.24)

Go version: go1.8.3

Git commit: 02c1d87

Built: Fri Jun 23 22:19:00 2017

OS/Arch: windows/amd64

Experimental: true

Now run a simple container:

docker container run dockeronwindows/ch01-whale

This uses a public image on Docker Cloud—one of the sample images for this book, which Docker will pull the first time you use it. If you don't have any other images, this will take few minutes, as it will also download the Microsoft Nano Server image that my image uses as a base. When the container runs, it shows some ASCII art and then exits. Run the same command again, and you will see that it executes much more quickly as the images are now cached locally.

That's all the setup you need. Docker for Windows also contains the Docker Compose tool I'll be using later in the book, so you're all set to follow along with the code samples.

Docker in an Azure VM

Microsoft makes it easy to run Docker in Azure. They provide a VM image with Docker installed and configured and with the base Windows images already pulled so you can get started quickly.

For testing and exploring, I always use DevTest labs in Azure. It's a great feature for non-production environments. By default, any VMs you create in a DevTest lab will be turned off every evening, so you don't end up with a big Azure bill from a VM you used for a few hours and forgot to turn off.

You can create a DevTest Lab through the Azure Portal and then create a VM from Microsoft's VM image Windows Server 2016 Datacenter - with Containers. As an alternative to the Azure Portal, you can use the az command-line to manage the DevTest lab. I've packaged az in a Docker image, which you can run in a Windows container:

docker run -it dockeronwindows/ch01-az

This runs an interactive Docker container that has the az command packaged and ready to use. Run az login, and you'll need to open a browser and authenticate the Azure CLI. Then, you can run this in the container to create a VM:

az lab vm create `

--lab-name docker-on-win --resource-group docker-on-winRG236992 `

--name dow-vm-01 `

--image 'Windows Server 2016 Datacenter - with Containers' `

--image-type gallery --size Standard_DS2 `

--admin-username 'elton' --admin-password 'S3crett20!7'

The VM uses the full Windows Server 2016 installation with the UI, so you can connect to the machine with RDP, open a PowerShell cmdlet, and start using Docker right away. Just like the other options, you can check whether Docker is running with docker version and then run a container from the sample image for this chapter:

docker container run dockeronwindows/ch01-whale

If an Azure VM is your preferred option, you can follow the steps from the previous section to secure the Docker API for remote access. This way, you can run the Docker command-line on your laptop to manage containers on the cloud.

Learning Docker with this book

Every code listing in this book is accompanied by a full code sample on my GitHub repository at https://github.com/sixeyed/docker-on-windows. The source tree is organized into a folder for each chapter, and for each chapter there's a folder for each code sample. In this chapter, I've used two samples to create Docker images, which you'll find in ch01\ch01-whale and ch01\ch01-az.

I prefer to follow along with the code samples when I'm learning a new technology, but if you want to use working versions of the demo applications, every sample is also available as a public Docker image on Docker Cloud. Wherever you see a docker container run command, the image already exists on Docker Cloud, so you can use mine rather than building your own if you wish. All the images in the dockeronwindows organization, such as this chapter's dockeronwindows/ch01-whale—were built from the relevant Dockerfile in the GitHub repository.

My own development environment is based on Windows Server 2016, where I use Docker for Windows. My test environment is based on Windows Server 2016 Core, where I run Docker as a Windows Service. I've also verified all the code samples using Windows 10.

I'm using version 17.06 of Docker, which is the latest release at the time of writing. Some of the features I demonstrate need version 17.06 as a minimum--such as multi-stage builds and secrets. But Docker has always been backward-compatible, so if you're using a version later than 17.06, then the sample Dockerfiles and images should work in the same way.

My goal is for this to be a definitive book about Docker on Windows, so I've covered everything from the 101 on containers through modernizing .NET apps with Docker and the security implications of containers to CI/CD and administration in production. The book ends with a guide to moving forward with Docker in your own projects.

Summary

In this chapter I introduced Docker, an application platform that can run new and old apps in lightweight units of compute called containers. Companies are moving to Docker for efficiency, security, and portability. I covered:

How Docker works on Windows and how containers are licensed

The key Docker concepts: images, registries, containers, and swarms

The options to run Docker on Windows 10, Windows Server 2016, and Azure

If you're planning to work along with the code samples in the rest of the book, you should have a working Docker environment by now. In Chapter 2,Packaging and Running Applications as Docker Containers, I'll move on to packaging more complex apps as Docker images and showing how to manage state in containers with Docker volumes.

Packaging and Running Applications as Docker Containers

Docker reduces the logical view of your infrastructure to three core components: hosts, containers, and images. Hosts run containers, which are isolated instances of an application. Containers are created from images, which are packaged applications. The Docker container image is conceptually very simple - it's a single unit that contains a complete, self-contained application. The image format is very efficient, and the integration between the image and the runtime is very smart, so mastering images is your first step to using Docker effectively.

You've already seen some images in Chapter 1, Getting Started with Docker on Windows, by running some basic containers to check your Docker installation was working correctly - but I didn't look very closely at the image or how Docker used it. In this chapter, you'll get a thorough understanding of Docker images: learning how they're structured, understanding how Docker uses them, and looking at how to package your own applications as Docker images.

The first thing to understand is the difference between an image and a container, which you can see very clearly by running different types of container from the same image.

In this chapter, you'll get a lot of experience of the Docker basics:

Running containers from images

Building images from Dockerfiles

Packaging your own applications as Docker images

Working with data in images and containers

Packaging legacy ASP.NET web apps as Docker images

Running a container from an image

The docker container run command creates a container from an image and starts the application inside the container. It's actually equivalent to running two separate commands, docker container create and docker container start, which shows that containers can have different states. You can create a container without starting it, and you can pause, stop, and restart running containers. Containers can be in different states, and you can use them in different ways.

Doing one thing with a task container

The dockeronwindows/ch02-powershell-env image is an example of a packaged application that is meant to run in a container and perform a single task. The image is based on Microsoft Nano Server and is set up to run a simple PowerShell script when it starts, printing details about the current environment. Let's see what happens when I run a container directly from the image:

> docker container run dockeronwindows/ch02-powershell-env

Name Value

---- -----

ALLUSERSPROFILE C:\ProgramData

APPDATA C:\Users\ContainerAdministrator\AppData\Roaming

CommonProgramFiles C:\Program Files\Common Files

CommonProgramFiles(x86) C:\Program Files (x86)\Common Files

CommonProgramW6432 C:\Program Files\Common Files

COMPUTERNAME 361CB712CB4B

...

Without any options, the container runs a PowerShell script that is built into the image, and the script prints out some basic information about the operating system environment. I call that a task container because the container performs one task and then exits. If you run docker container ls, which lists all the active containers, you won't see this container. But if you run docker container ls --all, which shows containers in all states, you'll see it in the Exited status:

> docker container ls --all

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

361cb712cb4b dockeronwindows/ch02-powershell-env "powershell.exe c:..." 30 seconds ago Exited

Task containers are very useful in automating repetitive tasks - like running scripts to set up an environment, backing up data, or collecting log files. Your container image packages the script to run, along with the exact version of the engine that the script needs, so anyone with Docker installed can run that script without having to install the engine.

This is especially useful for PowerShell, where scripts can be dependent on several PowerShell modules. The modules may be publicly available, but your script is dependent on specific versions. Instead of sharing a script that requires users to install the correct version of many different modules, you build an image that has the modules already installed. Then, you only need Docker to run the script task.