Last updated: Apr 24, 2020
IMAGE GALLERY (13)
- in dockers well very much like regular unix base mounting works.
Not practical to remove and recreate dockers on every code change
Docker already caches files in layers with hash
When you run an image and generate a container, you add a new writable layer (the “container layer”) on top of the underlying layers.
Only the instructions
COPYinstructions, the contents of the file(s) in the image are examined and a checksum is calculated for each file.
Use alpine as base image
VOLUMEinstruction should be used to expose any database storage area, configuration storage, or files/folders created by your docker container. You are strongly encouraged to use VOLUME for any mutable and/or user-serviceable parts of your image.
VOLUMEinstruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers.
- The host directory is declared at container run-time: The host directory (the mountpoint) is, by its nature, host-dependent. This is to preserve image portability, since a given host directory can’t be guaranteed to be available on all hosts. For this reason, you can’t mount a host directory from within the Dockerfile. The VOLUME instruction does not support specifying a host-dir parameter. You must specify the mountpoint when you create or run the container.
is a group of interrelated services that share dependencies, and can be orchestrated and scaled together.
- Alpine Linux
Linux distribution based on
Uses hardened kernel
User-space binaries are position-independent-executables
Quick boot-up times
The image is only 5 MB in size and
has access to a package repository
provides several Unix utilities in a single executable file.
Swiss army knife of embedded linux
Where are docker images and layers stored on system ?
docker info /var/snap/docker
DIfference between ADD and COPY
ADD instruction copies new files, directories or remote file URLs from
COPY instruction copies new files or directories from
How to keep local directory synchronized within container directory?
HANDLING PERMISSIONS WITH DOCKER VOLUMES
- If you write to the volume you won’t be able to access the files that container has written because the process in the container usually runs as root.
You shouldn’t run the process inside your containers as root but even if you run as some hard-coded user it still won’t match the user on your laptop/jenkins/staging.
# Create a localuser in container ARG USER_NAME=avi ARG USER_ID=1000 ARG GROUP_NAME=avi ARG GROUP_ID=1000 RUN groupadd --gid $GROUP_ID $GROUP_NAME \ && useradd --uid $USER_ID --gid $GROUP_ID $USER_NAME USER $USER_NAME COPY . /blog WORKDIR /blog VOLUME [ "/blog", ]
- swarm - orchestrator
- service - docker compose
- containers - Dockerfile
Alternative swarm kubernatives1
- Docker has built in monitoring endpoint for Prometheus
- Docker swarm orchestrated for monitoring
- docker ELK
- swarmpit gui
- can scale, kill services from GUI, see logs, ssh into container
Provision docker daemon to send monitoring data to prometheus[^7]
docker swarm init docker node ls docker node ps
- Like make file, but for docker services
Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands
docker-machine create --driver virtualbox default docker run -d -p 8000:80 nginx curl (docker-machine ip default):8000 VBoxManage showvminfo default VBoxManage list vms / runningvms
docker run swarm create2
- The relation between “docker/swarm” and “docker/swarmkit”
- swarmkit | swarm mode | swarm container
- swarm examples
Container ORchestration Wars
- apache Mesos
- Container scheduling and Management
- Minikube for local development and educational purposes
- Pods are instances of a container deployment
- Services are endpoints that exports ports to outside world
- Kubernetes cheatsheet3
- build your image and then create the kubernetes resources using kubectl command
- Remember to build the images from Dockerfile in K8 context minikube
- Process Sharing between containers
- Access config files from other containers
Komposetranslator service from docker-compose to openstack or K8 envs
A Jobs in Kubernetes is a supervisor for pods carrying out batch processes, that is, a process that runs for a certain time to completion, for example a calculation or a backup operation.
minikube config view minikube start --vm-driver=virtualbox kubectl cluster-info minikube dashboard kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node kubectl get nodes kubectl get deployments kubectl get pods kubectl get events kubectl label nodes <your-node-name> disktype=ssd kubectl get nodes --show-labels # schedule the pod kubectl apply -f https://k8s.io/examples/pods/pod-nginx.yaml # get container shell access running inside pod kubectl exec -it init-demo -- /bin/bash kubectl expose deployment hello-node --type=LoadBalancer --port=8080 kubectl get services minikube service hello-node minikube addons list minikube cache add ubuntu:16.04 minikube cache list minikube addons list minikube tunnel - Load Balancing, alters n/w routes
- BLue green deployments
- Load Balancing via HAproxy, nginx, swarm cluster
- Deploy a hugo website to K8 clusterp4
- REDIS REmote DIdistributed Sstore - in-memoery KV store
How to write an excellent Dockerfile
- Keep app versions on top and as Labels, env vars
sha256of downloads and stop on failure
docker-compose up Creating network "prometheus_default" with the default driver ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network docker network ls docker network prune
no space left on device
- https://docs.docker.com/config/thirdparty/prometheus/ [return]
- https://stackoverflow.com/questions/48723608/docker-run-swarm-create-vs-docker-swarm-init [return]
- https://kubernetes.io/docs/reference/kubectl/cheatsheet/#creating-objects [return]
- https://www.linode.com/docs/applications/containers/kubernetes/deploy-container-image-to-kubernetes/ [return]