WEBVTT

00:00.420 --> 00:07.320
Containers are a type of construct that's used all over the world and I want to take this episode to

00:07.320 --> 00:08.750
talk about it a little bit.

00:08.760 --> 00:14.880
Now one of the places we use containers a lot is within the software development world and not being

00:14.880 --> 00:21.360
a programmer I thought I'd bring in my ringer my pal Michael Speier to help me understand what is a

00:21.360 --> 00:21.870
container.

00:21.870 --> 00:22.330
OK.

00:22.430 --> 00:26.070
I knew what a container is but you know he's more fun to talk to you sometimes.

00:26.070 --> 00:28.010
All right so Mike let's start with the easy question.

00:28.200 --> 00:33.980
What's a container it's just an application and all of its libraries in binary is running on top of

00:33.980 --> 00:35.610
the host OS kernel.

00:35.700 --> 00:36.810
Simple is that right.

00:37.110 --> 00:40.140
OK so I understand virtual machines.

00:40.140 --> 00:41.190
Can we start from there.

00:41.190 --> 00:42.190
Can you give me a hand.

00:42.290 --> 00:47.280
Yeah I will start at a little higher level than that and see if it makes a lot more sense.

00:47.580 --> 00:55.410
If you're familiar with virtual machines and how they work you take one big one big server slap a hypervisor

00:55.410 --> 00:59.760
on there and then you can run a whole bunch of different operating systems on there and they're all

00:59.760 --> 01:00.790
isolated from each other.

01:00.800 --> 01:05.920
Just because the hypervisor virtualise is the hardware of that system.

01:05.940 --> 01:14.610
Exactly so each one has its own unique OS so that each of us looks at the virtual machine it's in and

01:14.790 --> 01:19.860
to it it doesn't know any different that that's all there is in the world it doesn't realize it's running

01:19.860 --> 01:24.150
on a machine that has either 10 or 100 other operating systems on it.

01:24.190 --> 01:25.810
Are all isolated from each other.

01:25.830 --> 01:31.460
That's a VM that's a VM and a container kind of does that for an application.

01:31.470 --> 01:37.740
So as you can see we're my friends over here docker have come up with a nice diagram.

01:37.770 --> 01:41.050
We're actually on the docker Web site right here and they do have a nice.

01:41.070 --> 01:43.260
Go ahead please show the difference.

01:43.270 --> 01:49.740
So whereas instead of running a whole bunch of full operating systems and all of their applications

01:50.490 --> 01:57.540
next to each other we just have one operating system and then we run applications with their little

01:57.720 --> 02:03.840
binary is in libraries that they need to run and they're all isolated from each other just like the

02:03.930 --> 02:05.110
virtual machines are.

02:05.250 --> 02:09.170
But these individual containers aren't the complete operating system.

02:09.230 --> 02:12.990
As we look at this diagram we still have a host operating system.

02:12.990 --> 02:18.690
So what they're doing is they're just like taking the kernel from the host OS and then they bring whatever

02:18.960 --> 02:26.300
applications whatever libraries anything that they need configuration files whatever just for them.

02:26.430 --> 02:33.930
Yes OK and you and whatever's running inside a container can only see what's inside its container.

02:33.930 --> 02:36.300
It doesn't know that there's anything else in the world.

02:36.300 --> 02:44.820
It doesn't have access to any of the underlying operating systems files or folders.

02:44.820 --> 02:51.330
It can't see any networking that isn't explicitly allowed to see it's completely isolated from everything

02:51.330 --> 02:51.640
else.

02:51.650 --> 02:52.440
Ok cool.

02:52.470 --> 02:54.840
Can I can I see a container please.

02:54.840 --> 02:55.280
Sure.

02:55.280 --> 02:56.480
Pull one up right now.

02:56.820 --> 03:02.360
So what we're going to be using here guys is the pretty famous docker.

03:02.460 --> 03:07.050
I'm not sure maybe they did maybe they'd think docker invented the concept of containers maybe they

03:07.050 --> 03:07.320
did.

03:07.320 --> 03:07.980
I don't know.

03:07.980 --> 03:12.990
When you talk about containers within software development doctor really comes into play.

03:12.990 --> 03:18.450
So what we're going to do here is take a minute and show you how doctor works with containers so what

03:18.450 --> 03:19.360
are we doing right now.

03:19.380 --> 03:22.180
So I'm going to show you some running containers.

03:23.550 --> 03:24.920
And there we go.

03:25.200 --> 03:26.730
Incredibly exciting as you can see.

03:26.760 --> 03:28.120
Wait a minute so what.

03:28.350 --> 03:28.650
What.

03:28.650 --> 03:32.990
So we are looking at these are the containers that are running on this system right now.

03:33.030 --> 03:33.570
Yes.

