---------------------------------Docker Hub: hub.docker.

com

https://container.training/

List of commands: https://docs.docker.com/engine/reference/commandline/docker/

References: https://docs.docker.com/engine/reference/
Basics: https://docker-curriculum.com/
Docker-in-docker: https://itnext.io/docker-in-docker-521958d34efd,
https://devopscube.com/run-docker-in-docker/
ngrok: https://ngrok.com/
Nexus documentation: https://help.sonatype.com/repomanager3 ;
https://hub.docker.com/r/sonatype/nexus3
Subnets: https://www.freecodecamp.org/news/subnet-cheat-sheet-24-subnet-mask-30-26-
27-29-and-other-ip-address-cidr-network-references/ ;
https://www.cloudflare.com/en-in/learning/network-layer/what-is-a-subnet/
Docker on WSL: https://docs.microsoft.com/en-us/windows/wsl/tutorials/wsl-
containers, https://docs.docker.com/desktop/windows/wsl/

DCA: https://github.com/Evalle/DCA
DCA: https://medium.com/bb-tutorials-and-thoughts/250-practice-questions-for-the-
dca-exam-84f3b9e8f5ce

Download CLI/Daemon: https://download.docker.com/win/static/stable/x86_64/

-------------------
Docker Introduction
-------------------

https://www.linuxjournal.com/content/docker-lightweight-linux-containers-
consistent-development-and-deployment
https://blog.jayway.com/2015/03/21/a-not-very-short-introduction-to-docker/

------------
Installation
------------
https://learnk8s.io/installing-docker-kubernetes-windows

$ sudo yum update -y

$ sudo yum install docker -y

$ sudo systemctl status docker

$ sudo groupadd docker # Group already exists

$ sudo usermod -aG docker $USER
$ newgrp docker

$ sudo systemctl start docker

$ sudo systemctl enable docker

(or)
$ systemctl enable --now docker

---------------
Basic commands
---------------
List of commands: https://docs.docker.com/engine/reference/commandline/docker/

docker --help
docker version
docker -v
docker info
docker events
docker system df
docker system prune

docker ps -> Lists all running containers only

docker ps | head -n2 -> Lists recent 2 running containers only
docker ps -a -> Lists all containers(running & exited) with unique random names
docker ps -a -q -> List only container IDs; q indicated quiet mode

-------------
Docker images
-------------
Official Images: https://github.com/docker-library/official-images (or)
https://github.com/docker-library/docs (or)
https://github.com/docker-library/docs/tree/master/python

docker search ubuntu

docker history <image_name> -> Get history of image/details of each layer
docker image inspect <image_name>
docker pull ubuntu:latest -> Pull an image from DockerHub
docker pull hello-world:1.0
docker pull 172.17.18.5:3000/nginx:latest
docker pull registry.tesla.com/images/nginx:latest
docker images / docker image ls -> List images
docker image rm <image_name> / docker rmi <image_name> -> Removes an image
docker rmi <image_name> -> Another command to Remove an image
docker image prune -a > Remove all unused docker images; containers that are not
using these images

By default, you are prompted to continue. To bypass the prompt, use the -f or --
force flag.
You can limit which images are pruned using filtering expressions with the --filter
flag.
For example, to only consider images created more than 24 hours ago:

docker image prune -a --filter "until=24h"

docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] -> Rename an image
docker image push <image> -> Push image to docker repository(need to login, see
docker login--help)
docker login -u <user_name> <URL> ; URL can be left blank if pushing to DockerHub
docker login -u <user-name> -p <password/token> <URL>
docker logout

-----------------
Docker containers
-----------------
https://container.training/intro-selfpaced.yml.html#103
https://rakeshjain-devops.medium.com/elucidating-containers-and-container-runtimes-
b4897b45b377

Example images:
hello world(tutum)
jpetazzo/clock
Jenkins, Nexus3, Ubuntu, Nginx

docker container run jpetazzo/clock

docker ps
docker run -it ubuntu ; apt update -y ; apt-get install -y iputils-ping ; apt
install figlet; figlet Devops
Ctrl + p + q -> come out of interactive mode without killing the process/container

docker run busybox echo "hello from busybox"

docker run -it busybox sh

docker run -it ubuntu hostname

docker run -it --name os ubuntu hostname
docker run -it --restart=always ubuntu hostname
Supported: no, on-failure, always, unless-stopped
(https://docs.docker.com/config/containers/start-containers-automatically/)

docker commit -m "ubuntu with ping" 8ec ubuntu-ping

docker run -it ubuntu ping 8.8.8.8
docker run -it ubuntu-ping ping 8.8.8.8

docker logs <container id>

docker logs -f <container id>
docker logs -f --tail <number> <container id> -> Get live logs one line at a time
docker logs -f --tail 2 <container_name>
docker run -p HOST_PORT:CONTAINER_PORT -e ENV_VAR=VALUE IMAGE COMMAND
(https://www.sciencedirect.com/topics/computer-science/registered-port)

docker run -it -p 80:5000 kunchalavikram/flask-simpledetails:v1

docker container run --publish 80:80 nginx

docker container run --publish 80:80 --detach nginx
docker container run --publish 80:80 - d nginx

