Chapter 3. Docker

Docker is an open source project that extends Linux containers to provide the capability to package an application with its runtime dependencies. It provides a docker command-line interface (CLI) to manage container images.

The current releases of Red Hat Enterprise Linux and Red Hat Enterprise Linux Atomic include two different versions of Docker. You can choose from:

  • docker: This package includes the version of docker that is the default for the current release of Red Hat Enterprise Linux. Install this package if you want a more stable version of docker that is compatible with the current versions of Kubernetes and OpenShift available with Red Hat Enterprise Linux.
  • docker-latest: This package includes a later version of docker that you can use if you want to work with newer features of docker. This version is not compatible with the versions of Kubernetes and OpenShift that are available with the current release of Red Hat Enterprise Linux.

The docker, source-to-image packages, and running .NET Core container images are supported only on Red Hat Enterprise Linux 7 Server and Red Hat Enterprise Linux Atomic Host. You cannot install docker or run the images on Red Hat Enterprise Linux 7 Workstation or Red Hat Enterprise Linux 6 or earlier.

3.1. Linux Containers

Linux Containers is a dense application packaging and isolation technology that provides resource management, process isolation, and security on a single host. Applications are packaged with their required runtime components and deployed on a certified Red Hat Enterprise Linux host. It allows one system to run multiple secure, isolated runtimes for applications to increase system utilization.

Several components are needed for Linux containers to function correctly, and most of them are provided by the Linux kernel. Kernel namespaces ensure process isolation, and Control Groups (cgroups) are employed to control the system resources. Security-Enabled Linux (SELinux) is used to assure separation between the host and the container and also between the individual containers. Management interface forms a higher layer that interacts with the aforementioned kernel components and provides tools for construction and management of containers.

Image-based containers allow you to host multiple instances and versions of an application with minimal overhead and increased flexibility. Such containers are not tied to the host-specific configuration, which makes them portable.

When using SELinux for controlling processes within a container, make sure that any content that is volume mounted into the container is readable and potentially writable, depending on the use case. For more information, see Using Volumes with the docker Container Can Cause Problems with SELinux.

For more information on containers and container images, see the Core Concepts of the OpenShift Enterprise 3.0 Architecture, which discusses core concepts and methods related to delivering containerized applications.

3.2. Get Docker in Red Hat Enterprise Linux 7

To get an environment where you can develop Docker-formatted containers, you can install a RHEL 7 system to act as a development system as well as a container host. The docker package is stored in a Red Hat Enterprise Linux Extras repository. See the Red Hat Enterprise Linux Extras Life Cycle article for a description of support policies and life cycle information for the Red Hat Enterprise Linux Extras channel.

If you want to create Docker-formatted images or containers when using the Red Hat Enterprise Linux 7 subscription model, you must properly register and entitle the host computer on which you build them. When you use yum install within a container to add packages, the container automatically has access to entitlements available from the Red Hat Enterprise Linux 7 host so it can get RPM packages from any repository enabled on that host.

The Red Hat Enterprise Linux 7 base image container in docker-format can be found here.


Currently, you must have root privilege to run the docker command in Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux Atomic Host. Configuring sudo will work if you prefer not to log in directly to the root user account.

Section 1.3, Getting Docker in RHEL 7 describes how to install and register Red Hat Enterprise Linux 7 and then install docker.

3.3. Get Docker in Red Hat Enterprise Linux 7 Atomic Host

Because Red Hat Enterprise Linux Atomic Host is more like an appliance than a full-featured Linux system, it is not made for you to install RPM packages or other software on. Software is added to Red Hat Enterprise Linux Atomic Host systems by running container images.

Red Hat Enterprise Linux Atomic Host has a mechanism for updating existing packages, but it does not have a mechanism for allowing users to add new packages. You should consider using a standard Red Hat Enterprise Linux 7 Server system to develop your applications so you can add a full complement of development and debugging tools. You can then use Red Hat Enterprise Linux Atomic Host to deploy your containers into a variety of virtualization and cloud environments.

You can use a Red Hat Enterprise Linux Atomic Host system to run, build, stop, start, and otherwise work with containers. Section 1.4, Getting Docker in RHEL 7 Atomic Host describes how to install and register RHEL 7 and then install Docker.

