Docker/Podman/OCI Container Masterclass

Part of our "Kubernetes & Cloud" courses

3 days

thumb image
Outline Last updated:

Course Overview

For companies that have their sights set firmly on the future, Container technologies such as Docker and Podman are the next step up that their teams need to take. With a solid grasp of the benefits Containers has to offer, your department will be at the forefront, delivering outstanding efficiency and smooth, reliable performances.

Book a course with us and your team will be led each step of the way, by one of our experienced and very talented instructors. They will be on hand to answer any queries your team has, and this level of attention is a given, whether your team gets to grips with Containers as an online course, or an onsite experience.

During the course students can either use docker or podman

Course Prerequisites

Students should be familiar with general principles of software development. Some basic knowledge of software systems such as databases, web servers, etc is also required. Not a requirement, but having basic linux operating skills is very helpful. No prior knowledge of docker is required.

Outline

This comprehensive masterclass covers the essential fundamentals of containerization and goes beyond the basics to explore the underlying technologies that power it. Guided by our teaching philosophy: that understanding an abstraction requires knowledge of the layer directly beneath it, we dive into the core Linux technologies that make containers possible. We explore Linux namespaces, Linux Signals, cgroups, Linux technologies used in container network stacks, overlay2 filesystems, and the runtime engines like crun/runc.

This deep technical approach not only helps students develop a thorough understanding of container technologies at the system level, but also equips them with advanced troubleshooting techniques that aren't typically covered by standard container courses or exposed by the container technologies like Docker/Podman themselves. Students will gain insights into the low-level mechanisms that make containerization possible, enabling them to diagnose and resolve complex issues in production environments.

Introduction

  • Introduction to Containers
  • Docker history
  • overview of Podman
  • OCI Container technologies (Docker, Moby,Podman, …)
  • Brief discussion of Windows Native Containers
  • Discuss runc/crun in Podman/Docker/Containerd,
  • What problems do containers solve
  • Benefits of using containers
  • Introduce the Open Container Initiative (OCI)
  • Understand container isolation
  • How containers facilitates devops
  • Containers vs virtual machines
  • Linux Containers (LXC/LXD/…) vs Application/OCI Containers
  • Introduce Linux Namespaces

Containers

  • Deeper dive into container isolation
  • Introduce Images and the relation with containers
  • Linux Namespaces (PID, UTS, NET, etc) and containers
  • Understand ephemeral containers
  • Discuss the various states of a container (Created, Up, Paused, …)
  • Running and Stopping containers
  • Run detached containers in the background
  • Managing containers (listing, removing, inspecting, killing, pausing, restarting)
  • Understanding Signals on Linux
  • Understand the quirks of PID 1 on Linux and how to avoid them using init containers (catatonit/tiny/…)
  • Discuss go-templates for inspecting containers
  • Interactive containers
  • Executing commands in running containers
  • Copying files and directories to and from containers
  • How to Expose (and map) network ports
  • user management and permissions
  • running containers as non-root
  • adding and dropping Linux Capabilities
  • Introduce use of linux namespaces (e.g, user namespaces in podman)
  • Troubleshooting containers
  • Introduce the OCI Runtime Bundle
  • getting information (logs, exit codes, oom kill, …)
  • debugging containers
  • using namespaces to troubleshoot containers (pid/network/mount/user)
  • Discuss benefits of transient mode (podman)
  • Using systemd
  • Use Podman Quadlets to ease systemd integration

Container Images (OCI & Docker v2)

  • Introduce Container repositories (Docker Hub, Quay.io)
  • Appreciate that images are immutable
  • Understand the Linux overlay2 filesystem and how it is used by containers and images.
  • Understand OCI Image Format (and how it differs from Docker v2)
  • Managing images (listing, removing, inspecting)
  • Fully understand image layers (including intermediate)
  • List different ways to create images
  • Container images FROM scratch
  • Creating base images (e.g., Debian)
  • Building an image from Containers
  • Using Multi-stage builds