docker container attach nginx -> Reattach the container to terminal/std_output

docker ps -> Lists all running containers only
docker ps -a -> Lists all containers(running & exited) with unique random names
docker ps -a -q -> List only container IDs
docker run centos:7 -> runs centos
docker rm <container id/name> -> remove a container
docker rm -f $(docker ps -a -q) -> remove all containers forcefully by container
IDs

docker container run --publish 80:80 --name webhost nginx -> creates a container
with name as webhost
docker run --rm --name c1 alpine echo hello
docker run --restart=always --rm --name c1 alpine echo hello -> WONT WORK

docker run -it --rm -p 8080:3000 -p 8081:3001 -e RACK_ENV=development -e

HOSTNAME=my-container <image>

docker run -p HOST_PORT:CONTAINER_PORT -e ENV_VAR=VALUE IMAGE

docker run -d -p 3306:3306 --name db -e MYSQL_RANDOM_ROOT_PASSWORD=yes mysql
docker run --env-file=env_file_name alpine printenv
docker run -it --rm centos:7 curl --version

docker container start < unique container id> -> start a stopped container
docker container stop <unique container id> -> stops container
docker container stop $(docker ps -a -q) -> Stops all containers
docker container kill <unique container id> -> force kill a non-responding
container
----------- STOP vs KILL
docker stop attempts to gracefully shutdown container(s) by issuing a SIGTERM
signal(kill -15) to the main process inside the container

docker kill (by default) immediately stops/terminates them by issuing a (kill -9)
signal to the main process

With docker stop, the container(s) must comply to the shutdown request within a
(configurable) grace period (which defaults to 10 seconds),
after which it forcibly tries to kill the container. docker kill does not have any
such timeout period.
-------------

Signal Name Signal Number Description

SIGHUP 1 Hang up detected on controlling terminal or death of controlling
process
SIGINT 2 Issued if the user sends an interrupt signal (Ctrl + C)
SIGQUIT 3 Issued if the user sends a quit signal (Ctrl + D)
SIGFPE 8 Issued if an illegal mathematical operation is attempted
SIGKILL 9 If a process gets this signal it must quit immediately and will
not perform any clean-up operations
SIGALRM 14 Alarm clock signal (used for timers)
SIGTERM 15 Software termination signal (sent by kill by default)

docker container logs <container name> -> displays logs in static mode
docker container logs -f <container name> -> displays logs in follow/live mode
docker container rm <container 1> <container 2 -> remove docker containers; doesn’t
remove running containers
docker container rm -f <container 1> -> Force remove running containers
docker container rm -f $(docker ps -a -q) -> Removes all containers; -q is quiet
mode that displays only numeric IDs of containers
docker rm $(docker ps -a -q -f status=exited)

docker commit -m "message" <container-id> <new-image-name> -> save changes made to

a container to a image

docker top <container> -> Lists specific processes in a specific container

(ps utility is available in nginx:alpine docker image)

docker container inspect <container> -> gives the config and meta data used to
start this container; returns JSON array
docker container stats <container> -> gives live info on CPU, Memory usage, I/O of
the container
docker stats -> gives live info on CPU, Memory usage, I/O of all the containers

docker diff <container> -> List the changed files and directories in a container᾿s
filesystem since the container was created.
Three different types of change are tracked:
A = file or directory was added
D = file or directory was deleted
C = file or directory was changed

docker export <container> -o file.tar -> export file system contents of a container
as a tarball
docker export <container> > file.tar
docker import file.tar -> This creates a new untagged image
docker events -> Use docker events to get real-time events from the server.
docker run -d -it --name c1 ubuntu sleep 300

docker stop c1
docker kill c1

kill <PID>
kill -9 <PID>

docker run -d --name db -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=university

mysql:latest
https://phoenixnap.com/kb/how-to-create-a-table-in-mysql
https://dbeaver.io/download/
https://stackoverflow.com/questions/50379839/connection-java-mysql-public-key-
retrieval-is-not-allowed

---------------
Docker Registry
---------------
registry:2

https://docs.docker.com/registry/deploying/
https://docs.docker.com/registry/spec/api/
https://www.exoscale.com/syslog/setup-private-docker-registry/

A registry can be considered private if pulling requires authentication

docker login -u <user-name> -p <password> <Repo-URL>

Once you login, a auth token will be saved under ~/.docker/config.json in user's
home directory
It is username:password base64 encoded

echo -n 'username:password' | base64 -> To manually encode

echo 'ENCODED_VALUE' | base64 -d -> To decode

cat $HOME/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "ergsffgG35gsjqyxofbkfdyu7s223l0MThA"
}
}
}

docker run -d -p 5000:5000 --restart=always --name registry2 registry:2

docker image tag <image-name> localhost:5000/<image-name>
docker push localhost:5000/<image-name>

docker run -d -p 5000:5000 --restart=always -v $PWD:/var/lib/registry -e

REGISTRY_STORAGE_DELETE_ENABLED=true --name registry2 registry:2

** To avoid deletion errors

[root@ip-172-31-7-249 ec2-user]# curl -v --silent -H "Accept:
application/vnd.docker.distribution.manifest.v2+json" -X DELETE
http://15.206.89.202/v2/nginx/manifests/sha256:5e95e5eb8be4322e3b3652d737371705e568
09ed8b307ad68ec59ddebaaf60e4
* Trying 15.206.89.202:80...
* Connected to 15.206.89.202 (15.206.89.202) port 80 (#0)
> DELETE
/v2/nginx/manifests/sha256:5e95e5eb8be4322e3b3652d737371705e56809ed8b307ad68ec59dde
baaf60e4 HTTP/1.1
> Host: 15.206.89.202
> User-Agent: curl/7.76.1
> Accept: application/vnd.docker.distribution.manifest.v2+json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 405 Method Not Allowed
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Wed, 18 Aug 2021 21:11:48 GMT
< Content-Length: 78
<
{"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}
* Connection #0 to host 15.206.89.202 left intact

