Docker

From campisano.org
Jump to navigation Jump to search

Install

It is necessary to

  • install docker(CE)
  • configure user permission
  • (optionally) install docker-compose

Docker CE

Using official debian repository (Buster or later)

apt-get install docker.io

From deb packages

# cleanup
apt-get autoremove --purge docker* containerd\\.io*
# dependencies
apt-get install iptables procps git xz-utils
# packages
cd /tmp
curl -OL https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce_19.03.0~3-0~debian-stretch_amd64.deb
curl -OL https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/containerd.io_1.2.6-3_amd64.deb
curl -OL https://download.docker.com/linux/debian/dists/stretch/pool/stable/amd64/docker-ce-cli_19.03.0~3-0~debian-stretch_amd64.deb
dpkg -i containerd.io_1.2.6-3_amd64.deb docker-ce-cli_19.03.0~3-0~debian-stretch_amd64.deb docker-ce_19.03.0~3-0~debian-stretch_amd64.deb
rm -f *.deb

From docker repository

su -
apt-get install      apt-transport-https      ca-certificates      curl      gnupg2      software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
etckeeper commit
apt-get update
apt-get install docker-ce
# test
docker run hello-world
exit

Docker Compose (optional)

From debian repository

apt-get install docker-compose
# or form a backports
apt-get -t stretch-backports install docker-compose

From pip

pip install docker-compose --user

From docker documentation

su -
curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod 0755 /usr/local/bin/docker-compose
docker-compose --version
exit

User permissions

su -
# docker-ce already create docker group
# so we need to add normal users to this group if them can run docker images
usermod -aG docker <USERNAME>
exit

Test and Run

# update current user permission reloading bash shell, for not shells you will need to log off and login again
exec su $USER
# test
docker run hello-world
# download and run a basic image
docker run --rm -it --network host --name deb-stretch debian:stretch /bin/bash

Create a minimal Debian Docker image

Note: starts from stable-slim, in this example debian:bullseye-slim

Dockerfile:

FROM debian:bullseye-slim

# update apt repository, install apt-utils and update certificates package ca-certificates
RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get -qq -y update \
    && apt-get -qq -y install apt-utils > /dev/null \
    && apt-get -qq -y install ca-certificates > /dev/null

# install your custom packages
RUN export DEBIAN_FRONTEND=noninteractive \
    && apt-get -qq -y install --no-install-recommends libssl1.1 > /dev/null

# clean apt data
RUN apt-get -qq clean \
    && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /usr/share/man/*

Use the official docker images

Docker Swarm

See DockerSwarm

Notes

Analyze a docker image

  • Using command line:
docker image inspect <IMAGE:VERSION>
# or
docker image inspect --format '{{json .}}' <IMAGE:VERSION> | jq
# or
docker image inspect --format 'Cmd: {{println .Config.Cmd}}Entrypoint: {{println .Config.Entrypoint}}WorkingDir: {{println .Config.WorkingDir}}User: {{.Config.User}}' <IMAGE:VERSION>

install instruction here: Dive (Application)

or you can use a docker image, for example, to run dive interactively to analyze the latest docker image:

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro wagoodman/dive:latest docker:latest

you can also use the json output to compare the commands used to produce two version of docker images, for instance

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro -v /tmp/dive:/tmp/dive wagoodman/dive:latest docker:latest -j /tmp/dive/latest.json
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock:ro -v /tmp/dive:/tmp/dive wagoodman/dive:latest docker:stable -j /tmp/dive/stable.json
cat /tmp/dive/stable.json | grep command > stable
cat /tmp/dive/latest.json | grep command > latest
diffuse stable latest 

Docker compose db example

  • docker-compose.yml
version: '2'

services:
  postgres:
    image: postgres:12.4-alpine
    ports:
    - 5432:5432
    environment:
    - POSTGRES_USER=myuser
    - POSTGRES_PASSWORD=mypass
    - POSTGRES_DB=mydatabase
    volumes:
        - ./init.sql:/docker-entrypoint-initdb.d/init.sql
  • init.sql
CREATE TABLE IF NOT EXISTS words (
    id SERIAL PRIMARY KEY,
    word VARCHAR(500) NOT NULL
);

INSERT INTO words
        VALUES(DEFAULT, '1234');

SELECT *
FROM words;
  • Makefile
.PHONY: up
up:
	test -f init.sql && chmod a+r init.sql
	docker-compose up --detach --force-recreate --renew-anon-volumes

.PHONY: down
down:
	docker-compose down --volumes

.PHONY: logs
logs:
	docker-compose logs --follow

.PHONY: dump
dump:
	PGPASSWORD=mypass pg_dump -h localhost -p 5432 -U myuser mydatabase > init.sql

Graceful shutdown