03:33.570 --> 03:34.070
All right.

03:34.080 --> 03:38.910
I'm not even bother trying to ask you what these containers are doing but they are up and running so

03:38.910 --> 03:42.980
right now I've got one two three four five six different little containers.

03:43.020 --> 03:43.360
Yes.

03:43.380 --> 03:46.110
With little applications and they're just doing their own thing.

03:46.140 --> 03:46.520
Yeah.

03:46.620 --> 03:49.500
Each one of these is actually part of a larger whole.

03:49.500 --> 03:58.200
They all talk to each other and you there are management servers in here there's database servers in

03:58.200 --> 04:00.760
here there's web servers in here.

04:00.780 --> 04:04.060
And each one is configured to do exactly what it needs to do.

04:04.080 --> 04:05.970
So where do these containers come from.

04:05.970 --> 04:12.690
What did Dr do to give me a container what containers are actually running part of a two party system

04:12.780 --> 04:15.860
and the other part of it is called an image.

04:15.870 --> 04:18.610
So we'll take a look at the images right now.

04:22.270 --> 04:23.820
So these are the actual images we have.

04:23.820 --> 04:24.810
So we asked machine.

04:24.820 --> 04:27.510
So we have some I got to use right term here.

04:28.550 --> 04:34.960
An image is just that's what sits on the hard drive I guess that's going to have the files the buying

04:34.960 --> 04:37.150
Aeris the whatever I need.

04:37.150 --> 04:40.130
And then when it's running then it's going to be a container.

04:40.250 --> 04:47.770
Yeah it's almost very loosely it's kind of like the X-C just sitting on your hard drive for like Microsoft

04:47.770 --> 04:53.890
Word or something it itself isn't doing anything it's just sitting there only when it's actually up

04:53.890 --> 04:54.490
and running.

04:54.490 --> 04:56.060
Do we call it a container.

04:56.390 --> 04:56.820
OK.

04:56.890 --> 05:03.220
So the important thing here is that I can start and stop containers just like I can start and stop virtual

05:03.220 --> 05:04.070
machines.

05:04.150 --> 05:04.440
Yes.

05:04.480 --> 05:10.180
OK so very much isolated case so certainly get an idea of where this could be good because what's happening

05:10.180 --> 05:17.740
now is like if I've got a a web server of some kind it a web app I can create a container that's just

05:17.740 --> 05:26.380
going to have a web server in it maybe and my web app and maybe the right version of javascript.

05:26.380 --> 05:29.790
Didn't I get in trouble when I tried to talk like a programmer.

05:29.830 --> 05:34.370
I don't know what I mean but it would have having is this a super isolated stuff.

05:34.480 --> 05:34.870
Yes.

05:34.900 --> 05:39.030
And you would you have a certain version of Python.

05:39.070 --> 05:40.920
Yeah exactly.

05:41.140 --> 05:47.860
And when you build one of these images it has just what that application at that particular time needs

05:47.860 --> 05:49.770
to run and nothing else.

05:49.780 --> 05:55.290
So you you choose it you're going to start to write some code and get this new web app.

05:55.330 --> 05:56.070
OK exactly.

05:56.110 --> 06:00.520
So what you're going to do is make an image Yes build an image you create an image.

06:00.520 --> 06:00.960
Exactly.

06:00.960 --> 06:04.690
You build an image and then start with a docker file and I'm going to show you a kind of a complicated

06:04.690 --> 06:10.950
one for one of the big projects and here you go this is what one will look like.

06:13.160 --> 06:17.620
So you don't need to go through all the details but this is where it starts.

06:17.620 --> 06:22.640
There's a couple of things that are interesting here for example there's environment stuff so I can

06:22.640 --> 06:24.380
see path statements and things like that.

06:24.380 --> 06:24.600
Yeah.

06:24.620 --> 06:28.780
We're trying to in order to get much part of this run so it's actually got to run something.

06:28.880 --> 06:29.160
Yeah.

06:29.180 --> 06:30.860
Holy smoke it's running an apt get.

06:30.860 --> 06:32.640
It's actually down.

06:32.720 --> 06:36.040
Just like I run it get on Alexander's time to update something in.

06:36.050 --> 06:39.970
This is essentially a Linux system underneath.

06:40.030 --> 06:49.210
It just it's everything that in this case an ability to machine without the actual Linux kernel.

06:49.220 --> 06:51.900
So it's everything that's above that.

06:52.000 --> 06:57.850
So the whole thing that this guy is to do is to just open up a python.

06:58.300 --> 07:00.470
It creates an environment to run Python.

07:00.580 --> 07:04.930
So it goes and pulls everything down that Python will need to run.

07:04.930 --> 07:12.260
I thought I saw Can we go back to your images images did I not see a python in there yet.