Creating and Using Dockerfile/Container files

  • Building images using different tools (docker, buildkit, buildah)
  • Understand the syntax of a Containerfile/Dockerfile
  • Choosing and specifying a base image
  • Adding meta-data
  • Understand the build process
  • Use docker BuildKit instances (e.g, k8s, remote, docker-container)
  • Understand and leverage different build caches
  • Understand the build context
  • Introduce dockerignore files
  • How to optimise reusing of layers
  • Running commands effectively
  • Using linters to check your Dockerfile (and shell scripts)
  • Understand shell-form and exec-form when running commands
  • Keeping your builds deterministic
  • Copying files and directories
  • Using --filter to filter copied files
  • improve performance using --link
  • Difference between COPY and ADD
  • Understand the working directory (and changing it)
  • Defining network ports
  • Changing the container's environment
  • Building executable containers
  • Understand how to use ENTRYPOINT and/or CMD
  • Appreciate the exec form (and its relation to the execve syscall)
  • Writing entrypoint scripts (e.g, entrypoint.sh) and replacing PID 1
  • Best practices in creating images
  • Using traditional build containers
  • Using multi-stage build files
  • using mounts in dockerfiles (e.g., secrets, *ssh, …)
  • speed-up builds using cache mounts
  • Using sharable build caches (s3, registry, azure blobs, …)

Volumes

  • Understand the need for data volumes
  • Introduce the volume architecture
  • Creating and inspecting volumes
  • Sharing data
  • Using the volume CLI
  • Use mount binding
  • Binding to the local file-system
  • Binding to named volumes
  • Mounting tmpfs
  • Using legacy Volume Containers
  • managing file permissions in docker (e.g, posix ACL)
  • Mounting options (read-only, selinux labels, …)
  • Using different mount types (e.g, nfs, cephfs, fuse, …)
  • Working with Podman Secrets
  • Using Podman unshare and the mount namespace

Networking

  • Understand container's networking architecture
  • List different network types (bridge, host, none, overlay, nspath, and macvlan/ipvlan)
  • Understand rootless networking in Podman (pasta/slirp4ns)
  • Understand how rootless networking (using rootless networking namespaces)
  • understand how bridge, vnet and tap networks are used in Podman
  • Introduce the Network CLI
  • Managing networks (listing, inspecting, …)
  • Understand the problems of the default bridge network
  • Discuss and use the deprecated container links
  • Creating a custom bridge networks
  • Creating macvlan and ipvlan networks
  • Connecting containers to a network
  • Connecting to multiple networks
  • Use of DNS inside a custom network
  • Managing the upstream DNS configuration
  • Introduce aardvark-dns in Podman
  • Registering additional domain names for a container
  • Managing container's /etc/hosts

Container Management

  • Container restart policies
  • Constrain container's memory
  • Constrain container's CPU resources
  • Set up a self-hosted repository
  • Understand the relation between image names and repository
  • Pulling and Pushing images
  • Understand container logging
  • Log configuration
  • Using different logging drivers
  • Setup fluentd/elasticsearch with kibana
  • Setup cAdvisor and Prometheus

Docker Compose

  • Introduce docker-compose
  • Using podman with Compose
  • introduction to the yaml syntax
  • Writing compose yaml files
  • configuring containers inside compose
  • Understand networks in Compose
  • Setting up dependencies between services
  • configuring volumes inside compose
  • using configs and secrets
  • configuring runtime deploy options (resources, restart policies, etc)
  • merging compose files
  • including and extending compose files

Pods (Podman)

  • Introduce kubernetes Pod objects
  • Explore imperative pod definitions
  • Appreciate declarative yaml definitions
  • Add containers to pods
  • Understand volume and mounts in pods
  • Introduce ConfigMap for application configuration
  • Map configmap data to environment variables and volume mounts
  • Use kubernetes Secrets for Podman Secrets

This Docker/Podman/OCI Container Masterclass course looks very interesting, I do however have a question