Docker expects a secured channel by default, and that’s naturally a very good
thing.
Configuring Docker to accept connections to unsecure registries depends on your OS,
but it’s quite straightforward.

In order to push to insecure registries, we need to edit daemon.json file at

/etc/docker/daemon.json and add the below content.
Once edited, restart your docker daemon(systemctl restart docker)

{
"insecure-registries" : ["Repo-URL"]
}

On macOS you do it using the user interface, and the changes will automatically
restart the daemon:

Click on the Docker icon

Select Preferences… in the menu
Select the Daemon tab
Check the checkbox named Experimental features
In the first list box, enter the address (URL or IP) of the unsecure registry e.g.
127.0.0.1:5000
Wait a bit for the Docker daemon to restart, then push again to the registry. This
time, it should be a success:

APIs for registry2 container:

Get list of images: curl -X GET http://localhost:5000/v2/_catalog

Get list of image tags: curl -X GET http://localhost:5000/v2/<image-name>/tags/list

curl -X GET http://15.206.89.202:80/v2/nginx/tags/list

Delete an image tag:

-> First Get SHA ID for that specific tag
curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json"
-X GET \
http://localhost:5000/v2/<image-name>/manifests/latest 2>&1 | grep Docker-Content-
Digest | awk '{print($3)}'

-> Use the SHA ID to delete the image tag

curl -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json"
-X DELETE http://127.0.0.1:5000/v2/my-ubuntu/manifests/
sha256:f2557f94cac1cc4509d0483cb6e302da841ecd6f82eb2e91dc7ba6cfd0c580ab

--------
AWS CLI
--------
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html
https://docs.aws.amazon.com/cli/latest/userguide/
https://docs.aws.amazon.com/cli/latest/userguide/welcome-examples.html

aws --version
aws configure

--------
AWS ECR
--------

500 MB of private repository storage per month

for 1 year with the AWS Free Tier

https://aws.amazon.com/ecr/
https://aws.amazon.com/ecr/resources/
https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html
https://docs.aws.amazon.com/AmazonECR/latest/userguide/get-set-up-for-amazon-
ecr.html
https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html

aws configure
aws ecr create-repository --repository-name nginx --image-scanning-configuration
scanOnPush=true --region ap-south-1
docker tag nginx:latest 185558408682.dkr.ecr.ap-south-1.amazonaws.com/nginx:latest
aws ecr get-login-password --region ap-south-1 | docker login --username AWS --
password-stdin 185558408682.dkr.ecr.ap-south-1.amazonaws.com
docker push 185558408682.dkr.ecr.ap-south-1.amazonaws.com/nginx
aws ecr batch-delete-image --repository-name nginx --image-ids imageTag=latest
aws ecr batch-delete-image --repository-name nginx --image-ids imageTag=v1

--------
AWS ECS
--------
https://tutorialsdojo.com/amazon-elastic-container-service-amazon-ecs/
https://www.section.io/engineering-education/using-ecs-to-deploy-docker-app-to-aws/

------------
AWS Fargate
------------
https://www.janbasktraining.com/blog/what-is-aws-fargate/

-------------
docker volume
-------------
https://docs.docker.com/storage/
https://www.baeldung.com/ops/docker-volumes
https://www.section.io/engineering-education/sharing-data-between-docker-
containers/

Named volumes/Docker Volumes: Can persist data after we restart or remove a

container.
Also, it’s accessible by other containers. These volumes are created inside
/var/lib/docker/volume local host directory.

Bind mounts: Can persist data after we restart or remove a container.

As we can see, named volumes and bind mounts are the same, except the named volumes
can be found under a specific host directory, and bind mounts can be any host
directory.

docker volume ls
docker volume create test
docker volume inspect test
docker volume rm test
docker volume prune

--volumes-from

Bind:
docker run -d --name web -p 80:80 -v
$PWD/index.html:/usr/share/nginx/html/index.html nginx
docker run -d --name web -p 80:80 -v $PWD/nginx-data:/usr/share/nginx/html nginx

Named:
docker run -d --name web -p 80:80 -v nginx-data:/usr/share/nginx/html nginx
docker run -d -p 8080:8080 -p 50000:50000 -v jenkins-backup:/var/jenkins_home
jenkins/jenkins:lts

docker run -d -v nginx_backup:/usr/share/nginx/html -v nginx_logs:/var/log/nginx --

name web -p 80:80 nginx:latest

docker run -d \
--name devtest \
--mount source=myvol2,target=/app \
nginx:latest

Use a read-only volume:

docker run -d --name=nginxtest -v nginx-vol:/usr/share/nginx/html:ro nginx:latest

