├── README.md
├── docker-overlay.png
├── images
    ├── README.md
    └── vm.svg
├── image.md
├── linux.md
├── subcommands.md
├── documentation.md
├── commit.md
├── network.md
├── history.md
├── registry.md
├── volume.md
├── install.md
├── entrypoint.md
├── orchestration.md
├── docker-compose.yaml
├── mirantis.md
├── networking.md
├── docker.md
├── swarm.md
├── caltech
    ├── 2022-06-11.md
    ├── 2022-05-28.md
    ├── 2022-06-05.md
    ├── 2022-05-29.md
    ├── 2022-06-12.md
    └── 2022-06-04.md
├── docker-stack.md
├── caltech_2022-11
    ├── 2022-11-05.md
    └── 2022-11-06.md
├── 2022-05-01.md
├── caltech_2022-09
    ├── 2022-09-17.md
    ├── 2022-09-18.md
    ├── 2022-09-24.md
    ├── 2022-09-25.md
    ├── 2022-10-01.md
    └── 2022-10-02.md
├── caltech_2022-08
    ├── 2022-08-06.md
    ├── 2022-08-13.md
    ├── 2022-08-14.md
    ├── 2022-08-20.md
    ├── 2022-08-21.md
    └── 2022-08-07.md
├── 2022-05-07.md
├── 2022-04-30.md
├── swarm-example.md
├── 2022-04-24.md
├── 2022-04-23.md
├── caltech_2022-10
    ├── 2022-10-30.md
    ├── 2022-10-29.md
    ├── 2022-10-08.md
    ├── 2022-10-16.md
    ├── 2022-10-15.md
    └── 2022-10-09.md
├── docker-example.md
├── 2022-05-08.md
└── networking2.md


/README.md:
--------------------------------------------------------------------------------
1 | # dca


--------------------------------------------------------------------------------
/docker-overlay.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sebastian-colomar/dca/HEAD/docker-overlay.png


--------------------------------------------------------------------------------
/images/README.md:
--------------------------------------------------------------------------------
1 | In this folder you will find several pictures to help comprehend the subject.
2 | 


--------------------------------------------------------------------------------
/image.md:
--------------------------------------------------------------------------------
1 | ```
2 | sudo docker container run -d --name web --rm nginx:alpine
3 | sudo docker image history nginx:alpine
4 | sudo docker container export web -o nginx.tar
5 | sudo docker image import nginx.tar nginx:flat
6 | sudo docker image history nginx:flat
7 | ```
8 | 


--------------------------------------------------------------------------------
/linux.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | ss --listening --numeric --tcp
 3 | sudo ss --listening --numeric --tcp --processes
 4 | 
 5 | sudo apt install --yes nginx
 6 | sudo ss --listening --numeric --processes | grep :80\ 
 7 | 
 8 | sudo apt purge nginx --yes
 9 | sudo apt autoremove --yes
10 | 


--------------------------------------------------------------------------------
/subcommands.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker container --help
 3 | docker image --help
 4 | docker volume --help
 5 | docker network --help
 6 | ```
 7 | ```
 8 | docker swarm --help
 9 | docker node --help
10 | docker stack --help
11 | docker service --help
12 | ```
13 | ```
14 | kubectl ...
15 | ```
16 | 


--------------------------------------------------------------------------------
/documentation.md:
--------------------------------------------------------------------------------
1 | https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/resource_management_guide/index
2 | 
3 | https://docs.docker.com/
4 | 
5 | https://kubernetes.io/docs/home/
6 | 
7 | https://blog.usejournal.com/how-to-enable-docker-remote-api-on-docker-host-7b73bd3278c6
8 | 


--------------------------------------------------------------------------------
/commit.md:
--------------------------------------------------------------------------------
1 | ```
2 | docker container run --detach --entrypoint /bin/sh --name test --rm --tty library/alpine:latest
3 | docker container exec test /usr/binwhich php
4 | docker container exec test /sbin/apk add php
5 | docker container exec test /usr/bin/which php
6 | docker container commit test alpine:php
7 | ```
8 | 


--------------------------------------------------------------------------------
/network.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker network ls
 3 | docker network create sebastian
 4 | docker network inspect sebastian
 5 | docker network prune --force 
 6 | ```
 7 | ```
 8 | docker container run -d --name web --network host nginx:alpine
 9 | docker container exec web ip route
10 | ip route
11 | docker container exec web netstat -lnt
12 | netstat -lnt
13 | docker container exec web curl localhost
14 | curl localhost
15 | ```
16 | 


--------------------------------------------------------------------------------
/history.md:
--------------------------------------------------------------------------------
 1 | 2002 - LINUX NAMESPACES -> PARTITION KERNEL RESOURCES
 2 | 
 3 | 2007 - CONTROL GROUPS -> CONTAINERIZE KERNEL RESOURCES
 4 | 
 5 | 2008 - LXC -> MANAGE LINUX CONTAINERS
 6 | 
 7 | 2013 - DOCKER -> MANAGE LINUX CONTAINERS
 8 | 
 9 | 2014 - KUBERNETES -> ORCHESTRATE LINUX CONTAINERS
10 | 
11 | 2016 - SWARM -> ORCHESTRATE CONTAINERS
12 | 
13 | 2017 - CONTAINERD -> MANAGE LINUX CONTAINERS
14 | 
15 | 2020 - CRI-O -> MANAGE LINUX CONTAINERS
16 | 


--------------------------------------------------------------------------------
/registry.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker run --detach --name registry --publish 5000:5000 --restart always --volume registry:/var/lib/registry:rw docker.io/library/registry:2
 3 | docker pull docker.io/library/busybox:latest
 4 | docker tag docker.io/library/busybox:latest localhost:5000/my_library/my_busybox:1.0
 5 | docker push localhost:5000/my_library/my_busybox:1.0
 6 | docker pull localhost:5000/my_library/my_busybox:1.0
 7 | docker volume inspect registry
 8 | sudo find /var/lib/docker/volumes/registry/_data/
 9 | ```
10 | 


--------------------------------------------------------------------------------
/volume.md:
--------------------------------------------------------------------------------
 1 | ```bash
 2 | sudo docker volume create sebastian
 3 | sudo ls /var/lib/docker/volumes/sebastian/_data -l
 4 | sudo docker container run --rm --name test -d -v sebastian:/opt alpine ping localhost 
 5 | sudo docker container exec test ls /opt -l
 6 | sudo docker container exec test touch /opt/sebastian
 7 | sudo docker container exec test ls /opt -l
 8 | sudo docker volume inspect test
 9 | sudo ls /var/lib/docker/volumes/sebastian/_data -l
10 | ```
11 | ```
12 | mkdir example
13 | sudo docker container run --rm --name test2 -d -v $PWD/example:/opt alpine ping localhost 
14 | sudo docker container exec test2 ls -l /opt
15 | ls example -l
16 | sudo docker container exec test2 touch /opt/helloworld
17 | sudo docker container exec test2 ls -l /opt
18 | ls example -l
19 | ```
20 | 


--------------------------------------------------------------------------------
/install.md:
--------------------------------------------------------------------------------
 1 | ```
 2 |  sudo apt-get remove docker docker-engine docker.io containerd runc
 3 |  sudo apt-get update
 4 |  sudo apt-get install \
 5 |     apt-transport-https \
 6 |     ca-certificates \
 7 |     curl \
 8 |     gnupg \
 9 |     lsb-release
10 |  curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
11 |  echo \
12 |   "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
13 |   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
14 |  sudo apt-get update
15 |  sudo apt-get install docker-ce docker-ce-cli containerd.io
16 | 
17 |  sudo groupadd docker
18 |  sudo usermod -aG docker $USER
19 |  newgrp docker 
20 | 
21 |  docker run hello-world
22 | 


--------------------------------------------------------------------------------
/entrypoint.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker container run --entrypoint ENTRYPOINT_BINARY_EXECUTABLE --rm IMAGE_FILESYSTEM:RELEASE ARGUMENTS_FOR_THE_ENTRYPOINT
 3 | ```
 4 | ```
 5 | docker container run --entrypoint echo --rm alpine:latest "HELLO WORLD"
 6 | docker container run --entrypoint /bin/echo --rm alpine:latest "HELLO WORLD"
 7 | docker container run --entrypoint /sbin/ip --rm alpine:latest route
 8 | docker container run --entrypoint /bin/ls --rm alpine:latest /bin
 9 | docker container run --entrypoint /usr/bin/which --rm alpine:latest netstat
10 | docker container run --entrypoint /bin/netstat --rm alpine:latest --help
11 | ```
12 | ```
13 | cat /proc/1/cgroups
14 | docker container run --detach --entrypoint /bin/ping --name pinger --rm alpine:latest localhost
15 | docker container logs pinger
16 | docker container ls
17 | docker container top pinger
18 | cat /proc/27226/cgroup
19 | docker container stats pinger --no-stream
20 | docker container kill pinger
21 | docker container run --cpus 0.05 --detach --entrypoint /bin/ping --name pinger --rm alpine:latest localhost
22 | docker container kill pinger 
23 | docker container run --cpus 0.05 --detach --entrypoint /bin/ping --memory 10M --name pinger --rm alpine:latest localhost
24 | docker container stats pinger --no-stream
25 | ```
26 | ```
27 | docker container ls
28 | docker ps
29 | ```
30 | 


--------------------------------------------------------------------------------
/orchestration.md:
--------------------------------------------------------------------------------
 1 | # Introduction to Orchestration
 2 | Reasons to use orchestration: High availability
 3 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/ha-failover.svg
 4 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/high_availability.svg
 5 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/rob_cam.svg
 6 | 
 7 | There are two well known orchestrators:
 8 | * Swarm
 9 | * Kubernetes
10 | 
11 | # Docker Compose vs Docker Swarm vs Kubernetes
12 | 1. Docker Compose is a Python script that works as wrapper of Docker commands:
13 |     ```
14 |     which docker-compose
15 | 
16 |     file /usr/bin/docker-compose 
17 | 
18 |     head /usr/bin/docker-compose
19 |     ```
20 | 1. Docker Compose does not provide high availability because it is only available as a standalone host machine. If we need high availability then we need to use Docker Swarm or Kubernetes. Docker Swarm is a feature of the Docker engine that is enabled with the following commands:
21 | 
22 |     * https://labs.play-with-docker.com/
23 | 
24 |     ```
25 |     docker swarm init --advertise-addr $( hostname -i )
26 |     ```
27 | 1. Check the status of the cluster with the command:
28 | 
29 |     ```
30 |     docker node ls
31 |     ```
32 | 1. Architecture of managers and workers:
33 | 
34 |     * https://d33wubrfki0l68.cloudfront.net/2475489eaf20163ec0f54ddc1d92aa8d4c87c96b/e7c81/images/docs/components-of-kubernetes.svg
35 | 


--------------------------------------------------------------------------------
/docker-compose.yaml:
--------------------------------------------------------------------------------
 1 | # docker-compose.yaml
 2 | # THIS IS THE LIST OF DOCKER CONFIGS WE WANT TO APPLY
 3 | configs:
 4 |   # THIS IS THE DOCKER CONFIG WE CREATED IN A PREVIOUS STEP
 5 |   index.php:
 6 |     # THIS WILL INVOKE THE PREVIOUSLY CREATED DOCKER CONFIG
 7 |     external: true
 8 | # THIS IS THE LIST OF SERVICES WE WANT TO CREATE
 9 | services:
10 |   # THIS IS THE NAME OF THE SERVICE
11 |   phpinfo:
12 |     # THESE ARE THE ARGUMENTS OF THE ENTRYPOINT
13 |     command:
14 |       - -f
15 |       - index.php
16 |       - -S
17 |       - 0.0.0.0:8080
18 |     # EQUIVALENT TO: --config source=index.php,target=/app/index.php,mode=0400,uid=65534
19 |     configs:
20 |       - 
21 |         mode: 0400
22 |         source: index.php
23 |         target: /app/index.php
24 |         uid: '65534'
25 |     # EQUIVALENT TO: --mode replicated --replicas 2 --restart-condition any
26 |     deploy:
27 |       mode: replicated
28 |       replicas: 2
29 |       restart_policy:
30 |         condition: any
31 |     # EQUIVALENT TO: --entrypoint php
32 |     entrypoint: php
33 |     # THIS IS THE NAME OF THE DOCKER IMAGE
34 |     image: php
35 |     # EQUIVALENT TO: --publish 8080
36 |     ports:
37 |       - 8080
38 |     # EQUIVALENT TO: --read-only
39 |     read_only: true
40 |     # EQUIVALENT TO: --user nobody
41 |     user: nobody
42 |     # EQUIVALENT TO: --workdir /app/
43 |     working_dir: /app/
44 | # THIS IS THE DOCKER API VERSION THAT WE WANT TO USE FOR THIS DEPLOYMENT
45 | version: "3.8"
46 | 


--------------------------------------------------------------------------------
/mirantis.md:
--------------------------------------------------------------------------------
 1 | ## INSTALL MIRANTIS CONTAINER RUNTIME
 2 | https://docs.mirantis.com/mcr/20.10/install/mcr-linux/ubuntu.html
 3 | ```
 4 | sudo apt-get --yes remove docker docker-engine docker-ce docker-ce-cli docker.io
 5 | sudo apt-get --yes update
 6 | sudo apt-get --yes install apt-transport-https ca-certificates curl software-properties-common
 7 | DOCKER_EE_URL="http://repos.mirantis.com"
 8 | DOCKER_EE_VERSION=20.10
 9 | curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
10 | sudo apt-key fingerprint 6D085F96
11 | sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu $(lsb_release -cs) stable-$DOCKER_EE_VERSION"
12 | sudo apt-get --yes update
13 | sudo apt-get --yes install docker-ee docker-ee-cli containerd.io
14 | ```
15 | ## ADD DOCKER GROUP
16 | https://docs.docker.com/engine/install/linux-postinstall/
17 | ```
18 | sudo groupadd docker
19 | sudo usermod -aG docker $USER
20 | newgrp docker
21 | docker run hello-world
22 | ```
23 | ## INSTALL MIRANTIS KUBERNETES ENGINE
24 | https://docs.mirantis.com/mke/3.4/install/install-mke-image.html
25 | ```
26 | docker container run --rm --interactive --tty --name ucp --volume /var/run/docker.sock:/var/run/docker.sock mirantis/ucp:3.4.9 install --host-address $( ip route | grep dev.eth0.proto.kernel | awk '{ print $9 }' ) --interactive --force-minimums
27 | ```
28 | ## UNINSTALL MIRANTIS KUBERNETES ENGINE
29 | ```
30 | docker container run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp mirantis/ucp:3.4.9 uninstall-ucp --interactive
31 | ```
32 | 


--------------------------------------------------------------------------------
/networking.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker container run --detach --name c0 --network none --tty library/alpine:latest
 3 | 
 4 | docker network create net1
 5 | docker container run --detach --name c1 --network net1 --tty library/alpine:latest
 6 | 
 7 | docker network create net2
 8 | docker container run --detach --name c2 --network net2 --tty library/alpine:latest
 9 | ```
10 | ```
11 | docker container exec c0 ifconfig
12 | docker container exec c1 ifconfig
13 | docker container exec c2 ifconfig
14 | ```
15 | ```
16 | ip route
17 | 
18 | docker container exec c0 ip route
19 | docker container exec c1 ip route
20 | docker container exec c2 ip route
21 | ```
22 | ```
23 | docker container exec c0 ping -c1 localhost
24 | docker container exec c1 ping -c1 localhost
25 | docker container exec c2 ping -c1 localhost
26 | ```
27 | ```
28 | docker container exec c0 ping -c1 8.8.8.8
29 | docker container exec c1 ping -c1 8.8.8.8
30 | docker container exec c2 ping -c1 8.8.8.8
31 | ```
32 | ```
33 | docker container inspect c0 | grep IPAddress
34 | docker container inspect c1 | grep IPAddress
35 | docker container inspect c2 | grep IPAddress
36 | ```
37 | ```
38 | docker container exec c1 ping c2
39 | docker container exec c2 ping c1
40 | ```
41 | ```
42 | docker network connect net1 c2
43 | docker container inspect c2 | grep IPAddress
44 | docker network inspect net1
45 | 
46 | docker container exec c1 ping -c1 c2
47 | docker container exec c2 ping -c1 c1
48 | ```
49 | ```
50 | docker network disconnect net1 c2
51 | docker container inspect c2 | grep IPAddress
52 | docker network inspect net1
53 | 
54 | docker container exec c1 ping -c1 c2
55 | docker container exec c2 ping -c1 c1
56 | ```
57 | 
58 | 


--------------------------------------------------------------------------------
/docker.md:
--------------------------------------------------------------------------------
 1 |  ```bash
 2 |  1998  sudo docker run --name test -d alpine
 3 |  1999  sudo docker ps 
 4 |  2000  sudo docker ps -a
 5 |  2001  sudo ls /var/lib/docker/container
 6 |  2002  sudo ls /var/lib/docker/containers
 7 |  2003  sudo docker ps -a --no-trunc
 8 |  2004  sudo docker start f01ec86941fdd6384d948914cd3a2cefa8c2fdc87a5df575ef8e57835bfdcf7f
 9 |  2005  sudo docker ps
10 |  2006  sudo docker kill f01ec86941fdd6384d948914cd3a2cefa8c2fdc87a5df575ef8e57835bfdcf7f
11 |  2007  sudo docker ps
12 |  2008  sudo docker ps -a --no-trunc
13 |  2009  sudo docker run --name test -d -t alpine 
14 |  2010  sudo docker ps -a
15 |  2011  sudo docker rm test nginx 
16 |  2012  sudo docker run --name test -d -t alpine 
17 |  2013  sudo docker ps
18 |  2014  df -h
19 |  2015  df
20 |  2016  sudo docker ps
21 |  2017  sudo docker exec test echo HELLO WORLD
22 |  2018  sudo docker exec test date
23 |  2019  sudo docker exec test sleep 3
24 |  2020  sudo docker exec test bash
25 |  2021  sudo docker exec test find / 
26 |  2022  sudo docker exec test which bash
27 |  2023  which bash
28 |  2025  sudo docker exec test ls -l /bin/bash
29 |  2026  sudo docker exec test find / | grep bash
30 |  2027  sudo docker exec test find / | grep sh$
31 |  2028  sudo docker exec -i -t test sh 
32 |  2029  sudo docker exec test free
33 |  2030  sudo docker exec test df
34 |  2031  sudo docker exec test ss
35 |  2032  sudo docker exec test netstat
36 |  2033  sudo docker exec test netstat -ltn
37 |  2034  sudo docker exec test id
38 |  2035  sudo docker exec test curl
39 |  2036  sudo docker exec test apk add curl 
40 |  2037  sudo docker exec test curl www.google.com -I
41 |  2038  sudo docker exec test which tcpdump
42 |  2039  sudo docker exec test apk add tcpdump
43 |  2040  sudo docker exec test which tcpdump
44 | ```
45 | ```
46 | docker run --detach --name NAME_OF_CONTAINER --rm NAME_OF_IMAGE:RELEASE_NAME
47 | docker exec NAME_OF_CONTAINER COMMAND ARGUMENT_OF_COMMAND
48 | 


--------------------------------------------------------------------------------
/swarm.md:
--------------------------------------------------------------------------------
 1 | ```bash
 2 | sudo docker swarm init
 3 | sudo docker node ls
 4 | ```
 5 | ```
 6 | git clone https://github.com/academiaonline/dca-phpinfo
 7 | cd dca-phpinfo
 8 | sudo docker stack deploy -c etc/swarm/manifests/dca-phpinfo.yaml dca-phpinfo
 9 | ```
10 | ```
11 | sudo docker service ls
12 | sudo docker service logs dca-phpinfo_dca-phpinfo
13 | curl localhost -I
14 | ```
15 | ```
16 | sudo docker stack rm dca-phpinfo
17 | cd
18 | rm -rf dca-phpinfo
19 | git clone https://github.com/academiaonline/dca-phpinfo
20 | cd dca-phpinfo
21 | sudo docker stack deploy -c etc/swarm/manifests/dca-phpinfo.yaml dca-phpinfo
22 | sudo docker service ls
23 | sudo docker service logs dca-phpinfo_dca-phpinfo
24 | curl localhost -I
25 | ```
26 | ```
27 | sudo docker container --help
28 |   sudo docker container exec
29 |   sudo docker container kill
30 |   sudo docker container ls
31 |   sudo docker container port
32 |   sudo docker container prune
33 |   sudo docker container rm
34 |   sudo docker container run
35 | sudo docker image --help
36 |   sudo docker image build
37 |   sudo docker image prune
38 |   sudo docker image pull
39 |   sudo docker image push
40 | sudo docker volume --help
41 | sudo docker network --help
42 | ```
43 | ```
44 | sudo docker node --help
45 |   sudo docker node ls
46 | sudo docker service --help
47 |   sudo docker service create
48 |   sudo docker service ls
49 |   sudo docker service logs
50 |   sudo docker service ps
51 |   sudo docker service scale
52 | sudo docker stack --help
53 |   sudo docker stack deploy
54 |   sudo docker stack ls
55 |   sudo docker stack rm
56 | sudo docker swarm --help
57 |   sudo docker swarm init
58 |   sudo docker swarm join
59 |   sudo docker swarm leave
60 | ```
61 | ```
62 | sudo docker service create --name dca-phpinfo -p 8000:8080 academiaonline/dca-phpinfo:latest
63 | sudo docker service ls
64 | sudo docker service ps dca-phpinfo
65 | sudo docker service scale dca-phpinfo=3
66 | sudo docker service ps dca-phpinfo
67 | sudo docker service rm dca-phpinfo
68 | ```
69 | ```bash
70 | sudo iptables -S -t nat
71 | ```
72 | 


--------------------------------------------------------------------------------
/caltech/2022-06-11.md:
--------------------------------------------------------------------------------
 1 | # Install Mirantis Container Runtime: (Docker Engine)
 2 | 1. https://docs.mirantis.com/mcr/20.10/qs-ubuntu/install-ubuntu.html
 3 | 
 4 | ```
 5 | sudo apt-get --yes remove docker docker-engine docker-ce docker-ce-cli docker.io
 6 | sudo apt-get update
 7 | sudo apt-get --yes install apt-transport-https ca-certificates curl software-properties-common
 8 | DOCKER_EE_URL="https://repos.mirantis.com"
 9 | DOCKER_EE_VERSION=20.10
10 | curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
11 | sudo apt-key fingerprint 6D085F96
12 | sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu $(lsb_release -cs) stable-$DOCKER_EE_VERSION"
13 | sudo apt-get update
14 | sudo apt-get --yes install docker-ee docker-ee-cli containerd.io
15 | ```
16 | # Install Mirantis Kubernetes Engine: (Docker and Kubernetes Orchestrator)
17 | 1. https://docs.mirantis.com/mke/3.5/install/install-mke-image.html
18 | ```
19 | sudo docker run --interactive --name ucp --rm --tty --volume /var/run/docker.sock:/var/run/docker.sock mirantis/ucp:3.5.3 install --host-address $( hostname --ip-address ) --interactive --force-minimums
20 | ```
21 | # Uninstall Mirantis Kubernetes Engine:
22 | ```
23 | sudo docker container run --rm -it -v /var/run/docker.sock:/var/run/docker.sock --name ucp mirantis/ucp:3.5.3 uninstall-ucp --interactive
24 | ```
25 | # Install Mirantis Secure Registry: (Docker Trusted Registry)
26 | 1. https://docs.mirantis.com/msr/2.9/install/install-online.html
27 | ```
28 | sudo docker run -it --rm mirantis/dtr:2.9.7 install --ucp-insecure-tls --ucp-url $( hostname --ip-address ):443
29 | ```
30 | # Documentation:
31 | 1. https://docs.mirantis.com/mke/3.5/ops.html
32 | 2. https://docs.mirantis.com/msr/2.9/ops.html
33 | 
34 | # Security:
35 | ```
36 | sudo docker pull mysql:8.0.29
37 | sudo docker pull mysql@sha256:0c0beeac7ca1937d60f54e1fb0c4a5c0b0ffee2aae37488fbc9f5ea301425551
38 | sudo docker inspect tomcat:alpine | grep RepoDigests -A2
39 | sudo docker inspect calico/cni:v3.17.6 | grep RepoDigests -A2
40 | sudo docker run --read-only nginx
41 | sudo docker run --read-only --volume /var/cache/nginx/ --volume /var/run/ nginx
42 | sudo docker run --read-only --volume vol1:/var/cache/nginx/:rw --volume vol2:/var/run/:rw nginx
43 | sudo docker run --read-only --volume vol1:/var/cache/nginx/:ro --volume vol2:/var/run/:ro nginx
44 | ```
45 | 


--------------------------------------------------------------------------------
/docker-stack.md:
--------------------------------------------------------------------------------
 1 | # How to deploy a Docker stack using a Docker compose file
 2 | 
 3 | * https://docs.docker.com/compose/compose-file/compose-file-v3/
 4 | 
 5 | ```
 6 | tee ${PWD}/phpinfo/docker-compose.yaml 0<<EOF
 7 | 
 8 | # docker-compose.yaml
 9 | configs:
10 |   phpinfo-config:
11 |     external: false
12 |     file: index.php
13 | networks:
14 |   phpinfo-network:
15 |     external: false
16 |     internal: false
17 | secrets:
18 |   phpinfo-secret:
19 |     external: false
20 |     file: index.php
21 | services:
22 |   phpinfo-svc:
23 |     command:
24 |       - -f
25 |       - index.php
26 |       - -S
27 |       - 0.0.0.0:8080
28 |     configs:
29 |       - source: phpinfo-config
30 |         target: /var/data/index.php
31 |         uid: '65534'
32 |         gid: '65534'
33 |         mode: 0400
34 |     deploy:
35 |       replicas: 2
36 |       resources:
37 |         limits:
38 |           cpus: '0.2'
39 |           memory: 200M
40 |         reservations:
41 |           cpus: '0.2'
42 |           memory: 200M
43 |     entrypoint:
44 |       # docker exec phpinfo which php
45 |       - /usr/local/bin/php
46 |     image: index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b
47 |     networks:
48 |       - phpinfo-network
49 |     ports:
50 |       - 8080:8080
51 |     read_only: true
52 |     # docker exec phpinfo touch sebastian
53 |     secrets:
54 |       - source: phpinfo-secret
55 |         target: /var/data/index2.php
56 |         uid: '65534'
57 |         gid: '65534'
58 |         mode: 0400
59 |     user: nobody:nogroup
60 |     # docker exec phpinfo id
61 |     # docker exec phpinfo whoami
62 |     volumes:
63 |       - type: volume
64 |         source: my_volume
65 |         target: /var/data/my_volume/
66 |         read_only: false
67 |     working_dir: /var/data/
68 | version: '3.8'
69 | volumes:
70 |   my_volume:
71 |     external: false
72 |     
73 | EOF
74 | ```
75 | ```
76 | docker swarm init
77 | ```
78 | ```
79 | docker stack rm PHPINFO ; sleep 20
80 | 
81 | docker stack deploy --compose-file ${PWD}/phpinfo/docker-compose.yaml PHPINFO
82 | 
83 | docker stack ps PHPINFO --no-trunc
84 | 
85 | docker stack ls
86 | 
87 | docker stack services PHPINFO
88 | 
89 | docker service logs PHPINFO_phpinfo-svc
90 | 
91 | docker ps
92 | ```
93 | ```
94 | docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r df
95 | ```
96 | 


--------------------------------------------------------------------------------
/caltech_2022-11/2022-11-05.md:
--------------------------------------------------------------------------------
 1 | # Underlying technology for Docker containers:
 2 | * https://en.wikipedia.org/wiki/Linux_namespaces
 3 |   
 4 |   Namespaces isolate:
 5 |   * Network stack (routing tables and network interfaces)
 6 |   * Mount points (file systems)
 7 |   * Process ID (table of processes)
 8 | * https://en.wikipedia.org/wiki/Cgroups
 9 |   
10 |   Control Groups isolate:
11 |   * CPU usage (100 millicores per container)
12 |   * RAM usage (100 MiB per container)
13 | 
14 | Docker engine and tools:
15 |   * HIGH LEVEL = `docker --help`
16 |   * MID LEVEL = `containerd --help`
17 |   * LOW LEVEL = `runc --help`
18 | 
19 | # DCA exam
20 | * https://training.mirantis.com/certification/dca-certification-exam/
21 | 
22 | # Docker engine
23 | ```
24 | sudo docker version
25 | ```
26 | 
27 | ```
28 | service docker status
29 | ```
30 | # Remove all Docker objects:
31 | ```
32 | sudo docker container rm --force $( sudo docker ps --all --quiet )
33 | 
34 | sudo docker image rm --force $( sudo docker images --quiet )
35 | 
36 | sudo docker volume rm $( sudo docker volume ls --quiet )
37 | 
38 | sudo docker network rm $( sudo docker network ls --quiet )
39 | ```
40 | Check:
41 | ```
42 | sudo docker network ls
43 | 
44 | sudo docker volume ls
45 | 
46 | sudo docker image ls
47 | 
48 | sudo docker container ls --all
49 | ```
50 | 
51 | # Simple example to understand Docker images:
52 | ```
53 | sudo docker run --detach --name alpine --tty library/alpine
54 | 
55 | sudo docker container ls
56 | 
57 | sudo docker image ls
58 | 
59 | sudo docker run --detach --name php --tty library/php:alpine
60 | ```
61 | The alpine operating system is not dowloaded twice because it was already pulled for the first container:
62 | ```
63 | 213ec9aee27d: Already exists
64 | ```
65 | 
66 | # Another example:
67 | 
68 | ```
69 | mkdir --parents test/
70 | 
71 | tee test/Dockerfile 0<<EOF
72 | 
73 | FROM library/alpine
74 | RUN apk add php
75 | 
76 | EOF
77 | 
78 | sudo docker image build --tag my_library/php:alpine test/
79 | 
80 | sudo docker image pull library/php:alpine
81 | 
82 | sudo docker container run --detach --name my_php --tty my_library/php:alpine
83 | 
84 | sudo docker container run --detach --name php --tty library/php:alpine
85 | 
86 | sudo docker container ls
87 | ```
88 | * https://hub.docker.com/_/php
89 | * https://hub.docker.com/layers/library/php/alpine/images/sha256-298daac152760e2510ff283b0785c8feef72a2b134b27af918a80e40f26c1bb8
90 | * https://github.com/docker-library/php/blob/master/8.1/alpine3.16/cli/Dockerfile
91 | 


--------------------------------------------------------------------------------
/2022-05-01.md:
--------------------------------------------------------------------------------
 1 | 1. https://cloud.redhat.com/blog/crictl-vs-podman
 2 | 2. https://kubernetes.io/docs/home/
 3 | 3. https://kubernetes.io/docs/setup/
 4 | 
 5 | In order to initialize the Kubernetes leader run the following commands on the first master node:
 6 | ```
 7 | ip_leader=$( ip r | grep -v docker | awk '/eth0.proto.kernel/{ print $9 }' )
 8 | kube=kube-apiserver
 9 | log=/tmp/install-leader.log
10 | sleep=10
11 | calico=https://docs.projectcalico.org/v3.22/manifests/calico.yaml
12 | pod_network_cidr=192.168.0.0/16
13 | kubeconfig=/etc/kubernetes/admin.conf
14 | echo ${ip_leader} ${kube} | sudo tee --append /etc/hosts
15 | sudo swapoff --all
16 | sudo kubeadm init --upload-certs --control-plane-endpoint "${kube}" --pod-network-cidr ${pod_network_cidr} --ignore-preflight-errors all 2>&1 | tee --append ${log}
17 | ```
18 | Once the initialization has completed continue with the following commands still on the first master node:
19 | ```
20 | sudo kubectl apply --filename ${calico} --kubeconfig ${kubeconfig} 2>& 1 | tee --append ${log}
21 | mkdir -p ${HOME}/.kube/
22 | sudo cp /etc/kubernetes/admin.conf ${HOME}/.kube/config
23 | sudo chown -R $( id -u ):$( id -g ) ${HOME}/.kube/
24 | echo 'source <(kubectl completion bash)' | tee --append ${HOME}/.bashrc
25 | source ${HOME}/.bashrc
26 | ```
27 | Check that the Leader master is ready before continuing:
28 | ```
29 | kubectl get no | grep Ready
30 | ```
31 | Once the Leader master is ready you can continue with these commands:
32 | ```
33 | sudo sed --in-place /${kube}/d /etc/hosts
34 | sudo sed --in-place /127.0.0.1.*localhost/s/$/' '${kube}/ /etc/hosts
35 | grep ^kubeadm.join ${log} -A1
36 | ```
37 | Now you are ready to join the worker nodes to the Kubernetes cluster. Run the following commands on the worker nodes:
38 | ```
39 | ip_master1=172.X.X.X # HERE SUBSTITUTE THE VALUE OF THE IP ADDRESS FOR THE LEADER MASTER ${ip_leader}
40 | # FOR EXAMPLE: ip_master1=172.31.1.138
41 | kube=kube-apiserver
42 | echo ${ip_master1} ${kube} | sudo tee --append /etc/hosts
43 | ```
44 | In order to join the worker node to the cluster you need to run the output of the previous command from the Leader master like explained in the following paragraph:
45 | ```
46 | sudo XXXXXXXXXXX # HERE YOU SUBSTITUTE THE OUTPUT OF THE FOLLOWING COMMAND RUN ON THE LEADER MASTER: grep ^kubeadm.join ${log} -A1
47 | # FOR EXAMPLE:
48 | # sudo kubeadm join kube-apiserver:6443 --token xxx.xxx --discovery-token-ca-cert-hash sha256:xxx
49 | ```
50 | Check on the Leader master that the worker nodes have correctly joined the cluster:
51 | ```
52 | kubectl get no
53 | ```
54 | Other useful commands:
55 | ```
56 | kubectl api-resources
57 | kubectl create ns ns1
58 | kubectl create ns ns2
59 | kubectl api-resources | grep netpol
60 | 
61 | ```
62 | 
63 | 


