docker – Page 2

Enable buildkit in docker and use heredoc feature

Why buildkit?
– Better build logs
– Better build cache

Temp enable buildkit

nginx.Dockerfile

# syntax=docker/dockerfile:1.3-labs
FROM nginx

COPY <<EOF /usr/share/nginx/html/index.html
"hola Duniya"
EOF

DOCKER_BUILDKIT=1 docker build -t here-nginx -f nginx.Dockerfile .

Enable buildkit permanently :

echo "{ "features": { "buildkit": true } }" > /etc/docker/daemon.json


systemctl restart docker

More : https://github.com/moby/buildkit

Introduction to heredocs in Dockerfiles

Mount single file in docker

We can use –mount type=bind parameter to mount single file

docker run  -d -p 9090:9090 --mount type=bind,source=/opt/prometheus/prometheus.yml,target=/etc/prometheus/prometheus.yml prom/prometheus:v2.22.0

Using docker-compose file

version: "3.7"    
services:
  prometheus:
    image: prom/prometheus:v2.22.0
    volumes:
      - type: bind
        source: /opt/prometheus/prometheus.yml
        target: /etc/prometheus/prometheus.yml
    ports:
      - 9090:9090

More : https://stackoverflow.com/questions/42248198/how-to-mount-a-single-file-in-a-volume

https://docs.docker.com/storage/bind-mounts/

how to start learn docker and kubernetes

Linux – installation of different distro with lvm, encrypted lvm, plain
Shell scripting – auto restart job , sed , awk
Docker – jenkins setup, wordpress setup with persistent volume
kubernetes – cluster setup, deployment

trivy docker image scanner CI

docker run -v /var/run/docker.sock:/var/run/docker.sock -v /root/trivy-cache:/root/.cache/ aquasec/trivy:0.18.3 image -f json nginx

https://aquasecurity.github.io/trivy/v0.18.3/examples/report/

Grafana docker compose

version: '3'
services:
  grafana:
    image: grafana/grafana
    container_name: grafana
    restart: unless-stopped
    environment:
      TZ: "Asia/Kolkata"
      GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource,simpod-json-datasource,marcusolsson-json-datasource"
    volumes:
      - /root/grafana/data:/var/lib/grafana
    ports:
      - 3000:3000

ELK on docker-compose

version: '2.2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0
    container_name: elasticsearch
    environment:
      discovery.type: "single-node"
    volumes:
      - /root/elasticsearch:/usr/share/elasticsearch/data
    ports:
      - 9200:9200

  kibana:
    image: docker.elastic.co/kibana/kibana:7.12.0
    container_name: kibana
    environment:
      elasticsearch.hosts: "elasticsearch:9200"
    ports:
      - 5601:5601

docker ARG and ENV

ARG is only available during build
ENV is available can be available during build as well as after the build

FROM httpd
ARG arg1
ENV env1=evalue1
ENV env2=${arg1}
ENV env3=evalue3

docker build --build-arg arg1=atest -t httpd-test .

docker run -d --env-file=env_file  httpd-test

Rabbitmq docker-compose

version: '3'
services:
  rabbitmq:
    image: rabbitmq:3-management
    restart: always
    container_name: rabbitmq
    environment:
      TZ: "Asia/Kolkata"
      RABBITMQ_DEFAULT_USER: username
      RABBITMQ_DEFAULT_PASS: password
    volumes:
      - /opt/rabbitmq/data:/var/lib/rabbitmq
    ports:
      - 5671:5671
      - 5672:5672
      - 15672:15672

Docker command :

dodocker run -d -p 5671:5671 -p 5672:5672 -p 15672:15672 -v /opt/rabbitmq/data:/var/lib/rabbitmq -e RABBITMQ_DEFAULT_USER=user -e RABBITMQ_DEFAULT_PASS=password  -e TZ="Asia/Kolkata" --restart unless-stopped rabbitmq:3-management

Sonatype Nexus3 – Docker compose

version: '3'
services:
  jenkins:
    image: sonatype/nexus3:3.29.0
    user: root:root
    restart: always
    container_name: nexus
    environment:
      TZ: "Asia/Kolkata"
    volumes:
      - /opt/nexus-data:/nexus-data
    ports:
      - 8081:8081

Get admin passwords:

docker exec -it nexus bash

find / -iname admin.*

#OR

docker exec -it nexus  cat /nexus-data/admin.password

More : https://hub.docker.com/r/sonatype/nexus3#user-content-persistent-data

Nomad – Container orchestration example for Dev environment

#Install nomad

-Download the stable release form https://www.nomadproject.io/downloads

wget https://releases.hashicorp.com/nomad/1.0.1/nomad_1.0.1_linux_amd64.zip

unzip nomad_1.0.1_linux_amd64.zip

mv nomad /usr/local/bin/

#start nomad in dev mode

nomad agent -dev

nomad node status

#Install docker https://docs.docker.com/engine/install/centos/

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io

systemctl start docker
systemctl enable docker

#Create simple nginx job file (nginx.nomad)

job "nginx" {
  datacenters = ["dc1"]
  type = "service"

  update {
    max_parallel = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    progress_deadline = "10m"
    auto_revert = false

    canary = 0
  }
  migrate {
    max_parallel = 1
    health_check = "checks"
    min_healthy_time = "10s"
    healthy_deadline = "5m"
  }
  group "cache" {
    count = 1

    network {
      port "nginx-port" {
        to = 80
      }
    }

    service {
      name = "nginx-port"
      tags = ["nginx", "web"]
      port = "nginx-port"

    }

    restart {
      attempts = 2
      interval = "30m"
      delay = "15s"
      mode = "fail"
    }

    ephemeral_disk {
      size = 300
    }


    task "nginx" {
      driver = "docker"

      config {
        image = "nginx"
        ports = ["nginx-port"]
      }

      resources {
        cpu    = 500
        memory = 256
      }

    }
  }
}

#Nomand commands for Run,Stop, job status and logs

nomad job status

nomad job run nginx.nomad

nomad job stop nginx

nomad job status nginx

nomad alloc status <Allocations ID>

nomad alloc logs <Allocations ID>

#Access webUI at http://127.0.0.1:4646