Shared volumes:
docker run -it --name C1 -v my_vol:/tmp ubuntu
root@475bs990:/# echo "Hello" > /tmp/test.log
root@ 475bs990:/# exit

docker run -it --name C2 --volumes-from C1 ubuntu

root@30fg4567:/# cat /tmp/test.log
Hello

---------------------
Environment Variables
---------------------
https://vsupalov.com/docker-arg-env-variable-guide/
https://docs.docker.com/engine/swarm/secrets/

docker run -t alpine printenv

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=24400feefaba
TERM=xterm
HOME=/root

docker run -t -e demo=devops alpine printenv

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ef71a062a6d7
TERM=xterm
demo=devops
HOME=/root

docker run -t -e demo=devops -e app_dir=/tmp alpine printenv

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4ff650c1493f
TERM=xterm
demo=devops
app_dir=/tmp
HOME=/root

SYSTEM ENV

[root@ip-172-31-4-240 ec2-user]# printenv

XDG_SESSION_ID=1
HOSTNAME=ip-172-31-4-240.ap-south-1.compute.internal
SHELL=/bin/bash
TERM=xterm
HISTSIZE=1000
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;
SUDO_UID=1000
USERNAME=root
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAIL=/var/spool/mail/ec2-user
PWD=/home/ec2-user
LANG=en_US.UTF-8
SHLVL=1
SUDO_COMMAND=/bin/su
HOME=/root
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
SUDO_GID=1000
[root@ip-172-31-4-240 ec2-user]# echo $SUDO_GID
1000
[root@ip-172-31-4-240 ec2-user]# echo $HOME
/root
[root@ip-172-31-4-240 ec2-user]# exit
exit
[ec2-user@ip-172-31-4-240 ~]$ echo $HOME
/home/ec2-user

docker run --env VARIABLE1=foobar alpine:3 env

docker run --rm -it --env-file config alpine env
docker run --rm -it --env-file details alpine env
docker run --rm -it -e DEPLOYMENT=dev -e APIKEY='cewwetgghgggg' -e AWS_USER=ec2-
user alpine env

$ echo VARIABLE1=foobar1 > my-env.txt

$ echo VARIABLE2=foobar2 >> my-env.txt
$ echo VARIABLE3=foobar3 >> my-env.txt

Take environment values from a file (env_file): docker run --env-file my-env.txt
alpine:3 env

Pass environment variable values from your host: docker run -e env_var_name alpine
env

docker run -d --name web -e BACKGROUND_COLOR=blue -e TEXT_COLOR=white -p 80:5000

kunchalavikram/flask-env:latest

DB-CONNECTOR:

docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=my_secret -e

MYSQL_DATABASE=test mysql:latest
docker run --rm --name db-connector -e DB_HOST=172.17.0.2 -e DB_USER=root -e
DB_PASSWORD=my_secret -e DATABASE=test kunchalavikram/db-connector:1.0

docker network create my_net

docker run -d --net my_net --name mysql -p 3306:3306 -e
MYSQL_ROOT_PASSWORD=my_secret -e MYSQL_DATABASE=test mysql:latest
docker run --rm --net my_net --name db-connector -e DB_HOST=mysql -e DB_USER=root
-e DB_PASSWORD=my_secret -e DATABASE=test kunchalavikram/db-connector:1.0

---------------
docker networks
---------------
https://docs.docker.com/network/
https://docs.docker.com/config/containers/container-networking/
https://docs.docker.com/network/links/
https://www.aquasec.com/cloud-native-academy/docker-container/docker-networking/
https://stackoverflow.com/questions/41768157/how-to-link-containers-in-docker
https://dev.vividbreeze.com/docker-networking-bridge-network/
https://foxutech.com/docker-bridge-networking/
https://runnable.com/docker/basic-docker-networking
https://www.section.io/engineering-education/understanding-docker-networking/
https://upcloud.com/community/tutorials/wordpress-with-docker/
https://www.linkedin.com/pulse/poor-mans-load-balancing-docker-luis-herrera
https://medium.com/patrik-bego/docker-networking-practical-examples-23900904486e

docker network --help

docker network ls
docker network inspect bridge
docker container inspect <container-name>
docker container inspect --format '{{.NetworkSettings.IPAddress}}' <container-name>
docker container inspect --format '{{range .NetworkSettings.Networks}}
{{.IPAddress}}{{end}}' <container-name>
docker network create --driver bridge my_net
brctl show
docker network create --driver bridge --subnet 182.18.0.1/24 --gateway 182.18.0.100
wp-mysqlnetwork
docker container run -d --name new_nginx --network my_app_net nginx:alpine
docker run -d --name web1 --network custom_bridge_01 nginx:alpine
docker container inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress.}}'
<container-name>
docker network connect <network> <app>
docker network disconnect my_app_net webhost -> Dynamically removes webhost from
my_app_net network

Install IPutils in Nginx

docker run -d --name nginx nginx
docker container exec -it nginx apt-get update -y && apt install inetutils-ping

--links
docker container run -d --name web2 nginx:alpine
docker container run -d --name web1 --link web2:web2 nginx:alpine
docker exec -it web1 bash
root@fd4ec3dc07b3:/# ping web2