--------------------------------------------------------------------------------
/caltech/2022-05-28.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | ltrace sleep 10
 3 | ```
 4 | 1. https://docs.docker.com/
 5 | 2. https://docs.docker.com/get-docker/
 6 | 3. https://docs.docker.com/desktop/linux/install/
 7 | 4. https://docs.docker.com/desktop/linux/install/ubuntu/
 8 | 5. https://docs.docker.com/engine/install/ubuntu/
 9 | ```
10 | sudo docker pull nginx
11 | sudo docker run nginx
12 | sudo docker run --publish 80:80 nginx
13 | ```
14 | ```
15 | sudo ls /var/lib/docker/overlay2/
16 | sudo docker images
17 | sudo docker inspect nginx
18 | sudo docker history nginx
19 | sudo docker inspect nginx | grep Layers -A7
20 | sudo docker history nginx | grep -v 0B
21 | ```
22 | ```
23 | sudo docker network create nginx-network
24 | sudo docker run --network nginx-network --publish 80:80 nginx
25 | ```
26 | ```
27 | sudo docker ps --all
28 | sudo docker container prune --force 
29 | sudo docker rmi nginx
30 | sudo docker image prune --force
31 | ```
32 | ```
33 | sudo docker run --publish 80:80 nginx
34 | sudo docker run --detach --publish 80:80 nginx
35 | sudo docker ps
36 | sudo docker rm --force exciting_maxwell
37 | sudo docker run --detach --name nginx-container --publish 80:80 nginx
38 | sudo docker logs nginx-container
39 | sudo ls /var/lib/docker/containers/1a2ea7dd41be352b261dab15c7f1020f87874ef23e3baedd9444ab35b6131cbe/
40 | ```
41 | 1. https://docs.docker.com/config/containers/logging/configure/
42 | ```
43 | sudo docker swarm init
44 | sudo docker node ls
45 | sudo docker swarm join --token SWMTKN-1-xxx-yyy 172.31.12.103:2377
46 | sudo docker node ls
47 | sudo docker service create --mode replicated --publish 80:80 --replicas 6 nginx
48 | hostname --ip-address
49 | sudo docker service ls
50 | sudo docker service logs youthful_archimedes
51 | sudo docker inspect youthful_archimedes
52 | sudo docker service rm youthful_archimedes
53 | sudo docker service create --mode global --publish 80:80 nginx
54 | sudo docker service ls
55 | sudo docker service rm ecstatic_einstein
56 | ```
57 | ```
58 | sudo docker network ls
59 | sudo docker network create nginx-network --driver overlay
60 | sudo docker service create --mode global --network nginx-network --publish 80:80 nginx
61 | sudo docker service ls
62 | sudo docker service rm relaxed_euclid
63 | sudo docker container prune --force
64 | sudo docker image prune --force
65 | sudo docker network prune --force
66 | ```
67 | ```
68 | mkdir phpinfo
69 | tee phpinfo/index.php 0<<EOF
70 | <?php phpinfo();?>
71 | EOF
72 | sudo docker run --publish 80:80 --volume ${PWD}/phpinfo/index.php:/index.php php -f index.php -S 0.0.0.0:80
73 | ```
74 | ```
75 | tee phpinfo/Dockerfile 0<<EOF
76 | FROM php
77 | COPY index.php .
78 | EOF
79 | sudo docker build --tag php:phpinfo phpinfo/
80 | sudo docker run --publish 80:80 php:phpinfo -f index.php -S 0.0.0.0:80
81 | ```
82 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-09-17.md:
--------------------------------------------------------------------------------
 1 | # Introduction to the Course
 2 | 
 3 | 1. https://docs.openshift.com/
 4 | 2. https://kubernetes.io/docs/home/
 5 | 3. https://docs.docker.com/
 6 | 
 7 | 1. https://www.php.net/docs.php
 8 | 2. https://www.php.net/manual/en/function.phpinfo
 9 | 
10 | # PHP sample application
11 | 
12 | ```
13 | mkdir --parents phpinfo
14 | 
15 | tee phpinfo/index.php 0<<EOF
16 | 
17 | <?php
18 | // Show all information, defaults to INFO_ALL
19 | phpinfo();
20 | // Show just the module information.
21 | // phpinfo(8) yields identical results.
22 | phpinfo(INFO_MODULES);
23 | ?>
24 | 
25 | EOF
26 | ```
27 | 
28 | ```
29 | sudo apt update
30 | 
31 | sudo apt install php --assume-yes
32 | ```
33 | 
34 | ```
35 | php -f phpinfo/index.php -S localhost:8080
36 | ```
37 | Go to this location to see the resulting web page:
38 | 1. http://localhost:8080/phpinfo/
39 | 
40 | # Introduction to Docker
41 | 
42 | 1. https://hub.docker.com/
43 | 
44 | ```
45 | sudo docker version
46 | ```
47 | ```
48 | service docker status
49 | ```
50 | # Example of containerization of our PHP sample application
51 | 
52 | Let us first create a network for our container:
53 | ```
54 | sudo docker network create phpinfo-network --driver bridge
55 | ```
56 | Let us download the Docker image from Docker Hub:
57 | ```
58 | sudo docker pull index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b
59 | 
60 | sudo docker images
61 | ```
62 | Let us see all the options for docker run command:
63 | ```
64 | sudo docker run --help
65 | ```
66 | Let us create the container:
67 | ```
68 | sudo docker run --cpus 0.100 --detach --entrypoint php --env AUTHOR=Sebastian --expose 8080 --memory 100M --memory-reservation 100M --name phpinfo --network phpinfo-network --read-only --restart always --user nobody:nogroup --volume ${PWD}/phpinfo/:/var/data/:ro --workdir /var/data/ index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b -f index.php -S 0.0.0.0:8080
69 | ```
70 | ## Troubleshooting the created container:
71 | 
72 | View the table of processes running inside you container
73 | ```
74 | sudo docker top phpinfo
75 | ```
76 | View the logs of your container:
77 | ```
78 | sudo docker logs phpinfo
79 | ```
80 | Show the resources consumption statistics of your container:
81 | ```
82 | sudo docker stats phpinfo --no-stream
83 | ```
84 | Show the content of the working directory:
85 | ```
86 | sudo docker exec phpinfo ls -l
87 | ```
88 | Test the connection to the webserver:
89 | ```
90 | sudo docker exec phpinfo curl localhost:8080 -I -s
91 | ```
92 | In order to remove the container (you will need to remove the container before creating another container with the same name):
93 | ```
94 | sudo docker rm phpinfo --force
95 | ```
96 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-06.md:
--------------------------------------------------------------------------------
 1 | 1. https://en.wikipedia.org/wiki/Linux_namespaces
 2 | 2. https://en.wikipedia.org/wiki/Cgroups
 3 | 3. https://en.wikipedia.org/wiki/Docker_(software)
 4 | ```
 5 | cat /etc/os-release
 6 | strings /proc/1/cmdline
 7 | strings /proc/1/cgroup
 8 | ls /proc/
 9 | top
10 | man proc
11 | strings /proc/2239/cmdline
12 | strings /proc/2239/cgroup
13 | ```
14 | ```
15 | docker run --detach --entrypoint sleep --name test docker.io/library/busybox:latest infinity
16 | docker top test
17 | docker exec test strings /proc/1/cmdline
18 | docker exec test strings /proc/1/cgroup
19 | docker ps --no-trunc
20 | ```
21 | ```
22 | docker run --detach --entrypoint sleep --name test2 docker.io/library/busybox:latest infinity
23 | docker top test2
24 | docker exec test2 strings /proc/1/cmdline
25 | docker exec test2 strings /proc/1/cgroup
26 | docker ps --no-trunc
27 | ```
28 | ```
29 | service docker status
30 | docker ps
31 | ```
32 | 1. https://docs.docker.com/engine/install/
33 | 2. https://docs.docker.com/engine/install/ubuntu/
34 | 3. https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
35 | ```
36 | sudo groupadd docker
37 | sudo usermod -aG docker $USER
38 | newgrp docker
39 | ```
40 | ```
41 | docker diff test
42 | docker exec test touch sebastian
43 | docker diff test
44 | sudo find /var/lib/docker/ | grep sebastian
45 | ```
46 | ```
47 | touch SEBASTIAN
48 | docker exec test touch sebastian
49 | sudo find / 2> /dev/null | grep -E "SEBASTIAN|sebastian"
50 | docker exec test find / | grep -E "SEBASTIAN|sebastian"
51 | ```
52 | Check in the output of the following commands that both files have the same inode so they are stored only once:
53 | ```
54 | sudo stat /var/lib/docker/overlay2/f0fa42db9b2a7dd85250fcc718ba31c4784a605aacbe99b325ff89dc9408ce6f/diff/sebastian
55 | sudo stat /var/lib/docker/overlay2/f0fa42db9b2a7dd85250fcc718ba31c4784a605aacbe99b325ff89dc9408ce6f/merged/sebastian
56 | ```
57 | ```
58 | which sleep
59 | stat /bin/sleep
60 | ```
61 | Check in the output of the following commands that both binaries have the same inode so that both containers are sharing the same object:
62 | ```
63 | docker exec test which sleep
64 | docker exec test stat /bin/sleep
65 | docker exec test2 which sleep
66 | docker exec test2 stat /bin/sleep
67 | ```
68 | 1. https://camo.githubusercontent.com/dacf0edbdc66abe64ebca0769a154d62fddbfa3a/68747470733a2f2f74686570726163746963616c6465762e73332e616d617a6f6e6177732e636f6d2f692f6f62356a6963776a376b6c716179346176656b682e706e67
69 | 2. https://www.oreilly.com/library/view/getting-started-with/9781838645700/assets/dfc9cf05-7ad2-4f58-87a4-4702cd72dbbc.jpg
70 | ```
71 | sudo ls /var/lib/docker/overlay2/
72 | ```
73 | Examples of Dockerfiles:
74 | 1. https://github.com/sebastian-colomar/spring-petclinic/blob/main/Dockerfile
75 | 2. https://github.com/sebastian-colomar/phpinfo/blob/2022-01/Dockerfile
76 | 3. https://github.com/sebastian-colomar/dockercoins/blob/main/hasher/Dockerfile
77 | 4. https://github.com/sebastian-colomar/dockercoins/blob/main/rng/Dockerfile
78 | 5. https://github.com/sebastian-colomar/dockercoins/blob/main/webui/Dockerfile
79 | 6. https://github.com/sebastian-colomar/dockercoins/blob/main/worker/Dockerfile
80 | 7. https://github.com/nginxinc/docker-nginx/blob/master/mainline/debian/Dockerfile
81 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-13.md:
--------------------------------------------------------------------------------
 1 | 1. https://en.wikipedia.org/wiki/Cgroups
 2 | ```
 3 | strings /proc/1/cmdline
 4 | strings /proc/1/cgroup
 5 | strings /proc/125/cgroup
 6 | strings /proc/126/cgroup
 7 | top
 8 | ```
 9 | ```
10 | docker ps
11 | docker top registry
12 | strings /proc/$( docker top registry | tail -1 | awk '{ print $2 }' )/cgroup
13 | ```
14 | 1. https://en.wikipedia.org/wiki/Linux_namespaces
15 | ```
16 | sudo find /var/lib/docker/overlay2/
17 | docker exec registry touch sebastian.txt
18 | sudo find /var/lib/docker/overlay2/ | grep sebastian.txt
19 | ```
20 | ```
21 | docker top registry
22 | ps -f -p $( docker top registry | tail -1 | awk '{ print $2 }' )
23 | docker exec registry ps -f
24 | ```
25 | ```
26 | ls /proc/ | more
27 | docker exec registry ls /proc/ | more
28 | ```
29 | ```
30 | ifconfig
31 | docker exec registry ifconfig
32 | ```
33 | ```
34 | docker images
35 | docker inspect registry:2
36 | docker history registry:2
37 | sudo find /var/lib/docker/overlay2/
38 | ```
39 | 1. https://github.com/sebastian-colomar/Circabc-OSS/blob/docker/Dockerfile.tomcat-full
40 | 1. https://en.wikipedia.org/wiki/LAPDm
41 | 2. https://en.wikipedia.org/wiki/Bonding_protocol
42 | 3. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/networking_guide/index#ch-Configure_Network_Bonding
43 | ```
44 | docker network ls
45 | ```
46 | ```
47 | docker run --detach --name test-none --network none --tty docker.io/library/busybox:latest
48 | docker exec test-none ifconfig
49 | docker exec test-none ping localhost -c3
50 | docker exec test-none ping 8.8.8.8
51 | ```
52 | ```
53 | docker run --detach --name test-bridge --network bridge --tty docker.io/library/busybox:latest
54 | docker exec test-bridge ifconfig
55 | docker exec test-bridge ping localhost -c1
56 | docker exec test-bridge ping 8.8.8.8 -c1
57 | docker exec test-bridge ping google.com -c1
58 | docker network disconnect --force bridge test-bridge
59 | docker exec test-bridge ifconfig
60 | docker exec test-bridge ping localhost -c1
61 | docker exec test-bridge ping 8.8.8.8 -c1
62 | docker network connect bridge test-bridge
63 | docker exec test-bridge ping 8.8.8.8 -c1
64 | ```
65 | ```
66 | docker run --detach --name test-host --network host --tty docker.io/library/busybox:latest
67 | docker exec test-host ifconfig
68 | ```
69 | ```
70 | docker inspect bridge
71 | docker exec registry ping 172.17.0.4 -c1
72 | ```
73 | ```
74 | docker network create --driver bridge custom-bridge
75 | docker network ls
76 | docker run --detach --name test-bridge-custom-1 --network custom-bridge --tty docker.io/library/busybox:latest
77 | docker run --detach --name test-bridge-custom-2 --network custom-bridge --tty docker.io/library/busybox:latest
78 | docker inspect custom-bridge
79 | docker exec test-bridge-custom-1 ping 172.18.0.3 -c1
80 | docker exec test-bridge-custom-1 ping 172.17.0.3 -c1
81 | docker exec test-bridge ping 172.17.0.3 -c1
82 | docker exec test-bridge-custom-1 ping test-bridge-custom-2 -c1
83 | docker exec test-bridge ping registry -c1
84 | docker network connect bridge test-bridge-custom-1
85 | docker exec test-bridge ping 172.17.0.3 -c1
86 | docker exec test-bridge-custom-1 ifconfig
87 | docker network disconnect bridge test-bridge-custom-1
88 | docker exec test-bridge-custom-1 ifconfig
89 | docker exec test-bridge-custom-1 ping 172.17.0.3 -c1
90 | ```
91 | 


--------------------------------------------------------------------------------
/caltech_2022-11/2022-11-06.md:
--------------------------------------------------------------------------------
 1 | # REGARDING ROOT USER AND CONTAINER OWNERSHIP
 2 | ```
 3 | sudo docker container run --tty                       library/php:alpine id
 4 | 
 5 | sudo docker container run --tty --user root:root      library/php:alpine id
 6 | 
 7 | sudo docker container run --tty --user nobody:nogroup library/php:alpine id
 8 | ```
 9 | * https://docs.docker.com/engine/install/linux-postinstall/
10 | 
11 | # DOCKERFILE VS DOCKER RUN
12 | 
13 | ```
14 | sudo docker container run --env AUTHOR=Sebastian --entrypoint php --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine -v
15 | 
16 | sudo docker container run --env AUTHOR=Sebastian --entrypoint printenv --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine | grep AUTHOR
17 | 
18 | sudo docker container run --env AUTHOR=Sebastian --entrypoint whoami --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine
19 | 
20 | sudo docker container run --env AUTHOR=Sebastian --entrypoint pwd --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine
21 | 
22 | sudo docker container run --env AUTHOR=Sebastian --entrypoint ping --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine localhost
23 | 
24 | sudo docker container run --env AUTHOR=Sebastian                   --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine ping localhost
25 | 
26 | sudo docker container run --env AUTHOR=Sebastian                   --expose 8080 --health-cmd 'php -v' --label OWNER=me --stop-signal SIGTERM --user nobody:nogroup --volume ${PWD}:/data/ --workdir /data/ library/php:alpine php -v
27 | ```
28 |    
29 | # DOCKERFILE VS IMAGE LAYERS
30 | ```
31 | mkdir --parents layers-test/
32 | 
33 | tee layers-test/Dockerfile 0<<EOF
34 | 
35 | FROM library/alpine:latest
36 | COPY . /app
37 | RUN apk add php
38 | CMD php /app/app.php
39 | 
40 | EOF
41 | 
42 | sudo docker build --tag my_library/php:alpine layers-test/
43 | 
44 | sudo docker inspect my_library/php:alpine
45 | 
46 | sudo docker history my_library/php:alpine
47 | ```
48 | * https://docs.docker.com/storage/storagedriver/overlayfs-driver/
49 | 
50 | Check the content of the folders:
51 | ```
52 | WorkDir=$( sudo docker inspect my_library/php:alpine | awk -F: '/WorkDir/{ print $2 }' | cut -d'"' -f2 )
53 | 
54 | sudo find ${WorkDir}
55 | ```
56 | 
57 | ```
58 | UpperDir=$( sudo docker inspect my_library/php:alpine | awk -F: '/UpperDir/{ print $2 }' | cut -d'"' -f2 )
59 | 
60 | sudo find ${UpperDir} | grep bin/php$
61 | ```
62 | ```
63 | LowerDir=$( sudo docker inspect my_library/php:alpine | awk -F: '/LowerDir/{ print $2 }' | cut -d'"' -f2 )
64 | 
65 | sudo find ${LowerDir} | grep bin/php$
66 | ```
67 | ```
68 | LowerDir=$( sudo docker inspect my_library/php:alpine | awk -F: '/LowerDir/{ print $2 }' | cut -d'"' -f2 )
69 | 
70 | sudo find ${LowerDir} | grep /app$
71 | ```
72 | 
73 | ```
74 | UpperDir=$( sudo docker inspect my_library/php:alpine | awk -F: '/UpperDir/{ print $2 }' | cut -d'"' -f2 )
75 | 
76 | sudo find ${UpperDir} | grep /app$
77 | ```
78 | 


--------------------------------------------------------------------------------
/caltech/2022-06-05.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | sudo docker ps | grep --invert-match k8s
  3 | sudo ss --listening --numeric --processes --tcp | grep :8000
  4 | sudo docker stack ls
  5 | sudo docker service ls
  6 | sudo docker stack services WEBSERVER
  7 | sudo docker stack ps WEBSERVER
  8 | ```
  9 | ```
 10 | python3 -m http.server
 11 | sudo docker run python python3 -m http.server
 12 | sudo docker run --publish 8000:8000 python python3 -m http.server
 13 | sudo docker service create --name webserver --publish 8000:8000 python python3 -m http.server
 14 | sudo docker service scale webserver=10
 15 | sudo docker service scale webserver=1
 16 | sudo docker service scale webserver=10
 17 | sudo docker ps | grep webserver
 18 | sudo docker service rm webserver
 19 | sudo docker stack deploy --compose-file docker-compose.yaml WEBSERVER
 20 | sudo docker stack ls
 21 | sudo docker stack services WEBSERVER
 22 | sudo docker service logs WEBSERVER_webserver
 23 | sudo docker service logs WEBSERVER_webserver --follow
 24 | ```
 25 | ```
 26 | # RUN ON THE MASTER NODE
 27 | kubeadm token create --print-join-command
 28 | hostname --ip-address
 29 | ```
 30 | ```
 31 | # RUN ON THE WORKER NODE
 32 | echo 172.31.12.103 kube-apiserver | sudo tee --append /etc/hosts
 33 | sudo kubeadm join kube-apiserver:6443 --token vcfkyk.xxx --discovery-token-ca-cert-hash sha256:yyy
 34 | ```
 35 | ```
 36 | kubectl api-resources
 37 | kubectl explain svc
 38 | kubectl explain svc.apiVersion
 39 | kubectl explain svc.kind
 40 | kubectl explain svc.metadata
 41 | kubectl explain svc.spec
 42 | kubectl explain svc.spec.ports
 43 | kubectl explain svc.spec.ports.nodePort
 44 | kubectl explain svc.spec.ports.port
 45 | kubectl explain svc.spec.ports.protocol
 46 | kubectl explain svc.spec.ports.targetPort
 47 | kubectl explain svc.spec.selector
 48 | kubectl explain svc.spec.type
 49 | ```
 50 | ```
 51 | mkdir kubernetes
 52 | kubectl create ns python-app
 53 | ```
 54 | ```
 55 | tee kubernetes/svc.yaml 0<<EOF
 56 | apiVersion: v1
 57 | kind: Service
 58 | metadata:
 59 |   name: webserver
 60 | spec:
 61 |   ports:
 62 |   - nodePort: 30000
 63 |     port: 80
 64 |     protocol: TCP
 65 |     targetPort: 8000
 66 |   selector:
 67 |     myapp: python-webserver
 68 |   type: NodePort
 69 | EOF
 70 | kubectl apply --filename kubernetes/svc.yaml --namespace python-app
 71 | kubectl get svc --namespace python-app
 72 | ```
 73 | ```
 74 | kubectl explain po
 75 | kubectl explain po.spec
 76 | kubectl explain po.spec.containers
 77 | kubectl explain po.spec.containers.args
 78 | kubectl explain po.spec.containers.ports
 79 | ```
 80 | ```
 81 | tee kubernetes/po.yaml 0<<EOF
 82 | apiVersion: v1
 83 | kind: Pod
 84 | metadata:
 85 |   labels:
 86 |     myapp: python-webserver
 87 |   name: po
 88 | spec:
 89 |   containers:
 90 |   - args:
 91 |       - python3
 92 |       - -m
 93 |       - http.server
 94 |     image: python
 95 |     name: container
 96 |     ports:
 97 |     - containerPort: 8000
 98 |       protocol: TCP
 99 | EOF
100 | kubectl apply --filename kubernetes/po.yaml --namespace python-app
101 | kubectl get po --namespace python-app
102 | ```
103 | ```
104 | kubectl get ns
105 | kubectl get svc --namespace python-app
106 | kubectl describe svc --namespace python-app
107 | kubectl get po --namespace python-app
108 | kubectl exec po --namespace python-app -- curl 192.168.180.129:8000
109 | kubectl exec po --namespace python-app -- curl 10.96.250.138:80
110 | kubectl get all --namespace python-app
111 | kubectl delete pod/po --namespace python-app
112 | kubectl delete service/webserver --namespace python-app
113 | ```
114 | 1. https://labs.play-with-k8s.com/
115 | 


--------------------------------------------------------------------------------
/2022-05-07.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | sudo docker run --entrypoint python --name webserver --publish 8080 docker.io/library/python:alpine -m http.server 8080
 3 | ```
 4 | 1. https://en.wikipedia.org/wiki/Linux_namespaces
 5 | 2. https://medium.com/@BeNitinAgarwal/lifecycle-of-docker-container-d2da9f85959
 6 | 
 7 | ```
 8 | docker pull python:latest
 9 | docker pull python:latest@sha256:76f9e442fdf5c12efb5949407b0bb7ad28a413b8a5387a4243b1d43a14654060
10 | ```
11 | ```
12 | # python -m http.server
13 | # sudo docker run --detach --entrypoint python --name webserver --publish 8000 docker.io/library/python:alpine -m http.server
14 | # sudo docker service create --entrypoint python --name webserver --publish 8000 docker.io/library/python:alpine -m http.server
15 | # sudo docker stack deploy --compose-file docker-compose.yaml WEBSERVER
16 | version: '3.8'
17 | services:
18 |   webserver:
19 |     deploy:
20 |       replicas: 6
21 |     entrypoint:
22 |       - python
23 |     ports:
24 |       - 8000
25 |     image: docker.io/library/python:alpine@sha256:6fb270e2f36634073f8ded1a10db8c12ce5d10bc28756c47ac41eaa2920b09a1
26 |     command:
27 |       - -m
28 |       - http.server
29 | ```
30 | ```
31 | sudo docker swarm join-token manager
32 | sudo docker swarm join-token worker
33 | ```
34 | https://www.sslshopper.com/certificate-decoder.html
35 | ```
36 | sudo docker swarm ca
37 | ```
38 | ```
39 | sudo docker secret ls
40 | sudo docker config ls
41 | ```
42 | 1. https://docs.docker.com/engine/reference/commandline/service_create/
43 | ```
44 | echo '<?php phpinfo();?>' | sudo docker secret create index.php - 
45 | sudo docker secret ls
46 | sudo docker secret inspect index.php
47 | sudo docker service create --entrypoint php --name phpinfo-secret --publish 8080 --read-only --replicas 2 --restart-condition any --secret source=index.php,target=/app/index.php,mode=0400,uid=65534 --user nobody --workdir /app/ php -f index.php -S 0.0.0.0:8080
48 | ```
49 | ```
50 | echo '<?php phpinfo();?>' | sudo docker config create index.php - 
51 | sudo docker config ls
52 | sudo docker config inspect index.php
53 | sudo docker service create --entrypoint php --mode replicated --name phpinfo-config --publish 8080 --read-only --replicas 2 --restart-condition any --config source=index.php,target=/app/index.php,mode=0400,uid=65534 --user nobody --workdir /app/ php -f index.php -S 0.0.0.0:8080
54 | ```
55 | ```
56 | # docker-compose.yaml
57 | # php -f index.php -S 0.0.0.0:8080
58 | # sudo docker run --detach --entrypoint php --name phpinfo --publish 8080 docker.io/library/php:latest -f index.php -S 0.0.0.0:8080
59 | # sudo docker service create --entrypoint php --mode replicated --name phpinfo --publish 8080 --read-only --replicas 2 --restart-condition any --secret source=index.php,target=/app/index.php,mode=0400,uid=65534 --user nobody --workdir /app/ php -f index.php -S 0.0.0.0:8080
60 | # sudo docker stack deploy --compose-file docker-compose.yaml PHPINFO
61 | secrets:
62 |   index.php:
63 |     external: true
64 | services:
65 |   phpinfo:
66 |     deploy:
67 |       mode: replicated
68 |       replicas: 2
69 |       restart_policy:
70 |         condition: any
71 |     command:
72 |       - -f
73 |       - index.php
74 |       - -S
75 |       - 0.0.0.0:8080
76 |     entrypoint:
77 |       - php
78 |     image: php
79 |     ports:
80 |       - 8080
81 |     read_only: true
82 |     secrets:
83 |       - source: index.php
84 |         target: /app/index.php
85 |         mode: 0400
86 |         uid: '65534'
87 |     user: nobody
88 |     working_dir: /app/
89 | version: '3.8'
90 | ```
91 | ```
92 | sudo docker stack ls
93 | sudo docker stack services PHPINFO
94 | sudo docker stack ps PHPINFO
95 | sudo docker service logs PHPINFO_phpinfo
96 | ```
97 | 


--------------------------------------------------------------------------------
/caltech/2022-05-29.md:
--------------------------------------------------------------------------------
 1 | 1. https://hub.docker.com/
 2 | ```
 3 | sudo docker tag php:phpinfo academiaonline/php:phpinfo
 4 | sudo docker push academiaonline/php:phpinfo
 5 | ```
 6 | ```
 7 | sudo docker service ls
 8 | sudo docker service rm confident_sutherland
 9 | sudo docker service create --mode global --publish 80:80 academiaonline/php:phpinfo -f index.php -S 0.0.0.0:80
10 | ```
11 | ```
12 | sudo docker run --detach --publish 5000:5000 --restart always registry:2
13 | sudo docker tag php:phpinfo localhost:5000/php:phpinfo
14 | hostname --ip-address
15 | sudo tee /etc/docker/daemon.json 0<<EOF
16 | {"insecure-registries":["172.31.12.103:5000"]}
17 | EOF
18 | sudo service docker restart
19 | sudo docker push localhost:5000/php:phpinfo
20 | sudo docker pull 172.31.12.103:5000/php:phpinfo
21 | sudo docker service create --mode global --publish 80:80 172.31.12.103:5000/php:phpinfo -f index.php -S 0.0.0.0:80
22 | ```
23 | ```
24 | sudo docker ps
25 | sudo docker inspect xenodochial_fermat
26 | sudo ls /var/lib/docker/volumes/1e6886907065cb2c691ea6a45fc8bd53014624442faa369ad9034df4f3da0546/_data/docker/registry/v2/repositories/
27 | sudo ls /var/lib/docker/volumes/1e6886907065cb2c691ea6a45fc8bd53014624442faa369ad9034df4f3da0546/_data/docker/registry/v2/repositories/php/_manifests/tags/
28 | ```
29 | ```
30 | sudo docker pull mysql
31 | sudo docker tag mysql localhost:5000/mysql
32 | sudo docker push localhost:5000/mysql
33 | sudo ls /var/lib/docker/volumes/1e6886907065cb2c691ea6a45fc8bd53014624442faa369ad9034df4f3da0546/_data/docker/registry/v2/repositories/
34 | sudo ls /var/lib/docker/volumes/1e6886907065cb2c691ea6a45fc8bd53014624442faa369ad9034df4f3da0546/_data/docker/registry/v2/repositories/mysql/_manifests/tags
35 | sudo docker pull 172.31.12.103:5000/mysql
36 | ```
37 | ```
38 | tee phpinfo/Dockerfile-flat 0<<EOF
39 | FROM php
40 | COPY index.php .
41 | FROM scratch
42 | COPY --from=0 / /
43 | EOF
44 | sudo docker build --file phpinfo/Dockerfile-flat --tag php:flat phpinfo/
45 | ```
46 | ```
47 | sudo docker network create nginx
48 | sudo docker service create --mode global --publish 80:80 nginx 
49 | ```
50 | ```
51 | sudo docker ps
52 | sudo docker exec b72ca2d648bf ifconfig
53 | ifconfig
54 | ```
55 | ```
56 | sudo docker network create frontend
57 | sudo docker network create backend
58 | sudo docker run --detach --name web-server --network frontend --publish 80:80 nginx:alpine
59 | sudo docker run --detach --name tomcat-server --network frontend tomcat:alpine
60 | sudo docker run --detach --env MYSQL_ROOT_PASSWORD=1234 --name mysql-server --network backend mysql
61 | sudo docker network connect backend tomcat-server
62 | sudo docker exec web-server ping tomcat-server
63 | sudo docker exec web-server ping mysql-server
64 | sudo docker exec tomcat-server ping mysql-server
65 | ```
66 | ```
67 | sudo docker rm --force mysql-server tomcat-server web-server
68 | sudo docker network prune --force
69 | ```
70 | ```
71 | sudo docker network create frontend --driver overlay
72 | sudo docker network create backend --driver overlay
73 | sudo docker service create --mode global --name web-server --network frontend --publish 80:80 nginx:alpine
74 | sudo docker service create --mode global --name tomcat-server --network frontend --network backend tomcat:alpine
75 | sudo docker service create --env MYSQL_ROOT_PASSWORD=1234 --mode replicated --name mysql-server --network backend --replicas 1 mysql
76 | sudo docker service ps web-server
77 | sudo docker service ps tomcat-server
78 | sudo docker service ps mysql-server
79 | sudo docker exec web-server.zn2etxjzn5de4mxtvb96hikf8.5x801d2qt0jfmulv7jiblwpkz ping tomcat-server
80 | sudo docker exec web-server.zn2etxjzn5de4mxtvb96hikf8.5x801d2qt0jfmulv7jiblwpkz ping mysql-server
81 | sudo docker exec tomcat-server.zn2etxjzn5de4mxtvb96hikf8.a9u1vvfadsjdgudqy8905fcb7 ping mysql-server
82 | ```
83 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-14.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | docker ps
 3 | docker ps --all
 4 | docker system prune --all --force --volumes
 5 | ```
 6 | 1. https://docs.docker.com/network/macvlan/
 7 | 2. https://gdevillele.github.io/engine/userguide/networking/get-started-macvlan/
 8 | 3. https://medium.com/@tukai.anirban/container-networking-overlay-networks-b712d6ddfb67
 9 | ```
10 | docker swarm init --advertise-addr $( hostname -i )
11 | docker network ls
12 | docker swarm join-token worker
13 | ```
14 | 1. https://labs.play-with-docker.com/
15 | ```
16 | docker swarm init --advertise-addr $( hostname -i )
17 | docker swarm join-token worker
18 | docker swarm join-token manager
19 | docker node ls
20 | sudo ls /var/lib/docker/swarm
21 | sudo ls /var/lib/docker/swarm/raft
22 | docker node promote node4 node5
23 | docker node ls
24 | docker node demote node4 node5
25 | docker node ls
26 | ```
27 | 1. https://docs.docker.com/engine/swarm/admin_guide/
28 | ```
29 | docker node update --availability drain <NODE>
30 | ```
31 | ```
32 | sudo apt-get update
33 | sudo apt-get install php -y
34 | mkdir php/
35 | tee php/index.php 0<<EOF
36 | <?php phpinfo();?>
37 | EOF
38 | php -f php/index.php -S 0.0.0.0:8080
39 | #   -f <file>        Parse and execute <file>
40 | #   -S <addr>:<port> Run with built-in web server
41 | ```
42 | ```
43 | tee php/Dockerfile 0<<EOF
44 | #FROM docker.io/library/php:alpine
45 | FROM docker.io/library/php:alpine@sha256:6340f86b1dc4325d09cd8311d8c40e36ab54061d0d25ea1491c100578bc50ae1
46 | COPY index.php .
47 | EOF
48 | docker build --tag localhost/my_library/my_php:alpine php/
49 | docker history localhost/my_library/my_php:alpine
50 | docker inspect localhost/my_library/my_php:alpine
51 | docker run --detach --entrypoint php --name php1                      localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
52 | docker top php1
53 | docker run --detach --entrypoint php --name php2 --publish 8080       localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
54 | docker top php2
55 | docker port php2
56 | docker run --detach --entrypoint php --name php3 --publish 30000:8080 localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
57 | ```
58 | ```
59 | docker service create --entrypoint php --name php-svc-1 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
60 | docker service ls
61 | docker service ps php-svc-1
62 | docker service logs php-svc-1
63 | docker service create --entrypoint php --name php-svc-2 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
64 | docker config create php-config php/index.php
65 | docker config inspect php-config
66 | echo PD9waHAgcGhwaW5mbygpOz8+Cg== | base64 -d
67 | docker service create --config source=php-config,target=index.php --entrypoint php --name php-svc-3 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
68 | docker secret create php-secret php/index.php
69 | docker service create --secret source=php-secret,target=index.php --entrypoint php --name php-svc-4 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
70 | docker service create --secret source=php-secret,target=/index.php --entrypoint php --name php-svc-5 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
71 | ```
72 | In the Docker Playground:
73 | ```
74 | mkdir php/
75 | tee php/index.php 0<<EOF
76 | <?php phpinfo();?>
77 | EOF
78 | docker config create php-config php/index.php
79 | docker service create --config source=php-config,target=index.php --entrypoint php --name php-svc-3 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
80 | docker secret create php-secret php/index.php
81 | docker service create --secret source=php-secret,target=index.php --entrypoint php --name php-svc-4 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
82 | docker service create --secret source=php-secret,target=/index.php --entrypoint php --name php-svc-5 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
83 | ```
84 | 


