From 5ba581eb03e10d3420ebbb73c321832905ccf287 Mon Sep 17 00:00:00 2001 From: JMARyA Date: Tue, 12 Dec 2023 17:47:06 +0100 Subject: [PATCH] refactor --- technology/applications/web/traefik.md | 2 +- technology/tools/Docker Compose.md | 12 +- technology/tools/Docker Swarm.md | 6 + technology/tools/Docker.md | 238 +++++++++++++++---------- technology/tools/Dockerfile.md | 158 ++++++++++++++++ 5 files changed, 316 insertions(+), 100 deletions(-) create mode 100644 technology/tools/Docker Swarm.md create mode 100644 technology/tools/Dockerfile.md diff --git a/technology/applications/web/traefik.md b/technology/applications/web/traefik.md index 6871e6b..f20bbbd 100644 --- a/technology/applications/web/traefik.md +++ b/technology/applications/web/traefik.md @@ -116,7 +116,7 @@ Each request must eventually be handled by a service, which is why each router d In general, a service assigned to a router should have been defined, but there are exceptions for label-based providers. -### TLS +#### TLS When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore [HTTP](../../internet/HTTP.md) (non TLS) requests). Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services). ```yaml diff --git a/technology/tools/Docker Compose.md b/technology/tools/Docker Compose.md index 2c6f42a..effd1f3 100644 --- a/technology/tools/Docker Compose.md +++ b/technology/tools/Docker Compose.md @@ -7,6 +7,8 @@ repo: https://github.com/docker/compose # Docker Compose Compose is a tool for defining and running multi-container [Docker](Docker.md) applications. With Compose, you use a [YAML](../files/YAML.md) file to configure your application's services. Then, with a single command, you create and start all the services from your configuration. +#todo -> add docker-compose cli usage + ## Docker Compose file The Compose file is a [YAML](../files/YAML.md) file defining: - Version (Optional) @@ -26,7 +28,7 @@ services: build: ./dir `````` -Or, as an object with the path specified under context and optionally Dockerfile and args: +Or, as an object with the path specified under context and optionally [Dockerfile](Dockerfile.md) and args: ```yaml version: "3.8" services: @@ -44,7 +46,7 @@ Override the default command. command: bundle exec thin -p 3000 ``` -The command can also be a list, in a manner similar to dockerfile: +The command can also be a list, in a manner similar to [dockerfile](Dockerfile.md): ```yaml command: ["bundle", "exec", "thin", "-p", "3000"] ``` @@ -76,7 +78,7 @@ devices: ### `entrypoint` `entrypoint` declares the default entrypoint for the service container. This overrides the ENTRYPOINT instruction from the service's Dockerfile. -If entrypoint is non-null, Compose ignores any default command from the image, for example the CMD instruction in the Dockerfile. +If entrypoint is non-null, Compose ignores any default command from the image, for example the CMD instruction in the [Dockerfile](Dockerfile.md). In its short form, the value can be defined as a string: ```yaml @@ -120,9 +122,9 @@ environment: When both env_file and environment are set for a service, values set by environment have precedence. ### `healthcheck` -`healthcheck` declares a check that's run to determine whether or not the service containers are "healthy". It works in the same way, and has the same default values, as the HEALTHCHECK Dockerfile instruction +`healthcheck` declares a check that's run to determine whether or not the service containers are "healthy". It works in the same way, and has the same default values, as the HEALTHCHECK [Dockerfile](Dockerfile.md) instruction -set by the service's [Docker](Docker.md) image. Your Compose file can override the values set in the Dockerfile. +set by the service's [Docker](Docker.md) image. Your Compose file can override the values set in the [Dockerfile](Dockerfile.md). ```yaml healthcheck: diff --git a/technology/tools/Docker Swarm.md b/technology/tools/Docker Swarm.md new file mode 100644 index 0000000..21af0e4 --- /dev/null +++ b/technology/tools/Docker Swarm.md @@ -0,0 +1,6 @@ +--- +obj: concept +--- + +# Docker Swarm +#wip \ No newline at end of file diff --git a/technology/tools/Docker.md b/technology/tools/Docker.md index d6fa69d..819a9f1 100644 --- a/technology/tools/Docker.md +++ b/technology/tools/Docker.md @@ -1,105 +1,155 @@ --- -website: https://www.docker.com/ +website: https://www.docker.com obj: application --- -#refactor ---- -Notes: -- Docker (CLI) -- Dockerfile -- Docker Swarm ---- - # Docker -[Docker](https://www.docker.com/) is a utility to pack, ship and run any application as a lightweight container. Another container engine is [Podman](Podman.md) +[Docker](https://www.docker.com) is a utility to pack, ship and run any application as a lightweight