--net-alias or –-network-alias
docker network create my_net -> creates a bridge network
docker container run -d --net my_net --net-alias search elasticsearch:2
docker container run -d --net my_net --net-alias search elasticsearch:2
docker container run --rm --net my_net alpine nslookup search

docker run -d --net mynet --name c1 --net-alias web kunchalavikram/hello-flask:v1

docker run -d --net mynet --name c2 --net-alias web kunchalavikram/hello-flask:v1
docker run -d --net mynet --name c3 --net-alias web kunchalavikram/hello-flask:v1
docker run --rm --net mynet curlimages/curl -s web:5000

docker run -e MYSQL_ROOT_PASSWORD=admin -e MYSQL_DATABASE=wordpress --name mysql -v

db:/var/lib/mysql -d mariadb:latest
docker run -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=admin --name
wordpress --link mysql:mysql -p 80:80 -v wp:/var/www/html -d wordpress

docker network create my_net

docker run -e MYSQL_ROOT_PASSWORD=admin -e MYSQL_DATABASE=wordpress --name mysql --
net my_net -v db:/var/lib/mysql -d mariadb:latest
docker run -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=admin --name
wordpress --net my_net -p 80:80 -v nginx:/var/www/html -d wordpress

----------------------
Load Balancing
----------------------

--> With Nginx:

https://superuser.openstack.org/articles/run-load-balanced-service-docker-
containers-openstackmic

docker run -d --name hello1 -p 8080:80 tutum/hello-world

docker run -d --name hello2 -p 8081:80 tutum/hello-world
docker run -d --name hello3 -p 8082:80 tutum/hello-world

docker run -d --name reverse-proxy -p 80:80 nginx:latest

docker run -d --name hello1 --net my_net tutum/hello-world

docker run -d --name hello2 --net my_net tutum/hello-world
docker run -d --name hello3 --net my_net tutum/hello-world

docker run -d --net my_net --name reverse-proxy -p 80:80 nginx

docker exec -it reverse-proxy /bin/bash

Change the config file /etc/nginx/conf.d/default.conf and add the below content.
#IPs represent the EC2 public IP

upstream backends {
server hello1:80;
server hello2:80;
server hello3:80;

# This server accepts all traffic to the port 80 and passes it to the upstream.
# Notice that the upstream name and the proxy_pass need to match.

server {
listen 80;

location / {
proxy_pass http://backends;
}
}

docker restart reverse-proxy

Access the application at: http://15.206.89.202/

--> With HAPProxy:

HA Proxy: https://www.haproxy.com/blog/haproxy-configuration-basics-load-balance-
your-servers/; https://hub.docker.com/r/haproxytech/haproxy-ubuntu

docker run -d --net my_net -p 80:80 --name haproxy -v

haproxy:/usr/local/etc/haproxy:ro haproxytech/haproxy-ubuntu:2.0
docker run -d --net my_net --name c1 kunchalavikram/hello-flask:v1
docker run -d --net my_net --name c2 kunchalavikram/hello-flask:v1
docker run -d --net my_net --name c3 kunchalavikram/hello-flask:v1

* All containers are running on 5000

docker restart haproxy

docker run -d --net my_net --name c1 --net-alias web kunchalavikram/hello-flask:v1

docker run -d --net my_net --name c2 --net-alias web kunchalavikram/hello-flask:v1
docker run -d --net my_net --name c3 --net-alias web kunchalavikram/hello-flask:v1

docker run --rm --net my_net curlimages/curl -s web:5000

----------
dockerfile
----------
https://www.youtube.com/watch?v=65pXw5ACVJU&t=159s

https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-
interact
https://docs.docker.com/language/
https://github.com/docker-library/official-images
https://docs.docker.com/engine/reference/builder/
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

https://learnk8s.io/blog/smaller-docker-images
https://adotpalindrome.wordpress.com/2020/02/25/three-ways-to-create-docker-images-
for-java/
http://tutorials.jenkov.com/docker/dockerfile.html
https://vsupalov.com/docker-arg-env-variable-guide/
https://codefresh.io/docker-tutorial/not-ignore-dockerignore-2/
https://sysdig.com/blog/dockerfile-best-practices/
https://cloud.google.com/architecture/best-practices-for-building-containers
https://docs.microsoft.com/en-us/visualstudio/docker/tutorials/docker-tutorial
https://developer.cisco.com/docs/iox/#!tutorial-build-sample-docker-type-python-
simple-app/tutorial-build-sample-docker-type-python-simple-app
https://www.section.io/engineering-education/how-to-containerize-a-python-
application/
https://scoutapm.com/blog/how-to-use-docker-healthcheck
https://www.indellient.com/blog/how-to-dockerize-an-angular-application-with-nginx/
https://github.com/heroku/node-js-getting-started
https://wkrzywiec.medium.com/build-and-run-angular-application-in-a-docker-
container-b65dbbc50be8
https://gobyexample.com/hello-world
https://www.askpython.com/python/environment-variables-in-python
https://github.com/wkrzywiec/aston-villa-app.git

************
Example-01:
************
FROM alpine/git as CLONE
WORKDIR /app
RUN git clone https://github.com/kunchalavikram1427/simple-html-page.git .