--------------------------------------------------------------------------------
/2022-04-30.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | sudo docker inspect bridge
  3 | sudo docker run --detach --entrypoint ping --name ping docker.io/library/busybox:latest localhost
  4 | sudo docker logs ping
  5 | sudo docker top ping
  6 | sudo docker stats ping --no-stream
  7 | sudo docker ps
  8 | sudo docker exec ping ls /var/
  9 | sudo docker inspect bridge
 10 | sudo docker network create your_bridge
 11 | sudo docker network ls
 12 | sudo docker inspect your_bridge
 13 | sudo docker run --detach --entrypoint ping --name your_ping --network your_bridge docker.io/library/busybox:latest localhost
 14 | sudo docker inspect your_bridge
 15 | 
 16 | ```
 17 | ```
 18 | sudo docker run --entrypoint ls --rm busybox:latest /var/
 19 | sudo docker run --detach --entrypoint ls --rm busybox:latest /var/
 20 | ```
 21 | ```
 22 | sudo docker service create --entrypoint python --name webserver --publish 8000 docker.io/library/python:alpine -m http.server
 23 | sudo docker service scale webserver=6
 24 | sudo docker service ls
 25 | sudo docker service logs webserver
 26 | sudo docker service create --entrypoint ping --name ping docker.io/library/busybox:latest localhost
 27 | sudo docker service scale ping=6
 28 | sudo docker service logs ping
 29 | sudo docker service ps ping
 30 | sudo docker ps
 31 | ```
 32 | ```
 33 | sudo docker container inspect ping
 34 | sudo docker network ls
 35 | sudo docker inspect bridge
 36 | sudo docker inspect your_bridge
 37 | sudo docker network connect your_bridge ping
 38 | sudo docker inspect your_bridge
 39 | sudo docker container inspect ping
 40 | sudo docker network disconnect bridge ping
 41 | sudo docker container inspect ping
 42 | 
 43 | ```
 44 | ```
 45 | sudo docker ps | grep webserver ; sudo docker service ps webserver
 46 | sudo docker rm --force webserver.4.un5shfao1660zz7ad3t1cfpgm ; sudo docker ps | grep webserver ; sudo docker service ps webserver
 47 | ```
 48 | ```
 49 | sudo docker service create --entrypoint ping --env OWNER=Sebastian --name ping-with-env --replicas 6 docker.io/library/busybox:latest localhost
 50 | sudo docker exec ping-with-env.6.ptaiyyleyn9jzkygfnfy4sp03 printenv | grep ^OWNER
 51 | 
 52 | ```
 53 | ```
 54 | sudo docker network ls
 55 | sudo docker run --detach --entrypoint ping --name no-net --network none --rm busybox localhost
 56 | sudo docker inspect no-net
 57 | sudo docker exec no-net ip address
 58 | sudo docker run --detach --entrypoint ping --name host-net --network host --rm busybox localhost
 59 | sudo docker inspect host-net
 60 | sudo docker exec host-net ip address
 61 | sudo docker exec host-net ip route
 62 | sudo docker network prune --force
 63 | ```
 64 | ```
 65 | sudo docker stats
 66 | ```
 67 | ```
 68 | sudo docker service create --entrypoint ping --mode global --name ping-global busybox localhost
 69 | sudo docker service ps ping-global
 70 | ```
 71 | ```
 72 | sudo docker node ls
 73 | sudo docker node demote ip-172-31-1-138
 74 | sudo docker node promote ip-172-31-1-138
 75 | sudo docker node demote ip-172-31-12-249
 76 | sudo docker node demote ip-172-31-2-239
 77 | ```
 78 | 1. https://techcommunity.microsoft.com/t5/image/serverpage/image-id/100302iA949F8A130209F6E/image-size/large?v=v2&px=999
 79 | 2. https://docs.docker.com/compose/compose-file/compose-file-v3/
 80 | ```
 81 | # sudo docker service create --entrypoint python --name webserver --publish 8000 docker.io/library/python:alpine -m http.server
 82 | # sudo docker stack deploy --compose-file docker-compose.yaml WEBSERVER
 83 | version: '3.8'
 84 | services:
 85 |   webserver:
 86 |     deploy:
 87 |       replicas: 6
 88 |     entrypoint:
 89 |       - python
 90 |     ports:
 91 |       - 8000
 92 |     image: docker.io/library/python:alpine
 93 |     command:
 94 |       - -m
 95 |       - http.server
 96 | ```
 97 | ```
 98 | sudo docker stack ls
 99 | sudo docker stack ps WEBSERVER
100 | sudo docker stack services WEBSERVER
101 | sudo docker service logs WEBSERVER_webserver
102 | 
103 | ```
104 | ```
105 | # sudo docker service create --entrypoint ping --mode global --name ping-global busybox localhost
106 | # sudo docker stack deploy --compose-file ping-global.yaml PING_GLOBAL
107 | version: '3.8'
108 | services:
109 |   ping-global:
110 |     entrypoint:
111 |       - ping
112 |     image: busybox
113 |     command:
114 |       - localhost
115 |     deploy:
116 |       mode: global
117 | ```
118 | 


--------------------------------------------------------------------------------
/swarm-example.md:
--------------------------------------------------------------------------------
  1 | 1. https://labs.play-with-docker.com/
  2 | ```
  3 | docker swarm init --advertise-addr $( hostname -i )
  4 | docker swarm join-token worker
  5 | docker swarm join-token manager
  6 | docker node ls
  7 | ```
  8 | ```
  9 | mkdir php/
 10 | tee php/index.php 0<<EOF
 11 | <?php phpinfo();?>
 12 | EOF
 13 | docker config create php-config php/index.php
 14 | docker service create --config source=php-config,target=index.php --entrypoint php --name php-svc-3 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 15 | docker secret create php-secret php/index.php
 16 | docker service create --secret source=php-secret,target=index.php --entrypoint php --name php-svc-4 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 17 | docker service create --secret source=php-secret,target=/index.php --entrypoint php --name php-svc-5 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 18 | ```
 19 | ```
 20 | docker node ls
 21 | docker service ls
 22 | docker service ps php-svc-4
 23 | docker service logs php-svc-4
 24 | docker ps
 25 | docker exec php-svc-4.1.lx3fu84r3mble8snpzbz3fx7k df
 26 | ```
 27 | ```
 28 | docker service update --secret-rm php-secret php-svc-4
 29 | docker service ps php-svc-4
 30 | docker ps
 31 | docker exec php-svc-4.1.vus6clyku7qfsocjffefiwiwr df
 32 | docker service update --secret-add source=php-secret,target=/index.php php-svc-4
 33 | docker service ps php-svc-4
 34 | docker ps
 35 | docker exec php-svc-4.1.253x45roucx7v7utczpl14n2s df
 36 | ```
 37 | ```
 38 | docker service scale php-svc-3=5
 39 | docker service ps php-svc-3
 40 | docker service ls
 41 | docker ps
 42 | docker rm --force php-svc-3.1.boqyufqmrk4rc78ga9w176qa7 ; docker ps
 43 | docker service ps php-svc-3
 44 | docker restart php-svc-3.1.iujff6vlnhphgzga2dsu4mexe 
 45 | docker service ps php-svc-3
 46 | docker node update --availability drain node4
 47 | docker service ps php-svc-3
 48 | docker node update --availability active node4
 49 | docker service ps php-svc-3
 50 | ```
 51 | 1. https://docs.docker.com/compose/compose-file/compose-file-v3/
 52 | ```
 53 | mkdir -p php/
 54 | tee php/index.php 0<<EOF
 55 | <?php phpinfo();?>
 56 | EOF
 57 | ```
 58 | ```
 59 | tee php/docker-compose.yaml 0<<EOF
 60 | configs:
 61 |   php-config:
 62 |     external: false
 63 |     file: index.php
 64 | networks:
 65 |   php-network:
 66 |     external: false
 67 |     internal: false
 68 | secrets:
 69 |   php-secret:
 70 |     external: false
 71 |     file: index.php
 72 | services:
 73 |   php-svc:
 74 |     command:
 75 |       - -f
 76 |       - index.php
 77 |       - -S
 78 |       - 0.0.0.0:8080
 79 |     configs:
 80 |       - source: php-config
 81 |         target: /my_app/index.php
 82 |         uid: '65534'
 83 |         gid: '65534'
 84 |         mode: 0400
 85 |     deploy:
 86 |       replicas: 5
 87 |       resources:
 88 |         limits:
 89 |           cpus: '0.2'
 90 |           memory: 200M
 91 |         reservations:
 92 |           cpus: '0.2'
 93 |           memory: 200M
 94 |     entrypoint:
 95 |       # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r which php
 96 |       - /usr/local/bin/php
 97 |     image: docker.io/library/php:alpine@sha256:6340f86b1dc4325d09cd8311d8c40e36ab54061d0d25ea1491c100578bc50ae1
 98 |     networks:
 99 |       - php-network
100 |     ports:
101 |       - 8080
102 |     read_only: true
103 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r touch sebastian
104 |     secrets:
105 |       - source: php-secret
106 |         target: /my_app/index-secret.php
107 |         uid: '65534'
108 |         gid: '65534'
109 |         mode: 0400
110 |     user: nobody:nogroup
111 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r id
112 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r whoami
113 |     volumes:
114 |       - type: volume
115 |         source: my_volume
116 |         target: /my_app/data/
117 |         read_only: false
118 |     working_dir: /my_app/
119 | version: '3.8'
120 | volumes:
121 |   my_volume:
122 |     external: false
123 | EOF
124 | ```
125 | ```
126 | docker stack rm PHPINFO ; sleep 20
127 | docker stack deploy --compose-file php/docker-compose.yaml PHPINFO
128 | docker stack ps PHPINFO --no-trunc
129 | docker stack ls
130 | docker stack services PHPINFO
131 | docker service logs PHPINFO_php-svc
132 | docker ps
133 | docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r df
134 | ```
135 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-20.md:
--------------------------------------------------------------------------------
  1 | 1. https://labs.play-with-docker.com/
  2 | ```
  3 | docker swarm init --advertise-addr $( hostname -i )
  4 | docker swarm join-token worker
  5 | docker swarm join-token manager
  6 | docker node ls
  7 | ```
  8 | ```
  9 | mkdir php/
 10 | tee php/index.php 0<<EOF
 11 | <?php phpinfo();?>
 12 | EOF
 13 | docker config create php-config php/index.php
 14 | docker service create --config source=php-config,target=index.php --entrypoint php --name php-svc-3 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 15 | docker secret create php-secret php/index.php
 16 | docker service create --secret source=php-secret,target=index.php --entrypoint php --name php-svc-4 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 17 | docker service create --secret source=php-secret,target=/index.php --entrypoint php --name php-svc-5 --publish 8080 docker.io/library/php:alpine -f index.php -S 0.0.0.0:8080
 18 | ```
 19 | ```
 20 | docker node ls
 21 | docker service ls
 22 | docker service ps php-svc-4
 23 | docker service logs php-svc-4
 24 | docker ps
 25 | docker exec php-svc-4.1.lx3fu84r3mble8snpzbz3fx7k df
 26 | ```
 27 | ```
 28 | docker service update --secret-rm php-secret php-svc-4
 29 | docker service ps php-svc-4
 30 | docker ps
 31 | docker exec php-svc-4.1.vus6clyku7qfsocjffefiwiwr df
 32 | docker service update --secret-add source=php-secret,target=/index.php php-svc-4
 33 | docker service ps php-svc-4
 34 | docker ps
 35 | docker exec php-svc-4.1.253x45roucx7v7utczpl14n2s df
 36 | ```
 37 | ```
 38 | docker service scale php-svc-3=5
 39 | docker service ps php-svc-3
 40 | docker service ls
 41 | docker ps
 42 | docker rm --force php-svc-3.1.boqyufqmrk4rc78ga9w176qa7 ; docker ps
 43 | docker service ps php-svc-3
 44 | docker restart php-svc-3.1.iujff6vlnhphgzga2dsu4mexe 
 45 | docker service ps php-svc-3
 46 | docker node update --availability drain node4
 47 | docker service ps php-svc-3
 48 | docker node update --availability active node4
 49 | docker service ps php-svc-3
 50 | ```
 51 | 1. https://docs.docker.com/compose/compose-file/compose-file-v3/
 52 | ```
 53 | mkdir -p php/
 54 | tee php/index.php 0<<EOF
 55 | <?php phpinfo();?>
 56 | EOF
 57 | ```
 58 | ```
 59 | tee php/docker-compose.yaml 0<<EOF
 60 | configs:
 61 |   php-config:
 62 |     external: false
 63 |     file: index.php
 64 | networks:
 65 |   php-network:
 66 |     external: false
 67 |     internal: false
 68 | secrets:
 69 |   php-secret:
 70 |     external: false
 71 |     file: index.php
 72 | services:
 73 |   php-svc:
 74 |     command:
 75 |       - -f
 76 |       - index.php
 77 |       - -S
 78 |       - 0.0.0.0:8080
 79 |     configs:
 80 |       - source: php-config
 81 |         target: /my_app/index.php
 82 |         uid: '65534'
 83 |         gid: '65534'
 84 |         mode: 0400
 85 |     deploy:
 86 |       replicas: 5
 87 |       resources:
 88 |         limits:
 89 |           cpus: '0.2'
 90 |           memory: 200M
 91 |         reservations:
 92 |           cpus: '0.2'
 93 |           memory: 200M
 94 |     entrypoint:
 95 |       # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r which php
 96 |       - /usr/local/bin/php
 97 |     image: docker.io/library/php:alpine@sha256:6340f86b1dc4325d09cd8311d8c40e36ab54061d0d25ea1491c100578bc50ae1
 98 |     networks:
 99 |       - php-network
100 |     ports:
101 |       - 8080
102 |     read_only: true
103 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r touch sebastian
104 |     secrets:
105 |       - source: php-secret
106 |         target: /my_app/index-secret.php
107 |         uid: '65534'
108 |         gid: '65534'
109 |         mode: 0400
110 |     user: nobody:nogroup
111 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r id
112 |     # docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r whoami
113 |     volumes:
114 |       - type: volume
115 |         source: my_volume
116 |         target: /my_app/data/
117 |         read_only: false
118 |     working_dir: /my_app/
119 | version: '3.8'
120 | volumes:
121 |   my_volume:
122 |     external: false
123 | EOF
124 | ```
125 | ```
126 | docker stack rm PHPINFO ; sleep 20
127 | docker stack deploy --compose-file php/docker-compose.yaml PHPINFO
128 | docker stack ps PHPINFO --no-trunc
129 | docker stack ls
130 | docker stack services PHPINFO
131 | docker service logs PHPINFO_php-svc
132 | docker ps
133 | docker exec PHPINFO_php-svc.4.z51xlgdlmt1ifpjmjvemh8z1r df
134 | ```
135 | 


--------------------------------------------------------------------------------
/2022-04-24.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | sudo docker images
 3 | sudo docker history localhost/library/alpine:php
 4 | sudo docker inspect localhost/library/alpine:php
 5 | ```
 6 | ```
 7 | mkdir Builder -p
 8 | tee ./Builder/Dockerfile-flat 0<<EOF
 9 | FROM docker.io/library/alpine:latest
10 | RUN apk add php
11 | FROM scratch
12 | COPY --from=0 / /
13 | EOF
14 | sudo docker build --file ./Builder/Dockerfile-flat --tag localhost/library/alpine:php-flat ./Builder/
15 | sudo docker history localhost/library/alpine:php-flat
16 | sudo docker inspect localhost/library/alpine:php-flat
17 | ```
18 | ```
19 | sudo docker pull docker.io/library/php:alpine
20 | sudo docker inspect docker.io/library/php:alpine
21 | mkdir ./Flatten
22 | tee ./Flatten/Dockerfile-php 0<<EOF
23 | FROM docker.io/library/php:alpine
24 | FROM scratch
25 | COPY --from=0 / /
26 | EOF
27 | sudo docker build --file ./Flatten/Dockerfile-php --tag localhost/library/php:alpine-flat ./Flatten
28 | sudo docker inspect localhost/library/php:alpine-flat
29 | ```
30 | ```
31 | sudo ls /var/lib/docker/overlay2/
32 | sudo docker inspect docker.io/library/php:alpine | grep Env -m1 -A12
33 | sudo docker inspect localhost/library/php:alpine-flat | grep Env -m1 -A2
34 | sudo docker run --entrypoint php --name php_alpine --rm docker.io/library/php:alpine --version
35 | sudo docker run --entrypoint printenv --name php_alpine --rm docker.io/library/php:alpine
36 | sudo docker run --entrypoint php --name php_alpine-flat --rm localhost/library/php:alpine-flat --version
37 | sudo docker run --entrypoint printenv --name php_alpine-flat --rm localhost/library/php:alpine-flat
38 | sudo docker run --entrypoint printenv --env PHP_VERSION=8.1.5 --name php_alpine-flat --rm localhost/library/php:alpine-flat
39 | ```
40 | ```
41 | sudo docker run --detach --name registry --publish 5000:5000 --restart always --volume registry:/var/lib/registry:rw docker.io/library/registry:2
42 | sudo docker tag localhost/library/php:alpine-flat localhost:5000/my_library/php:alpine-flat 
43 | sudo docker tag localhost/library/alpine:php-flat localhost:5000/my_library/alpine:php-flat
44 | sudo docker push localhost:5000/my_library/php:alpine-flat
45 | sudo docker push localhost:5000/my_library/alpine:php-flat
46 | sudo find /var/lib/docker/volumes/registry
47 | sudo ls /var/lib/docker/volumes/registry/_data/docker/registry/v2/repositories/my_library/
48 | ```
49 | 1. https://hub.docker.com/
50 | ```
51 | sudo docker system prune --force
52 | sudo docker container prune --force
53 | sudo docker image prune --force
54 | sudo docker network prune --force
55 | sudo docker volume prune --force
56 | ```
57 | ```
58 | sudo docker network ls
59 | sudo docker inspect bridge
60 | ```
61 | 1. https://docs.docker.com/config/daemon/ipv6/
62 | ```
63 | sudo docker network create my_bridge
64 | sudo docker network ls
65 | ```
66 | ```
67 | eth0=$( ip address | grep eth0 -A3 -m1 | awk /inet/'{ print $2 }' | cut -d/ -f1 )
68 | php -S 0.0.0.0:8080 &
69 | sudo docker run --detach --name test --rm --tty docker.io/library/busybox:latest
70 | sudo docker exec test wget http://localhost:8080 -O - -q
71 | sudo docker exec test wget http://${eth0}:8080 -O - -q
72 | ```
73 | ```
74 | sudo docker run --detach --entrypoint python --name webserver1 --publish 8000 docker.io/library/python:alpine -m http.server
75 | HostPort=$( sudo docker inspect webserver1 | grep HostPort.*3 | cut -d'"' -f4 )
76 | curl localhost:${HostPort} -I
77 | sudo iptables -S -t nat | grep :8000
78 | ```
79 | ```
80 | apt update
81 | apt install docker.io -y
82 | ```
83 | ```
84 | sudo docker run --detach --env MYSQL_ROOT_PASSWORD=1234 --name mysql-0 docker.io/library/mysql:latest
85 | sudo docker run --detach --env MYSQL_ROOT_PASSWORD=1234 --name mysql-1 docker.io/library/mysql:latest
86 | sudo docker network ls
87 | sudo docker inspect bridge
88 | mysql_0=$( sudo docker inspect bridge | grep mysql-0 -A3 | awk -F'"' /IPv4Address/'{ print $4 }' | cut -d/ -f1 )
89 | mysql_1=$( sudo docker inspect bridge | grep mysql-1 -A3 | awk -F'"' /IPv4Address/'{ print $4 }' | cut -d/ -f1 )
90 | sudo docker exec --interactive --tty mysql-0 mysql -p1234 -e 'create database mysql_0'
91 | sudo docker exec --interactive --tty mysql-1 mysql -p1234 -e 'create database mysql_1'
92 | sudo docker exec --interactive --tty mysql-0 mysql -p1234 -e 'show databases' -h${mysql_0}
93 | sudo docker exec --interactive --tty mysql-0 mysql -p1234 -e 'show databases' -h${mysql_1}
94 | sudo docker exec --interactive --tty mysql-1 mysql -p1234 -e 'show databases' -h${mysql_0}
95 | sudo docker exec --interactive --tty mysql-1 mysql -p1234 -e 'show databases' -h${mysql_1}
96 | ```
97 | 


--------------------------------------------------------------------------------
/caltech/2022-06-12.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | mkdir phpinfo
  3 | tee phpinfo/index.php 0<<EOF
  4 | <?php phpinfo();?>
  5 | EOF
  6 | sudo docker run --publish 80:80 --read-only --user nobody:nogroup --volume ${PWD}/phpinfo/index.php:/data/index.php:ro --workdir /data/ php -f index.php -S 0.0.0.0:80
  7 | ```
  8 | ```
  9 | tee phpinfo/Dockerfile 0<<EOF
 10 | FROM php
 11 | WORKDIR /data/
 12 | COPY index.php .
 13 | CMD ["-f","index.php","-S","0.0.0.0:80"]
 14 | ENTRYPOINT ["docker-php-entrypoint"]
 15 | HEALTHCHECK CMD ["curl","-f","http://localhost:80/index.php"]
 16 | USER nobody:nogroup
 17 | EOF
 18 | sudo docker build --tag php:metadata-code phpinfo/
 19 | sudo docker run                                    --publish 80:80 --read-only                                        php:metadata-code
 20 | sudo docker run --entrypoint docker-php-entrypoint --publish 80:80 --read-only --user nobody:nogroup --workdir /data/ php:metadata-code -f index.php -S 0.0.0.0:80
 21 | sudo docker tag php:metadata-code academiaonline/php:metadata-code
 22 | sudo docker login
 23 | sudo docker push academiaonline/php:metadata-code
 24 | sudo docker service create --publish 80:80 --read-only academiaonline/php:metadata-code
 25 | ```
 26 | ```
 27 | sudo docker service create --publish 80:80 --read-only --secret index.php php
 28 | ```
 29 | ```
 30 | sudo docker secret create index.php phpinfo/index.php
 31 | sudo docker config create index.php phpinfo/index.php
 32 | tee phpinfo/Dockerfile 0<<EOF
 33 | FROM php
 34 | WORKDIR /data/
 35 | #COPY index.php .
 36 | CMD ["-f","index.php","-S","0.0.0.0:80"]
 37 | ENTRYPOINT ["docker-php-entrypoint"]
 38 | HEALTHCHECK CMD ["curl","-f","http://localhost:80/index.php"]
 39 | USER nobody:nogroup
 40 | EOF
 41 | sudo docker build --tag php:metadata phpinfo/
 42 | sudo docker tag php:metadata academiaonline/php:metadata
 43 | sudo docker login
 44 | sudo docker push academiaonline/php:metadata
 45 | sudo docker service create                                    --publish 80:80 --read-only --secret source=index.php,target=/data/index.php,mode=0400,uid=65534,gid=65534                                        academiaonline/php:metadata
 46 | sudo docker service create --entrypoint docker-php-entrypoint --publish 80:80 --read-only --secret source=index.php,target=/data/index.php,mode=0400,uid=65534,gid=65534 --user nobody:nogroup --workdir /data/ academiaonline/php:metadata -f index.php -S 0.0.0.0:80
 47 | sudo docker service create --entrypoint docker-php-entrypoint --publish 80:80 --read-only --secret source=index.php,target=/data/index.php,mode=0400,uid=65534,gid=65534 --user nobody:nogroup --workdir /data/ php                         -f index.php -S 0.0.0.0:80
 48 | sudo docker service create --entrypoint docker-php-entrypoint --publish 80:80 --read-only --config source=index.php,target=/data/index.php,mode=0400,uid=65534,gid=65534 --user nobody:nogroup --workdir /data/ php                         -f index.php -S 0.0.0.0:80
 49 | ```
 50 | ```
 51 | sudo docker secret rm index.php
 52 | tee docker-compose.yaml 0<<EOF
 53 | secrets:
 54 |   index.php:
 55 |     file: ./phpinfo/index.php
 56 | services:
 57 |   phpinfo:
 58 |     command:
 59 |       - -f
 60 |       - index.php
 61 |       - -S
 62 |       - 0.0.0.0:80
 63 |     entrypoint:
 64 |       - docker-php-entrypoint
 65 |     image: php
 66 |     ports:
 67 |       - 80:80
 68 |     read_only: true
 69 |     secrets:
 70 |       - source: index.php
 71 |         target: /data/index.php
 72 |         uid: '65534'
 73 |         gid: '65534'
 74 |         mode: 0400
 75 |     user: nobody:nogroup
 76 |     working_dir: /data/
 77 | version: '3.8'
 78 | EOF
 79 | sudo docker stack deploy --compose-file docker-compose.yaml PHPINFO
 80 | sudo docker stack ls
 81 | sudo docker stack services PHPINFO
 82 | sudo docker service logs PHPINFO_phpinfo
 83 | ```
 84 | ```
 85 | sudo docker config rm index.php
 86 | tee docker-compose.yaml 0<<EOF
 87 | configs:
 88 |   index.php:
 89 |     file: ./phpinfo/index.php
 90 | services:
 91 |   phpinfo:
 92 |     command:
 93 |       - -f
 94 |       - index.php
 95 |       - -S
 96 |       - 0.0.0.0:80
 97 |     entrypoint:
 98 |       - docker-php-entrypoint
 99 |     image: php
100 |     ports:
101 |       - 80:80
102 |     read_only: true
103 |     configs:
104 |       - source: index.php
105 |         target: /data/index.php
106 |         uid: '65534'
107 |         gid: '65534'
108 |         mode: 0400
109 |     user: nobody:nogroup
110 |     working_dir: /data/
111 | version: '3.8'
112 | EOF
113 | sudo docker stack deploy --compose-file docker-compose.yaml PHPINFO
114 | sudo docker stack ls
115 | sudo docker stack services PHPINFO
116 | sudo docker service logs PHPINFO_phpinfo
117 | ```
118 | 


--------------------------------------------------------------------------------
/2022-04-23.md:
--------------------------------------------------------------------------------
  1 | 1. https://github.com/sebastian-colomar/dca
  2 | 2. https://pythonbasics.org/webserver/
  3 | ```
  4 | python -m http.server
  5 | sudo docker run --detach --entrypoint python --name webserver1 --publish 8000 docker.io/library/python:alpine -m http.server
  6 | sudo docker ps
  7 | sudo docker logs webserver
  8 | sudo docker run --detach --entrypoint python --name webserver2 --publish 8000 docker.io/library/python:alpine -m http.server
  9 | sudo docker ps
 10 | sudo docker run --detach --entrypoint python --name webserver3 --publish 8000 docker.io/library/python:alpine -m http.server
 11 | sudo docker ps
 12 | ```
 13 | ```
 14 | wget http://172.31.1.138:8000 -O - -q | head
 15 | sudo docker exec webserver wget http://172.31.1.138:8000 -O - -q | head
 16 | ```
 17 | ```
 18 | ip link
 19 | sudo docker run --entrypoint ip --network none --rm docker.io/library/busybox:latest link
 20 | ```
 21 | ```
 22 | sudo apt-get update && sudo apt-get install -y php
 23 | echo '<?php phpinfo();?>' | tee index.php
 24 | php -f index.php -S 0.0.0.0:9000
 25 | sudo docker run --detach --entrypoint php --name phpinfo --publish 9000 docker.io/library/php:alpine -f index.php -S 0.0.0.0:9000
 26 | sudo docker ps
 27 | sudo docker rm --force phpinfo
 28 | sudo docker run --detach --entrypoint php --name phpinfo --publish 9000 --volume ${PWD}/index.php:/index.php:ro docker.io/library/php:alpine -f index.php -S 0.0.0.0:9000
 29 | sudo docker run --detach --entrypoint php --name phpinfo-data --publish 9000 --volume ${PWD}/index.php:/data/index.php:ro --workdir /data/ docker.io/library/php:alpine -f index.php -S 0.0.0.0:9000
 30 | ```
 31 | ```
 32 | docker network ls
 33 | docker node ls
 34 | docker service ls
 35 | docker stack ls
 36 | docker swarm init
 37 | docker swarm leave
 38 | docker volume ls
 39 | ```
 40 | ```
 41 | docker build
 42 | docker cp
 43 | docker diff
 44 | docker exec
 45 | docker history
 46 | docker images
 47 | docker inspect
 48 | docker kill
 49 | docker login
 50 | docker logout
 51 | docker logs
 52 | docker ps
 53 | docker pull
 54 | docker push
 55 | docker rename
 56 | docker restart
 57 | docker rm
 58 | docker rmi
 59 | docker run
 60 | docker stats
 61 | docker tag
 62 | docker top
 63 | docker version
 64 | ```
 65 | 1. https://docs.docker.com/
 66 | 2. https://docs.docker.com/get-docker/
 67 | 3. https://docs.docker.com/engine/install/
 68 | ```
 69 | sudo apt-get remove docker docker-engine docker.io containerd runc
 70 | sudo apt-get update
 71 | sudo apt-get install ca-certificates curl gnupg lsb-release -y
 72 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 73 | echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
 74 | sudo apt-get update
 75 | sudo apt-get install docker-ce docker-ce-cli containerd.io -y
 76 | ```
 77 | ```
 78 | sudo docker run --entrypoint which --rm docker.io/library/busybox:latest php
 79 | sudo docker run --entrypoint which --rm docker.io/library/php:alpine php
 80 | ```
 81 | 1. https://hub.docker.com/
 82 | ```
 83 | sudo docker run --entrypoint which --rm docker.io/library/alpine:latest php
 84 | sudo docker run --entrypoint which --rm docker.io/library/php:alpine php
 85 | mkdir Builder
 86 | tee ./Builder/Dockerfile 0<<EOF
 87 | FROM docker.io/library/alpine:latest
 88 | RUN apk add php
 89 | EOF
 90 | export DOCKER_BUILDKIT=1
 91 | sudo docker build --tag localhost/library/alpine:php ./Builder/
 92 | sudo docker run --entrypoint which --rm localhost/library/alpine:php php
 93 | sudo docker login
 94 | sudo docker tag localhost/library/alpine:php docker.io/${DOCKERHUB_USERNAME}/alpine:php
 95 | sudo docker push docker.io/${DOCKERHUB_USERNAME}/alpine:php
 96 | ```
 97 | ```
 98 | sudo docker version
 99 | sudo docker swarm init
100 | sudo docker node ls
101 | sudo docker node promote
102 | sudo docker node demote
103 | sudo docker service create --entrypoint python --name webserver --publish 8000 docker.io/library/python:alpine -m http.server
104 | sudo docker service ps webserver
105 | sudo docker service scale webserver=6
106 | sudo docker service scale webserver=1
107 | sudo docker service inspect webserver
108 | sudo docker service ls
109 | sudo docker rm --force fc3bfa49b935
110 | sudo docker service scale webserver=0
111 | sudo docker service rm webserver
112 | ```
113 | ```
114 | sudo docker stats
115 | ```
116 | ```
117 | sudo docker run --entrypoint printenv --env NAME=Sebastian --rm busybox:latest | grep ^NAME
118 | ```
119 | ```
120 | sudo docker swarm join-token worker
121 | sudo docker swarm join-token manager
122 | ```
123 | 


