Docker Practical Guide for Developers and DevOps Teams (Bernd Öggl, Michael Kofler) (Z-Library)

📄 File Format: PDF

💾 File Size: 20.3 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

The Rheinwerk Computing series from Rheinwerk Publishing offers new and established professionals comprehensive guidance to enrich their skillsets and enhance their career prospects. Our publications are written by leading experts in the fields of programming, administration, security, analytics, and more. Each book is detailed and hands-on to help readers develop essential, practical skills that they can apply to their daily work. For further information, please visit our website: www.rheinwerk-computing.com. Philip Ackermann JavaScript: The Comprehensive Guide 2022, 982 pages, paperback and e-book www.rheinwerk-computing.com/5554 Sebastian Springer Node.js: The Comprehensive Guide 2022, 834 pages, paperback and e-book www.rheinwerk-computing.com/5556 Christian Ullenboom Java: The Comprehensive Guide 2022, 1126 pages, paperback and e-book www.rheinwerk-computing.com/5557 Johannes Ernesti, Peter Kaiser Python 3: The Comprehensive Guide 2022, 1036 pages, paperback and e-book www.rheinwerk-computing.com/5566 Bernd Öggl, Michael Kofler Git: Project Management for Developers and DevOps Teams 2023, 407 pages, paperback and e-book www.rheinwerk-computing.com/5555 Rheinwerk Computing

📄 Page 3

Bernd Öggl, Michael Kofler Docker Practical Guide for Developers and DevOps Teams

📄 Page 4

Dear Reader, One line from Docker’s mission statement has always stood out to me: “We handle the tedious setup, so you can focus on the code.” I like to think that we do something simi- lar here at Rheinwerk. Having been internet-dwellers for a few decades now, most of us have had the experi- ence of picking up a new skill solely from web content. We’ve cobbled together an edu- cation in, say, sourdough baking, via YouTube videos, blog posts, and how-to articles. However, online learning has its drawbacks: you’ve got to sift out misinformation, you don’t always know what you don’t know, and content isn’t always tailored to your needs (as anyone who has tried to bake at 8,000 feet above sea level using a standard recipe can testify)! So perhaps our version would be: “We curate the content, so you can focus on learn- ing.” With all our books, our goal is always to present our reader with vetted informa- tion that’s been thoughtfully organized and meets their needs. My first piece of advice to new authors is this: keep your reader in mind and write what they need to know. What did you think about Docker: Practical Guide for Developers and DevOps Teams? Your comments and suggestions are the most useful tools to help us make our books the best they can be. Please feel free to contact me and share any praise or criticism you may have. Thank you for purchasing a book from Rheinwerk Publishing! Meagan White Editor, Rheinwerk Publishing meaganw@rheinwerk-publishing.com www.rheinwerk-computing.com Rheinwerk Publishing • Boston, MA

📄 Page 5

Imprint This e-book is a publication many contributed to, specifically: Editor Meagan White Acquisitions Editor Hareem Shafi German Edition Editor Christoph Meister Translation Winema Language Services, Inc. Copyeditor Julie McNamee Cover Design Graham Geary Photo Credit Shutterstock.com: 304298384/© Yann Hubert; iStockphoto.com: 165958933/© anilyanik Layout Design Vera Brauner Production E-Book Graham Geary Typesetting E-Book SatzPro, Germany We hope that you liked this e-book. Please share your feedback with us and read the Service Pages to find out how to contact us. Library of Congress Cataloging-in-Publication Control Number: 2022950845 ISBN 978-1-4932-2383-1 (print) ISBN 978-1-4932-2384-8 (e-book) ISBN 978-1-4932-2385-5 (print and e-book) © 2023 by Rheinwerk Publishing, Inc., Boston (MA) 1st edition 2023 3rd German edition published 2021 by Rheinwerk Verlag, Bonn, Germany