FROM nginx:stable-alpine
COPY --from=CLONE /app/index.html /usr/share/nginx/html/index.html

************
Example-02:
************
FROM alpine/git as CLONE
WORKDIR /app
RUN git clone https://github.com/wkrzywiec/aston-villa-app.git .

### STAGE 1: Build ###

FROM node:12.7-alpine AS build
WORKDIR /usr/src/app
COPY --from=CLONE /app/package.json /app/package-lock.json ./
RUN npm install
COPY --from=CLONE /app .
RUN npm run build

### STAGE 2: Run ###

FROM nginx:1.17.1-alpine
COPY nginx.conf /etc/nginx/nginx.conf
COPY --from=build /usr/src/app/dist/aston-villa-app /usr/share/nginx/html
***********

https://blog.mayadata.io/openebs/steps-to-deploy-angular-application-on-kubernetes
Nodejs multistage: https://morioh.com/p/4eb4646c371d
https://codefresh.io/docker-tutorial/create-docker-images-for-java/
https://adotpalindrome.wordpress.com/2020/02/25/three-ways-to-create-docker-images-
for-java/

https://acloudxpert.com/install-maven-on-amazon-linux-rhel/
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-
practices-how-and-why-to-build-small-container-images

mvn clean package

java -jar target/demo-0.0.1-SNAPSHOT.jar

https://docs.docker.com/develop/develop-images/multistage-build/
https://www.ardanlabs.com/blog/2020/02/docker-images-part1-reducing-image-size.html
https://tiangolo.medium.com/react-in-docker-with-nginx-built-with-multi-stage-
docker-builds-including-testing-8cc49d6ec305
https://github.com/tiangolo/blog-posts/tree/master/react-in-docker

https://learnk8s.io/developing-and-packaging-nodejs-docker
https://learnk8s.io/spring-boot-kubernetes-guide

Custom Nginx:

FROM nginx
COPY index.html /usr/share/nginx/html/index.html

FROM,ARG,ENV,LABEL,MAINTAINER,WORKDIR,VOLUME,RUN,ADD,COPY,EXPOSE,CMD,ENTRYPOINT,HEA
LTHCHECK,ONBUILD

Shell form:
CMD sleep 10

JSON/Executable form:
CMD ["sleep", "10"]]

VOLUME /app/nginx
docker run -d -v nginx_data:/app/nginx nginx

FROM python
CMD ["--version"]
ENTRYPOINT ["python3"]

FROM ubuntu:trusty
CMD ["localhost"]
ENTRYPOINT ["ping"]
import os
home_dir =os.environ['HOME']
username = os.environ['USER']
print(f'{username} home directory is {home_dir}')

docker build -t flaskapp .

docker build -t test -f Dockerfile_dev . -> if Dockerfile name is different
docker build --no-cache -t test -f DockerfileTest . -> Build without taking
previous build cache into consideration
docker build --build-arg some_variable_name=a_value -> Build with Arguments
docker build -t test --build-arg SERVICE_NAME=metadata-service --build-arg
PORT=2020 --target builder .

Health Status: docker container inspect --format '{{ .State.Health.Status }}' web

--------------------------
Dockerfile Best Practices
--------------------------
https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

--------------------------
Container Runtime Security
--------------------------

https://snyk.io/learn/container-security/runtime-security/

--------------------------
Multistage builds
--------------------------
https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

docker build --target <build-stage-name> -t <image-tag> . -> Build till a specific

stage in multi stage build

-----------------------
Distroless & Ephemeral
-----------------------
https://learnk8s.io/blog/smaller-docker-images
https://github.com/learnk8s/learnk8s.io/blob/master/src/smallerDockerImages/
content.md

https://medium.com/@luke_perry_dev/dockerizing-with-distroless-f3b84ae10f3a
https://www.abhaybhargav.com/stories-of-my-experiments-with-distroless-containers/
https://learnk8s.io/blog/smaller-docker-images
https://www.infracloud.io/blogs/secure-containers-cosign-distroless-images/
https://www.thoughtworks.com/radar/techniques/distroless-docker-images
https://hackernoon.com/why-its-important-to-keep-your-containers-small-and-simple-
618ced7343a5
https://towardsdatascience.com/the-easiest-way-to-debug-kubernetes-workloads-
ff2ff5e3cc75
https://nigelpoulton.com/kubernetes-ephemeral-containers/
https://minikube.sigs.k8s.io/docs/handbook/config/#enabling-feature-gates
https://medium.com/01001101/ephemeral-containers-the-future-of-kubernetes-workload-
debugging-c5b7ded3019f
--------------------
docker compose
--------------------
https://docs.docker.com/compose/networking/
https://vsupalov.com/docker-arg-env-variable-guide/
https://takacsmark.com/docker-compose-tutorial-beginners-by-example-basics/
https://github.com/kunchalavikram1427/voting-app
https://github.com/dockersamples/example-voting-app

.env file-> a file with key value pairs used to put values into the docker-
compose.yml & docker stack file which is in the same folder.
It’s exclusively a docker-compose.yml thing.