--------------------------------------------------------------------------------
/caltech/2022-06-04.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | sudo docker ps
  3 | sudo docker diff 357568e56857
  4 | ```
  5 | ```
  6 | sudo docker run --detach --name test --network none nginx:alpine
  7 | sudo docker exec test ifconfig
  8 | sudo docker exec test ping localhost -c3
  9 | sudo docker exec test ping 8.8.8.8
 10 | sudo docker exec test ip route
 11 | ```
 12 | ```
 13 | sudo docker network ls
 14 | sudo docker inspect bridge | grep Containers -A8
 15 | sudo docker run --detach --name test2 nginx:alpine
 16 | sudo docker inspect bridge | grep Containers -A15
 17 | sudo docker exec test2 ping 172.17.0.2 -c3
 18 | sudo docker exec xenodochial_fermat ping 172.17.0.3 -c3
 19 | ```
 20 | ```
 21 | sudo docker network create test1
 22 | sudo docker network create test2 --driver bridge
 23 | sudo docker network create test3 --driver overlay
 24 | sudo docker network ls | grep test[123]
 25 | sudo docker network inspect test1
 26 | sudo docker network inspect test2
 27 | sudo docker network inspect test3
 28 | cat /etc/docker/daemon.json
 29 | sudo docker run --detach --name test-container --network test1 nginx:alpine
 30 | sudo docker network connect test2 test-container
 31 | sudo docker exec test-container ifconfig
 32 | ```
 33 | ```
 34 | sudo docker images
 35 | sudo docker inspect registry:2 | grep Layers -A6
 36 | sudo docker history registry:2 | grep -v 0B
 37 | ```
 38 | ```
 39 | sudo docker run --detach --name test-host --network host nginx:alpine
 40 | sudo docker ps --all | grep test-host
 41 | sudo docker logs test-host --tail 10
 42 | sudo docker rm test-host
 43 | sudo docker run --detach --name test-host --network host tomcat:alpine
 44 | sudo docker exec test-host ip link
 45 | ip link
 46 | ```
 47 | ```
 48 | sudo docker network create overlay-1 --driver overlay
 49 | sudo docker network create overlay-2 --driver overlay
 50 | sudo docker service create --mode global --name test-overlay --network overlay-1 --network overlay-2 nginx:alpine
 51 | sudo docker ps
 52 | sudo docker inspect test-overlay.zn2etxjzn5de4mxtvb96hikf8.u7cboa1d6ouk8qyowih2z7fzn
 53 | sudo docker exec test-overlay.zn2etxjzn5de4mxtvb96hikf8.u7cboa1d6ouk8qyowih2z7fzn ip route
 54 | sudo docker exec test-overlay.zn2etxjzn5de4mxtvb96hikf8.u7cboa1d6ouk8qyowih2z7fzn ifconfig
 55 | sudo docker exec test-overlay.zn2etxjzn5de4mxtvb96hikf8.u7cboa1d6ouk8qyowih2z7fzn ip link
 56 | ```
 57 | ```
 58 | sudo docker network create --driver bridge bridge-1
 59 | sudo docker network create --driver bridge bridge-2
 60 | sudo docker run --detach --name test-bridge --network bridge-1 --network bridge-2 nginx:alpine # THIS WILL FAIL
 61 | sudo docker run --detach --name test-bridge --network bridge-1 nginx:alpine
 62 | sudo docker network connect bridge-2 test-bridge
 63 | sudo docker inspect test-bridge
 64 | ```
 65 | ```
 66 | # sudo apt-get install -y kubelet kubeadm kubectl
 67 | ip_leader=$( hostname --ip-address )
 68 | kube=kube-apiserver
 69 | log=/tmp/install-leader.log
 70 | sleep=10
 71 | calico=https://docs.projectcalico.org/v3.21/manifests/calico.yaml
 72 | pod_network_cidr=192.168.0.0/16
 73 | kubeconfig=/etc/kubernetes/admin.conf
 74 | echo ${ip_leader} ${kube} | sudo tee --append /etc/hosts
 75 | sudo swapoff --all
 76 | sudo kubeadm init --upload-certs --control-plane-endpoint "${kube}" --pod-network-cidr ${pod_network_cidr} --ignore-preflight-errors all 2>&1 | tee --append ${log}
 77 | sudo kubectl apply --filename ${calico} --kubeconfig ${kubeconfig} 2>&1 | tee --append ${log}
 78 | mkdir -p ${HOME}/.kube
 79 | sudo cp /etc/kubernetes/admin.conf ${HOME}/.kube/config
 80 | sudo chown -R $( id -u ):$( id -g ) ${HOME}/.kube/
 81 | echo 'source <(kubectl completion bash)' | tee --append ${HOME}/.bashrc
 82 | source ${HOME}/.bashrc
 83 | while true ; do kubectl get no | grep Ready | grep --invert-match NotReady && break ; sleep ${sleep} ; done
 84 | sudo sed --in-place /${kube}/d /etc/hosts ; sudo sed --in-place /127.0.0.1.*localhost/s/$/' '${kube}/ /etc/hosts
 85 | grep ^kubeadm.join /tmp/install-leader.log -A1
 86 | master=$( kubectl get node | grep master | awk '{ print $1 }' )
 87 | kubectl taint node ${master} node-role.kubernetes.io/master:NoSchedule-
 88 | ```
 89 | ```
 90 | python3 -m http.server
 91 | curl localhost:8000
 92 | ```
 93 | ```
 94 | sudo docker run --publish 8000:8000 python python3 -m http.server
 95 | curl localhost:8000
 96 | ```
 97 | ```
 98 | sudo docker service create --name webserver --publish 8000:8000 python python3 -m http.server
 99 | curl $( hostname --ip-address ):8000
100 | sudo docker service rm webserver
101 | ```
102 | ```
103 | tee docker-compose.yaml 0<<EOF
104 | services:
105 |   webserver:
106 |     ports:
107 |       - 8000:8000
108 |     image: python
109 |     command:
110 |       - python3
111 |       - -m
112 |       - http.server
113 | version: '3.8'
114 | EOF
115 | sudo docker stack deploy --compose-file docker-compose.yaml WEBSERVER
116 | sudo docker stack ls
117 | sudo docker stack services WEBSERVER
118 | sudo docker service logs WEBSERVER_webserver
119 | ```
120 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-30.md:
--------------------------------------------------------------------------------
  1 | # TROUBLESHOOTING SWARM
  2 | Run these commands from the WORKER node:
  3 | ```
  4 | sudo docker ps | grep PHPINFO_3
  5 | sudo docker exec PHPINFO_3_phpinfo.1.zhqsp46pmexsac89tyifnj13d ls -l
  6 | sudo docker exec PHPINFO_3_phpinfo.1.zhqsp46pmexsac89tyifnj13d id
  7 | ```
  8 | # TROUBLESHOOTING KUBERNETES
  9 | Run these commands from the MASTER node:
 10 | ```
 11 | kubectl --namespace phpinfo get all
 12 | 
 13 | kubectl --namespace phpinfo exec service/phpinfo-svc -- ls -l
 14 | kubectl --namespace phpinfo exec service/phpinfo-svc -- id
 15 | 
 16 | kubectl --namespace phpinfo exec deployment.apps/phpinfo-deploy -- ls -l
 17 | kubectl --namespace phpinfo exec deployment.apps/phpinfo-deploy -- id
 18 | 
 19 | kubectl --namespace phpinfo edit deploy/phpinfo-deploy
 20 | 
 21 | kubectl --namespace kube-system get all
 22 | 
 23 | kubectl --namespace kube-system delete pod/calico-node-5mvwz
 24 | 
 25 | kubectl --namespace kube-system describe pod/calico-node-dqs6b
 26 | 
 27 | kubectl --namespace kube-system logs pod/calico-node-qwfjn
 28 | 
 29 | kubectl delete --filename https://docs.projectcalico.org/v3.21/manifests/calico.yaml
 30 | 
 31 | kubectl apply --filename https://docs.projectcalico.org/v3.21/manifests/calico.yaml
 32 | 
 33 | sudo service kubelet restart
 34 | 
 35 | sudo service docker restart
 36 | 
 37 | kubectl cordon node2
 38 | 
 39 | kubectl uncordon node2
 40 | ```
 41 | # HOW TO REINSTALL KUBERNETES
 42 | 1. Remove any previous installation in both master and worker nodes:
 43 |     ```
 44 |     sudo kubeadm reset --force
 45 |     ```
 46 | 1. Reinstall Kubernetes:
 47 | 
 48 |     ```
 49 |     calico_version=v3.21
 50 |     ```
 51 | 
 52 |     ```
 53 |     sudo kubeadm init --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors all 2>& 1 | tee kubeadm-init.log
 54 |     
 55 |     mkdir -p ${HOME}/.kube
 56 |     
 57 |     sudo cp /etc/kubernetes/admin.conf ${HOME}/.kube/config
 58 |     
 59 |     sudo chown -R $( id -u ):$( id -g ) ${HOME}/.kube/
 60 |     
 61 |     echo 'source <(kubectl completion bash)' | tee --append ${HOME}/.bashrc
 62 |     
 63 |     source ${HOME}/.bashrc
 64 | 
 65 |     kubectl apply --filename https://docs.projectcalico.org/${calico_version}/manifests/calico.yaml
 66 | 
 67 |     watch kubectl --namespace kube-system get all
 68 |     ```
 69 | # UNDERSTANDING KUBERNETES NETWORKING
 70 | ```
 71 | labsuser@ip-172-31-13-145:~$ kubectl --namespace phpinfo get svc
 72 | NAME          TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
 73 | phpinfo-svc   NodePort   10.101.240.199   <none>        80:31575/TCP   25m
 74 | labsuser@ip-172-31-13-145:~$ kubectl --namespace phpinfo get ep
 75 | NAME          ENDPOINTS                     AGE
 76 | phpinfo-svc   10.5.1.2:8080,10.5.2.2:8080   25m
 77 | ```
 78 | # Install Mirantis Container Runtime for Ubuntu
 79 | The following instructions have been extracted from this documentation:
 80 |    * https://docs.mirantis.com/mcr/20.10/install/mcr-linux/ubuntu.html
 81 | 1. Uninstall old versions
 82 | 
 83 |    ```
 84 |    sudo apt-get --yes remove docker docker-engine docker-ce docker-ce-cli docker.io
 85 |    ```
 86 | 1. Update the apt package index
 87 | 
 88 |    ```
 89 |    sudo apt-get update
 90 |    ```
 91 | 1. Install packages to allow apt to use a repository over HTTPS
 92 | 
 93 |    ```
 94 |    sudo apt-get install apt-transport-https ca-certificates curl software-properties-common -y
 95 |    ```
 96 | 1. Temporarily store https://repos.mirantis.com in an environment variable. This variable assignment does not persist when the session ends
 97 | 
 98 |    ```
 99 |    DOCKER_EE_URL="https://repos.mirantis.com"
100 |    ```
101 | 1. Temporarily add a $DOCKER_EE_VERSION variable into your environment
102 | 
103 |    ```
104 |    DOCKER_EE_VERSION=20.10
105 |    ```
106 | 1. Add Docker’s official GPG key using your customer Mirantis Container Runtime repository URL
107 | 
108 |    ```
109 |    curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
110 |    ```
111 | 1. Set up the stable repository, using the following command as-is (which works due to the variable set up earlier in the process)
112 | 
113 |    ```
114 |    sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu $(lsb_release -cs) stable-$DOCKER_EE_VERSION"
115 |    ```
116 | 1. Update the apt package index
117 |    ```
118 |    sudo apt-get update
119 |    ```
120 | 1. Install the latest version of Mirantis Container Runtime and containerd. Any existing installation of MCR is replaced
121 | 
122 |    ```
123 |    sudo apt-get --yes install docker-ee docker-ee-cli containerd.io
124 |    ```
125 | # Install the Mirantis Kubernetes Engine image   
126 | The following instructions have been extracted from this documentation:
127 |    * https://docs.mirantis.com/mke/3.5/install/install-mke-image.html
128 | 1. Install MKE
129 | 
130 |    ```
131 |    sudo docker run --interactive --name ucp --rm --tty --volume /var/run/docker.sock:/var/run/docker.sock mirantis/ucp:3.5.5 install --host-address $( hostname --ip-address ) --interactive --force-minimums
132 |    ```
133 |      
134 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-09-18.md:
--------------------------------------------------------------------------------
  1 | # How to install the Docker engine
  2 | 1. https://docs.docker.com/engine/install/
  3 | 
  4 | ## Install Docker Engine on Ubuntu
  5 | 1. https://docs.docker.com/engine/install/ubuntu/
  6 | 
  7 | ### Procedure
  8 | 1. First become root:
  9 | 
 10 |     ```
 11 |     sudo su --login root
 12 |     ```
 13 | 3. Check installed OS:
 14 | 
 15 |     ```
 16 |     cat /etc/os-release
 17 |     ```
 18 | 
 19 | 1. Check the architecture:
 20 | 
 21 |     ```
 22 |     lscpu
 23 |     ```
 24 |     
 25 | 1. Uninstall old versions:
 26 | 
 27 |     ```
 28 |     apt-get remove docker docker-engine docker.io containerd runc --assume-yes
 29 |     ```
 30 |     
 31 | 1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:
 32 | 
 33 |     ```
 34 |     apt-get update
 35 |     
 36 |     apt-get install ca-certificates curl gnupg lsb-release --assume-yes
 37 |     ```
 38 | 
 39 | 1. Add Docker’s official GPG key:
 40 | 
 41 |     ```
 42 |     mkdir -p /etc/apt/keyrings
 43 |     
 44 |     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
 45 |     ```
 46 | 1. Use the following command to set up the repository:
 47 | 
 48 |     ```
 49 |     echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
 50 |     ```
 51 | 1. Update the apt package index, and install the latest version of Docker Engine, containerd, and Docker Compose:
 52 | 
 53 |     ```
 54 |     apt-get update
 55 |     
 56 |     apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin --assume-yes
 57 |     ```
 58 | 1. Verify the installation:
 59 | 
 60 |     ```
 61 |     docker version
 62 |     
 63 |     service docker status
 64 |     ```
 65 |     
 66 | # How to build a new Docker image for our PHP sample application
 67 | 
 68 | 1. Create the Dockerfile:
 69 | 
 70 |     ```
 71 |     tee ${HOME}/phpinfo/Dockerfile 0<<EOF
 72 |     
 73 |     FROM    index.docker.io/library/alpine:3.16.2@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870
 74 |     RUN     apk add php
 75 |     
 76 |     EOF
 77 |     ```
 78 | 1. Create the Docker image:
 79 | 
 80 |     ```
 81 |     mkdir --parents ${HOME}/phpinfo/build-context/
 82 |     
 83 |     sudo docker build --file ${HOME}/phpinfo/Dockerfile --tag localhost/library/alpine:php ${HOME}/phpinfo/build-context/
 84 |     ```
 85 | 1. List the local Docker images:
 86 | 
 87 |     ```
 88 |     sudo docker images
 89 |     ```
 90 | 1. The new Docker image layers will be located in this internal Docker folder:
 91 | 
 92 |     ```
 93 |     sudo ls /var/lib/docker/overlay2/
 94 |     ```
 95 | 1. Locate the PHP package in the corresponding Docker image layer:
 96 | 
 97 |     ```
 98 |     sudo find /var/lib/docker/overlay2/ | grep bin/php$
 99 |     ```
100 | 1. Get detailed information about the Docker image:
101 | 
102 |     ```
103 |     sudo docker inspect localhost/library/alpine:php
104 |     ```
105 | ## How to remove the created Docker image:
106 | 
107 | 1. List the existing Docker images:
108 | 
109 |     ```
110 |     sudo docker images
111 |     ```
112 | 1. Remove the created Docker images using the Image ID:
113 | 
114 |     ```
115 |     sudo docker rmi c6baa85b952b 9c6f07244728
116 |     ```
117 | 1. List the existing Docker image layers in the internal Docker location:
118 | 
119 |     ```
120 |     sudo ls /var/lib/docker/overlay2/
121 |     ```
122 | ## How to run a Docker container to test the Docker image:
123 | 
124 | 1. Run a test container using the created Docker image:
125 |     ```
126 |     sudo docker run --detach --name test --tty localhost/library/alpine:php
127 |     ```
128 | 1. Inspect the Docker image to get the overlay2 layers for the image:
129 | 
130 |     ```
131 |     sudo docker inspect localhost/library/alpine:php
132 |     ```
133 | 1. Inspect the Docker container to get the overlay2 layers for the container:    
134 | 
135 |     ```
136 |     sudo docker inspect test
137 |     ```
138 | 1. Create a new empty file inside the running test container:
139 | 
140 |     ```
141 |     sudo docker exec test touch sebastian
142 |     ```
143 | 1. Find the location of the new file inside the internal overlay2 filesystem layers:
144 | 
145 |     ```
146 |     sudo find /var/lib/docker/overlay2/ | grep /sebastian$
147 |     ```
148 | 1. Both commands will show you the content of the upper directory of your Docker container:
149 | 
150 |     ```
151 |     sudo docker diff test
152 |     
153 |     sudo ls /var/lib/docker/overlay2/dcb3a3d7898a333d4234c1de0b10d8c55353aaf8237507aaa937965a7a2461b6/diff
154 |     ```
155 | 1. Check the inode numbers to confirm that the merged and the upper directories are not duplicating the new file:
156 | 
157 |     ```
158 |     sudo stat /var/lib/docker/overlay2/dcb3a3d7898a333d4234c1de0b10d8c55353aaf8237507aaa937965a7a2461b6/diff/sebastian
159 |     
160 |     sudo stat /var/lib/docker/overlay2/dcb3a3d7898a333d4234c1de0b10d8c55353aaf8237507aaa937965a7a2461b6/merged/sebastian
161 |     ```
162 | 1. The merged directory will be mounted at the root filesystem of the container so that:
163 | 
164 |     ```
165 |     INSIDE THE CONTAINER        OUTSIDE THE CONTAINER
166 |              /              =   /var/lib/docker/overlay2/dcb3a3d7898a333d4234c1de0b10d8c55353aaf8237507aaa937965a7a2461b6/merged/
167 |     ```
168 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-21.md:
--------------------------------------------------------------------------------
  1 | 1. https://kubernetes.io/docs/setup/
  2 | 2. https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
  3 | 3. https://kubernetes.io/docs/concepts/overview/components/
  4 | ```
  5 | service kubelet status
  6 | which kubeadm
  7 | which kubectl
  8 | ls /etc/kubernetes/manifests/
  9 | ```
 10 | ```
 11 | sudo kubeadm reset --force
 12 | sudo kubeadm init --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors all
 13 | ls /etc/kubernetes/manifests/
 14 | ls -l /etc/kubernetes/admin.conf
 15 | ```
 16 | ```
 17 | mkdir -p ${HOME}/.kube
 18 | sudo cp /etc/kubernetes/admin.conf ${HOME}/.kube/config
 19 | sudo chown -R $( id -u ):$( id -g ) ${HOME}/.kube/
 20 | echo 'source <(kubectl completion bash)' | tee --append ${HOME}/.bashrc
 21 | source ${HOME}/.bashrc
 22 | ```
 23 | ```
 24 | kubectl apply --filename https://docs.projectcalico.org/v3.21/manifests/calico.yaml
 25 | watch kubectl get no
 26 | ```
 27 | ```
 28 | sudo kubeadm token create --print-join-command
 29 | ```
 30 | ```
 31 | watch kubectl get no
 32 | kubectl run test --image docker.io/library/nginx:alpine
 33 | kubectl get po --output wide
 34 | kubectl describe po
 35 | kubectl get po --output yaml
 36 | kubectl logs test
 37 | kubectl get po/test --output yaml | tee po.yaml
 38 | ```
 39 | ```
 40 | kubectl explain po
 41 | kubectl explain po.spec
 42 | kubectl explain po.spec.containers
 43 | kubectl explain po.spec.containers.resources
 44 | kubectl explain po.spec.containers.workingDir
 45 | kubectl explain po.spec.containers.securityContext
 46 | kubectl explain po.spec.containers.env
 47 | kubectl explain po.spec.containers.volumeMounts
 48 | kubectl explain po.spec.volumes.secret
 49 | kubectl explain svc.spec.ports
 50 | kubectl explain svc.spec.selector
 51 | kubectl explain rs.spec
 52 | kubectl explain rs.spec.template
 53 | ```
 54 | ```
 55 | tee php/kube-compose.yaml 0<<EOF
 56 | apiVersion: apps/v1
 57 | kind: Deployment
 58 | metadata:
 59 |   name: phpinfo-deploy
 60 | spec:
 61 |   replicas: 2
 62 |   selector:
 63 |     matchLabels:
 64 |       app: phpinfo
 65 |   template:
 66 |     metadata:
 67 |       labels:
 68 |         app: phpinfo
 69 |     spec:
 70 |       containers:
 71 |       - args:
 72 |         - -f
 73 |         - index.php
 74 |         - -S
 75 |         - 0.0.0.0:8080
 76 |         command:
 77 |         - /usr/local/bin/php
 78 |         env:
 79 |         - name: OWNER
 80 |           value: Sebastian
 81 |         image: docker.io/library/php:alpine@sha256:6340f86b1dc4325d09cd8311d8c40e36ab54061d0d25ea1491c100578bc50ae1
 82 |         name: phpinfo-container
 83 |         resources:
 84 |           limits:
 85 |             cpu: 200m
 86 |             memory: 200M
 87 |           requests:
 88 |             cpu: 200m
 89 |             memory: 200M
 90 |         securityContext:
 91 |           readOnlyRootFilesystem: true
 92 |           runAsGroup: 65534
 93 |           runAsUser: 65534
 94 |         volumeMounts:
 95 |         - mountPath: /my_app/data/
 96 |           name: my-volume
 97 |           readOnly: false
 98 |         - mountPath: /my_app/index.php
 99 |           name: php-config
100 |           readOnly: true
101 |           subPath: index.php
102 |         - mountPath: /my_app/secret.php
103 |           name: php-secret
104 |           readOnly: true
105 |           subPath: secret.php
106 |         workingDir: /my_app/
107 |       volumes:
108 |       - name: my-volume
109 |       - name: php-config
110 |         configMap:
111 |           defaultMode: 0444
112 |           items:
113 |           - key: index.php
114 |             mode: 0444
115 |             path: index.php
116 |           name: php-config
117 |       - name: php-secret
118 |         secret:
119 |           defaultMode: 0444
120 |           items:
121 |           - key: secret.php
122 |             mode: 0444
123 |             path: secret.php
124 |           secretName: php-secret
125 | ---
126 | apiVersion: v1
127 | kind: ConfigMap
128 | metadata:
129 |   name: php-config
130 | data:
131 |   index.php: <?php phpinfo();?>
132 | ---
133 | apiVersion: v1
134 | kind: Secret
135 | metadata:
136 |   name: php-secret
137 | stringData:
138 |   secret.php: <?php phpinfo();?>
139 | ---
140 | apiVersion: v1
141 | kind: Service
142 | metadata:
143 |   name: phpinfo-svc
144 | spec:
145 |   ports:
146 |   - port: 80
147 |     protocol: TCP
148 |     targetPort: 8080
149 |   selector:
150 |     app: phpinfo
151 |   type: NodePort
152 | EOF
153 | ```
154 | ```
155 | kubectl delete --filename php/kube-compose.yaml
156 | kubectl apply --filename php/kube-compose.yaml
157 | watch kubectl get all
158 | ```
159 | 1. https://docs.mirantis.com/mcr/20.10/install/mcr-linux/ubuntu.html
160 | 
161 | ```
162 | sudo apt-get --yes remove docker docker-engine docker-ce docker-ce-cli docker.io
163 | sudo apt-get update
164 | sudo apt-get --yes install apt-transport-https ca-certificates curl software-properties-common
165 | DOCKER_EE_URL="https://repos.mirantis.com"
166 | DOCKER_EE_VERSION=20.10
167 | curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
168 | sudo apt-key fingerprint 6D085F96
169 | sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu $(lsb_release -cs) stable-$DOCKER_EE_VERSION"
170 | sudo apt-get update
171 | sudo apt-get --yes install docker-ee docker-ee-cli containerd.io
172 | ```
173 | 1. https://docs.mirantis.com/mke/3.5/install/install-mke-image.html
174 | 
175 | ```
176 | docker run --interactive --name ucp --rm --tty --volume /var/run/docker.sock:/var/run/docker.sock mirantis/ucp:3.5.5 install --host-address $( hostname --ip-address ) --interactive --force-minimums
177 | ```
178 | 