container. Another container engine is [Podman](Podman.md) + +## Usage +#### Running containers +Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes docker run, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host. +``` +docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] +``` + +##### Options +| Option | Description | +| ------------------- | ------------------------------------------------ | +| `-d, --detach` | Run container in background | +| `-i, --interactive` | Attach stdin, stdout, stderr | +| `-t, --tty` | Allocate a pseudo-TTY | +| `--rm` | Automatically remove the container when it exits | +| `-p port` | Expose a port from container | +| `-v src:target` | Bind a volume to the container | + +### `docker attach` +Use docker attach to attach your terminal's standard input, output, and error (or any combination of the three) to a running container using the container's ID or name. This allows you to view its ongoing output or to control it interactively, as though the commands were running directly in your terminal. + +```shell +docker attach [--no-stdin] container +``` + +### `docker cp` +The docker cp utility copies the contents of SRC_PATH to the DEST_PATH. You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If - is specified for either the SRC_PATH or DEST_PATH, you can also stream a [tar](../applications/cli/tar.md) archive from STDIN or to STDOUT. The CONTAINER can be a running or stopped container. The SRC_PATH or DEST_PATH can be a file or directory. + +```shell +docker cp ./some_file CONTAINER:/work +docker cp CONTAINER:/var/logs/ /tmp/app_logs +docker cp CONTAINER:/var/logs/app.log - | tar x -O | grep "ERROR" +``` + +### `docker exec` +The docker exec command runs a new command in a running container. + +```shell +docker exec [OPTIONS] CONTAINER COMMAND [ARG...] +docker exec -it mycontainer sh +``` + +#### Options +| Option | Description | +| --------------------- | -------------------------------------------- | +| `-d, --detach` | Detached mode: run command in the background | +| `-e, --env KEY=VALUE` | Set [environment variables](../linux/Environment%20Variables.md) | +| `--env-file file` | Read in a file of [environment variables](../linux/Environment%20Variables.md) | +| `-i, --interactive` | Keep STDIN open even if not attached | +| `-t, --tty` | Allocate a pseudo-TTY | +| `-u, --user uid:guid` | Username or UID | +| `-w, --workdir` | Working directory inside the container | + +### `docker kill` +The docker kill subcommand kills one or more containers. The main process inside the container is sent SIGKILL signal (default), or the signal that is specified with the --signal option. You can reference a container by its ID, ID-prefix, or name. + +```shell +docker kill [-s, --signal SIGNAL] CONTAINER [CONTAINER...] +``` + +### `docker logs` +The docker logs command batch-retrieves logs present at the time of execution. + +```shell +docker logs [OPTIONS] CONTAINER +``` + +#### Options +| Option | Description | +| ---------------- | ---------------------------------------------------------------------------------------------- | +| `-f, --follow` | Follow log output | +| `--since ts` | Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes) | +| `-n, --tail num` | Number of lines to show from the end of the logs | +| `--until` | Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes) | + +### `docker ps` +This command shows running containers. + +```shell +docker ps +``` + +### Container Managment +You can use these commands to manage containers: + +```shell +docker restart container +docker rm container +docker start container +docker stop container +``` + +### Building images +The docker build command builds Docker images from a [Dockerfile](Dockerfile.md) and a "context". A build's context is the set of files located in the specified PATH or URL. +```shell +docker build . + +# Tag the image +docker build -t me/myimage:latest . + +# Custom Dockerfile +docker build -f custom/Dockerfile . +``` + +### Working with Images +```shell +# List images +docker images + +# Remove image +docker rmi image + +# Tag image +docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] +``` + +### Load/Save images +You can save and load container images to/from [tar](../applications/cli/tar.md) archives. +```shell +# Save +docker save [-o, --output outfile] image + +# Load +docker load [-i, --input infile] +``` + +### Sign into container registry +You can authenticate yourself with any container registry. +```shell +docker login [-u, --username username] [--password pw] http://localhost:8080 +docker logout http://localhost:8080 +``` + +### Push and Pull Images +You can push and pull container images to and from a registry. +```shell +docker