📄 Page 6

Contents Preface ....................................................................................................................................................... 21 PART I Introduction 1 Hello World 27 1.1 Docker Quick Install .............................................................................................................. 27 1.1.1 Windows ................................................................................................................... 27 1.1.2 macOS ........................................................................................................................ 27 1.1.3 Linux ........................................................................................................................... 28 1.2 Apache with PHP 8 ................................................................................................................ 28 1.2.1 Dockerfile .................................................................................................................. 30 1.3 Node.js ........................................................................................................................................ 31 1.4 Python ........................................................................................................................................ 33 2 Installation 37 2.1 Docker Variants ...................................................................................................................... 37 2.2 Version Numbers ................................................................................................................... 38 2.3 Installation on Windows .................................................................................................... 38 2.4 Installation on macOS ......................................................................................................... 40 2.5 Installation on Linux ............................................................................................................ 41 2.5.1 Installation on Ubuntu ......................................................................................... 42 2.5.2 Installation on the Raspberry Pi Operating System .................................... 44 2.5.3 Installation on Red Hat Enterprise Linux 8 and Fedora ............................. 44 2.5.4 Other Installation Variants ................................................................................. 45 2.5.5 Troubleshooting and Logging ............................................................................ 45 2.5.6 Working without “sudo” ...................................................................................... 45 2.6 Rootless Docker ...................................................................................................................... 46 2.6.1 “newuidmap” and “newgidmap” ..................................................................... 47 2.6.2 Using a System-Wide Rootless Docker Installation .................................... 47 2.6.3 Installing Rootless Docker ................................................................................... 497

📄 Page 7

Contents2.6.4 No “ping” ................................................................................................................... 49 2.6.5 Local Docker Files .................................................................................................... 50 2.6.6 Problems with the Virtual File System Directory ......................................... 50 3 Basic Principles 51 3.1 Basic Principles and Terminology ................................................................................... 51 3.1.1 Images and Containers ......................................................................................... 51 3.1.2 Volumes ..................................................................................................................... 52 3.1.3 Services, Stacks, and Clusters ............................................................................. 53 3.1.4 docker Command versus Docker Daemon (dockerd) ................................. 54 3.1.5 Linux versus Windows .......................................................................................... 54 3.1.6 Virtual Machines versus Containers ................................................................ 55 3.2 Running Containers .............................................................................................................. 56 3.2.1 Status Information ................................................................................................. 57 3.2.2 Tidying Up ................................................................................................................. 57 3.3 Using Containers Interactively ........................................................................................ 58 3.3.1 Network Connection ............................................................................................. 60 3.3.2 Containers versus Images Again ....................................................................... 61 3.3.3 Running the Container Again via “docker start” .......................................... 62 3.3.4 Custom Container Names ................................................................................... 63 3.3.5 Running Other Processes in Parallel via docker exec ................................. 64 3.3.6 Tidying Up ................................................................................................................. 64 3.4 Port Redirection ...................................................................................................................... 64 3.4.1 Connecting Container Ports to Local Ports .................................................... 65 3.4.2 Problems with Port 80 .......................................................................................... 66 3.4.3 Tidying Up ................................................................................................................. 67 3.5 Data Storage in Volumes ................................................................................................... 67 3.5.1 Storing the Database in an Automatically Created Volume .................... 69 3.5.2 Analyzing Volumes ................................................................................................ 69 3.5.3 Calling the MariaDB Client .................................................................................. 71 3.5.4 A Look Inside the Container ................................................................................ 72 3.5.5 Logging ....................................................................................................................... 72 3.5.6 Tidying Up ................................................................................................................. 73 3.6 Named Volumes ..................................................................................................................... 73 3.6.1 Container Update without Data Loss .............................................................. 74 3.6.2 Tidying Up ................................................................................................................. 74 3.7 Volumes in Custom Directories ....................................................................................... 75 3.7.1 Problems with Security-Enhanced Linux ........................................................ 768