--------------------------------------------------------------------------------
/docker-example.md:
--------------------------------------------------------------------------------
  1 | # Introduction to Docker
  2 | 
  3 | 1. https://en.wikipedia.org/wiki/Linux_namespaces
  4 | 1. https://en.wikipedia.org/wiki/Cgroups
  5 | 
  6 | # Shell environment
  7 | - https://shell.cloud.google.com/
  8 | 
  9 | # PHP sample application
 10 | 
 11 | 1. https://www.php.net/docs.php
 12 | 2. https://www.php.net/manual/en/function.phpinfo
 13 | 
 14 | Create a new project folder in your home directory:
 15 | ```
 16 | mkdir --parents ${PWD}/phpinfo/
 17 | ```
 18 | Create a PHP file in the project folder:
 19 | ```
 20 | tee ${PWD}/phpinfo/index.php 0<<EOF
 21 | 
 22 | <?php
 23 | // Show all information, defaults to INFO_ALL
 24 | phpinfo();
 25 | // Show just the module information.
 26 | // phpinfo(8) yields identical results.
 27 | phpinfo(INFO_MODULES);
 28 | ?>
 29 | 
 30 | EOF
 31 | ```
 32 | Execute the PHP application parsing the PHP file and launching a PHP embedded webserver:
 33 | ```
 34 | php -f ${PWD}/phpinfo/index.php -S localhost:9000 &
 35 | ```
 36 | Check the web server created:
 37 | ```
 38 | curl localhost:9000/phpinfo/index.php -I -s
 39 | ```
 40 | Find the PID of the running process:
 41 | ```
 42 | ps aux|grep phpinfo --max-count 1
 43 | ```
 44 | Or alternatively:
 45 | ```
 46 | pidof php
 47 | ```
 48 | Save this PID in an environment variable:
 49 | ```
 50 | pid=$(pidof php)
 51 | ```
 52 | Now you can inspect the running process:
 53 | ```
 54 | ls /proc/${pid}/
 55 | ```
 56 | ```
 57 | strings /proc/${pid}/cmdline
 58 | ```
 59 | ```
 60 | strings /proc/${pid}/net/fib_trie
 61 | ```
 62 | 
 63 | # Introduction to Docker
 64 | 
 65 | 1. https://docs.docker.com/
 66 | 2. https://hub.docker.com/
 67 | 
 68 | Check the version of the Docker client:
 69 | ```
 70 | docker version
 71 | ```
 72 | Check the status of the Docker service:
 73 | ```
 74 | service docker status
 75 | ```
 76 | # Example of containerization of our PHP sample application
 77 | 
 78 | Let us first create a network for our container:
 79 | ```
 80 | docker network create phpinfo --driver bridge
 81 | ```
 82 | Let us download the Docker image from Docker Hub:
 83 | ```
 84 | docker pull index.docker.io/library/php:alpine
 85 | 
 86 | docker images
 87 | ```
 88 | Let us see the Docker registry and the Dockerfile:
 89 | - https://hub.docker.com/_/php
 90 | - https://github.com/docker-library/php/blob/master/8.3/alpine3.19/cli/Dockerfile
 91 | 
 92 | Let us see all the options for docker run command:
 93 | ```
 94 | docker run --help
 95 | ```
 96 | Let us create the container:
 97 | ```
 98 | docker run --cpus 0.01 --detach --env AUTHOR=Sebastian --memory 20M --memory-reservation 10M --name phpinfo --network phpinfo --publish 60000:9000 --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/var/data/index.php:ro --workdir /var/data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:9000
 99 | ```
100 | # Troubleshooting the Docker container:
101 | 
102 | View the table of processes running inside you container
103 | ```
104 | docker top phpinfo
105 | ```
106 | View the logs of your container:
107 | ```
108 | docker logs phpinfo
109 | ```
110 | Show the resources consumption statistics of your container:
111 | ```
112 | docker stats phpinfo --no-stream
113 | ```
114 | Show the content of the working directory:
115 | ```
116 | docker exec phpinfo ls -l
117 | ```
118 | Test the connection to the webserver from inside the container:
119 | ```
120 | docker exec phpinfo curl localhost:9000/index.php -I -s
121 | ```
122 | Test the connection to the webserver from outside the container:
123 | ```
124 | curl localhost:60000/index.php -I -s
125 | ```
126 | In order to remove the container:
127 | ```
128 | docker rm phpinfo --force
129 | ```
130 | 
131 | # How to deploy a Docker stack using a Docker compose file
132 | 
133 | ```
134 | tee ${PWD}/phpinfo/docker-compose.yaml 0<<EOF
135 | 
136 | # docker-compose.yaml
137 | configs:
138 | #secrets:
139 |   phpinfo:
140 |     external: false
141 |     file: ./index.php
142 | networks:
143 |   phpinfo:
144 |     external: false
145 |     internal: false
146 | services:
147 |   phpinfo:
148 |     command:
149 |       - php
150 |       - -f
151 |       - index.php
152 |       - -S
153 |       - 0.0.0.0:9000
154 |     configs:
155 |     #secrets:
156 |       - source: phpinfo
157 |         target: /var/data/index.php
158 |         uid: '65534'
159 |         gid: '65534'
160 |         mode: 0400
161 |     deploy:
162 |       replicas: 2
163 |       resources:
164 |         limits:
165 |           cpus: '0.02'
166 |           memory: 20M
167 |         reservations:
168 |           cpus: '0.01'
169 |           memory: 10M
170 |     image: index.docker.io/library/php:alpine
171 |     networks:
172 |       - phpinfo
173 |     ports:
174 |       - 60000:9000
175 |     read_only: true
176 |     user: nobody:nogroup
177 |     volumes:
178 |       - type: volume
179 |         source: phpinfo
180 |         target: /var/data/tmp/
181 |         read_only: false
182 |     working_dir: /var/data/
183 | version: '3.8'
184 | volumes:
185 |   phpinfo:
186 |     external: false
187 |     
188 | EOF
189 | ```
190 | ```
191 | docker swarm init
192 | ```
193 | ```
194 | docker stack rm PHPINFO ; sleep 20
195 | 
196 | docker stack deploy --compose-file ${PWD}/phpinfo/docker-compose.yaml PHPINFO
197 | ```
198 | ```
199 | docker stack ps PHPINFO
200 | ```
201 | ```
202 | docker stack ls
203 | ```
204 | ```
205 | docker stack services PHPINFO
206 | ```
207 | ```
208 | docker service logs PHPINFO_phpinfo
209 | ```
210 | ```
211 | docker ps
212 | ```
213 | ```
214 | ps=$(docker stack ps PHPINFO --no-trunc --quiet|head -1)
215 | ```
216 | ```
217 | docker exec PHPINFO_phpinfo.1.${ps} df
218 | ```
219 | ```
220 | docker exec PHPINFO_phpinfo.1.${ps} ps aux
221 | ```
222 | ```
223 | docker top PHPINFO_phpinfo.1.${ps}
224 | ```
225 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-29.md:
--------------------------------------------------------------------------------
  1 | # BUILD A SAMPLE DOCKER IMAGE:
  2 | ```
  3 | $ sudo docker build --tag example --file phpinfo/Dockerfile /mnt/
  4 | Sending build context to Docker daemon  1.583kB
  5 | Step 1/3 : FROM    index.docker.io/library/alpine:latest
  6 |  ---> 9c6f07244728
  7 | Step 2/3 : RUN     apk add php
  8 |  ---> Using cache
  9 |  ---> 235724fa6651
 10 | Step 3/3 : RUN  apk add curl
 11 |  ---> Running in 35cae1b285ca
 12 | fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
 13 | fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
 14 | (1/5) Installing ca-certificates (20220614-r0)
 15 | (2/5) Installing brotli-libs (1.0.9-r6)
 16 | (3/5) Installing nghttp2-libs (1.47.0-r0)
 17 | (4/5) Installing libcurl (7.83.1-r4)
 18 | (5/5) Installing curl (7.83.1-r4)
 19 | Executing busybox-1.35.0-r17.trigger
 20 | Executing ca-certificates-20220614-r0.trigger
 21 | OK: 19 MiB in 28 packages
 22 | Removing intermediate container 35cae1b285ca
 23 |  ---> d457adf0b420
 24 | Successfully built d457adf0b420
 25 | Successfully tagged example:latest
 26 | ```
 27 | # HOW TO FLATTEN A DOCKER IMAGE FROM A DOCKERFILE
 28 | ```
 29 | tee ${HOME}/phpinfo/Dockerfile 0<<EOF
 30 | 
 31 | FROM    index.docker.io/library/alpine:latest
 32 | RUN     apk add php
 33 | RUN     apk add curl
 34 | 
 35 | FROM    scratch
 36 | COPY    --from=0 / /
 37 | 
 38 | EOF
 39 | 
 40 | sudo docker build --tag flat-example --file ${HOME}/phpinfo/Dockerfile /mnt/
 41 | 
 42 | sudo docker inspect flat-example
 43 | ```
 44 | # HOW TO DEPLOY WITH KUBERNETES OUR SAMPLE PHP APPLICATION
 45 | 1. List all available Kubernetes resources:
 46 |     ```
 47 |     kubectl api-resources
 48 |     ```
 49 | 3. Get help for the Kubernetes resources:    
 50 |     ```
 51 |     kubectl explain cm
 52 |     kubectl explain cm.metadata
 53 | 
 54 |     kubectl explain svc
 55 |     kubectl explain svc.spec.ports.port
 56 |     kubectl explain svc.spec.ports.targetPort
 57 |     kubectl explain svc.spec.selector
 58 |     kubectl explain svc.spec.type
 59 | 
 60 |     kubectl explain deploy
 61 |     kubectl explain deploy.spec.replicas
 62 |     kubectl explain deploy.spec.selector.matchLabels
 63 |     kubectl explain deploy.spec.template
 64 |     kubectl explain deploy.spec.template.spec.containers
 65 |     kubectl explain deploy.spec.template.spec.containers.args
 66 |     ```
 67 | 1. Create a Kubernetes compose file:    
 68 | 
 69 |     ```
 70 |     tee ${PWD}/kube-compose.yaml 0<<EOF
 71 |     
 72 |     # docker run --detach --env OWNER=Sebastian --name phpinfo-container --network phpinfo-network --restart always --publish 8080 --user nobody:nogroup --volume ${PWD}/index.php:/data/index.php:ro --volume phpinfo-volume:/data/tmp/ --workdir /data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
 73 |     apiVersion: apps/v1
 74 |     kind: Deployment
 75 |     metadata:
 76 |       name: phpinfo-deploy
 77 |     spec:
 78 |       replicas: 2
 79 |       selector:
 80 |         matchLabels:
 81 |           app: phpinfo
 82 |       template:
 83 |         metadata:
 84 |           labels:
 85 |             app: phpinfo
 86 |         spec:
 87 |           containers:
 88 |           - args:
 89 |             - php
 90 |             - -f
 91 |             - index.php
 92 |             - -S
 93 |             - 0.0.0.0:8080
 94 |             env:
 95 |             - name: OWNER
 96 |               value: Sebastian
 97 |             image: index.docker.io/library/php:alpine
 98 |             name: phpinfo-container
 99 |             securityContext:
100 |               readOnlyRootFilesystem: true
101 |               runAsGroup: 65534
102 |               runAsUser: 65534
103 |             volumeMounts:
104 |             - mountPath: /data/tmp/
105 |               name: phpinfo-volume
106 |               readOnly: false
107 |             - mountPath: /data/index.php
108 |               name: phpinfo-cm
109 |               readOnly: true
110 |               subPath: index.php
111 |             - mountPath: /data/secret.php
112 |               name: phpinfo-secret
113 |               readOnly: true
114 |               subPath: secret.php
115 |             workingDir: /data/
116 |           securityContext:
117 |             fsGroup: 65534
118 |           volumes:
119 |           - name: phpinfo-volume
120 |           - name: phpinfo-cm
121 |             configMap:
122 |               defaultMode: 0400
123 |               items:
124 |               - key: index.php
125 |                 mode: 0400
126 |                 path: index.php
127 |               name: phpinfo-cm
128 |           - name: phpinfo-secret
129 |             secret:
130 |               defaultMode: 0400
131 |               items:
132 |               - key: secret.php
133 |                 mode: 0400
134 |                 path: secret.php
135 |               secretName: phpinfo-secret
136 |     ---
137 |     apiVersion: v1
138 |     kind: ConfigMap
139 |     metadata:
140 |       name: phpinfo-cm
141 |     data:
142 |       index.php: <?php phpinfo();?>
143 |     ---
144 |     apiVersion: v1
145 |     kind: Secret
146 |     metadata:
147 |       name: phpinfo-secret
148 |     stringData:
149 |       secret.php: <?php phpinfo();?>
150 |     ---
151 |     apiVersion: v1
152 |     kind: Service
153 |     metadata:
154 |       name: phpinfo-svc
155 |     spec:
156 |       ports:
157 |       - port: 80
158 |         protocol: TCP
159 |         targetPort: 8080
160 |       selector:
161 |         app: phpinfo
162 |       type: NodePort
163 | 
164 |     EOF
165 |     ```
166 | 1. Delete any previous deployment of the same file:    
167 |     ```
168 |     kubectl create ns phpinfo
169 |     
170 |     kubectl --namespace phpinfo delete --filename kube-compose.yaml
171 |     ```
172 | 1. Deploy the compose file:
173 | 
174 |     ```   
175 |     kubectl --namespace phpinfo apply --filename kube-compose.yaml
176 |     
177 |     watch kubectl --namespace phpinfo get all
178 |     ```
179 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-08.md:
--------------------------------------------------------------------------------
  1 | # How to clean your Docker environment
  2 | 1. Remove all Docker containers:
  3 |     ```
  4 |     sudo docker rm --force --volumes $( sudo docker ps --all --quiet )
  5 |     ```
  6 | 1. Force the removal of all Docker images:
  7 |     ```
  8 |     sudo docker rmi --force $( sudo docker images --all --quiet )
  9 |     ```
 10 | 1. Remove the Docker volumes:
 11 | 
 12 |     ```
 13 |     sudo docker volume rm --force $( sudo docker volume ls --quiet )
 14 |     ```
 15 | 1. Remove all Docker networks (except the defaults):
 16 | 
 17 |     ```
 18 |     sudo docker swarm leave --force
 19 |     
 20 |     sudo docker network rm $( sudo docker network ls --quiet )
 21 |     ```
 22 | # Introduction to the Course
 23 | 1. Containers are partitions of the kernel resources of the host machine. We mainly isolate the network, the filesystems and the processes. The technologies behind this partitioning are called Linux namespaces and control groups:
 24 |     * https://en.wikipedia.org/wiki/Linux_namespaces
 25 |     * https://en.wikipedia.org/wiki/Cgroups
 26 | 
 27 | 3. https://docs.openshift.com/
 28 | 4. https://kubernetes.io/docs/home/
 29 | 5. https://docs.docker.com/
 30 | 
 31 | 
 32 | # PHP sample application
 33 | 1. https://www.php.net/docs.php
 34 | 2. https://www.php.net/manual/en/function.phpinfo
 35 | 
 36 | ```
 37 | mkdir --parents phpinfo
 38 | 
 39 | tee phpinfo/index.php 0<<EOF
 40 | 
 41 | <?php
 42 | phpinfo();
 43 | ?>
 44 | 
 45 | EOF
 46 | ```
 47 | 
 48 | ```
 49 | sudo apt update
 50 | 
 51 | sudo apt install php --assume-yes
 52 | ```
 53 | 
 54 | ```
 55 | php -f phpinfo/index.php -S localhost:8080
 56 | ```
 57 | Go to this location to see the resulting web page:
 58 | 1. http://localhost:8080/phpinfo/
 59 | 
 60 | Open another terminal to inspect the deployment:
 61 | ```
 62 | ps -a -f
 63 | 
 64 | pidof php
 65 | 
 66 | cat /proc/$( pidof php )/cgroup
 67 | 
 68 | cat /proc/1/cgroup
 69 | ```
 70 | Now create a simple Docker container:
 71 | ```
 72 | sudo docker run --detach --name test --tty busybox
 73 | ```
 74 | Check again the control group for this container:
 75 | ```
 76 | sudo docker top test
 77 | 
 78 | pidof sh
 79 | 
 80 | cat /proc/$( pidof sh )/cgroup
 81 | 
 82 | cat /proc/1/cgroup
 83 | ```
 84 | To summarize the results:
 85 | ```
 86 | cat /proc/11/cgroup
 87 | 
 88 | cat /proc/$( pidof php )/cgroup
 89 | 
 90 | cat /proc/$( pidof sh )/cgroup
 91 | ```
 92 | # Introduction to Docker
 93 | 
 94 | 1. https://hub.docker.com/
 95 | 
 96 | ```
 97 | sudo docker version
 98 | ```
 99 | ```
100 | service docker status
101 | ```
102 | 1. Docker container:
103 |     * isolated environment created using Linux namespaces and control groups (isolated partitions of the kernel resources of the host machine)
104 | 4. Docker image:
105 |     * external root filesystem containing a basic operating system and the necessary libraries and dependencies
106 | 6. Docker volume:
107 |     * external filesystem containing the custom data and configuration for our Docker container
108 | 8. Docker network:
109 |     * network that will provide a valid IP address to our Docker container
110 | 
111 | # Introduction to Docker images
112 | 1. Dockerfile of a basic Docker image containing Ubuntu operating system:
113 | 
114 |     * https://git.launchpad.net/cloud-images/+oci/ubuntu-base/plain/Dockerfile?h=refs/tags/dist-jammy-amd64-20221003&id=89da42508a832d893e03b5d4b606da47c3a9bc70
115 | 1. Dockerfile of Python Docker image:
116 | 
117 |     * https://raw.githubusercontent.com/docker-library/python/master/3.11/bullseye/Dockerfile
118 | 1. Dockerfile of basic PHP Docker image:
119 | 
120 |     * https://raw.githubusercontent.com/sebastian-colomar/phpinfo/main/docker/Dockerfile
121 | # Example of containerization of our PHP sample application
122 | 
123 | Let us first create a Docker network for our Docker container:
124 | ```
125 | sudo docker network ls
126 | 
127 | sudo docker network create phpinfo-network --driver bridge
128 | 
129 | sudo docker network ls | grep phpinfo-network
130 | ```
131 | Let us download the Docker image from Docker Hub:
132 | ```
133 | sudo docker images
134 | 
135 | sudo docker pull index.docker.io/library/php:alpine
136 | 
137 | sudo docker images | grep php.*alpine
138 | ```
139 | This is the Dockerfile for the previously downloaded Docker image:
140 | * https://github.com/docker-library/php/blob/master/8.1/alpine3.16/cli/Dockerfile
141 |     
142 | The history of the Docker image will also provide me the Dockerfile instructions in reverse order:
143 | ```
144 | sudo docker history index.docker.io/library/php:alpine --no-trunc
145 | ```
146 | There is another way to see the content of the Docker image through the `inspect` command:
147 | ```
148 | sudo docker inspect index.docker.io/library/php:alpine
149 | ```
150 | The Graph Driver section of the previous output shows the actual location inside the host filesystem of the image layers.
151 | The Lower Directory contains the superposition of the immutable lower layers in reverse order.
152 | 
153 | The last folder in the Lower Directory sections contains the first layer of the Docker image corresponding to the first line of the Docker file (that is the Alpine operating system base image). That first layer does not contain the following binaries: curl, xz, openssl.
154 | 
155 | These packages were installed by the second line of the Dockerfile and they are therefore contained inside the second layer (in reverse order) of the Lower Directory as can be checked with the following commands:
156 | ```
157 | $ sudo find /var/lib/docker/overlay2/f7a83dc729b7d554ce1c1e2ff567407720377f177f49dbb704a47c6343a0cc2f/diff | grep -E "bin/curl$|bin/xz$|bin/openssl$"
158 | ```
159 | ```
160 | # RUN apk add curl xz openssl
161 | $ sudo find /var/lib/docker/overlay2/fe353517eea371162ce8cb8b25dbb3966b77043cca4c761268be28fbc1fb1795/diff | grep -E "bin/curl$|bin/xz$|bin/openssl$"
162 | /var/lib/docker/overlay2/fe353517eea371162ce8cb8b25dbb3966b77043cca4c761268be28fbc1fb1795/diff/usr/bin/xz
163 | /var/lib/docker/overlay2/fe353517eea371162ce8cb8b25dbb3966b77043cca4c761268be28fbc1fb1795/diff/usr/bin/curl
164 | /var/lib/docker/overlay2/fe353517eea371162ce8cb8b25dbb3966b77043cca4c761268be28fbc1fb1795/diff/usr/bin/openssl
165 | ```
166 | 


--------------------------------------------------------------------------------
/caltech_2022-08/2022-08-07.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | docker ps
  3 | docker ps --all
  4 | docker start test
  5 | ```
  6 | ```
  7 | docker top test
  8 | docker exec --interactive --tty test top
  9 | docker inspect test
 10 | ```
 11 | ```
 12 | mkdir test/
 13 | tee test/Dockerfile 0<<EOF
 14 | FROM docker.io/library/busybox:latest
 15 | # ENTRYPOINT sleep
 16 | ENTRYPOINT ["sleep"]
 17 | # The exec form makes it possible to avoid shell string munging, and to RUN commands using a base image that does not contain the specified shell executable.
 18 | # CMD infinity
 19 | CMD ["infinity"]
 20 | EOF
 21 | docker build --tag localhost/my_library/my_busybox:sleep test/
 22 | docker history localhost/my_library/my_busybox:sleep
 23 | docker rm --force test1 test2
 24 | docker run --detach --entrypoint sleep --name test1 localhost/my_library/my_busybox:sleep infinity
 25 | docker run --detach                    --name test2 localhost/my_library/my_busybox:sleep
 26 | docker inspect test1 | grep Entrypoint -A2
 27 | docker inspect test2 | grep Entrypoint -A2
 28 | docker top test1
 29 | docker top test2
 30 | docker run --detach --entrypoint ping --name ping1 localhost/my_library/my_busybox:sleep localhost
 31 | docker top ping1
 32 | docker logs ping1
 33 | docker ps
 34 | docker images
 35 | docker inspect localhost/my_library/my_busybox:sleep | grep Layers -A2
 36 | docker history localhost/my_library/my_busybox:sleep
 37 | docker image prune --force
 38 | docker images
 39 | ```
 40 | 1. https://github.com/docker-library/busybox/blob/master/stable/uclibc/Dockerfile
 41 | ```
 42 | mkdir ping/
 43 | tee ping/Dockerfile 0<<EOF
 44 | FROM docker.io/library/busybox:latest
 45 | ENTRYPOINT ["ping"]
 46 | CMD ["localhost"]
 47 | EOF
 48 | docker build --tag localhost/my_library/my_busybox:ping ping/
 49 | docker history localhost/my_library/my_busybox:ping
 50 | docker rm --force ping1 ping2 ping3
 51 | docker run --detach --entrypoint ping  --name ping1 localhost/my_library/my_busybox:ping localhost
 52 | docker run --detach                    --name ping2 localhost/my_library/my_busybox:ping
 53 | docker run --detach --entrypoint sleep --name ping3 localhost/my_library/my_busybox:ping infinity
 54 | docker top ping1
 55 | docker top ping2
 56 | docker top ping3
 57 | ```
 58 | ```
 59 | sudo apt-get update
 60 | sudo apt-get install php -y
 61 | mkdir php/
 62 | tee php/index.php 0<<EOF
 63 | <?php phpinfo();?>
 64 | EOF
 65 | php -f php/index.php -S 0.0.0.0:8080
 66 | #   -f <file>        Parse and execute <file>
 67 | #   -S <addr>:<port> Run with built-in web server
 68 | ```
 69 | ```
 70 | tee php/Dockerfile 0<<EOF
 71 | FROM docker.io/library/php:alpine
 72 | COPY index.php .
 73 | EOF
 74 | docker build --tag localhost/my_library/my_php:alpine php/
 75 | docker history localhost/my_library/my_php:alpine
 76 | docker inspect localhost/my_library/my_php:alpine
 77 | docker run --detach --entrypoint php --name php1                      localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
 78 | docker top php1
 79 | docker run --detach --entrypoint php --name php2 --publish 8080       localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
 80 | docker top php2
 81 | docker port php2
 82 | docker run --detach --entrypoint php --name php3 --publish 30000:8080 localhost/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
 83 | ```
 84 | 1. https://hub.docker.com/
 85 | ```
 86 | docker run --detach --name registry --publish 5000:5000 --restart always --volume my_registry:/var/lib/registry/:rw docker.io/library/registry:2
 87 | docker top registry
 88 | sudo ls /var/lib/docker/overlay2/
 89 | sudo ls /var/lib/docker/volumes/
 90 | docker inspect my_registry
 91 | sudo find /var/lib/docker/volumes/my_registry/ -type f
 92 | docker tag localhost/my_library/my_php:alpine localhost:5000/my_library/my_php:alpine
 93 | docker tag localhost/my_library/my_busybox:ping localhost:5000/my_library/my_busybox:ping
 94 | docker tag localhost/my_library/my_busybox:sleep localhost:5000/my_library/my_busybox:sleep
 95 | docker push localhost:5000/my_library/my_php:alpine
 96 | sudo find /var/lib/docker/volumes/my_registry/ -type f
 97 | docker push localhost:5000/my_library/my_busybox:ping
 98 | docker push localhost:5000/my_library/my_busybox:sleep
 99 | docker pull localhost:5000/my_library/my_php:alpine
100 | docker pull localhost:5000/my_library/my_busybox:ping
101 | docker pull localhost:5000/my_library/my_busybox:sleep
102 | docker run --detach --entrypoint php --name php4 localhost:5000/my_library/my_php:alpine -f index.php -S 0.0.0.0:8080
103 | ```
104 | ```
105 | docker rm --force sleep1 sleep2 sleep3
106 | docker volume rm my_data
107 | docker run --detach --entrypoint sleep --name sleep1 --volume my_data:/data/:rw localhost:5000/my_library/my_busybox:sleep infinity
108 | docker run --detach --entrypoint sleep --name sleep2 --volume my_data:/data/:rw localhost:5000/my_library/my_busybox:sleep infinity
109 | docker run --detach --entrypoint sleep --name sleep3 --volume my_data:/data/:ro localhost:5000/my_library/my_busybox:sleep infinity
110 | docker exec sleep1 find /data/ -type f
111 | docker exec sleep2 find /data/ -type f
112 | docker exec sleep3 find /data/ -type f
113 | docker volume ls
114 | docker inspect my_data
115 | sudo find /var/lib/docker/volumes/my_data/_data/ -type f
116 | docker exec sleep1 touch /data/sebastian1
117 | docker exec sleep2 touch /data/sebastian2
118 | docker exec sleep3 touch /data/sebastian3
119 | sudo find /var/lib/docker/volumes/my_data/_data/ -type f
120 | docker exec sleep1 find /data/ -type f
121 | docker exec sleep2 find /data/ -type f
122 | docker exec sleep3 find /data/ -type f
123 | ```
124 | ```
125 | docker pull docker.io/library/alpine:latest
126 | docker pull docker.io/library/busybox:latest
127 | docker images | grep -E "^busybox|^alpine"
128 | ```
129 | ```
130 | tee php/Dockerfile 0<<EOF
131 | FROM docker.io/library/php:alpine
132 | COPY index.php /my_app/
133 | EOF
134 | docker build --tag localhost:5000/my_library/my_php:workdir php/
135 | docker push localhost:5000/my_library/my_php:workdir
136 | docker rm --force php-safe
137 | docker run --detach --entrypoint php --name php-safe --publish 40000:8080 --read-only --restart always --user nobody:nogroup --workdir /my_app/ localhost:5000/my_library/my_php:workdir -f index.php -S 0.0.0.0:8080
138 | ```
139 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-16.md:
--------------------------------------------------------------------------------
  1 | # How to install Kubernetes
  2 | 
  3 | 1. https://kubernetes.io/docs/setup/
  4 | 2. https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
  5 | 3. https://kubernetes.io/docs/concepts/overview/components/
  6 | 
  7 | The pod network will have the following address:
  8 | ```
  9 | 192.168.0.0/16
 10 | ```
 11 | That means a total number of 2^16 pods per cluster:
 12 | ```
 13 | 2^16 = 64k pods
 14 | ```
 15 | The actual maximum number of pods per worker node is approximately 100 pods.
 16 | If you have 300 worker nodes that will do:
 17 | ```
 18 | 300 worker x 100 pod/worker = 30k pods
 19 | ```
 20 | The host prefix:
 21 | * The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 24 then each node is assigned a /24 subnet out of the given cidr. A hostPrefix default value of 24 provides 2^(32 - hostPrefix) = 2^(32-24) = 256 pod IP addresses.
 22 | 
 23 | For example:
 24 | * Worker node1: 192.168.1.0/24
 25 | * Worker node2: 192.168.2.0/24
 26 | * Worker node3: 192.168.3.0/24
 27 | 
 28 | If the default number of IP addresses per worker node is 256, then where does the recommended number of 100 pods per worker come from?
 29 | * Because Kubernetes (by default) will never delete an old replica pod until the new replica pod is ready. In the meantime there will always be two replica pods running at the same time (until the new one is ready and the old one is deleted).
 30 | 
 31 | # Kubernetes installation procedure
 32 | 1. Check that Kubernetes components are already installed:
 33 |     ```
 34 |     service kubelet status
 35 |     which kubeadm
 36 |     which kubectl
 37 |     ls /etc/kubernetes/manifests/
 38 |     ```
 39 | 1. Remove any previous Kubernetes initialization:    
 40 |     ```
 41 |     sudo kubeadm reset --force
 42 |     ```
 43 | 1. Initialize Kubernetes:
 44 | 
 45 |     ```   
 46 |     sudo kubeadm init --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors all 2>& 1 | tee kubeadm-init.log
 47 |     ```
 48 | 1. Check the static pods that have been created for the Control Plane:
 49 |     ```    
 50 |     ls /etc/kubernetes/manifests/
 51 |     ls -l /etc/kubernetes/admin.conf
 52 |     ```
 53 | 1. Execute the following commands to avoid the need of running Kubernetes commands as root:
 54 |     ```
 55 |     mkdir -p ${HOME}/.kube
 56 |     sudo cp /etc/kubernetes/admin.conf ${HOME}/.kube/config
 57 |     sudo chown -R $( id -u ):$( id -g ) ${HOME}/.kube/
 58 |     echo 'source <(kubectl completion bash)' | tee --append ${HOME}/.bashrc
 59 |     source ${HOME}/.bashrc
 60 |     ```
 61 | 1. Deploy a network:    
 62 |     ```
 63 |     kubectl apply --filename https://docs.projectcalico.org/v3.21/manifests/calico.yaml
 64 |     watch kubectl get no
 65 |     ```
 66 | 1. Create a token to add more workers to the cluster:    
 67 |     ```
 68 |     sudo kubeadm token create --print-join-command
 69 |     ```
 70 | 1. Test the installation:    
 71 |     ```
 72 |     watch kubectl get no
 73 |     kubectl run test --image docker.io/library/nginx:alpine
 74 |     kubectl get po --output wide
 75 |     kubectl describe po
 76 |     kubectl get po --output yaml
 77 |     kubectl logs test
 78 |     kubectl get po/test --output yaml | tee po.yaml
 79 |     ```
 80 | # Kubernetes Playground
 81 | 1. Login to the Kubernetes playground with your Docker account and start a new session:
 82 | 
 83 |    * https://labs.play-with-k8s.com/
 84 | 1. Add a new instance and initialize the kubernetes cluster master node:
 85 | 
 86 |    ```
 87 |    kubeadm init --apiserver-advertise-address $(hostname -i) --pod-network-cidr 10.5.0.0/16
 88 |    ```
 89 | 1. Initialize the cluster networking:
 90 | 
 91 |    ```
 92 |    kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml
 93 |    ```
 94 | 1. Deploy a sample application:
 95 | 
 96 |    ```
 97 |    kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
 98 |    ```
 99 | 1. Check the status of the deployment:
100 | 
101 |    ```
102 |    kubectl get all
103 |    ```
104 | 
105 | # Docker Swarm
106 | 
107 | 1. Create a Docker Compose file for the cluster using Docker Swarm (Docker Compose version 3):
108 | 
109 |     * https://docs.docker.com/compose/compose-file/compose-file-v3/
110 | 
111 |     ```
112 |     tee ${PWD}/docker-swarm.yaml 0<<EOF
113 | 
114 |     # docker run --detach --env OWNER=Sebastian --name phpinfo-container --network phpinfo-network --restart always --publish 8080 --user nobody:nogroup --volume ${PWD}/index.php:/data/index.php:ro --volume phpinfo-volume:/data/tmp/ --workdir /data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
115 |     configs:
116 |       phpinfo-config:
117 |         external: false
118 |         file: index.php
119 |     secrets:
120 |       phpinfo-secret:
121 |         external: false
122 |         file: index.php        
123 |     services:
124 |       phpinfo:
125 |         command:
126 |           - php
127 |           - -f
128 |           - index.php
129 |           - -S
130 |           - 0.0.0.0:8080
131 |         configs:
132 |           - source: phpinfo-config
133 |             target: /data/index.php
134 |             uid: '65534'
135 |             gid: '65534'
136 |             mode: 0400            
137 |         deploy:
138 |           placement:
139 |             constraints:
140 |               - "node.role==worker"      
141 |           replicas: 2
142 |         environment:
143 |           OWNER: Sebastian
144 |         image: index.docker.io/library/php:alpine
145 |         ports:
146 |           - 8080
147 |         read_only: true
148 |         secrets:
149 |           - source: phpinfo-secret
150 |             target: /data/index.php
151 |             uid: '65534'
152 |             gid: '65534'
153 |             mode: 0400           
154 |         user: nobody:nogroup
155 |         volumes:
156 |           - type: volume
157 |             source: phpinfo-volume
158 |             target: /data/tmp/
159 |             read_only: false
160 |         working_dir: /data/
161 |     version: '3.8'
162 |     volumes:
163 |       phpinfo-volume:
164 | 
165 |     EOF
166 |     ```
167 | 1. Now download the index.php artifact:
168 | 
169 |     ```
170 |     wget https://raw.githubusercontent.com/sebastian-colomar/phpinfo/main/src/index.php
171 |     ```
172 | 1. Deploy the application with the following command:
173 | 
174 |     ```
175 |     sudo docker stack deploy --compose-file docker-swarm.yaml PHPINFO
176 |     ```
177 | 1. Test the deployment:
178 | 
179 |     ```
180 |     sudo docker stack ls
181 |     
182 |     sudo docker stack services PHPINFO
183 |     
184 |     sudo docker stack ps PHPINFO
185 |     
186 |     sudo docker service ls
187 |     ```
188 | 3. We can scale up or down the application modifying the number of replicas in the Docker Compose manifest or with the following command:
189 | 
190 |     ```
191 |     sudo docker service scale PHPINFO_phpinfo=10
192 |     ```
193 |     
194 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-09-24.md:
--------------------------------------------------------------------------------
  1 | # How to run a private Registry (instead of using public Docker Hub):
  2 | 1. Run the following command on one of the workers:
  3 | 
  4 |     ```
  5 |     sudo docker run --detach --name registry --publish 80:5000 --restart always --user root:root --volume my_registry:/var/lib/registry/:rw index.docker.io/library/registry:2
  6 |     ```
  7 | 1. We can inspect the volume used for the registry with the following command:
  8 | 
  9 |     ```
 10 |     sudo docker inspect my_registry
 11 |     ```
 12 | 1. We can check the content of the volume with the following command:
 13 | 
 14 |     ```
 15 |     sudo find /var/lib/docker/volumes/my_registry/_data
 16 |     ```
 17 | 1. This is the Dockerfile used for the Docker Registry image:
 18 | 
 19 |     * https://github.com/docker/distribution-library-image/blob/master/Dockerfile
 20 | 
 21 | 1. Learn more about the Docker security and root capabilities:
 22 | 
 23 |     * https://docs.docker.com/engine/security/
 24 | 
 25 | 1. Pull a Docker image for Docker Hub:
 26 | 
 27 |     ```
 28 |     sudo docker pull index.docker.io/library/php:alpine
 29 |     ```
 30 | 1. Rename the Docker image to be used in your private local registry:
 31 | 
 32 |     ```
 33 |     sudo docker tag index.docker.io/library/php:alpine localhost/library/php:alpine
 34 |     ```
 35 | 1. Push the renamed local Docker image to your private Registry:
 36 | 
 37 |     ```
 38 |     sudo docker push localhost/library/php:alpine
 39 |     ```
 40 | 1. Modify the Docker daemon configuration to be able to access the private Registry from a remote location:
 41 | 
 42 |     ```
 43 |     echo '{"insecure-registries":["'$( hostname --ip-address )'"]}' | sudo tee /etc/docker/daemon.json
 44 |     
 45 |     sudo service docker restart
 46 |     ```
 47 | 1. Modify the Docker daemon configuration in any other remote node that needs to connect to our private Registry (using the IP address of your Registry host that is 172.31.10.220 in my case):
 48 | 
 49 |     ```
 50 |     echo '{"insecure-registries":["172.31.10.220"]}' | sudo tee /etc/docker/daemon.json
 51 |     
 52 |     sudo service docker restart
 53 |     ```
 54 | 1. After this modification you can pull the Docker image from the private Registry using the remote IP address of the Registry host:
 55 | 
 56 |     ```
 57 |     sudo docker pull 172.31.10.220/library/php:alpine
 58 |     ```
 59 | # How to prune containers, images, networks and (optionally) volumes:
 60 | ```
 61 | sudo docker system prune --force --volumes
 62 | ```
 63 | # Docker networking
 64 | 1. The container nework will be isolated from the host network by default for any running container:
 65 | 
 66 |     ```
 67 |     sudo docker run --cpu-shares 2 --detach --entrypoint php --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo --network phpinfo-network --read-only --restart always --user nobody:nogroup --volume ${PWD}/phpinfo/:/var/data/:ro --workdir /var/data/ index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b -f index.php -S 0.0.0.0:8080
 68 |     ```
 69 | 1. Use the `publish` option to connect one port of the container with one port of the host machine:
 70 | 
 71 |     ```
 72 |     sudo docker run --cpu-shares 2 --detach --entrypoint php --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo --network phpinfo-network --publish 8080 --read-only --restart always --user nobody:nogroup --volume ${PWD}/phpinfo/:/var/data/:ro --workdir /var/data/ index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b -f index.php -S 0.0.0.0:8080
 73 |     ```
 74 | 1. We can alternatively use the option `publish-all` instead of `publish`:
 75 | 
 76 |     ```
 77 |     sudo docker run --cpu-shares 2 --detach --entrypoint php --env AUTHOR=Sebastian --expose 8080 --memory 100M --memory-reservation 100M --name phpinfo --network phpinfo-network --publish-all --read-only --restart always --user nobody:nogroup --volume ${PWD}/phpinfo/:/var/data/:ro --workdir /var/data/ index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b -f index.php -S 0.0.0.0:8080
 78 |     ```
 79 | 1. The exposed container port will be published in the first available port of the host machine starting with port number `32768`. We can check that randomly chosen port with the command:
 80 | 
 81 |     ```
 82 |     sudo docker port phpinfo
 83 |     ```
 84 | 1. In case of restarting the container, that will also change the port as we can use with the following commands:
 85 | 
 86 |     ```
 87 |     sudo docker restart phpinfo && sudo docker port phpinfo
 88 |     ```
 89 | 1. Any environment variable included in the `docker run` command with the option `env` will be available to any application running inside the container:
 90 | 
 91 |     ```
 92 |     sudo docker exec phpinfo printenv | grep AUTHOR
 93 |     ```
 94 | # Bridge Docker network
 95 | It is the default Docker network.
 96 | Docker will create a default bridge network after first installation.
 97 | Any Docker container will connect to this bridge network by default.
 98 | Two Docker containers need to be connected to the same Docker network in order to be able to communicate to each other.
 99 | Therefore, by default any Docker container will be able to talk to each other through this default bridge network.
100 | 
101 | 1. List the default Docker networks:
102 | 
103 |     ```
104 |     sudo docker network ls
105 |     ```
106 | 2. Create one container connected to the default bridge network:
107 | 
108 |     ```
109 |     sudo docker run --detach --name test1 --network bridge --tty index.docker.io/library/busybox:latest
110 |     ```
111 | 3. Test the container network pinging different targets:
112 | 
113 |     ```
114 |     sudo docker exec test1 ping -c 1 localhost
115 |     
116 |     sudo docker exec test1 ping -c 1 google.com
117 |     
118 |     sudo docker exec test1 ping -c 1 8.8.8.8
119 |     ```
120 | 1. Check the IP address of this first container:
121 | 
122 |     ```
123 |     sudo docker inspect test1
124 |     ```
125 | 3. Create a second container in the same default bridge network:
126 | 
127 |     ```
128 |     sudo docker run --detach --name test2 --network bridge --tty index.docker.io/library/busybox:latest
129 |     ```
130 | 1. Test the container network pinging the IP address of the previous test container (172.17.0.2 in my case):
131 | 
132 |     ```
133 |     sudo docker exec test2 ping -c 1 172.17.0.2
134 |     ```
135 | 1. Create a custome bridge network:
136 | 
137 |     ```
138 |     sudo docker network create my_bridge --driver bridge
139 |     ```
140 | 1. Check the list of networks:
141 | 
142 |     ```
143 |     sudo docker network ls
144 |     ```
145 | 1. Create two containers connected to this custom bridge:
146 | 
147 |     ```
148 |     sudo docker run --detach --name custom1 --network my_bridge --tty busybox
149 |     
150 |     sudo docker run --detach --name custom2 --network my_bridge --tty busybox
151 |     ```
152 | 1. Test the container network pinging different targets:
153 | 
154 |     ```
155 |     sudo docker exec custom1 ping -c 1 localhost
156 | 
157 |     sudo docker exec custom1 ping -c 1 google.com
158 | 
159 |     sudo docker exec custom1 ping -c 1 8.8.8.8
160 | 
161 |     sudo docker exec custom1 ping -c 1 custom2
162 |     
163 |     sudo docker exec custom1 ping -c 1 test1
164 |     
165 |     sudo docker exec custom1 ping -c 1 172.17.0.2
166 |     ```
167 | 1. Compare the following two commands:
168 | 
169 |     ```
170 |     sudo docker exec custom1 ping -c 1 custom2
171 | 
172 |     sudo docker exec test1 ping -c 1 test2
173 |     
174 |     sudo docker exec test1 ping -c 1 172.17.0.3
175 |     ```
176 | 