pull [OPTIONS] NAME[:TAG|@DIGEST] +docker push [OPTIONS] NAME[:TAG] +``` ## Dockerfile -Every container can be build from a `Dockerfile`. - -### Example -A sample `Dockerfile`: -```dockerfile -FROM node:12-alpine -RUN apk add --no-cache python2 g++ make -WORKDIR /app -COPY . . -RUN yarn install --production -CMD ["node", "src/index.js"] -EXPOSE 3000 -``` - -`FROM` defines the base image the container builds upon. -`RUN` runs a specific command. -`WORKDIR` changes working directory. -`COPY` copies files into the container image. -`CMD` is run when the container starts. -`EXPOSE` exposes a port to the network. -`ENV` sets environment variables -`ENTRYPOINT` specifies the executable that will run when the container starts -`ARG` defines build-time variables that can be passed to the `docker build` command with the `--build-arg` flag - -To build a `Dockerfile`: -```shell -docker build -t getting-started . -``` +A `Dockerfile` is used for building container images. See [Dockerfile](Dockerfile.md). ## Docker Compose -[Docker Compose](https://docs.docker.com/compose/) is an alternate CLI frontend for the Docker Engine, which specifies properties of containers using a `docker-compose.yml` YAML file rather than, for example, a script with `docker run` options. This is useful for setting up reoccuring services that are use often and/or have complex configurations. - -### Example -```yaml -version: "3.7" - -services: - app: - build: ./app - ports: - - 3000:3000 - volumes: - - ./:/app - environment: - MYSQL_HOST: mysql - MYSQL_USER: root - MYSQL_PASSWORD: secret - MYSQL_DB: todos - - mysql: - image: mysql:5.7 - volumes: - - todo-mysql-data:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: secret - MYSQL_DATABASE: todos -``` - -Every container is defined within the `services`. -Ports Forwards and Volumes are defined in their respective `ports` and `volumes`. -Everything inside `environment` is passed as a environment variable. -Containers can use a prebuild image (`image: image:tag`) or build one from scratch (`build: ./dir`) - -### Usage -```shell -docker-compose -f docker-compose.yml up # Start services -docker-compose -f docker-compose.yml down # Stop services -docker-compose -f docker-compose.yml build # Rebuild services -docker-compose -f docker-compose.yml pull # Pull images -``` +Docker Compose helps you manage multiple containers which work together. It can spin up a whole fleet of containers in one go. See [Docker Compose](Docker%20Compose.md). ## Docker Swarm -Current versions of Docker include _swarm mode_ for natively managing a cluster of Docker Engines called a _swarm_. Use the Docker CLI to create a swarm, deploy application services to a swarm, and manage swarm behavior. - -### Usage -```shell -# Create a swarm -docker swarm init --advertise-addr - -# Get a join command on manager -docker swarm join-token worker - -# Join a swarm -docker swarm join --token :2377 - -# View node info -docker node ls -``` \ No newline at end of file +Docker Swarm lets you group multiple hosts into a cluster for distributed container workloads. See [Docker Swarm](Docker%20Swarm.md). \ No newline at end of file diff --git a/technology/tools/Dockerfile.md b/technology/tools/Dockerfile.md new file mode 100644 index 0000000..b15ec00 --- /dev/null +++ b/technology/tools/Dockerfile.md @@ -0,0 +1,158 @@ +--- +obj: concept +source: https://docs.docker.com/engine/reference/builder +--- + +# Dockerfile +A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. It is used to build container images. + +## Format +```dockerfile +# Comment +INSTRUCTION arguments +``` + +You can use environment variable expansion: +```dockerfile +FROM busybox +ENV FOO=/bar +WORKDIR ${FOO} # WORKDIR /bar +ADD . $FOO # ADD . /bar +COPY \$FOO /quux # COPY $FOO /quux +``` + +If you have a `.dockerignore` file, you can exclude certain files from the build context. The file is formatted like a `.gitignore`. + +## Instructions +### `FROM` +The `FROM` instruction initializes a new build stage and sets the Base Image for subsequent instructions. As such, a valid Dockerfile must start with a `FROM` instruction. +```dockerfile +FROM [--platform=] [:] [AS ] +``` + +You can also start from nothing: +``` +FROM SCRATCH +``` + +### `RUN` +The `RUN` instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be used for the next step in the Dockerfile. +The `RUN` command has two forms: +- Shell form (the command is run in a shell): `RUN ` +- Exec form: `RUN ["executable", "param1", "param2"]` + +`RUN --mount` allows you to create filesystem mounts that the build can access. +```dockerfile +# Bind Mount +RUN --mount=type=bind,source=/path,target=/path CMD + +# TmpFs +RUN --mount=type=tmpfs,target=path,size=20G CMD +``` + +### `CMD` +The main purpose of a `CMD` is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an `ENTRYPOINT` instruction as well. +There can only be one `CMD` instruction in a Dockerfile. If you list more than one `CMD` then only the last `CMD` will take effect. +The `CMD` instruction has three forms: +- Exec form (preferred): `CMD ["executable","param1","param2"]` +- As default parameters to `ENTRYPOINT`: `CMD ["param1","param2"]` +- Shell form: `CMD command param1 param2` + +### `LABEL` +The `LABEL` instruction adds metadata to an image. A `LABEL` is a key-value pair. To include spaces within a `LABEL` value, use quotes and backslashes as you would in command-line parsing. +```dockerfile +LABEL "com.example.vendor"="ACME Incorporated" +LABEL com.example.label-with-value="foo" +LABEL version="1.0" +LABEL description="This text illustrates \ +that label-values can span multiple lines." +``` + +### `EXPOSE` +The `EXPOSE` instruction informs [Docker](Docker.md) that the container listens on the specified network ports at runtime. You can specify whether the port listens on [TCP](../internet/TCP.md) or [UDP](../internet/UDP.md), and the default is [TCP](../internet/TCP.md) if the protocol is not specified. +The `EXPOSE` instruction does not actually publish the port. It functions as a type of documentation between the person who builds the image and the person who runs the container, about which ports are intended to be published. +```dockerfile +EXPOSE [/...] +``` + +### `ENV` +The `ENV` instruction sets the environment variable `` to the value ``. +```dockerfile +ENV = ... +ENV MY_NAME="John Doe" +ENV MY_DOG=Rex\ The\ Dog +ENV MY_CAT=fluffy +``` + +### `ADD` +The `ADD` instruction copies new files, directories or remote file URLs from `` and adds them to the filesystem of the image at the path ``. +```dockerfile +ADD [--chown=:] [--chmod=] [--checksum=] ... +ADD [--chown=:] [--chmod=] ["",... ""] + +# Checksums and remote files +ADD --checksum=sha256:24454f830cdb571e2c4ad15481119c43b3cafd48dd869a9b2945d1036d1dc68d https://mirrors.edge.kernel.org/pub/linux/kernel/Historic/linux-0.01.tar.gz / + +# Add a git repository +ADD --keep-git-dir=true https://github.com/moby/buildkit.git#v0.10.1 /buildkit +``` + +### `COPY` +The `COPY` instruction copies new files or directories from `` and adds them to the filesystem of the container at the path ``. +```dockerfile +COPY [--chown=:] [--chmod=] ... +COPY [--chown=:] [--chmod=] ["",... ""] +``` + +You can also copy between multistaged builds: +```dockerfile +FROM alpine as builder +RUN touch /test.txt +FROM ubuntu +COPY --from=builder /test.txt / +``` + +### `ENTRYPOINT` +An `ENTRYPOINT` allows you to configure a container that will run as an executable. +Command line arguments to docker run `` will be appended after all elements in an exec form `ENTRYPOINT`, and will override all elements specified using `CMD`. +```dockerfile +ENTRYPOINT ["executable", "param1", "param2"] +``` + +### `VOLUME` +The `VOLUME` instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers. +```dockerfile +VOLUME ["/data"] +``` + +### `USER` +The `USER` instruction sets the user name (or UID) and optionally the user group (or GID) to use as the default user and group for the remainder of the current stage. The specified user is used for `RUN` instructions and at runtime, runs the relevant `ENTRYPOINT` and `CMD` commands. +```dockerfile +USER [:] +USER [:] +``` + +### `WORKDIR` +The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`, `ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the Dockerfile. If the `WORKDIR` doesn't exist, it will be created even if it's not used in any subsequent Dockerfile instruction. +```dockerfile +WORKDIR /path/to/workdir +``` + +### `HEALTHCHECK` +The `HEALTHCHECK` instruction tells [Docker](Docker.md) how to test a container to check that it is still working. This can detect cases such as a web server that is stuck in an infinite loop and unable to handle new connections, even though the server process is still running. +When a container has a healthcheck specified, it has a health status in addition to its normal status. This status is initially starting. Whenever a health check passes, it becomes healthy (whatever state it was previously in). After a certain number of consecutive failures, it becomes unhealthy. +```dockerfile +HEALTHCHECK [OPTIONS] CMD command +``` + +The options that can appear before CMD are: +- `--interval=DURATION` (default: 30s) +- `--timeout=DURATION` (default: 30s) +- `--start-period=DURATION` (default: 0s) +- `--start-interval=DURATION` (default: 5s) +- `--retries=N` (default: 3) + +```dockerfile +HEALTHCHECK --interval=5m --timeout=3s \ + CMD curl -f http://localhost/ || exit 1 +```