.env
VARIABLE_NAME=some value
OTHER_VARIABLE_NAME=some other value, like 5

USAGE:
version: '3'
services:
plex:
image: linuxserver/plex
environment:
- env_var_name=${VARIABLE_NAME} # here it is

Compose file Example:

version: '3'
services:
web01:
image:
container_name:
hostname:
environment:
- "home:/home"
env_file: env_file_name
depends_on:
- web02
volumes:
- "vol-01:/var/lib/"
networks:
- front-end
- back-end
ports:
- 80:80

web02:
build:
context: ./java
dockerfile: my-dockerfile
args:
- repo: my-repo
- build: 01
image: web02
container_name:
hostname:
environment:
 - HOME=/home
volumes:
- "vol-01:/var/lib/"
networks:
- front-end
ports:
- 80:80

volumes:
vol-01

networks:
front-end
back-end

Building Image Using Docker Compose:

version: "3"
services:
app:
build:
context: .
args:
- IMAGE_VERSION=3.7.0-alpine3.8
image: takacsmark/flask-redis:1.0
environment:
- FLASK_ENV=development
ports:
- 5000:5000
redis:
image: redis:4.0.11-alpine

Use env_file to pass environment variables:

version: "3"
services:
app:
build:
context: .
args:
- IMAGE_VERSION=3.7.0-alpine3.8
image: takacsmark/flask-redis:1.0
env_file: .env.txt
ports:
- 80:5000
networks:
- mynet
redis:
image: redis:4.0.11-alpine
networks:
- mynet
volumes:
- mydata:/data
networks:
mynet:
volumes:
mydata:

.env file:
PYTHON_VERSION=3.7.0-alpine3.8
REDIS_VERSION=4.0.11-alpine
DOCKER_USER=admin

version: "3"
services:
app:
build:
context: .
args:
- IMAGE_VERSION=${PYTHON_VERSION}
image: ${DOCKER_USER}/flask-redis:1.0
env_file: .env.txt
ports:
- 80:5000
networks:
- mynet
redis:
image: redis:${REDIS_VERSION}
networks:
- mynet
volumes:
- mydata:/data
networks:
mynet:
volumes:
mydata:

docker-compose config - Shows final docker-compose file after replacing varibles

from .env file
docker-compose -f docker-compose.yml down
docker-compose -f docker-compose-01.yml ps
docker-compose -f docker-compose-01.yml top
docker-compose -f docker-compose.yml build --no-cache
docker-compose build elasticsearch
docker-compose -f docker-compose.yml build --no-cache config-service
docker-compose up -d
docker-compose up -d --build
docker-compose --env-file <env-file> -f <compose-file> up -d
docker-compose down
docker-compose -f docker-compose.yml down

-------------------------
Advanced Docker Commands
-------------------------
Tar and untar a image:
docker save image_name:tag > file_name.tar
docker load < file_name.tar

Copy files to/from a running container

docker cp source_path containerid:destination_path

--------------
docker-swarm
--------------
https://docs.docker.com/engine/swarm/
https://docs.docker.com/engine/swarm/swarm-tutorial/
https://docs.docker.com/engine/swarm/swarm-tutorial/#open-protocols-and-ports-
between-the-hosts
https://github.com/jpetazzo/container.training/blob/main/slides/swarm/
healthchecks.md
https://hub.docker.com/r/dockersamples/visualizer
https://docs.docker.com/engine/swarm/raft/
https://docs.docker.com/engine/swarm/services/#placement-constraints
https://thenewstack.io/methods-dealing-container-storage/
https://theworkaround.com/2019/05/15/docker-swarm-persistent-storage.html

TCP port 2377 for cluster management communications

TCP and UDP port 7946 for communication among nodes
UDP port 4789 for overlay network traffic

yum update && yum install docker -y && systemctl enable --now docker

#! /bin/bash
sudo yum update -y
sudo yum install docker
sudo usermod -aG docker ec2-user
sudo systemctl enable --now docker

docker service create \

--name=viz \
--publish=8080:8080/tcp \
--constraint=node.role==manager \
--mount=type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
dockersamples/visualizer

docker pull kunchalavikram/flask-simpledetails

docker service create \

--name demo \
-p 80:5000 \
--replicas 5 \
kunchalavikram/flask-simpledetails:v1

docker swarm init --advertise-addr MANAGER_IP

docker swarm join-token manager
docker node ls
docker service create --replicas 5 -p 80:80 --name <service_name> <image_name>
docker service create --replicas 5 -p 80:80 --name web nginx

docker service ls
docker service ps <service-name>
docker node ps
docker node ps <node-name>
docker node inspect self or master1 or worker1

docker service scale <service_name>=8

docker service rm <service_name>
docker service update --force <service_name>
docker service update --image nginx:1.14.0 --replicas 15 <service_name>
docker service update --image kunchalavikram/flask-simpledetails:v2 --replicas 10
demo
docker service update --image <new_image> --update-parallelism 2 --update-delay 10s
<service_name>
docker service update --rollback <service_name>

docker node update --availability drain <node-id>

docker node update --availability active <node-id>

docker node promote - Promote one or more nodes to manager in the swarm
docker node demote - Demote one or more nodes from manager in the swarm

docker swarm leave

-----------------
overlay networks
-----------------
docker network create -d overlay my_overlay
docker network create --subnet 10.1.0.0/24 --gateway 10.1.0.1 -d overlay mynet ->
Create an overlay network and specify a subnet
docker service create --name psql --network my_overlay -e POSTGRES_PASSWORD=pass
postgres
docker service create --name drupal --network my_overlay -p 80:80 drupal