--------------------------------------------------------------------------------
/2022-05-08.md:
--------------------------------------------------------------------------------
  1 | ```
  2 | kubectl create ns phpinfo
  3 | kubectl create secret generic index.php --from-literal=index.php='<?php phpinfo();?>' --namespace phpinfo
  4 | kubectl get secret index.php --namespace phpinfo --output yaml
  5 | echo PD9waHAgcGhwaW5mbygpOz8+ | base64 --decode
  6 | ```
  7 | 1. https://kubernetes.io/docs/home/
  8 | 2. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/
  9 | 3. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/
 10 | 4. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#secret-v1-core
 11 | ```
 12 | # secret.yaml
 13 | apiVersion: v1
 14 | kind: Secret
 15 | metadata:
 16 |   name: phpinfo-secret
 17 |   namespace: phpinfo
 18 | stringData:
 19 |   index.php: <?php phpinfo();?>
 20 | type: Opaque
 21 | # kubectl apply --filename secret.yaml --namespace phpinfo
 22 | # kubectl get secret phpinfo-secret --namespace phpinfo --output yaml
 23 | ```
 24 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#configmap-v1-core
 25 | ```
 26 | # cm.yaml
 27 | apiVersion: v1
 28 | data:
 29 |   index.php: <?php phpinfo();?>
 30 | kind: ConfigMap
 31 | metadata:
 32 |   name: phpinfo-cm
 33 |   namespace: phpinfo
 34 | # kubectl apply --filename cm.yaml --namespace phpinfo
 35 | # kubectl get cm phpinfo-cm --namespace phpinfo --output yaml
 36 | ```
 37 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#service-v1-core
 38 | ```
 39 | # svc.yaml
 40 | apiVersion: v1
 41 | kind: Service
 42 | metadata:
 43 |   name: phpinfo
 44 |   namespace: phpinfo
 45 | spec:
 46 |   ports:
 47 |     - port: 80
 48 |       protocol: TCP
 49 |       targetPort: 8080
 50 |   selector:
 51 |     app: phpinfo
 52 |   type: NodePort
 53 | # kubectl apply --filename svc.yaml --namespace phpinfo
 54 | ```
 55 | ```
 56 | kubectl api-resources | grep -E "DaemonSet|CronJob|Job|pods.*po.*true.*Pod|StatefulSet|ReplicationController|ReplicaSet|Deployment"
 57 | ```
 58 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pod-v1-core
 59 | ```
 60 | # po.yaml
 61 | apiVersion: v1
 62 | kind: Pod
 63 | metadata:
 64 |   labels:
 65 |     app: phpinfo
 66 |   name: phpinfo-po
 67 |   namespace: phpinfo
 68 | spec:
 69 |   containers:
 70 |     - args:
 71 |         - -f
 72 |         - index.php
 73 |         - -S
 74 |         - 0.0.0.0:8080
 75 |       command:
 76 |         - php
 77 |       image: php:alpine
 78 |       name: phpinfo-container
 79 |       ports:
 80 |         - containerPort: 8080
 81 |           protocol: TCP
 82 |       volumeMounts:
 83 |         - mountPath: /app/index.php
 84 |           name: phpinfo-volume
 85 |           readOnly: true
 86 |           subPath: index.php
 87 |       workingDir: /app/
 88 |   restartPolicy: Always
 89 |   securityContext:
 90 |     runAsUser: 65534
 91 |   volumes:
 92 |     - name: phpinfo-volume
 93 |       secret:
 94 |         defaultMode: 0444
 95 |         items:
 96 |           - key: index.php
 97 |             mode: 0444
 98 |             path: index.php
 99 |         secretName: phpinfo-secret
100 | # kubectl apply --filename po.yaml --namespace phpinfo
101 | # kubectl get po --namespace phpinfo
102 | # kubectl logs phpinfo-po --namespace phpinfo
103 | # kubectl exec phpinfo-po --namespace phpinfo -- ls -l
104 | # kubectl exec phpinfo-po --namespace phpinfo -- curl localhost:8080 -I -s
105 | # kubectl describe po phpinfo-po --namespace phpinfo
106 | # kubectl describe svc phpinfo --namespace phpinfo
107 | ```
108 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#replicationcontroller-v1-core
109 | ```
110 | # rc.yaml
111 | apiVersion: v1
112 | kind: ReplicationController
113 | metadata:
114 |   name: phpinfo-rc
115 |   namespace: phpinfo
116 | spec:
117 |   replicas: 2
118 |   selector:
119 |     app: phpinfo
120 |   template:
121 |     metadata:
122 |       labels:
123 |         app: phpinfo
124 |     spec:
125 |       containers:
126 |         - args:
127 |             - -f
128 |             - index.php
129 |             - -S
130 |             - 0.0.0.0:8080
131 |           command:
132 |             - php
133 |           image: php:alpine
134 |           name: phpinfo-container
135 |           ports:
136 |             - containerPort: 8080
137 |               protocol: TCP
138 |           volumeMounts:
139 |             - mountPath: /app/index.php
140 |               name: phpinfo-volume
141 |               readOnly: true
142 |               subPath: index.php
143 |           workingDir: /app/
144 |       restartPolicy: Always
145 |       securityContext:
146 |         runAsUser: 65534
147 |       volumes:
148 |         - name: phpinfo-volume
149 |           secret:
150 |             defaultMode: 0444
151 |             items:
152 |               - key: index.php
153 |                 mode: 0444
154 |                 path: index.php
155 |             secretName: phpinfo-secret
156 | # kubectl apply --filename rc.yaml --namespace phpinfo
157 | # kubectl exec phpinfo-rc-kk8z5 --namespace phpinfo -- curl localhost:8080 -sI
158 | # kubectl exec phpinfo-rc-kk8z5 --namespace phpinfo -- curl 10.106.46.99 -sI
159 | ```
160 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#replicasetspec-v1-apps
161 | ```
162 | # rs.yaml
163 | apiVersion: apps/v1
164 | kind: ReplicaSet
165 | metadata:
166 |   name: phpinfo-rs
167 |   namespace: phpinfo
168 | spec:
169 |   replicas: 2
170 |   selector:
171 |     matchLabels:
172 |       app: phpinfo
173 |   template:
174 |     metadata:
175 |       labels:
176 |         app: phpinfo
177 |     spec:
178 |       containers:
179 |         - args:
180 |             - -f
181 |             - index.php
182 |             - -S
183 |             - 0.0.0.0:8080
184 |           command:
185 |             - php
186 |           image: php:alpine
187 |           name: phpinfo-container
188 |           ports:
189 |             - containerPort: 8080
190 |               protocol: TCP
191 |           volumeMounts:
192 |             - mountPath: /app/index.php
193 |               name: phpinfo-volume
194 |               readOnly: true
195 |               subPath: index.php
196 |           workingDir: /app/
197 |       restartPolicy: Always
198 |       securityContext:
199 |         runAsUser: 65534
200 |       volumes:
201 |         - name: phpinfo-volume
202 |           secret:
203 |             defaultMode: 0444
204 |             items:
205 |               - key: index.php
206 |                 mode: 0444
207 |                 path: index.php
208 |             secretName: phpinfo-secret
209 | # kubectl apply --filename rs.yaml --namespace phpinfo
210 | ```
211 | 1. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#daemonset-v1-apps
212 | ```
213 | # ds.yaml
214 | apiVersion: apps/v1
215 | kind: DaemonSet
216 | metadata:
217 |   name: phpinfo-ds
218 |   namespace: phpinfo
219 | spec:
220 |   selector:
221 |     matchLabels:
222 |       app: phpinfo
223 |   template:
224 |     metadata:
225 |       labels:
226 |         app: phpinfo
227 |     spec:
228 |       containers:
229 |         - args:
230 |             - -f
231 |             - index.php
232 |             - -S
233 |             - 0.0.0.0:8080
234 |           command:
235 |             - php
236 |           image: php:alpine
237 |           name: phpinfo-container
238 |           ports:
239 |             - containerPort: 8080
240 |               protocol: TCP
241 |           volumeMounts:
242 |             - mountPath: /app/index.php
243 |               name: phpinfo-volume
244 |               readOnly: true
245 |               subPath: index.php
246 |           workingDir: /app/
247 |       restartPolicy: Always
248 |       securityContext:
249 |         runAsUser: 65534
250 |       volumes:
251 |         - name: phpinfo-volume
252 |           secret:
253 |             defaultMode: 0444
254 |             items:
255 |               - key: index.php
256 |                 mode: 0444
257 |                 path: index.php
258 |             secretName: phpinfo-secret
259 | # kubectl apply --filename ds.yaml --namespace phpinfo
260 | ```
261 | 
262 | 