📄 Page 8

Contents3.7.2 Problems on Windows Hosts ............................................................................. 76 3.7.3 Tidying Up ................................................................................................................. 76 3.8 Communication between Containers .......................................................................... 77 3.8.1 Setting Up a Private Docker Network .............................................................. 77 3.8.2 MariaDB ..................................................................................................................... 77 3.8.3 phpMyAdmin ........................................................................................................... 78 3.8.4 WordPress ................................................................................................................. 79 3.8.5 Stopping and Restarting Containers ................................................................ 81 3.8.6 Updates ...................................................................................................................... 81 3.8.7 Tidying Up ................................................................................................................. 82 3.9 Administration of Docker .................................................................................................. 83 3.9.1 Determining Space Requirements of Images and Containers ................ 83 3.9.2 Deleting Containers and Images ....................................................................... 84 3.9.3 Managing Volumes ................................................................................................ 85 3.9.4 General Overview ................................................................................................... 85 3.9.5 Releasing Unused Space ...................................................................................... 85 4 Custom Docker Images (Dockerfiles) 87 4.1 Dockerfiles ................................................................................................................................ 87 4.1.1 Dockerfile Syntax .................................................................................................... 88 4.1.2 Introductory Example ........................................................................................... 88 4.1.3 Specifying the Source Image (“FROM”) ........................................................... 89 4.1.4 Adding Files (“ADD” versus “COPY”) ................................................................ 89 4.1.5 Container “start” Command (“CMD” and “ENTRYPOINT”) ...................... 89 4.1.6 Running Commands (RUN) ................................................................................. 92 4.1.7 Volume Directories (VOLUME) ........................................................................... 92 4.1.8 Creating and Testing an Image .......................................................................... 93 4.1.9 Tidying Up ................................................................................................................. 94 4.2 A Custom Web Server Image ............................................................................................ 95 4.2.1 Creating and Testing an Image .......................................................................... 96 4.3 Uploading Images to Docker Hub .................................................................................. 97 4.3.1 Login ........................................................................................................................... 97 4.3.2 “push” Command ................................................................................................... 99 4.3.3 Image Description .................................................................................................. 99 4.3.4 Image Tags ................................................................................................................ 99 4.3.5 Deleting Uploaded Images .................................................................................. 100 4.4 Setting Up a Pandoc and LaTeX Environment as an Image ................................ 100 4.4.1 Installation Work .................................................................................................... 1029

📄 Page 9

Contents4.4.2 Working Directory and Volume ......................................................................... 102 4.4.3 Creating the Image ................................................................................................ 102 4.4.4 Running the Container ......................................................................................... 103 4.4.5 Troubleshooting ..................................................................................................... 103 5 docker compose 105 5.1 docker-compose versus docker stack ........................................................................... 105 5.2 Installing “docker-compose” ........................................................................................... 106 5.3 YAML Ain’t Markup Language Syntax ......................................................................... 107 5.4 Hello Compose! ...................................................................................................................... 109 5.4.1 “docker compose” .................................................................................................. 110 5.4.2 “docker stack deploy” ............................................................................................ 111 5.4.3 Debugging ................................................................................................................ 113 5.4.4 Interactive Use ........................................................................................................ 113 5.5 The docker-compose.yml File ........................................................................................... 114 5.5.1 Image or Dockerfile? .............................................................................................. 115 5.5.2 Networks ................................................................................................................... 115 5.5.3 Network Ports .......................................................................................................... 116 5.5.4 Volumes ..................................................................................................................... 116 5.5.5 Named Volumes ..................................................................................................... 117 5.5.6 Environment Variables ......................................................................................... 118 5.5.7 Command Execution ............................................................................................. 118 5.5.8 Restart Behavior ...................................................................................................... 119 5.5.9 Deploy Settings ....................................................................................................... 119 5.6 Passwords and Other Secrets ........................................................................................... 120 5.6.1 Sharing MariaDB/MySQL Passwords between Two Containers ............ 121 5.6.2 Secure Exchange of Secrets ................................................................................ 122 6 Tips, Tricks, and Internal Details 123 6.1 Visual Studio Code ................................................................................................................ 123 6.1.1 Docker Extension .................................................................................................... 124 6.1.2 Remote Containers ................................................................................................ 125 6.2 Portainer .................................................................................................................................... 126 6.2.1 Tidying Up ................................................................................................................. 12810