3.4. Working with Docker-formatted Containers

You can manage Docker-formatted images that are on your system in several ways, whether or not they have been run. The docker run command lets you say which command to run in a container. Once a container is running, you can stop, start, and restart it. You can remove containers you no longer need. (In fact, you probably want to.) Before you run an image, it is a good idea to investigate its contents.

See Section 1.7.5, Working with docker-formatted Containers for details on how to work with these containers.

3.5. Use .NET Core Container Images

There are two basic approaches that you can take to use the container images shipped with .NET Core:

  • using base images
  • using Source-to-Image (S2I).

3.5.1. Use Base Images

The Red Hat Enterprise Linux 7 images are available through Red Hat’s subscription registry using the following command.

# docker pull

To use container images provided by Red Hat as base images in your own Dockerfile, add the following line to it.


Details about working with Dockerfiles is covered in Red Hat Enterprise Linux Atomic Host 7 Getting Started with Containers.

Detailed information on Dockerfiles can be found in the Dockerfile reference document.

The following steps will guide you through creating, building, publishing and deploying a .NET Core 1.1 project as a docker image on a Red Hat Enterprise Linux 7 Server:

  1. Create a Dockerfile with the following contents:

    COPY hello-world /opt/app-root/src
    CMD dotnet bin/Release/netcoreapp1.1/publish/hello-world.dll
  2. Create a hello-world project and publish it.

    $ scl enable rh-dotnetcore11 bash
    $ mkdir hello-world
    $ dotnet new && dotnet restore && dotnet publish c Release -r rhel.7.2-x64
    $ cd ..
  3. Build the docker image and run the .NET Core 1.1 application inside it. You should see a "Hello World" message.

    # docker build -t dotnet-hello-world .
    # docker run dotnet-hello-world

3.5.2. Use Source-to-Image

Source-to-Image (S2I) is a framework and a tool for writing images that use the application source code as an input and produces a new image that runs the assembled application as an output. The main advantage of using the S2I tool for building reproducible container images is the ease of use for developers.

See Section 2.2, “Configuration” for details about using environment variables to control the build behavior of your .NET Core application.

  1. To use the S2I tool on your system, ensure that the rhel-7-server-extras-rpms channel is enabled.

    # subscription-manager repos --enable=rhel-7-server-extras-rpms
  2. Run the following command to install the S2I package.

    # yum install source-to-image

The build process consists of the three fundamental elements that are combined into a final container image:

  • Source code of your .NET Core application
  • Builder image, a container image provided by Red Hat that supports building images using the S2I tool
  • S2I scripts that are part of the builder image.

During the build process, S2I creates a tar file that contains the source code and scripts, and then it streams that file into the builder image.

For more information on the Source-to-Image framework, see S2I Requirements.

More information about the S2I tool is available at GitHub.

  1. Build the test application from the .NET Core repository on GitHub, underneath the 1.1/test/asp-net-hello-world/ directory.

    $ sudo s2i build git:// --context-dir=1.1/test/asp-net-hello-world dotnet/dotnetcore-11-rhel7 dotnetcore11-rhel7-app

    This produces a new application image: dotnetcore-11-rhel7-app.

  2. Run the resulting dotnetcore-11-rhel7-app image:

    # docker run -d -p 8080-8081:8080-8081 --name example-app dotnetcore-11-rhel7-app
  3. See the app running at http://localhost:8080/.

    $ curl http://localhost:8080/
  4. "Hello World" is returned.
  5. See the app running at https://localhost:8081/.

    $ curl -1 --insecure https://localhost:8081/
  6. Hello World is returned.
  7. Stop the container.

    # docker stop example-app

See Chapter 12 in Transitioning to .NET Core on Red Hat Enterprise Linux for details on how to build, configure, and run a .NET Core image in a container. The instructions describe how to do this in .NET Core 1.0, but you should be able to run the same commands by replacing 1.0 and 10 with 1.1 and 11, respectively, if you are using .NET Core 1.1 instead of .NET Core 1.0.

Report a bug