07:12.540 --> 07:14.490
In fact we've already downloaded a copy of Python.

07:14.530 --> 07:15.960
You think we play in this.

07:16.320 --> 07:18.130
Let's go ahead and run your Python.

07:18.270 --> 07:19.850
So go ahead and actually run that.

07:19.860 --> 07:25.100
So in this case I'm going run what's called an interactive session.

07:25.830 --> 07:32.400
So well just Dr. run incredibly complex guys I assure you that security plus is not going to quiz you

07:32.670 --> 07:34.170
on Doc or command line statements.

07:34.170 --> 07:39.050
I just want to make sure we can get the idea of actually starting up a container and watching it go.

07:39.300 --> 07:47.070
So I'm going to run my 3.6 Python image and then I'm going actually run the command Python.

07:47.610 --> 07:51.230
In this case I'm going to tell the image what command I would like to run.

07:51.780 --> 07:58.060
You saw on the the docker file that by default it would actually just run Python 3.

07:58.290 --> 08:00.610
But in this case we're just going to run it manually.

08:02.580 --> 08:03.610
So it's going to take an action.

08:03.630 --> 08:04.340
There it is.

08:04.350 --> 08:05.130
That's Python.

08:05.130 --> 08:08.890
So we were just waiting for you know straight up interactive python here.

08:08.910 --> 08:09.520
Exactly.

08:09.600 --> 08:10.620
Can you do one plus one.

08:10.620 --> 08:11.990
Is this like real Python.

08:12.120 --> 08:12.690
It's real.

08:12.720 --> 08:13.370
It's all over.

08:13.380 --> 08:14.460
All right so.

08:14.650 --> 08:15.660
OK.

08:15.750 --> 08:17.280
It still looks like a VM.

08:17.280 --> 08:19.600
What's the big difference here.

08:19.770 --> 08:28.340
Well when I exit here you I'm back to my terminal command line command prompt but so that the container

08:28.340 --> 08:34.760
is now exited it's now no longer running the container only lives to run whatever you have selected

08:34.760 --> 08:40.940
is run in the moment whatever piece of that app or app gets turned off it's gone.

08:40.970 --> 08:41.480
All right.

08:41.480 --> 08:42.290
That makes sense.

08:42.410 --> 08:46.100
So then I can see why people would use this and develop environ because not only do you have all this

08:46.100 --> 08:47.630
wonderful isolation.

08:47.630 --> 08:48.140
Right.

08:48.170 --> 08:51.920
Not only do you have this incredible control over Vergini and all that type of stuff.

08:52.060 --> 08:58.340
Not only do you get the security of the isolation but then more than that it literally lives only to

08:58.340 --> 08:59.240
do that one thing.

08:59.240 --> 08:59.930
Exactly.

09:00.080 --> 09:08.360
And I can run as many of these as I want so if I need one copy of my Python or my web application running

09:08.450 --> 09:16.370
I can just fired up if I need 10 if I need a hundred if I need 10000 I can use one image and spawn as

09:16.370 --> 09:19.880
many containers from that as I need.

09:19.880 --> 09:20.310
Cool.

09:20.310 --> 09:20.840
All right.

09:20.960 --> 09:25.000
Well Mike that's really the critical stuff I want to look at.

09:25.000 --> 09:26.770
So what what what do we look at it right here.

09:26.780 --> 09:31.670
Just showing you the actual images that are still running and exited so you can see right there at the

09:31.670 --> 09:38.270
top there is the one we just ran with the command Python and directly below it is the one we ran while

09:38.270 --> 09:41.700
we were rehearsing for this episode to make sure everything worked exactly.

09:41.780 --> 09:42.830
Well that's pretty cool Mike.

09:42.830 --> 09:43.210
Thanks.

09:43.220 --> 09:45.980
Listen I appreciate you give me a tour of invaders.

09:46.000 --> 09:51.490
But so you understand this is for security plus So there's going to be one takeaway that somebody who's

09:51.500 --> 09:54.430
studying for security plus ought to know about containers.

09:54.430 --> 09:55.930
What would that be.

09:56.030 --> 09:56.800
Isolation.

09:56.800 --> 10:03.560
They they keep your the container keeps the application isolated and actually keeps everything simpler

10:03.570 --> 10:06.440
so you have less attack surface.

10:06.440 --> 10:13.490
And if you are compromised they can't get access to the entire operating system and all the rest of

10:14.180 --> 10:15.410
your critical data.

10:15.410 --> 10:22.700
And so isolation and that's an reduce the texture of this or some of the most important parts of containerization

10:22.700 --> 10:23.620
for Kerry.

10:23.630 --> 10:24.310
Fantastic.

10:24.320 --> 10:25.000
Thanks Mike.

10:25.000 --> 10:26.280
No problem.