📄 Page 10

Contents6.3 Pull Limit in Docker Hub ..................................................................................................... 128 6.3.1 Lots of Activity in Docker Hub ............................................................................ 128 6.3.2 No Unlimited Access to Images ......................................................................... 129 6.3.3 Bypassing the Limit ................................................................................................ 130 6.3.4 Using Alternative Registries ............................................................................... 132 6.4 Using Different CPU Architectures ................................................................................ 133 6.4.1 Working on ARM Computers .............................................................................. 135 6.4.2 Running Containers of a Different Architecture .......................................... 136 6.5 Starting Containers Automatically ................................................................................ 137 6.5.1 Restart Behavior with docker compose .......................................................... 138 6.5.2 Automatically Starting Docker Containers on a Linux Server with systemd ........................................................................................................... 139 6.5.3 A Separate Service File .......................................................................................... 139 6.5.4 Starting and Ending the Service ........................................................................ 141 6.6 A Look Behind the Scenes .................................................................................................. 142 6.6.1 docker, dockerd, and containerd ....................................................................... 142 6.6.2 The Overlay File System ....................................................................................... 142 6.6.3 The /var/lib/docker Directory ............................................................................ 143 6.6.4 Process Management ........................................................................................... 144 6.6.5 Resource Management through Control Groups ........................................ 145 6.6.6 Container Isolation through Namespaces ..................................................... 145 6.6.7 Why the docker Command Usually Requires Root Privileges ................. 146 6.6.8 More “sudo” Convenience ................................................................................... 147 6.6.9 Network Management ......................................................................................... 147 6.6.10 Windows (WSL2) .................................................................................................... 148 6.6.11 Limiting RAM Utilization through Docker and WSL2 ................................. 149 6.6.12 macOS (Hypervisor and Virtualization Framework) ................................... 150 7 docker Command Reference 153 7.1 docker attach ........................................................................................................................... 155 7.2 docker build ............................................................................................................................. 155 7.3 docker commit ........................................................................................................................ 155 7.4 docker compose * .................................................................................................................. 156 7.5 docker-compose config ....................................................................................................... 156 7.6 docker-compose down ........................................................................................................ 156 7.7 docker-compose events ...................................................................................................... 156 7.8 docker-compose kill ............................................................................................................. 15611

📄 Page 11

Contents7.9 docker-compose logs ........................................................................................................... 157 7.10 docker-compose pause and docker compose unpause ........................................ 157 7.11 docker-compose ps ............................................................................................................... 157 7.12 docker-compose rm .............................................................................................................. 157 7.13 docker-compose run ............................................................................................................. 157 7.14 docker-compose start, docker-compose stop, and docker compose restart ..................................................................................................................... 158 7.15 docker-compose top ............................................................................................................. 158 7.16 docker-compose up .............................................................................................................. 158 7.17 docker container * ................................................................................................................. 159 7.18 docker create ........................................................................................................................... 159 7.19 docker diff ................................................................................................................................. 159 7.20 docker events .......................................................................................................................... 160 7.21 docker exec ............................................................................................................................... 160 7.22 docker export .......................................................................................................................... 160 7.23 docker image * ........................................................................................................................ 160 7.24 docker images ......................................................................................................................... 161 7.25 docker import .......................................................................................................................... 161 7.26 docker info ................................................................................................................................ 161 7.27 docker inspect ......................................................................................................................... 162 7.28 docker kill .................................................................................................................................. 163 7.29 docker login and docker logout ...................................................................................... 163 7.30 docker logs ................................................................................................................................ 163 7.31 docker network * ................................................................................................................... 164 7.32 docker node * ........................................................................................................................... 165 7.33 “docker pause” and “docker unpause” ....................................................................... 165 7.34 “docker port” ........................................................................................................................... 165 7.35 docker ps ................................................................................................................................... 166 7.36 docker pull ................................................................................................................................ 166 7.37 docker push .............................................................................................................................. 167 7.38 docker rename ........................................................................................................................ 167 7.39 docker restart .......................................................................................................................... 167 7.40 docker rm and docker rmi .................................................................................................. 16712