--------------------
docker stack deploy
--------------------
docker stack deploy -c <docker-compose.yml> <stack-name>
docker stack ls
docker stack ps <stack-name>
docker service ls
docker stack rm <stack-name>

version: '3.3'
services:
wordpress:
image: wordpress
depends_on:
- mysql
ports:
- 80:80
deploy:
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
environment:
WORDPRESS_DB_HOST: mysql
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
- wordpress-data:/var/www/html
networks:
- my_net
mysql:
image: mariadb
deploy:
replicas: 1
restart_policy:
 condition: on-failure
placement:
constraints:
- node.role == worker
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
volumes:
- mysql-data:/var/lib/mysql
networks:
- my_net
networks:
my_net:

volumes:
mysql-data:
wordpress-data:

---------------------
Best vs Bad practices for Dockerfile
---------------------

RUN apt-get update -y && \

apt-get autoremove -y && \
apt-get install --no-install-recommends lsb-release && \
tar -xvf archive.tar.gz &&\
rm -rf /var/lib/apt/lists/* && \
rm -rf archive.tar.gz

RUN apt-get update

RUN apt-get autoremove -y
RUN apt-get install lsb-release
RUN tar -xvf archive.tar.gz

---------------------
Sample HTML Page
---------------------

Example HTML for nginx: /usr/share/nginx/html

<!DOCTYPE html>
<html>
<head>
<title>Welcome to custom nginx!</title>
</head>
<body>
<h1>Welcome to custom nginx!</h1>
<p> Hello World!!!</p>
</body>
</html>

---

<html>
<img
src="https://upload.wikimedia.org/wikipedia/commons/4/45/A_small_cup_of_coffee.JPG"
alt="A Cup Coffee">
</html>

---

<!DOCTYPE html>
<html>
<head>
<title>Hello World</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Hello World</h1>
<p>Nice to meet you!</p>
<p><em>Thanks for stopping by...</em></p>
</body>
</html>

------------------------------------
Docker task:
https://github.com/dubareddy/docker_k8s_task

1. change docker root directory from default “/var/lib/docker” to any other

location

Some time, we need to change the docker root directory if we are running out of
disk space.
data present by default under /var/lib/docker can be changed to the path since the
disk is full (new path: /backup/docker)
Take backup of the current directory using tar -zcvf docker-backup-$(date +
%s).tar.gz /var/lib/docker
systemctl stop docker
Create a directory "/backup" to set a new path: mkdir /backup
rsync -avzh /var/lib/docker /backup
lets update systemd with new location

vi /lib/systemd/system/docker-service

under [Service], do not remove any options on that line just add below option

ExecStart= ***** -g /backup/docker *******

save and exit
or
Above changes will effect for linux systems, if you want to apply new location
changes for platform independent systems

open/create file "/etc/docker/daemon.json" and add below line

{
"data-root": "/backup-docker",
...
 ...
}

save and exit. Now restart docker service, no need to reload systemd service.

systemctl daemon-reload
systemctl start docker

2. Configure docker0 bridge interface subnet with different CIDR like

“172.30.20.0/24”.

Change the default docker0 bridge to any other bridge network for containers
created.
Connect Docker host (daemon) from remote server (docker client).
Investigate on --link option.
Build your own custom image for nginx with below options covered in your
Dockerfile: FROM RUN MAINTAINER COPY ADD ENTRYPOINT CMD ARG ENV HEALTHCHECK EXPOSE
VOLUME
Intigrate NFS storage to backend volume mount in Docker
Use disk (Example: /dev/sdb) as backend storage for volume mount.
Deploy local-registry with TLS (443) certs.
Deploy web application (Wordpress) and DB (MariaDB). We need to create a simple web
site with the wordpress from browser and verify that details are stored in
wordpress DB.
Deploy Jenkins CICD with custom parameters mentioned below: Jenkins should have
docker and kubernetes plugin installed as a prerequesit.(Should not be done through
jenkins dashboard) --> Dockerfile Setup jenkins with skipWizard and we should login
with our username and password defined in Dockerfile. So that I can login to
dashboard directly when I access URL.

----------------------------
Setup Java & Maven
----------------------------
Java-8:

sudo yum list | grep openjdk

sudo yum install -y java-1.8.0-openjdk
sudo yum install -y java-1.8.0-openjdk-devel.x86_64

Java-11:

sudo amazon-linux-extras install epel

sudo amazon-linux-extras install java-openjdk11 -y
sudo yum install epel-release java-11-openjdk-devel -y(ignore)

sudo alternatives --config java

sudo /usr/sbin/alternatives --set java /usr/lib/jvm/jre-1.8.0-openjdk/bin/java

Maven:

cd /opt
sudo curl -O https://dlcdn.apache.org/maven/maven-3/3.8.4/binaries/apache-maven-
3.8.4-bin.tar.gz
sudo tar -xvzf apache-maven-3.8.4-bin.tar.gz
echo "export M2_HOME="/opt/apache-maven-3.8.4"" >> ~/.bashrc
echo "export PATH="$PATH:/opt/apache-maven-3.8.4/bin"" >> ~/.bashrc
source ~/.bashrc

mvn -version