--------------------------------------------------------------------------------
/networking2.md:
--------------------------------------------------------------------------------
  1 | # Let us create the container:
  2 | ```
  3 | mkdir --parents ${HOME}/phpinfo/
  4 | 
  5 | tee ${HOME}/phpinfo/index.php 0<<EOF
  6 | 
  7 | <?php
  8 | phpinfo();
  9 | ?>
 10 | 
 11 | EOF
 12 | 
 13 | docker network create phpinfo-network --driver bridge
 14 | 
 15 | docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
 16 | 
 17 | docker ps | grep phpinfo-container
 18 | ```
 19 | # How to connect to the container network
 20 | The Docker container is running but only accessible from inside:
 21 | ```
 22 | $ docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 23 |   HTTP/1.1 200 OK
 24 |   Host: localhost:8080
 25 |   Date: Sat, 15 Oct 2022 14:46:11 GMT
 26 |   Connection: close
 27 |   X-Powered-By: PHP/8.0.24
 28 |   Content-type: text/html; charset=UTF-8
 29 |   
 30 | $ wget localhost:8080 -O - -q --spider -S
 31 | $ 
 32 | ```
 33 | In order to connect from outside I need to publish a Node Port from the host machine mapped into the container network:
 34 | ```
 35 | docker rm phpinfo-container --force
 36 | 
 37 | docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --publish 8080 --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ 172.31.10.220/library/php:alpine php -f index.php -S 0.0.0.0:8080
 38 | 
 39 | docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 40 | 
 41 | NODE_PORT=$( docker port phpinfo-container | grep --max-count=1 tcp | cut --delimiter : --field 2 )
 42 | 
 43 | wget localhost:${NODE_PORT} -O - -q --spider -S
 44 | ```
 45 | It is recommended to keep the Node Port as a random value but if you want to fix the Node Port then you can do that with the following command:
 46 | ```
 47 | docker rm phpinfo-container --force
 48 | 
 49 | NODE_PORT=30000
 50 | 
 51 | docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --publish ${NODE_PORT}:8080 --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
 52 | 
 53 | docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 54 | 
 55 | wget localhost:${NODE_PORT} -O - -q --spider -S
 56 | ```
 57 | # Docker networking
 58 | There are three main kind of network drivers in Docker:
 59 | * bridge
 60 | * host
 61 | * null
 62 | 
 63 | The default network driver for Docker is bridge.
 64 | Any Docker installation will create a default bridge network also called "bridge".
 65 | Any container will be attached to that network by default.
 66 | That means that any container will be able to talk to any other container in that bridge network (by default).
 67 | Therefore, for security reasons, it is better not to use the default network.
 68 | The recommended practice is to always create a custom bridge for your containers:
 69 | ```
 70 | docker network create phpinfo-network --driver bridge
 71 | ```
 72 | Only containers in the same network will be able to talk to each other.
 73 | # Bridge Docker network
 74 | It is the default Docker network.
 75 | Docker will create a default bridge network after first installation.
 76 | Any Docker container will connect to this bridge network by default.
 77 | Two Docker containers need to be connected to the same Docker network in order to be able to communicate to each other.
 78 | Therefore, by default any Docker container will be able to talk to each other through this default bridge network.
 79 | 
 80 | 1. List the default Docker networks:
 81 | 
 82 |     ```
 83 |     docker network ls
 84 |     ```
 85 | 2. Create one container connected to the default bridge network:
 86 | 
 87 |     ```
 88 |     docker run --detach --name test1 --network bridge --tty index.docker.io/library/busybox:latest
 89 |     ```
 90 | 3. Test the container network pinging different targets:
 91 | 
 92 |     ```
 93 |     docker exec test1 ping -c 1 localhost
 94 |     
 95 |     docker exec test1 ping -c 1 google.com
 96 |     
 97 |     docker exec test1 ping -c 1 8.8.8.8
 98 |     ```
 99 | 1. Check the IP address of this first container:
100 | 
101 |     ```
102 |     docker inspect test1
103 |     ```
104 | 3. Create a second container in the same default bridge network:
105 | 
106 |     ```
107 |     docker run --detach --name test2 --network bridge --tty index.docker.io/library/busybox:latest
108 |     ```
109 | 1. Test the container network pinging the IP address of the previous test container (172.17.0.2 in my case):
110 | 
111 |     ```
112 |     docker exec test2 ping -c 1 172.17.0.2
113 |     ```
114 | 1. Create a custome bridge network:
115 | 
116 |     ```
117 |     docker network create my_bridge --driver bridge
118 |     ```
119 | 1. Check the list of networks:
120 | 
121 |     ```
122 |     docker network ls
123 |     ```
124 | 1. Create two containers connected to this custom bridge:
125 | 
126 |     ```
127 |     docker run --detach --name custom1 --network my_bridge --tty busybox
128 |     
129 |     docker run --detach --name custom2 --network my_bridge --tty busybox
130 |     ```
131 | 1. Test the container network pinging different targets:
132 | 
133 |     ```
134 |     docker exec custom1 ping -c 1 localhost
135 | 
136 |     docker exec custom1 ping -c 1 google.com
137 | 
138 |     docker exec custom1 ping -c 1 8.8.8.8
139 | 
140 |     docker exec custom1 ping -c 1 custom2
141 |     
142 |     docker exec custom1 ping -c 1 test1
143 |     
144 |     docker exec custom1 ping -c 1 172.17.0.2
145 |     ```
146 | 1. Compare the following two commands:
147 | 
148 |     ```
149 |     docker exec custom1 ping -c 1 custom2
150 | 
151 |     docker exec test2 ping -c 1 test1
152 |     
153 |     docker exec test2 ping -c 1 172.17.0.2
154 |     ```
155 | 1. Let us create a second custom bridge:
156 | 
157 |     ```
158 |     docker network create my_bridge_2 --driver bridge
159 |     ```
160 | 1. Let us create a container in this network:
161 | 
162 |     ```
163 |     docker run --detach --name custom3 --network my_bridge_2 --tty index.docker.io/library/busybox:latest
164 |     ```
165 | 1. Check the isolation of this container:
166 | 
167 |     ```
168 |     docker exec custom3 ping -c 1 localhost
169 |     
170 |     docker exec custom3 ping -c 1 google.com
171 |     
172 |     docker exec custom3 ping -c 1 8.8.8.8
173 |     
174 |     docker exec custom3 ping -c 1 172.17.0.2
175 |     
176 |     docker exec custom3 ping -c 1 custom1
177 |     ```
178 | 1. Let us connect this new container to both custom networks:
179 | 
180 |     ```
181 |     docker exec custom3 ifconfig
182 | 
183 |     docker network connect my_bridge custom3
184 |     
185 |     docker exec custom3 ifconfig
186 |     ```
187 | 1. Check the connectivity between the containers:
188 | 
189 |     ```
190 |     docker exec custom3 ping -c 1 custom1
191 |     
192 |     docker exec custom3 ping -c 1 custom2
193 |     
194 |     docker exec custom3 ping -c 1 172.17.0.2
195 |     ```
196 | 1. Inspect the Docker network:
197 | 
198 |     ```
199 |     docker inspect my_bridge
200 |     
201 |     docker inspect my_bridge_2
202 |     ```
203 | 1. Bridges are isolated by IPtables firewall:
204 | 
205 |     ```
206 |     iptables -S -t filter | grep A.DOCKER-ISOLATION-STAGE-2.*DROP
207 |     ```
208 | # Experimenting with the Host network:
209 | 1. List the network interface configuration of the host machine:
210 | 
211 |     ```
212 |     ifconfig
213 |     ```
214 | 3. Create a container connected to the Host network:
215 | 
216 |     ```
217 |     docker run --detach --name host1 --network host --tty busybox
218 |     ```
219 | 1. List the network interface configuration from inside the container. It will be the same configuration as the host machine because the container is connected to the Host network:
220 | 
221 |     ```
222 |     docker exec host1 ifconfig
223 |     ```
224 | # Experimenting with the Null network:
225 | 1. Create a container using the null network:
226 | 
227 |     ```
228 |     docker run --detach --name none1 --network none --tty busybox
229 |     ```
230 | 1. When we create a container attached to the null network there is no network interface defined inside the container:
231 | 
232 |     ```
233 |     docker exec none1 ifconfig
234 |     ```
235 | 1. You can still send or retrieve files from the isolated container using `cp` and `exec`:
236 | 
237 |     ```
238 |     docker cp examples.desktop none1:/tmp/
239 |     
240 |     sudo docker exec none1 ls /tmp/
241 |     ```
242 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-09-25.md:
--------------------------------------------------------------------------------
  1 | # Experimenting with Docker bridge networks
  2 | 1. List the networks:
  3 | 
  4 |     ```
  5 |     sudo docker network ls
  6 |     ```
  7 | 2. Inspect the networks in order to obtain the IP addresses:
  8 | 
  9 |     ```
 10 |     sudo docker inspect bridge
 11 |     
 12 |     sudo docker inspect my_bridge
 13 |     ```
 14 | 1. We need to use IP adresses when communicating containers in the default bridge:
 15 | 
 16 |     ```
 17 |     sudo docker exec test1 ping -c 1 172.17.0.3
 18 |     ```
 19 | 1. We can use Docker internal DNS resolution when connecting containers in the custom bridge:
 20 | 
 21 |     ```
 22 |     sudo docker exec custom1 ping -c 1 custom2
 23 |     ```
 24 | 1. We can connect one container to many networks. Let us connect the test container to the custom bridge:
 25 | 
 26 |     ```
 27 |     sudo docker network connect my_bridge test1
 28 |     ```
 29 | 1. We can use internal DNS resolution for any container in the custom bridge:
 30 | 
 31 |     ```
 32 |     sudo docker exec custom1 ping -c 1 test1
 33 |     ```
 34 | 1. Bridges are isolated by IPtables firewall:
 35 | 
 36 |     ```
 37 |     sudo iptables -S -t filter | grep A.DOCKER-ISOLATION-STAGE-2.*DROP
 38 |     ```
 39 | # Experimenting with the Host network:
 40 | 1. List the network interface configuration of the host machine:
 41 | 
 42 |     ```
 43 |     ifconfig
 44 |     ```
 45 | 3. Create a container connected to the Host network:
 46 | 
 47 |     ```
 48 |     sudo docker run --detach --name host1 --network host --tty busybox
 49 |     ```
 50 | 1. List the network interface configuration from inside the container. It will be the same configuration as the host machine because the container is connected to the Host network:
 51 | 
 52 |     ```
 53 |     sudo docker exec host1 ifconfig
 54 |     ```
 55 | # Experimenting with the Null network:
 56 | 1. Create a container using the null network:
 57 | 
 58 |     ```
 59 |     sudo docker run --detach --name none1 --network none --tty busybox
 60 |     ```
 61 | 1. When we create a container attached to the null network there is no network interface defined inside the container:
 62 | 
 63 |     ```
 64 |     sudo docker exec none1 ifconfig
 65 |     ```
 66 | 1. You can still send or retrieve files from the isolated container using `cp` and `exec`:
 67 | 
 68 |     ```
 69 |     sudo docker cp examples.desktop none1:/tmp/
 70 |     
 71 |     sudo docker exec none1 ls /tmp/
 72 |     ```
 73 | # Sample application written in Python
 74 | 1. Create a folder for the project:
 75 | 
 76 |     ```
 77 |     mkdir --parents ${HOME}/anagrams/
 78 |     ```
 79 | 1. Download the Python script for our application:
 80 | 
 81 |     ```   
 82 |     wget https://raw.githubusercontent.com/sebastian-colomar/anagrams/docker/src/anagrams.py --output-document ${HOME}/anagrams/anagrams.py
 83 |     ```
 84 | 3. Download a sample dictionary:
 85 | 
 86 |     ```
 87 |     wget https://raw.githubusercontent.com/sebastian-colomar/anagrams/docker/data/words.txt --output-document ${HOME}/anagrams/words.txt
 88 |     ```
 89 | 1. Run the Python script that will analyze the data in the sample dictionary showing the number of Anagrams:
 90 | 
 91 |     * https://en.wikipedia.org/wiki/Anagram
 92 | 
 93 |     ```
 94 |     cd ${HOME}/anagrams/
 95 |     
 96 |     python3 anagrams.py
 97 |     ```
 98 | # How to deploy our Python sample application using Docker Compose
 99 | 1. Create a Docker Compose file to describe the services we want to run:
100 | 
101 |     ```
102 |     tee ${HOME}/anagrams/docker-compose.yaml 0<<EOF
103 | 
104 |     services:
105 |       anagrams:
106 |         command:
107 |         - python3
108 |         - script.py
109 |         image: index.docker.io/library/python:alpine
110 |         restart: "no"
111 |         user: nobody:nogroup
112 |         volumes:
113 |         - ./anagrams.py:/app/script.py:ro
114 |         - ./words.txt:/app/words.txt:ro
115 |         working_dir: /app/
116 |     version: "2.0"
117 |     
118 |     EOF
119 |     ```
120 | 1. Install Docker Compose in your host machine:
121 | 
122 |     ```
123 |     sudo apt-get install -y docker-compose
124 |     ```
125 | 1. Deploy the composite application using Docker Compose:
126 | 
127 |     ```
128 |     cd ${HOME}/anagrams/
129 |     
130 |     sudo docker-compose up
131 |     ```
132 | 1. Docker compose will be equivalent to running the following Docker command:
133 | 
134 |     ```
135 |     sudo docker run --restart no --user nobody:nogroup --volume ${HOME}/anagrams/anagrams.py:/app/script.py:ro --volume ${HOME}/anagrams/words.txt:/app/words.txt:ro --workdir /app/ index.docker.io/library/python:alpine python3 script.py
136 |     ```
137 | # Example of Continuous Integration using Github Actions:
138 | 1. https://github.com/sebastian-colomar/anagrams
139 | 2. https://github.com/sebastian-colomar/anagrams/blob/main/.github/workflows/ci.yaml
140 | 
141 | # Docker Swarm
142 | Docker Compose provides orchestration of our Docker services but does not provide high availability. 
143 | In case of failure of the host machine it is not capable of migrating the workload to another host.
144 | For the purpose of high availability and automatic failover, we need to enable Docker Swarm.
145 | 
146 | 1. Initialize Docker Swarm mode in your master host machine:
147 | 
148 |     ```
149 |     sudo docker swarm init --advertise-addr $( hostname -i )
150 |     ```
151 | 1. Check the members of the created cluster:
152 | 
153 |     ```
154 |     sudo docker node ls
155 |     ```
156 | # Deploy the PHP sample application using Docker Swarm
157 | 1. Create a Docker Compose file for this deployment using Docker Swarm (Docker Compose version 3):
158 | 
159 |     ```
160 |     tee ${HOME}/phpinfo/docker-swarm.yaml 0<<EOF
161 | 
162 |     configs:
163 |       phpinfo-config:
164 |         external: false
165 |         file: index.php
166 |     services:
167 |       phpinfo:
168 |         command:
169 |           - php
170 |           - -f
171 |           - index.php
172 |           - -S
173 |           - 0.0.0.0:8080
174 |         configs:
175 |           - source: phpinfo-config
176 |             target: /data/index.php
177 |             uid: '65534'
178 |             gid: '65534'
179 |             mode: 0400
180 |         deploy:
181 |           replicas: 3
182 |         image: index.docker.io/library/php:alpine
183 |         ports:
184 |           - 9090:8080
185 |         user: nobody:nogroup
186 |         working_dir: /data/
187 |     version: '3.8'
188 | 
189 |     EOF    
190 |     ```
191 | 1. A more complete version of the previous template:
192 |     ```
193 |     tee ${HOME}/phpinfo/docker-swarm-full.yaml 0<<EOF
194 | 
195 |     configs:
196 |         phpinfo-config:
197 |             external: false
198 |             file: ./index.php
199 |     networks:
200 |         phpinfo-network:
201 |             driver: overlay
202 |             internal: true
203 |     services:
204 |         phpinfo:
205 |             command:
206 |                 -   -f
207 |                 -   index.php
208 |                 -   -S
209 |                 -   0.0.0.0:8080
210 |             configs:
211 |                 -   source: phpinfo-config
212 |                     target: /data/index.php
213 |                     uid: '65534'
214 |                     gid: '65534'
215 |                     mode: 0400
216 |             deploy:
217 |                 placement:
218 |                     constraints:
219 |                         -   node.role == worker
220 |                 replicas: 1
221 |                 resources:
222 |                     limits:
223 |                         cpus: '0.1'
224 |                         memory: 100M
225 |                     reservations:
226 |                         cpus: '0.1'
227 |                         memory: 100M
228 |             entrypoint:
229 |                 -   php
230 |             environment:
231 |                 -   AUTHOR=Sebastian
232 |             expose:
233 |                 -   8080
234 |             healthcheck:
235 |                 interval: 30s
236 |                 retries: 3
237 |                 start_period: 10s
238 |                 test:
239 |                     -   CMD
240 |                     -   curl
241 |                     -   localhost:8080/index.php
242 |                     -   -f
243 |                 timeout: 30s
244 |             image: index.docker.io/library/php:alpine@sha256:ab23b416d86aec450ee7b75727f6bbec272edc2764a1b6fad13bc2823c59bb6b
245 |             labels:
246 |                 app: phpinfo
247 |             networks:
248 |                 -   phpinfo-network
249 |             ports:
250 |                 -   8080
251 |             read_only: true
252 |             user: nobody:nogroup
253 |             working_dir: /data/
254 |     version: '3.8'
255 | 
256 |     EOF    
257 |     ```
258 | 1. Create a Docker Compose file to deploy the PHP application using Docker Compose version 2:
259 | 
260 |     ```
261 |     tee ${HOME}/phpinfo/docker-compose.yaml 0<<EOF
262 | 
263 |     services:
264 |       phpinfo:
265 |         command:
266 |           - php
267 |           - -f
268 |           - index.php
269 |           - -S
270 |           - 0.0.0.0:8080
271 |         image: index.docker.io/library/php:alpine
272 |         ports:
273 |           - 9010:8080
274 |         scale: 3
275 |         user: nobody:nogroup
276 |         volumes:
277 |         - ./index.php:/data/index.php:ro
278 |         working_dir: /data/
279 |     version: '2.0'
280 | 
281 |     EOF    
282 |     ```
283 |     
284 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-15.md:
--------------------------------------------------------------------------------
  1 | # Troubleshooting containers:
  2 | 
  3 | 1. View the table of processes running inside the container
  4 |     ```
  5 |     sudo docker top phpinfo-container
  6 |     ```
  7 | 1. View the logs of your container:
  8 |     ```
  9 |     sudo docker logs phpinfo-container
 10 |     ```
 11 | 1. Show the resources consumption statistics of the container:
 12 |     ```
 13 |     sudo docker stats phpinfo-container --no-stream
 14 |     ```
 15 | 1. Show the content of the working directory:
 16 |     ```
 17 |     sudo docker exec phpinfo-container ls -l
 18 |     ```
 19 | 1. Test the connection to the webserver:
 20 |     ```
 21 |     sudo docker exec phpinfo-container curl localhost:8080 -I -s
 22 |     ```
 23 | 1. In order to remove the container (you will need to remove the container before creating another container with the same name):
 24 |     ```
 25 |     sudo docker rm phpinfo-container --force
 26 |     ```
 27 | 
 28 | # How to connect to the container network
 29 | The Docker container is running but only accessible from inside:
 30 | ```
 31 | $ sudo docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 32 |   HTTP/1.1 200 OK
 33 |   Host: localhost:8080
 34 |   Date: Sat, 15 Oct 2022 14:46:11 GMT
 35 |   Connection: close
 36 |   X-Powered-By: PHP/8.0.24
 37 |   Content-type: text/html; charset=UTF-8
 38 |   
 39 | $ wget localhost:8080 -O - -q --spider -S
 40 | $ 
 41 | ```
 42 | In order to connect from outside I need to publish a Node Port from the host machine mapped into the container network:
 43 | ```
 44 | sudo docker rm phpinfo-container --force
 45 | 
 46 | sudo docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --publish 8080 --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ 172.31.10.220/library/php:alpine php -f index.php -S 0.0.0.0:8080
 47 | 
 48 | sudo docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 49 | 
 50 | NODE_PORT=$( sudo docker port phpinfo-container | grep --max-count=1 tcp | cut --delimiter : --field 2 )
 51 | 
 52 | wget localhost:${NODE_PORT} -O - -q --spider -S
 53 | ```
 54 | It is recommended to keep the Node Port as a random value but if you want to fix the Node Port then you can do that with the following command:
 55 | ```
 56 | sudo docker rm phpinfo-container --force
 57 | 
 58 | NODE_PORT=30000
 59 | 
 60 | sudo docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --publish ${NODE_PORT}:8080 --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ 172.31.10.220/library/php:alpine php -f index.php -S 0.0.0.0:8080
 61 | 
 62 | sudo docker exec phpinfo-container wget localhost:8080 -O - -q --spider -S
 63 | 
 64 | wget localhost:${NODE_PORT} -O - -q --spider -S
 65 | ```
 66 | # Docker networking
 67 | There are three main kind of network drivers in Docker:
 68 | * bridge
 69 | * host
 70 | * null
 71 | 
 72 | The default network driver for Docker is bridge.
 73 | Any Docker installation will create a default bridge network also called "bridge".
 74 | Any container will be attached to that network by default.
 75 | That means that any container will be able to talk to any other container in that bridge network (by default).
 76 | Therefore, for security reasons, it is better not to use the default network.
 77 | The recommended practice is to always create a custom bridge for your containers:
 78 | ```
 79 | sudo docker network create phpinfo-network --driver bridge
 80 | ```
 81 | Only containers in the same network will be able to talk to each other.
 82 | # Bridge Docker network
 83 | It is the default Docker network.
 84 | Docker will create a default bridge network after first installation.
 85 | Any Docker container will connect to this bridge network by default.
 86 | Two Docker containers need to be connected to the same Docker network in order to be able to communicate to each other.
 87 | Therefore, by default any Docker container will be able to talk to each other through this default bridge network.
 88 | 
 89 | 1. List the default Docker networks:
 90 | 
 91 |     ```
 92 |     sudo docker network ls
 93 |     ```
 94 | 2. Create one container connected to the default bridge network:
 95 | 
 96 |     ```
 97 |     sudo docker run --detach --name test1 --network bridge --tty index.docker.io/library/busybox:latest
 98 |     ```
 99 | 3. Test the container network pinging different targets:
100 | 
101 |     ```
102 |     sudo docker exec test1 ping -c 1 localhost
103 |     
104 |     sudo docker exec test1 ping -c 1 google.com
105 |     
106 |     sudo docker exec test1 ping -c 1 8.8.8.8
107 |     ```
108 | 1. Check the IP address of this first container:
109 | 
110 |     ```
111 |     sudo docker inspect test1
112 |     ```
113 | 3. Create a second container in the same default bridge network:
114 | 
115 |     ```
116 |     sudo docker run --detach --name test2 --network bridge --tty index.docker.io/library/busybox:latest
117 |     ```
118 | 1. Test the container network pinging the IP address of the previous test container (172.17.0.2 in my case):
119 | 
120 |     ```
121 |     sudo docker exec test2 ping -c 1 172.17.0.2
122 |     ```
123 | 1. Create a custome bridge network:
124 | 
125 |     ```
126 |     sudo docker network create my_bridge --driver bridge
127 |     ```
128 | 1. Check the list of networks:
129 | 
130 |     ```
131 |     sudo docker network ls
132 |     ```
133 | 1. Create two containers connected to this custom bridge:
134 | 
135 |     ```
136 |     sudo docker run --detach --name custom1 --network my_bridge --tty busybox
137 |     
138 |     sudo docker run --detach --name custom2 --network my_bridge --tty busybox
139 |     ```
140 | 1. Test the container network pinging different targets:
141 | 
142 |     ```
143 |     sudo docker exec custom1 ping -c 1 localhost
144 | 
145 |     sudo docker exec custom1 ping -c 1 google.com
146 | 
147 |     sudo docker exec custom1 ping -c 1 8.8.8.8
148 | 
149 |     sudo docker exec custom1 ping -c 1 custom2
150 |     
151 |     sudo docker exec custom1 ping -c 1 test1
152 |     
153 |     sudo docker exec custom1 ping -c 1 172.17.0.2
154 |     ```
155 | 1. Compare the following two commands:
156 | 
157 |     ```
158 |     sudo docker exec custom1 ping -c 1 custom2
159 | 
160 |     sudo docker exec test2 ping -c 1 test1
161 |     
162 |     sudo docker exec test2 ping -c 1 172.17.0.2
163 |     ```
164 | 1. Let us create a second custom bridge:
165 | 
166 |     ```
167 |     sudo docker network create my_bridge_2 --driver bridge
168 |     ```
169 | 1. Let us create a container in this network:
170 | 
171 |     ```
172 |     sudo docker run --detach --name custom3 --network my_bridge_2 --tty index.docker.io/library/busybox:latest
173 |     ```
174 | 1. Check the isolation of this container:
175 | 
176 |     ```
177 |     sudo docker exec custom3 ping -c 1 localhost
178 |     
179 |     sudo docker exec custom3 ping -c 1 google.com
180 |     
181 |     sudo docker exec custom3 ping -c 1 8.8.8.8
182 |     
183 |     sudo docker exec custom3 ping -c 1 172.17.0.2
184 |     
185 |     sudo docker exec custom3 ping -c 1 custom1
186 |     ```
187 | 1. Let us connect this new container to both custom networks:
188 | 
189 |     ```
190 |     sudo docker exec custom3 ifconfig
191 | 
192 |     sudo docker network connect my_bridge custom3
193 |     
194 |     sudo docker exec custom3 ifconfig
195 |     ```
196 | 1. Check the connectivity between the containers:
197 | 
198 |     ```
199 |     sudo docker exec custom3 ping -c 1 custom1
200 |     
201 |     sudo docker exec custom3 ping -c 1 custom2
202 |     
203 |     sudo docker exec custom3 ping -c 1 172.17.0.2
204 |     ```
205 | 1. Inspect the Docker network:
206 | 
207 |     ```
208 |     sudo docker inspect my_bridge
209 |     
210 |     sudo docker inspect my_bridge_2
211 |     ```
212 | 1. Bridges are isolated by IPtables firewall:
213 | 
214 |     ```
215 |     sudo iptables -S -t filter | grep A.DOCKER-ISOLATION-STAGE-2.*DROP
216 |     ```
217 | # Experimenting with the Host network:
218 | 1. List the network interface configuration of the host machine:
219 | 
220 |     ```
221 |     ifconfig
222 |     ```
223 | 3. Create a container connected to the Host network:
224 | 
225 |     ```
226 |     sudo docker run --detach --name host1 --network host --tty busybox
227 |     ```
228 | 1. List the network interface configuration from inside the container. It will be the same configuration as the host machine because the container is connected to the Host network:
229 | 
230 |     ```
231 |     sudo docker exec host1 ifconfig
232 |     ```
233 | # Experimenting with the Null network:
234 | 1. Create a container using the null network:
235 | 
236 |     ```
237 |     sudo docker run --detach --name none1 --network none --tty busybox
238 |     ```
239 | 1. When we create a container attached to the null network there is no network interface defined inside the container:
240 | 
241 |     ```
242 |     sudo docker exec none1 ifconfig
243 |     ```
244 | 1. You can still send or retrieve files from the isolated container using `cp` and `exec`:
245 | 
246 |     ```
247 |     sudo docker cp examples.desktop none1:/tmp/
248 |     
249 |     sudo docker exec none1 ls /tmp/
250 |     ```
251 | # Introduction to Orchestration
252 | Reasons to use orchestration: High availability
253 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/ha-failover.svg
254 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/high_availability.svg
255 | * https://raw.githubusercontent.com/sebastian-colomar/dca/main/images/rob_cam.svg
256 | 
257 | There are two well known orchestrators:
258 | * Swarm
259 | * Kubernetes
260 | 
261 | # Docker Compose vs Docker Swarm vs Kubernetes
262 | 1. Docker Compose is a Python script that works as wrapper of Docker commands:
263 |     ```
264 |     which docker-compose
265 | 
266 |     file /usr/bin/docker-compose 
267 | 
268 |     head /usr/bin/docker-compose
269 |     ```
270 | 1. Docker Compose does not provide high availability because it is only available as a standalone host machine. If we need high availability then we need to use Docker Swarm or Kubernetes. Docker Swarm is a feature of the Docker engine that is enabled with the following commands:
271 | 
272 |     * https://labs.play-with-docker.com/
273 | 
274 |     ```
275 |     docker swarm init --advertise-addr $( hostname -i )
276 |     ```
277 | 1. Check the status of the cluster with the command:
278 | 
279 |     ```
280 |     docker node ls
281 |     ```
282 | 1. Architecture of managers and workers:
283 | 
284 |     * https://d33wubrfki0l68.cloudfront.net/2475489eaf20163ec0f54ddc1d92aa8d4c87c96b/e7c81/images/docs/components-of-kubernetes.svg
285 | 
286 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-10-01.md:
--------------------------------------------------------------------------------
  1 | # Docker Compose vs Docker Swarm vs Kubernetes
  2 | 1. Docker Compose is a Python script that works as wrapper of Docker commands:
  3 |     ```
  4 |     which docker-compose
  5 | 
  6 |     file /usr/bin/docker-compose 
  7 | 
  8 |     head /usr/bin/docker-compose
  9 |     ```
 10 | 1. Docker Compose does not provide high availability because it is only available as a standalone host machine. If we need high availability then we need to use Docker Swarm or Kubernetes. Docker Swarm is a feature of the Docker engine that is enabled with the following commands:
 11 | 
 12 |     * https://labs.play-with-docker.com/
 13 | 
 14 |     ```
 15 |     docker swarm init --advertise-addr $( hostname -i )
 16 |     ```
 17 | 1. Check the status of the cluster with the command:
 18 | 
 19 |     ```
 20 |     docker node ls
 21 |     ```
 22 | 1. Architecture of managers and workers:
 23 | 
 24 |     * https://d33wubrfki0l68.cloudfront.net/2475489eaf20163ec0f54ddc1d92aa8d4c87c96b/e7c81/images/docs/components-of-kubernetes.svg
 25 | 1. Create a Docker Compose file for this cluster using Docker Swarm (Docker Compose version 3):
 26 | 
 27 |     * https://docs.docker.com/compose/compose-file/compose-file-v3/
 28 | 
 29 |     ```
 30 |     tee ${PWD}/docker-swarm.yaml 0<<EOF
 31 | 
 32 |     # docker run --detach --name phpinfo --network phpinfo-default --restart always --publish 8080 --user nobody:nogroup --volume ${PWD}/index.php:/data/index.php:ro --workdir /data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
 33 |     configs:
 34 |       phpinfo-config:
 35 |         external: false
 36 |         file: index.php
 37 |     services:
 38 |       phpinfo:
 39 |         # command: [ "php","-f","index.php","-S","0.0.0.0:8080" ]
 40 |         command:
 41 |           - php
 42 |           - -f
 43 |           - index.php
 44 |           - -S
 45 |           - 0.0.0.0:8080
 46 |         configs:
 47 |           - source: phpinfo-config
 48 |             target: /data/index.php
 49 |             uid: '65534'
 50 |             gid: '65534'
 51 |             mode: 0400
 52 |         deploy:
 53 |           placement:
 54 |             constraints:
 55 |               - "node.role==worker"      
 56 |           replicas: 1
 57 |         image: index.docker.io/library/php:alpine
 58 |         ports:
 59 |           - 8080
 60 |         user: nobody:nogroup
 61 |         working_dir: /data/
 62 |     version: '3.8'
 63 | 
 64 |     EOF
 65 |     ```
 66 | 1. Now download the index.php artifact:
 67 | 
 68 |     ```
 69 |     wget https://raw.githubusercontent.com/sebastian-colomar/phpinfo/main/src/index.php
 70 |     ```
 71 | 1. Deploy the application with the following command:
 72 | 
 73 |     ```
 74 |     docker stack deploy --compose-file docker-swarm.yaml PHPINFO
 75 |     ```
 76 | 1. From our configuration, the entrypoint is not PHP binary. We can get the entrypoint with the following commands:
 77 | 
 78 |     ```
 79 |     $ docker ps --no-trunc
 80 |     CONTAINER ID                                                       IMAGE                                                                                COMMAND                                                    CREATED          STATUS          PORTS     NAMESa8990edbd5f334b6836052b80b1cb2896dd1e1e9ade455bb924dab2025126446   php:alpine@sha256:8605eae8361d45f6ca66205fac0b633da2c01d2771d9fc1a1e
 81 |     5013dfb7646834   "docker-php-entrypoint php -f index.php -S 0.0.0.0:8080"   13 minutes ago   Up 13 minutes             PHPINFO_phpinfo.
 82 |     1.mq2wnj25if9dw394mpv9k5gbo
 83 |     ```
 84 |     ```
 85 |     $ docker exec PHPINFO_phpinfo.1.mq2wnj25if9dw394mpv9k5gbo which docker-php-entrypoint
 86 |     /usr/local/bin/docker-php-entrypoint
 87 |     ```
 88 |     ```
 89 |     $ docker exec PHPINFO_phpinfo.1.mq2wnj25if9dw394mpv9k5gbo cat /usr/local/bin/docker-php-entrypoint
 90 |     #!/bin/sh
 91 |     set -e
 92 | 
 93 |     # first arg is `-f` or `--some-option`
 94 |     if [ "${1#-}" != "$1" ]; then
 95 |             set -- php "$@"
 96 |     fi
 97 | 
 98 |     exec "$@"
 99 |     ```
100 | 1. You can temporarily drain the worker node:
101 |     ```
102 |     docker node update --availability drain node2
103 |     ```
104 | 1. The result is the application deployment will be in a pending state:
105 | 
106 |     ```
107 |     $ docker stack ps PHPINFO 
108 |     ID             NAME                    IMAGE        NODE      DESIRED STATE   CURRENT STATE           ERROR                            
109 |       PORTS
110 |     8rrr8ske9cu5   PHPINFO_phpinfo.1       php:alpine             Ready           Pending 9 seconds ago   "no suitable node (1 node not …" 
111 | 
112 |     mq2wnj25if9d    \_ PHPINFO_phpinfo.1   php:alpine   node2     Shutdown        Running 9 seconds ago                                    
113 |     ```  
114 | 1. To solve this situation we need High Availability. For that purpose we can add another node to the cluste with the following command:
115 | 
116 |     ```
117 |     docker swarm join-token worker
118 |     ```
119 | 1. Now you can check that the second worker node has been added to the cluster:
120 | 
121 |     ```
122 |     $ docker node ls
123 |     ID                            HOSTNAME   STATUS    AVAILABILITY   MANAGER STATUS   ENGINE VERSION
124 |     1klh30n51s1k7mzbopwccrqjx *   node1      Ready     Active         Leader           20.10.17
125 |     p2kzgypwh7ee65n7bgodqqjf4     node2      Ready     Drain                           20.10.17
126 |     vyqrh9s5ircth2amyeke8cmf1     node3      Ready     Active                          20.10.17
127 |     ```
128 | 1. You can check that the application has been correctly deployed on the new worker node:
129 | 
130 |     ```
131 |     $ docker stack ps PHPINFO 
132 |     ID             NAME                    IMAGE        NODE      DESIRED STATE   CURRENT STATE                ERROR     PORTS
133 |     8rrr8ske9cu5   PHPINFO_phpinfo.1       php:alpine   node3     Running         Running about a minute ago             
134 |     mq2wnj25if9d    \_ PHPINFO_phpinfo.1   php:alpine   node2     Shutdown        Shutdown 7 minutes ago  
135 |     ```
136 | 1. We can add more managers to the cluster:
137 | 
138 |     ```
139 |     docker swarm join-token manager
140 |     ```
141 | 1. We can scale up or down the application modifying the number of replicas in the Docker Compose manifest or with the following command:
142 | 
143 |     ```
144 |     docker service scale PHPINFO_phpinfo=10
145 |     ```
146 | 1. You can open a terminal inside the container for troubleshooting purposes with the following command:
147 | 
148 |     ```
149 |     docker exec --interactive --tty PHPINFO_phpinfo.1.475n41g0f8cz99xlzhzcuee8v sh
150 |     ```
151 |     
152 | 3. In order to deploy the same application on a Kubernetes cluster we will need a list of independent Kubernetes manifests to create a list of independent Kubernetes objects. Instead of having a single Docker Compose manifest, we will have a collection of manifests to create the necessary Kubernets objects: Config Map, Service and Pod:
153 | 
154 |     ```
155 |     apiVersion: v1
156 |     kind: ConfigMap
157 |     metadata:
158 |       name: phpinfo-cm
159 |     data:
160 |       index.php: <?php phpinfo();?>
161 |     ```  
162 |     ```
163 |     apiVersion: v1
164 |     kind: Service
165 |     metadata:
166 |       name: phpinfo-svc-1
167 |     spec:
168 |       ports:
169 |       - port: 8080
170 |         protocol: TCP
171 |       selector:
172 |         app: phpinfo-deploy-1
173 |     ```  
174 |     ```
175 |     apiVersion: v1
176 |     kind: Service
177 |     metadata:
178 |       name: phpinfo-svc-2
179 |     spec:
180 |       ports:
181 |       - port: 8080
182 |         protocol: TCP
183 |       selector:
184 |         app: phpinfo-deploy-2
185 |     ```      
186 |     ```
187 |     apiVersion: apps/v1
188 |     kind: Deployment
189 |     metadata:
190 |       name: phpinfo-deploy-1
191 |     spec:
192 |       replicas: 2
193 |       selector:
194 |         matchLabels:
195 |           app: phpinfo-deploy-1
196 |       template:
197 |         metadata:
198 |           labels:
199 |             app: phpinfo-deploy-1
200 |         spec:
201 |           containers:
202 |           - args:
203 |             - php
204 |             - -f
205 |             - index.php
206 |             - -S
207 |             - 0.0.0.0:8080
208 |             env:
209 |             - name: OWNER
210 |               value: Sebastian
211 |             image: index.docker.io/library/php:8.0-alpine
212 |             name: phpinfo-container
213 |             resources:
214 |               limits:
215 |                 cpu: 200m
216 |                 memory: 200M
217 |               requests:
218 |                 cpu: 200m
219 |                 memory: 200M
220 |             securityContext:
221 |               readOnlyRootFilesystem: true
222 |             volumeMounts:
223 |             - mountPath: /data/index.php
224 |               name: phpinfo-volume
225 |               readOnly: true
226 |               subPath: index.php
227 |             workingDir: /data/
228 |           volumes:
229 |           - name: phpinfo-volume
230 |             configMap:
231 |               defaultMode: 0400
232 |               items:
233 |               - key: index.php
234 |                 mode: 0400
235 |                 path: index.php
236 |               name: phpinfo-cm
237 |     ```          
238 |     ```
239 |     apiVersion: apps/v1
240 |     kind: Deployment
241 |     metadata:
242 |       name: phpinfo-deploy-2
243 |     spec:
244 |       replicas: 2
245 |       selector:
246 |         matchLabels:
247 |           app: phpinfo-deploy-2
248 |       template:
249 |         metadata:
250 |           labels:
251 |             app: phpinfo-deploy-2
252 |         spec:
253 |           containers:
254 |           - args:
255 |             - php
256 |             - -f
257 |             - index.php
258 |             - -S
259 |             - 0.0.0.0:8080
260 |             env:
261 |             - name: OWNER
262 |               value: Sebastian
263 |             image: index.docker.io/library/php:8.1-alpine
264 |             name: phpinfo-container
265 |             resources:
266 |               limits:
267 |                 cpu: 200m
268 |                 memory: 200M
269 |               requests:
270 |                 cpu: 200m
271 |                 memory: 200M
272 |             securityContext:
273 |               readOnlyRootFilesystem: true
274 |             volumeMounts:
275 |             - mountPath: /data/index.php
276 |               name: phpinfo-volume
277 |               readOnly: true
278 |               subPath: index.php
279 |             workingDir: /data/
280 |           volumes:
281 |           - name: phpinfo-volume
282 |             configMap:
283 |               defaultMode: 0400
284 |               items:
285 |               - key: index.php
286 |                 mode: 0400
287 |                 path: index.php
288 |               name: phpinfo-cm
289 |     ```          
290 | 1. In this link you will find the Reference for the Kubernetes API syntax:
291 | 
292 |     * https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/
293 | 


--------------------------------------------------------------------------------
/caltech_2022-09/2022-10-02.md:
--------------------------------------------------------------------------------
  1 | # Kubernetes Playground
  2 | 1. Login to the Kubernetes playground with your Docker account and start a new session:
  3 | 
  4 |    * https://labs.play-with-k8s.com/
  5 | 1. Add a new instance and initialize the kubernetes cluster master node:
  6 | 
  7 |    ```
  8 |    kubeadm init --apiserver-advertise-address $(hostname -i) --pod-network-cidr 10.5.0.0/16
  9 |    ```
 10 | 1. Initialize the cluster networking:
 11 | 
 12 |    ```
 13 |    kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml
 14 |    ```
 15 | 1. Deploy a sample application:
 16 | 
 17 |    ```
 18 |    kubectl apply -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
 19 |    ```
 20 | 1. Check the status of the deployment:
 21 | 
 22 |    ```
 23 |    kubectl get all
 24 |    ```
 25 | 1. As you can see in the logs, the Service is not working. It is because the Type of the Service is Loadbalancer. This type of Service requieres cloud credentials to create a Load Balancer in the Cloud of your choice. The best way to solve this problem is to change the type of the Service. In order to do so, we first download the YAML manifest:
 26 | 
 27 |     ```
 28 |     curl -O https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
 29 |     ```
 30 | 1. Now we can modify the Service configuration with the following command:
 31 | 
 32 |     ```
 33 |     sed -i /LoadBalancer/d nginx-app.yaml
 34 |     ```
 35 | 1. Redeploy the manifest with the changes:
 36 | 
 37 |     ```
 38 |     kubectl apply -f nginx-app.yaml
 39 |     ```
 40 | 1. Check again the status of the deployment:
 41 | 
 42 |     ```
 43 |     kubectl get all
 44 |     ```
 45 | 1. Now the Service has been correctly created but there is still an issue: all the Pods are in a Pending state. To troubleshoot the problem we check the events with th e following command:
 46 | 
 47 |     ```
 48 |     kubectl get ev
 49 |     ```
 50 | 1. The latest event shows that there is a Taint that forbids the deployment of the Pods:
 51 | 
 52 |     ```
 53 |     0/1 nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate
 54 |     ```
 55 | 1. Taints are labels (or marks) applied to the nodes in order to forbid the deployment of containers. By default the master node is tainted in order to secure the cluster. To solve this situation, the easiest way is to create a worker node for the deployment. For that purpose, you will need to add a new instance and join the cluster. But you will need a token in order to join the cluster. That token was created during the installation. If you lost the token you can generate a new one running the following command on the master node:
 56 | 
 57 |     ```
 58 |     kubeadm token create --print-join-command
 59 |     ```
 60 |   
 61 | 3. Add a new instance and join the master node pasting the previously generated token in the newly created instance:
 62 | 
 63 |    ```
 64 |    kubeadm join 192.168.0.13:6443 --token vz62an.xxx --discovery-token-ca-cert-hash sha256:xxx
 65 |    ```
 66 | 1. Check again the status of the deployment:
 67 | 
 68 |    ```
 69 |    kubectl get all
 70 |    ```
 71 | 1. Now all the Pods should be correctly running and the Deployment completely Ready. But the application is still not available from outside because the container network is isolated by default. In order to be able to connect to the container network from an external web browser, we need to map a port of the external host network to a port of the internal container network. To do so, we will download again the YAML manifest, modify it and redeploy it afterwards:
 72 | 
 73 |     ```
 74 |     rm -f nginx-app.yaml
 75 |     
 76 |     curl -O https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
 77 | 
 78 |     sed -i s/LoadBalancer/NodePort/ nginx-app.yaml
 79 |     
 80 |     kubectl apply -f nginx-app.yaml
 81 |     ```
 82 |     
 83 | 3. In order to remove the previous deployment run the following command:
 84 | 
 85 |    ```
 86 |    kubectl delete -f https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
 87 |    ```
 88 | # Docker Swarm production cluster in AWS
 89 | 1. Use the following template to create the cluster infrastructure in AWS:
 90 | 
 91 |     * https://raw.githubusercontent.com/secobau/docker-aws/master/etc/aws/cluster-docker.yaml
 92 | 
 93 | 1. Connect to first master instance and initialize the Docker Swarm:
 94 | 
 95 |     ```
 96 |     sudo docker swarm init --advertise-addr 10.168.1.100
 97 |     ```
 98 | 1. Connect to the three worker instances and join the master node
 99 | 2. Connect to the leader master and generate the token for the manager nodes:
100 | 
101 |     ```
102 |     sudo docker swarm join-token manager
103 |     ```
104 | 1. Connect to the other two master instances and join the master node
105 | 2. Check the current members of the cluster:
106 | 
107 |     ```
108 |     sudo docker node ls
109 |     ```
110 | 1. Deploy a sample application (using Node Port 30001):
111 | 
112 |    1. First download the configuration file:
113 |       ```
114 |       wget https://raw.githubusercontent.com/sebastian-colomar/phpinfo/main/src/index.php
115 |       ```
116 |    1. Now create the Docker Compose file for the deployment:
117 |       ```
118 |       tee ${PWD}/docker-swarm-1.yaml 0<<EOF
119 | 
120 |       # docker run --detach --name phpinfo --network phpinfo-default --restart always --publish 8080 --user nobody:nogroup --volume ${PWD}/index.php:/data/index.php:ro --workdir /data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
121 |       configs:
122 |         phpinfo-config:
123 |           external: false
124 |           file: index.php
125 |       services:
126 |         phpinfo:
127 |           # command: [ "php","-f","index.php","-S","0.0.0.0:8080" ]
128 |           command:
129 |             - php
130 |             - -f
131 |             - index.php
132 |             - -S
133 |             - 0.0.0.0:8080
134 |           configs:
135 |             - source: phpinfo-config
136 |               target: /data/index.php
137 |               uid: '65534'
138 |               gid: '65534'
139 |               mode: 0400
140 |           deploy:
141 |             placement:
142 |               constraints:
143 |                 - "node.role==worker"      
144 |             replicas: 1
145 |           image: index.docker.io/library/php:8.0-alpine
146 |           ports:
147 |             - 30001:8080
148 |           user: nobody:nogroup
149 |           working_dir: /data/
150 |       version: '3.8'
151 | 
152 |       EOF
153 |       ```
154 |    1. Now deploy the application:
155 |       ```
156 |       sudo docker stack deploy --compose-file docker-swarm-1.yaml PHPINFO-1
157 |       ```
158 |    1. Check the status of the deployment:
159 |       ```
160 |       sudo docker stack services PHPINFO-1
161 |       ```
162 | 1. Deploy another version of the same application using a different Node Port (31001):
163 |    1. Create the Docker Compose for the new deployment:
164 | 
165 |       ```
166 |       tee ${PWD}/docker-swarm-2.yaml 0<<EOF
167 | 
168 |       # docker run --detach --name phpinfo --network phpinfo-default --restart always --publish 8080 --user nobody:nogroup --volume ${PWD}/index.php:/data/index.php:ro --workdir /data/ index.docker.io/library/php:alpine php -f index.php -S 0.0.0.0:8080
169 |       configs:
170 |         phpinfo-config:
171 |           external: false
172 |           file: index.php
173 |       services:
174 |         phpinfo:
175 |           # command: [ "php","-f","index.php","-S","0.0.0.0:8080" ]
176 |           command:
177 |             - php
178 |             - -f
179 |             - index.php
180 |             - -S
181 |             - 0.0.0.0:8080
182 |           configs:
183 |             - source: phpinfo-config
184 |               target: /data/index.php
185 |               uid: '65534'
186 |               gid: '65534'
187 |               mode: 0400
188 |           deploy:
189 |             placement:
190 |               constraints:
191 |                 - "node.role==worker"      
192 |             replicas: 1
193 |           image: index.docker.io/library/php:8.1-alpine
194 |           ports:
195 |             - 31001:8080
196 |           user: nobody:nogroup
197 |           working_dir: /data/
198 |       version: '3.8'
199 | 
200 |       EOF
201 |       ```
202 |    1. Deploy the new version:
203 | 
204 |       ```
205 |       sudo docker stack deploy --compose-file docker-swarm-2.yaml PHPINFO-2
206 |       ```
207 |    1. Check the status of the new deployment:
208 | 
209 |       ```
210 |       sudo docker stack services PHPINFO-2
211 |       ```
212 | 1. The load balancer created in AWS with the previous template contains two different listeners to access both deployments:
213 |    1. The first listener is listening on port 80 and forwarding the traffic to Node Port 30001 (that is pointing to the first deployment)
214 |    2. The second listener is listening on port 8080 and forwarding the traffic to the Node Port 31001 (that is pointing to the second deployment)   
215 | # Install Mirantis Container Runtime for Ubuntu
216 | The following instructions have been extracted from this documentation:
217 |    * https://docs.mirantis.com/mcr/20.10/install/mcr-linux/ubuntu.html
218 | 1. Uninstall old versions
219 | 
220 |    ```
221 |    sudo apt-get --yes remove docker docker-engine docker-ce docker-ce-cli docker.io
222 |    ```
223 | 1. Update the apt package index
224 | 
225 |    ```
226 |    sudo apt-get update
227 |    ```
228 | 1. Install packages to allow apt to use a repository over HTTPS
229 | 
230 |    ```
231 |    sudo apt-get install apt-transport-https ca-certificates curl software-properties-common -y
232 |    ```
233 | 1. Temporarily store https://repos.mirantis.com in an environment variable. This variable assignment does not persist when the session ends
234 | 
235 |    ```
236 |    DOCKER_EE_URL="https://repos.mirantis.com"
237 |    ```
238 | 1. Temporarily add a $DOCKER_EE_VERSION variable into your environment
239 | 
240 |    ```
241 |    DOCKER_EE_VERSION=20.10
242 |    ```
243 | 1. Add Docker’s official GPG key using your customer Mirantis Container Runtime repository URL
244 | 
245 |    ```
246 |    curl -fsSL "${DOCKER_EE_URL}/ubuntu/gpg" | sudo apt-key add -
247 |    ```
248 | 1. Set up the stable repository, using the following command as-is (which works due to the variable set up earlier in the process)
249 | 
250 |    ```
251 |    sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] $DOCKER_EE_URL/ubuntu $(lsb_release -cs) stable-$DOCKER_EE_VERSION"
252 |    ```
253 | 1. Update the apt package index
254 |    ```
255 |    sudo apt-get update
256 |    ```
257 | 1. Install the latest version of Mirantis Container Runtime and containerd. Any existing installation of MCR is replaced
258 | 
259 |    ```
260 |    sudo apt-get --yes install docker-ee docker-ee-cli containerd.io
261 |    ```
262 | # Install the MKE image   
263 | The following instructions have been extracted from this documentation:
264 |    * https://docs.mirantis.com/mke/3.5/install/install-mke-image.html
265 | 1. Install MKE
266 | 
267 |    ```
268 |    sudo docker run --interactive --name ucp --rm --tty --volume /var/run/docker.sock:/var/run/docker.sock mirantis/ucp:3.5.5 install --host-address $( hostname --ip-address ) --interactive --force-minimums
269 |    ```
270 |      
271 | 