📄 Page 12

Contents7.41 docker run ................................................................................................................................. 168 7.42 docker secret * ......................................................................................................................... 169 7.43 docker service * ....................................................................................................................... 170 7.44 docker stack * .......................................................................................................................... 170 7.45 docker start and docker stop ............................................................................................ 171 7.46 docker stats .............................................................................................................................. 171 7.47 docker swarm * ....................................................................................................................... 172 7.48 docker system * ...................................................................................................................... 172 7.49 docker tag ................................................................................................................................. 173 7.50 docker top ................................................................................................................................. 173 7.51 docker update ......................................................................................................................... 173 7.52 docker volume * ..................................................................................................................... 174 7.53 docker wait ............................................................................................................................... 174 PART II Toolbox 8 Alpine Linux 177 8.1 Characteristics ......................................................................................................................... 177 8.1.1 Trying Out Alpine Linux ........................................................................................ 178 8.1.2 Shell ............................................................................................................................. 178 8.1.3 BusyBox ..................................................................................................................... 179 8.1.4 Init System and Logging ....................................................................................... 179 8.1.5 The “musl” Library .................................................................................................. 179 8.1.6 Documentation ....................................................................................................... 180 8.1.7 Missing “root” Password ...................................................................................... 180 8.2 Package Management with “apk” ................................................................................ 181 8.2.1 Package Sources ...................................................................................................... 182 8.2.2 Packages and Their Files ....................................................................................... 183 9 Web Servers and Company 185 9.1 Apache HTTP Server .............................................................................................................. 185 9.1.1 Using an Official Docker Image ......................................................................... 18513

📄 Page 13

Contents9.1.2 Using a Custom Dockerfile .................................................................................. 186 9.1.3 Using the Official Docker Image ........................................................................ 189 9.2 Nginx ........................................................................................................................................... 191 9.2.1 Usage with a Custom Dockerfile ....................................................................... 191 9.3 Nginx as Reverse Proxy with SSL Certificates from Let’s Encrypt .................... 193 9.3.1 Nginx Reverse Proxy .............................................................................................. 194 9.3.2 Creating the First Certificate .............................................................................. 195 9.3.3 Application Programming Interface Server ................................................... 198 9.3.4 Renewing Certificates ........................................................................................... 200 9.4 Node.js with Express ............................................................................................................ 201 9.4.1 Express Framework ................................................................................................ 201 9.4.2 Docker Development Environment for Express ........................................... 201 9.4.3 Docker Production Environment for Express ................................................ 204 9.4.4 Debugging the Applications ............................................................................... 204 9.5 HAProxy ..................................................................................................................................... 205 9.5.1 Hello World! ............................................................................................................. 205 9.6 Traefik Proxy ............................................................................................................................ 207 9.6.1 Installing and Configuring Traefik .................................................................... 207 9.6.2 Connecting Docker Services with Traefik ....................................................... 211 10 Database Systems 213 10.1 MySQL and MariaDB ............................................................................................................ 213 10.1.1 Setting Up and Using MariaDB Containers Manually ............................... 214 10.1.2 Setting Up a MariaDB Service with “docker-compose” ............................. 215 10.1.3 Setting Up the Database during Initialization ............................................. 217 10.1.4 Backups ...................................................................................................................... 217 10.1.5 Using a Custom Configuration File (my.cnf) ................................................. 218 10.2 PostgreSQL ................................................................................................................................ 219 10.2.1 PostgreSQL and pgAdmin with “docker compose” ..................................... 219 10.2.2 Backups with “docker compose” ....................................................................... 222 10.3 MongoDB .................................................................................................................................. 223 10.3.1 Simple “docker compose” Setup with MongoDB ........................................ 224 10.3.2 Database Access ..................................................................................................... 227 10.3.3 MongoDB with Authentication ......................................................................... 229 10.4 Redis ............................................................................................................................................ 230 10.4.1 Redis Replication with “docker compose” ..................................................... 23114