--------------------------------------------------------------------------------
/caltech_2022-10/2022-10-09.md:
--------------------------------------------------------------------------------
  1 | # Map the Dockerfile lines with the Overlay layers
  2 | The user www-data was created in the 3rd layer:
  3 | 
  4 | ```
  5 | # RUN adduser -u 82 -D -S -G www-data www-data
  6 | $ sudo cat /var/lib/docker/overlay2/aefce2c6d0f2d3eaf3cf68105d40a7eaf4da878762f502bbc40e0a258632a941/diff/etc/passwd | grep www-data
  7 | www-data:x:82:82:Linux User,,,:/home/www-data:/sbin/nologin
  8 | ```
  9 | It cannot be found in the 1st layer:
 10 | ```
 11 | $ sudo cat /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff/etc/passwd | grep www-data
 12 | $
 13 | ```
 14 | The folder /var/www/html/ was created in the 4th layer:
 15 | 
 16 | ```
 17 | # RUN mkdir -p /var/www/html
 18 | $ sudo find /var/lib/docker/overlay2/6dbcc2403127ddc9db58e37e25a4951dfe0e9fcdc48a820a74757ef5f61c3206/diff | grep /var/www/html
 19 | /var/lib/docker/overlay2/6dbcc2403127ddc9db58e37e25a4951dfe0e9fcdc48a820a74757ef5f61c3206/diff/var/www/html
 20 | ```
 21 | It cannot be found in the 1st layer:
 22 | ```
 23 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep /var/www/html
 24 | $
 25 | ```
 26 | The tarball php.tar.xz was downloaded in the 5th layer:
 27 | ```
 28 | # RUN curl -fsSL -o php.tar.xz
 29 | $ sudo find /var/lib/docker/overlay2/2297bb0ed761793a12bbfd2417a7d12bf48b88b8fecd89f028f66e5f33c89d90/diff | grep php.tar.xz$
 30 | /var/lib/docker/overlay2/2297bb0ed761793a12bbfd2417a7d12bf48b88b8fecd89f028f66e5f33c89d90/diff/usr/src/php.tar.xz
 31 | ```
 32 | It cannot be found in the 1st layer:
 33 | ```
 34 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep php.tar.xz$
 35 | $ 
 36 | ```
 37 | The source file docker-php-source was copied in the 6th layer:
 38 | ```
 39 | # COPY docker-php-source /usr/local/bin/
 40 | $ sudo find /var/lib/docker/overlay2/69bdde78da3c27c0d4c6ac4f16c82398c6011d53267432966be9eee687cfa069/diff | grep docker-php-source
 41 | /var/lib/docker/overlay2/69bdde78da3c27c0d4c6ac4f16c82398c6011d53267432966be9eee687cfa069/diff/usr/local/bin/docker-php-source
 42 | ```
 43 | It cannot be found in the 1st layer:
 44 | ```
 45 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep docker-php-source
 46 | $ 
 47 | ```
 48 | Maybe you need to view the content of that file in order to check that the image layer contains the correct file:
 49 | ```
 50 | sudo cat /var/lib/docker/overlay2/69bdde78da3c27c0d4c6ac4f16c82398c6011d53267432966be9eee687cfa069/diff/usr/local/bin/docker-php-source
 51 | ```
 52 | The php binary was compiled in the 7th layer:
 53 | ```
 54 | # RUN make install
 55 | $ sudo find /var/lib/docker/overlay2/bc27cf73093d3ab8eb6ba925022c85181c6ad241b44676af7f1abefec2c19591/diff | grep bin/php$
 56 | /var/lib/docker/overlay2/bc27cf73093d3ab8eb6ba925022c85181c6ad241b44676af7f1abefec2c19591/diff/usr/local/bin/php
 57 | ```
 58 | It cannot be found in the 1st layer:
 59 | ```
 60 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep bin/php$
 61 | $ 
 62 | ```
 63 | The script docker-php-entrypoint was copied into the 8th layer:
 64 | ```
 65 | # COPY docker-php-entrypoint /usr/local/bin/
 66 | $ sudo find /var/lib/docker/overlay2/75a751362c8570b0b83a3711e9e0fd1b427963dfa164fa210f5486924f690396/diff | grep docker-php-entrypoint
 67 | /var/lib/docker/overlay2/75a751362c8570b0b83a3711e9e0fd1b427963dfa164fa210f5486924f690396/diff/usr/local/bin/docker-php-entrypoint
 68 | ```
 69 | It cannot be found in the 1st layer:
 70 | ```
 71 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep docker-php-entrypoint
 72 | $
 73 | ```
 74 | The sodium module was enabled in the 9th layer:
 75 | ```
 76 | # RUN docker-php-ext-enable sodium
 77 | $ sudo find /var/lib/docker/overlay2/3f22612fdf314440ba7cb6c1fef1062d3ef05ee2ec871f4049147aa92a5a5c9b/diff | grep sodium
 78 | /var/lib/docker/overlay2/3f22612fdf314440ba7cb6c1fef1062d3ef05ee2ec871f4049147aa92a5a5c9b/diff/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini
 79 | ```
 80 | It cannot be found in the 1st layer:
 81 | ```
 82 | $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep sodium
 83 | $
 84 | ```
 85 | Remember that you can find the list of layers inspecting the Docker image in the section Graph Driver where Upper Directory will correspond to the last layer (that is the 9th layer in this case) and the Lower Directory will list the rest of the inner layers in reverse order (so that the first layer is the last in the list):
 86 | ```
 87 | $ sudo docker inspect index.docker.io/library/php:alpine
 88 | [...]
 89 |         "GraphDriver": {
 90 |             "Data": {
 91 |                 "LowerDir": "/var/lib/docker/overlay2/75a751362c8570b0b83a3711e9e0fd1b427963dfa164fa210f5486924f690396/diff:/var/lib/docker/overlay2/bc27cf73093d3ab8eb6ba925022c85181c6ad241b44676af7f1abefec2c19591/diff:/var/lib/docker/overlay2/69bdde78da3c27c0d4c6ac4f16c82398c6011d53267432966be9eee687cfa069/diff:/var/lib/docker/overlay2/2297bb0ed761793a12bbfd2417a7d12bf48b88b8fecd89f028f66e5f33c89d90/diff:/var/lib/docker/overlay2/6dbcc2403127ddc9db58e37e25a4951dfe0e9fcdc48a820a74757ef5f61c3206/diff:/var/lib/docker/overlay2/aefce2c6d0f2d3eaf3cf68105d40a7eaf4da878762f502bbc40e0a258632a941/diff:/var/lib/docker/overlay2/c08020e77009b4e1b0b585953e365d86dfa4c8d0ca0cf5e66dc223489bf4bffe/diff:/var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff",
 92 |                 "MergedDir": "/var/lib/docker/overlay2/3f22612fdf314440ba7cb6c1fef1062d3ef05ee2ec871f4049147aa92a5a5c9b/merged",
 93 |                 "UpperDir": "/var/lib/docker/overlay2/3f22612fdf314440ba7cb6c1fef1062d3ef05ee2ec871f4049147aa92a5a5c9b/diff",
 94 |                 "WorkDir": "/var/lib/docker/overlay2/3f22612fdf314440ba7cb6c1fef1062d3ef05ee2ec871f4049147aa92a5a5c9b/work"
 95 |             },
 96 |             "Name": "overlay2"
 97 |         },
 98 | [...]        
 99 | ```
100 | Thank you Anton for suggesting this:
101 | ```
102 | $ sudo docker inspect index.docker.io/library/php:alpine | grep LowerDir | tr ':' '\n'
103 |                 "LowerDir"
104 |  "/var/lib/docker/overlay2/75a751362c8570b0b83a3711e9e0fd1b427963dfa164fa210f5486924f690396/diff
105 | /var/lib/docker/overlay2/bc27cf73093d3ab8eb6ba925022c85181c6ad241b44676af7f1abefec2c19591/diff
106 | /var/lib/docker/overlay2/69bdde78da3c27c0d4c6ac4f16c82398c6011d53267432966be9eee687cfa069/diff
107 | /var/lib/docker/overlay2/2297bb0ed761793a12bbfd2417a7d12bf48b88b8fecd89f028f66e5f33c89d90/diff
108 | /var/lib/docker/overlay2/6dbcc2403127ddc9db58e37e25a4951dfe0e9fcdc48a820a74757ef5f61c3206/diff
109 | /var/lib/docker/overlay2/aefce2c6d0f2d3eaf3cf68105d40a7eaf4da878762f502bbc40e0a258632a941/diff
110 | /var/lib/docker/overlay2/c08020e77009b4e1b0b585953e365d86dfa4c8d0ca0cf5e66dc223489bf4bffe/diff
111 | /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff",
112 | ```
113 | # How to build a new Docker image for our PHP sample application
114 | 
115 | 1. Create the Dockerfile:
116 | 
117 |     ```
118 |     tee ${HOME}/phpinfo/Dockerfile 0<<EOF
119 |     
120 |     FROM    index.docker.io/library/alpine:latest
121 |     RUN     apk add php
122 |     
123 |     EOF
124 |     ```
125 | 1. Create the Docker image:
126 | 
127 |     ```
128 |     mkdir --parents ${HOME}/phpinfo/build-context/
129 |     
130 |     sudo docker build --file ${HOME}/phpinfo/Dockerfile --tag localhost/library/php:alpine ${HOME}/phpinfo/build-context/
131 |     ```
132 | 1. List the local Docker images:
133 | 
134 |     ```
135 |     sudo docker images
136 |     ```
137 | 1. Inspect the Docker image and check the Graph Driver to find the image layers:
138 | 
139 |     ```
140 |     sudo docker inspect localhost/library/php:alpine
141 |     ```
142 | 1. PHP was installed in the second layer (in this case the Upper Directory):
143 | 
144 |     ```
145 |     $ sudo find /var/lib/docker/overlay2/1ae740ebdb9a0df734a8661367e1853a6405738faf4c6680b677afc41879187e/diff | grep bin/php$
146 |     /var/lib/docker/overlay2/1ae740ebdb9a0df734a8661367e1853a6405738faf4c6680b677afc41879187e/diff/usr/bin/php
147 |     ```
148 | 1. PHP will not be found in the first layer (in this case the Lower Directory):
149 | 
150 |     ```
151 |     $ sudo find /var/lib/docker/overlay2/899aee02f86ab508297610243a588a69b7e77977f6bc686eec7765b954296515/diff | grep bin/php$
152 |     $
153 |     ```
154 | 1. Building your own Docker image will improve the security and the performance but will need permanent maintenance to apply future security patches. If you use official Docker images directly downloaded from Docker Hub will relieve you from that burden.    
155 | 
156 | # How to run a private Docker registry (instead of using public Docker Hub):
157 | 1. Run the following command on one of the workers:
158 | 
159 |     ```
160 |     sudo docker network create registry-network --driver bridge
161 |     
162 |     sudo docker run --detach --name registry --network registry-network --publish 80:5000 --restart always --user root:root --volume registry_volume:/var/lib/registry/:rw index.docker.io/library/registry:2
163 |     ```
164 | 1. We can inspect the volume used for the Docker registry with the following command:
165 | 
166 |     ```
167 |     sudo docker inspect registry_volume
168 |     ```
169 | 1. We can check the content of the volume with the following command:
170 | 
171 |     ```
172 |     sudo find /var/lib/docker/volumes/registry_volume/_data/
173 |     ```
174 | 1. At the moment the volume is empty. You can also check that condition from the mount point of the external volume inside the Docker container:
175 | 
176 |     ```
177 |     sudo docker exec registry find /var/lib/registry/
178 |     ```
179 | 1. Both folders are the same folder though one is inspected from the host filesystem and the other folder is checked from inside the container but both folders are pointing to the same INODE (that means that they are actually the same folder in the host machine):
180 | 
181 |     ```
182 |     sudo stat /var/lib/docker/volumes/registry_volume/_data/
183 |     
184 |     sudo docker exec registry stat /var/lib/registry/
185 |     ```    
186 | 1. At this moment the master node will contain your custom local Docker image that you just created and the worker node will only contain the Docker image for the private Docker registry. You can check that running the following command in both master and worker nodes:
187 | 
188 |     ```
189 |     sudo docker images
190 |     ```
191 | 3. Modify the Docker daemon configuration in any other remote node that needs to connect to our private Docker registry (using the IP address of your Docker registry host that is 172.31.10.220 in my case):
192 | 
193 |     ```
194 |     echo '{"insecure-registries":["172.31.10.220"]}' | sudo tee /etc/docker/daemon.json
195 |     
196 |     sudo service docker restart
197 |     ```
198 | 1. Push the custom local Docker image to the private Registry running the following command from the node where the local Docker image is located (in my case it is the master node):
199 | 
200 |     ```
201 |     sudo docker tag localhost/library/php:alpine 172.31.10.220/library/php:alpine
202 |     
203 |     sudo docker push 172.31.10.220/library/php:alpine
204 |     ```
205 | 1. After this modification you can pull the Docker image from the private Docker registry using the remote IP address of the Docker registry host:
206 | 
207 |     ```
208 |     sudo docker pull 172.31.10.220/library/php:alpine
209 |     ```
210 | 1. You can also check the content of the private Docker registry and see the new Docker images that have been pushed to the registry. You can check that from outside the container or from inside the container. You need to run the following commands on the node where the Docker registry is located (in my case it is the worker node):
211 | 
212 |     ```
213 |     sudo find /var/lib/docker/volumes/registry_volume/_data/
214 |     
215 |     sudo docker exec registry find /var/lib/registry/
216 |     ```
217 | # Run the container
218 | 
219 | Let us see all the options for docker run command:
220 | ```
221 | sudo docker run --help
222 | ```
223 | Let us create the container:
224 | ```
225 | mkdir --parents ${HOME}/phpinfo/
226 | 
227 | tee ${HOME}/phpinfo/index.php 0<<EOF
228 | 
229 | <?php
230 | phpinfo();
231 | ?>
232 | 
233 | EOF
234 | 
235 | sudo docker network create phpinfo-network --driver bridge
236 | 
237 | sudo docker run --cpus 0.100 --detach --env AUTHOR=Sebastian --memory 100M --memory-reservation 100M --name phpinfo-container --network phpinfo-network --read-only --restart always --user nobody:nogroup --volume ${HOME}/phpinfo/index.php:/data/index.php:ro --workdir /data/ 172.31.10.220/library/php:alpine php -f index.php -S 0.0.0.0:8080
238 | 
239 | sudo docker ps | grep phpinfo-container
240 | ```
241 | 


--------------------------------------------------------------------------------
/images/vm.svg:
--------------------------------------------------------------------------------
1 | <svg version="1.1" viewBox="0.0 0.0 960.0 720.0" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg"><clipPath id="p.0"><path d="m0 0l960.0 0l0 720.0l-960.0 0l0 -720.0z" clip-rule="nonzero"/></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l960.0 0l0 720.0l-960.0 0z" fill-rule="evenodd"/><path fill="#cfe2f3" d="m91.178474 116.33071l216.94489 0l0 138.33072l-216.94489 0z" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m91.178474 116.33071l216.94489 0l0 138.33072l-216.94489 0z" fill-rule="evenodd"/><path fill="#000000" d="m105.428474 192.41606l-5.171875 -13.359375l1.921875 0l3.46875 9.703125q0.421875 1.171875 0.703125 2.1875q0.3125 -1.09375 0.71875 -2.1875l3.609375 -9.703125l1.796875 0l-5.234375 13.359375l-1.8125 0zm8.584198 0l0 -13.359375l2.65625 0l3.15625 9.453125q0.4375 1.328125 0.640625 1.984375q0.234375 -0.734375 0.703125 -2.140625l3.203125 -9.296875l2.375 0l0 13.359375l-1.703125 0l0 -11.171875l-3.875 11.171875l-1.59375 0l-3.859375 -11.375l0 11.375l-1.703125 0zm21.10331 0l-1.640625 0l0 -10.453125q-0.59375 0.5625 -1.5625 1.140625q-0.953125 0.5625 -1.71875 0.84375l0 -1.59375q1.375 -0.640625 2.40625 -1.5625q1.03125 -0.921875 1.453125 -1.78125l1.0625 0l0 13.40625z" fill-rule="nonzero"/><path fill="#cfe2f3" d="m91.178474 302.11285l216.94489 0l0 138.33072l-216.94489 0z" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m91.178474 302.11285l216.94489 0l0 138.33072l-216.94489 0z" fill-rule="evenodd"/><path fill="#000000" d="m105.428474 378.1982l-5.171875 -13.359375l1.921875 0l3.46875 9.703125q0.421875 1.171875 0.703125 2.1875q0.3125 -1.09375 0.71875 -2.1875l3.609375 -9.703125l1.796875 0l-5.234375 13.359375l-1.8125 0zm8.584198 0l0 -13.359375l2.65625 0l3.15625 9.453125q0.4375 1.328125 0.640625 1.984375q0.234375 -0.734375 0.703125 -2.140625l3.203125 -9.296875l2.375 0l0 13.359375l-1.703125 0l0 -11.171875l-3.875 11.171875l-1.59375 0l-3.859375 -11.375l0 11.375l-1.703125 0zm23.54081 -1.578125l0 1.578125l-8.828125 0q-0.015625 -0.59375 0.1875 -1.140625q0.34375 -0.90625 1.078125 -1.78125q0.75 -0.875 2.15625 -2.015625q2.171875 -1.78125 2.9375 -2.828125q0.765625 -1.046875 0.765625 -1.96875q0 -0.984375 -0.703125 -1.640625q-0.6875 -0.671875 -1.8125 -0.671875q-1.1875 0 -1.90625 0.71875q-0.703125 0.703125 -0.703125 1.953125l-1.6875 -0.171875q0.171875 -1.890625 1.296875 -2.875q1.140625 -0.984375 3.03125 -0.984375q1.921875 0 3.046875 1.0625q1.125 1.0625 1.125 2.640625q0 0.796875 -0.328125 1.578125q-0.328125 0.78125 -1.09375 1.640625q-0.75 0.84375 -2.53125 2.34375q-1.46875 1.234375 -1.890625 1.6875q-0.421875 0.4375 -0.6875 0.875l6.546875 0z" fill-rule="nonzero"/><path fill="#cfe2f3" d="m91.178474 494.18372l216.94489 0l0 138.33075l-216.94489 0z" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m91.178474 494.18372l216.94489 0l0 138.33075l-216.94489 0z" fill-rule="evenodd"/><path fill="#000000" d="m105.428474 570.2691l-5.171875 -13.359375l1.921875 0l3.46875 9.703125q0.421875 1.171875 0.703125 2.1875q0.3125 -1.09375 0.71875 -2.1875l3.609375 -9.703125l1.796875 0l-5.234375 13.359375l-1.8125 0zm8.584198 0l0 -13.359375l2.65625 0l3.15625 9.453125q0.4375 1.328125 0.640625 1.984375q0.234375 -0.734375 0.703125 -2.140625l3.203125 -9.296875l2.375 0l0 13.359375l-1.703125 0l0 -11.171875l-3.875 11.171875l-1.59375 0l-3.859375 -11.375l0 11.375l-1.703125 0zm14.931435 -3.53125l1.640625 -0.21875q0.28125 1.40625 0.953125 2.015625q0.6875 0.609375 1.65625 0.609375q1.15625 0 1.953125 -0.796875q0.796875 -0.796875 0.796875 -1.984375q0 -1.125 -0.734375 -1.859375q-0.734375 -0.734375 -1.875 -0.734375q-0.46875 0 -1.15625 0.171875l0.1875 -1.4375q0.15625 0.015625 0.265625 0.015625q1.046875 0 1.875 -0.546875q0.84375 -0.546875 0.84375 -1.671875q0 -0.90625 -0.609375 -1.5q-0.609375 -0.59375 -1.578125 -0.59375q-0.953125 0 -1.59375 0.609375q-0.640625 0.59375 -0.8125 1.796875l-1.640625 -0.296875q0.296875 -1.640625 1.359375 -2.546875q1.0625 -0.90625 2.65625 -0.90625q1.09375 0 2.0 0.46875q0.921875 0.46875 1.40625 1.28125q0.5 0.8125 0.5 1.71875q0 0.859375 -0.46875 1.578125q-0.46875 0.703125 -1.375 1.125q1.1875 0.28125 1.84375 1.140625q0.65625 0.859375 0.65625 2.15625q0 1.734375 -1.28125 2.953125q-1.265625 1.21875 -3.21875 1.21875q-1.765625 0 -2.921875 -1.046875q-1.15625 -1.046875 -1.328125 -2.71875z" fill-rule="nonzero"/><path fill="#cfe2f3" d="m698.41254 352.31226l0 0c-1.5818481 -12.173676 3.6116333 -24.224884 13.37677 -31.039856c9.765076 -6.814972 22.38916 -7.1984863 32.51538 -0.9878235l0 0c3.586975 -7.0782776 10.152283 -11.965332 17.7099 -13.182953c7.557678 -1.2175903 15.220093 1.3772583 20.669495 6.999695l0 0c3.055664 -6.417633 9.055542 -10.729431 15.870483 -11.4053955c6.8150024 -0.67596436 13.480652 2.3795776 17.631592 8.082397l0 0c5.520508 -6.8026733 14.303833 -9.66687 22.549255 -7.353241c8.245483 2.3135986 14.472168 9.389496 15.985779 18.165894l0 0c6.76355 1.9319763 12.397461 6.8433533 15.446106 13.465149c3.048645 6.6217957 3.2129517 14.304474 0.45043945 21.06305l0 0c6.660095 9.077484 8.218079 21.173126 4.0925293 31.77304c-4.1256104 10.599945 -13.315002 18.111603 -24.138794 19.731812c-0.076293945 9.948425 -5.286316 19.076965 -13.621887 23.867096c-8.33551 4.7901306 -18.495056 4.493866 -26.562561 -0.7746277l0 0c-3.4363403 11.9149475 -13.108459 20.681854 -24.837646 22.513062c-11.729187 1.8312378 -23.41278 -3.601471 -30.003052 -13.950989l0 0c-8.078247 5.1013184 -17.771484 6.5708313 -26.893066 4.0770874c-9.121582 -2.4937744 -16.90326 -8.740753 -21.589539 -17.331757l0 0c-8.254944 1.0116272 -16.236328 -3.4672546 -19.983032 -11.213745c-3.746704 -7.7464905 -2.4611206 -17.111572 3.218689 -23.447357l0 0c-7.3636475 -4.5386963 -11.121033 -13.544922 -9.312805 -22.322327c1.8082275 -8.777405 8.772278 -15.336975 17.260681 -16.258148z" fill-rule="evenodd"/><path fill="#000000" fill-opacity="0.0" d="m690.30145 391.3619l0 0c3.4749146 2.1418152 7.489258 3.1134033 11.504089 2.7842712m5.258484 31.877625c1.7265015 -0.21157837 3.4188232 -0.65960693 5.033264 -1.33255m43.4469 14.58667c-1.2142944 -1.9070129 -2.230957 -3.9447937 -3.0327148 -6.0786743m57.87555 -2.4837646l0 0c0.62646484 -2.1722717 1.0324097 -4.4079895 1.2109375 -6.6698914m38.971985 -16.421722c0.08117676 -10.591614 -5.66333 -20.289398 -14.766235 -24.927887m34.812256 -26.575867c-1.4741821 3.6066284 -3.7246704 6.8060303 -6.5750732 9.347351m-9.320068 -43.876495l0 0c0.25115967 1.4564209 0.36743164 2.9347534 0.34710693 4.4144897m-38.88147 -15.226685l0 0c-1.3770752 1.6969299 -2.5116577 3.5932007 -3.3682861 5.629822m-30.134155 -2.3075562l0 0c-0.7338867 1.5412903 -1.2818604 3.1722717 -1.6314087 4.855316m-36.748535 1.328064l0 0c2.1427002 1.3141785 4.125 2.8959045 5.9033203 4.7104797m-51.79486 27.317352l0 0c0.21801758 1.6778564 0.5625 3.335022 1.0302124 4.9559937" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m698.41254 352.31226l0 0c-1.5818481 -12.173676 3.6116333 -24.224884 13.37677 -31.039856c9.765076 -6.814972 22.38916 -7.1984863 32.51538 -0.9878235l0 0c3.586975 -7.0782776 10.152283 -11.965332 17.7099 -13.182953c7.557678 -1.2175903 15.220093 1.3772583 20.669495 6.999695l0 0c3.055664 -6.417633 9.055542 -10.729431 15.870483 -11.4053955c6.8150024 -0.67596436 13.480652 2.3795776 17.631592 8.082397l0 0c5.520508 -6.8026733 14.303833 -9.66687 22.549255 -7.353241c8.245483 2.3135986 14.472168 9.389496 15.985779 18.165894l0 0c6.76355 1.9319763 12.397461 6.8433533 15.446106 13.465149c3.048645 6.6217957 3.2129517 14.304474 0.45043945 21.06305l0 0c6.660095 9.077484 8.218079 21.173126 4.0925293 31.77304c-4.1256104 10.599945 -13.315002 18.111603 -24.138794 19.731812c-0.076293945 9.948425 -5.286316 19.076965 -13.621887 23.867096c-8.33551 4.7901306 -18.495056 4.493866 -26.562561 -0.7746277l0 0c-3.4363403 11.9149475 -13.108459 20.681854 -24.837646 22.513062c-11.729187 1.8312378 -23.41278 -3.601471 -30.003052 -13.950989l0 0c-8.078247 5.1013184 -17.771484 6.5708313 -26.893066 4.0770874c-9.121582 -2.4937744 -16.90326 -8.740753 -21.589539 -17.331757l0 0c-8.254944 1.0116272 -16.236328 -3.4672546 -19.983032 -11.213745c-3.746704 -7.7464905 -2.4611206 -17.111572 3.218689 -23.447357l0 0c-7.3636475 -4.5386963 -11.121033 -13.544922 -9.312805 -22.322327c1.8082275 -8.777405 8.772278 -15.336975 17.260681 -16.258148z" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m690.30145 391.3619l0 0c3.4749146 2.1418152 7.489258 3.1134033 11.504089 2.7842712m5.258484 31.877625c1.7265015 -0.21157837 3.4188232 -0.65960693 5.033264 -1.33255m43.4469 14.58667c-1.2142944 -1.9070129 -2.230957 -3.9447937 -3.0327148 -6.0786743m57.87555 -2.4837646l0 0c0.62646484 -2.1722717 1.0324097 -4.4079895 1.2109375 -6.6698914m38.971985 -16.421722c0.08117676 -10.591614 -5.66333 -20.289398 -14.766235 -24.927887m34.812256 -26.575867c-1.4741821 3.6066284 -3.7246704 6.8060303 -6.5750732 9.347351m-9.320068 -43.876495l0 0c0.25115967 1.4564209 0.36743164 2.9347534 0.34710693 4.4144897m-38.88147 -15.226685l0 0c-1.3770752 1.6969299 -2.5116577 3.5932007 -3.3682861 5.629822m-30.134155 -2.3075562l0 0c-0.7338867 1.5412903 -1.2818604 3.1722717 -1.6314087 4.855316m-36.748535 1.328064l0 0c2.1427002 1.3141785 4.125 2.8959045 5.9033203 4.7104797m-51.79486 27.317352l0 0c0.21801758 1.6778564 0.5625 3.335022 1.0302124 4.9559937" fill-rule="evenodd"/><path fill="#000000" d="m718.4751 380.9929l0 -13.359375l1.765625 0l0 13.359375l-1.765625 0zm4.8707886 0l0 -13.359375l1.8125 0l7.015625 10.484375l0 -10.484375l1.6875 0l0 13.359375l-1.8125 0l-7.015625 -10.5l0 10.5l-1.6875 0zm16.894836 0l0 -11.78125l-4.40625 0l0 -1.578125l10.578125 0l0 1.578125l-4.40625 0l0 11.78125l-1.765625 0zm8.020935 0l0 -13.359375l9.65625 0l0 1.578125l-7.875 0l0 4.09375l7.375 0l0 1.5625l-7.375 0l0 4.546875l8.1875 0l0 1.578125l-9.96875 0zm12.4436035 0l0 -13.359375l5.921875 0q1.78125 0 2.703125 0.359375q0.9375 0.359375 1.484375 1.28125q0.5625 0.90625 0.5625 2.015625q0 1.40625 -0.921875 2.390625q-0.921875 0.96875 -2.84375 1.234375q0.703125 0.34375 1.078125 0.671875q0.765625 0.703125 1.453125 1.765625l2.328125 3.640625l-2.21875 0l-1.765625 -2.78125q-0.78125 -1.203125 -1.28125 -1.828125q-0.5 -0.640625 -0.90625 -0.890625q-0.390625 -0.265625 -0.796875 -0.359375q-0.296875 -0.078125 -0.984375 -0.078125l-2.046875 0l0 5.9375l-1.765625 0zm1.765625 -7.453125l3.796875 0q1.21875 0 1.890625 -0.25q0.6875 -0.265625 1.046875 -0.8125q0.359375 -0.546875 0.359375 -1.1875q0 -0.953125 -0.6875 -1.5625q-0.6875 -0.609375 -2.1875 -0.609375l-4.21875 0l0 4.421875zm11.660461 7.453125l0 -13.359375l1.8125 0l7.015625 10.484375l0 -10.484375l1.6875 0l0 13.359375l-1.8125 0l-7.015625 -10.5l0 10.5l-1.6875 0zm13.519775 0l0 -13.359375l9.65625 0l0 1.578125l-7.875 0l0 4.09375l7.375 0l0 1.5625l-7.375 0l0 4.546875l8.1875 0l0 1.578125l-9.96875 0zm15.8186035 0l0 -11.78125l-4.40625 0l0 -1.578125l10.578125 0l0 1.578125l-4.40625 0l0 11.78125l-1.765625 0z" fill-rule="nonzero"/><path fill="#cfe2f3" d="m429.95538 360.0l0 0c0 -19.534363 28.858246 -35.370087 64.456696 -35.370087l0 0c35.59842 0 64.456696 15.835724 64.456696 35.370087l0 0c0 19.534363 -28.858276 35.370087 -64.456696 35.370087l0 0c-35.59845 0 -64.456696 -15.835724 -64.456696 -35.370087z" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m429.95538 360.0l0 0c0 -19.534363 28.858246 -35.370087 64.456696 -35.370087l0 0c35.59842 0 64.456696 15.835724 64.456696 35.370087l0 0c0 19.534363 -28.858276 35.370087 -64.456696 35.370087l0 0c-35.59845 0 -64.456696 -15.835724 -64.456696 -35.370087z" fill-rule="evenodd"/><path fill="#000000" d="m465.52182 361.6856l0 -1.578125l5.65625 0l0 4.953125q-1.296875 1.046875 -2.6875 1.578125q-1.375 0.515625 -2.84375 0.515625q-1.96875 0 -3.578125 -0.84375q-1.609375 -0.84375 -2.421875 -2.4375q-0.8125 -1.59375 -0.8125 -3.5625q0 -1.953125 0.8125 -3.640625q0.8125 -1.6875 2.34375 -2.5q1.53125 -0.828125 3.515625 -0.828125q1.453125 0 2.625 0.46875q1.171875 0.46875 1.828125 1.3125q0.671875 0.828125 1.015625 2.171875l-1.59375 0.4375q-0.296875 -1.015625 -0.75 -1.59375q-0.4375 -0.59375 -1.265625 -0.9375q-0.828125 -0.34375 -1.84375 -0.34375q-1.203125 0 -2.09375 0.375q-0.890625 0.359375 -1.4375 0.96875q-0.53125 0.59375 -0.828125 1.3125q-0.515625 1.234375 -0.515625 2.6875q0 1.78125 0.609375 2.984375q0.625 1.203125 1.796875 1.796875q1.171875 0.578125 2.5 0.578125q1.140625 0 2.234375 -0.4375q1.09375 -0.453125 1.65625 -0.953125l0 -2.484375l-3.921875 0zm10.589539 5.234375l-3.53125 -13.359375l1.8125 0l2.03125 8.765625q0.328125 1.375 0.5625 2.71875q0.5 -2.140625 0.59375 -2.46875l2.546875 -9.015625l2.125 0l1.921875 6.765625q0.71875 2.515625 1.03125 4.71875q0.265625 -1.265625 0.671875 -2.890625l2.09375 -8.59375l1.78125 0l-3.671875 13.359375l-1.703125 0l-2.8125 -10.171875q-0.359375 -1.28125 -0.421875 -1.5625q-0.203125 0.90625 -0.390625 1.5625l-2.828125 10.171875l-1.8125 0z" fill-rule="nonzero"/><path fill="#000000" fill-opacity="0.0" d="m308.12335 185.49606l140.72443 149.48032" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m308.12335 185.49606l140.72443 149.48032" fill-rule="evenodd"/><path fill="#000000" fill-opacity="0.0" d="m308.12335 371.27823l121.82678 -11.275604" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m308.12335 371.27823l121.82678 -11.275604" fill-rule="evenodd"/><path fill="#000000" fill-opacity="0.0" d="m308.12335 563.34906l140.72443 -178.33069" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m308.12335 563.34906l140.72443 -178.33069" fill-rule="evenodd"/><path fill="#000000" fill-opacity="0.0" d="m558.8688 360.0l122.42517 17.574799" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m558.8688 360.0l122.42517 17.574799" fill-rule="evenodd"/><path fill="#000000" fill-opacity="0.0" d="m91.178474 185.49606l0 0" fill-rule="evenodd"/><path stroke="#000000" stroke-width="1.0" stroke-linejoin="round" stroke-linecap="butt" d="m91.178474 185.49606l0 0" fill-rule="evenodd"/></g></svg>


--------------------------------------------------------------------------------