📄 Page 14

Contents11 Programming Languages 233 11.1 JavaScript (Node.js) .............................................................................................................. 233 11.1.1 Trying Out Node.js ................................................................................................. 234 11.1.2 “printheadlines”: Packaging Node.js Script as a Docker Image .............. 234 11.2 Java .............................................................................................................................................. 236 11.2.1 “printheadlines” Example ................................................................................... 237 11.2.2 Resource Management ........................................................................................ 239 11.3 PHP: Hypertext Preprocessor ........................................................................................... 240 11.3.1 Official PHP Docker Images ................................................................................. 240 11.3.2 PHP as a Command-Line Program .................................................................... 241 11.3.3 PHP with Web Servers (EXIF Example) ............................................................ 242 11.3.4 Dockerfile for the EXIF Example ........................................................................ 244 11.3.5 docker-compose.yml for the EXIF Example ................................................... 246 11.4 Ruby ............................................................................................................................................. 247 11.4.1 “printheadlines” Example ................................................................................... 247 11.5 Python ........................................................................................................................................ 248 11.5.1 “printheadlines” Example ................................................................................... 248 11.5.2 Packaging an Existing Python Application as a Docker Image ................ 249 11.5.3 Sample Code ............................................................................................................ 250 11.5.4 Localization and Character Sets in Python Programs ................................ 252 12 Web Applications and Content Management Systems 255 12.1 WordPress ................................................................................................................................. 255 12.1.1 Custom Docker Images ......................................................................................... 255 12.1.2 The “wp-cli” Command ........................................................................................ 258 12.1.3 Dealing with Passwords ....................................................................................... 258 12.1.4 Update ........................................................................................................................ 260 12.1.5 Backup ........................................................................................................................ 261 12.2 Nextcloud .................................................................................................................................. 263 12.2.1 Installation via “docker compose” .................................................................... 263 12.2.2 Creating Backups .................................................................................................... 265 12.3 Joomla ........................................................................................................................................ 26615

📄 Page 15

ContentsPART III Exercises 13 A Modern Web Application 271 13.1 The Application ...................................................................................................................... 272 13.1.1 Technical Background ........................................................................................... 274 13.2 The Frontend: Vue.js ............................................................................................................ 274 13.2.1 Vue.js Setup .............................................................................................................. 275 13.2.2 Development and Production Image (Multistage Builds) ........................ 276 13.2.3 Implementation via docker-compose.override.yml .................................... 277 13.2.4 Bundling JavaScript Code with Webpack ....................................................... 278 13.2.5 Docker “ENTRYPOINT” Script for Node.js Modules ..................................... 279 13.2.6 Source Code .............................................................................................................. 280 13.2.7 The Main Vue.js Component .............................................................................. 281 13.3 The API Server: Node.js Express ...................................................................................... 284 13.3.1 Stateless or Stateful? ............................................................................................ 286 13.3.2 Node.js Modules in the Development Environment .................................. 287 13.3.3 Accessing the Application Programming Interface .................................... 288 13.3.4 Source Code (server.js) .......................................................................................... 290 13.3.5 Source Code (routes.js) ......................................................................................... 292 13.4 The Mongo Database ........................................................................................................... 294 13.5 The Session Storage: Redis ................................................................................................ 298 14 Grafana 301 14.1 Grafana-Docker Setup ......................................................................................................... 301 14.1.1 Generating Data with Collectors (Telegraf) .................................................. 302 14.1.2 Storing Data with InfluxDB ................................................................................. 304 14.1.3 Visualizing Data with Grafana ........................................................................... 305 14.2 Provisioning ............................................................................................................................. 310 14.3 A Customized Telegraf Image .......................................................................................... 313 14.3.1 Dashboard Customizations ................................................................................ 31716

📄 Page 16

Contents15 Modernizing a Traditional Application 319 15.1 The Existing Application ..................................................................................................... 320 15.2 Planning and Preparation .................................................................................................. 322 15.2.1 The Web Server ....................................................................................................... 324 15.2.2 WordPress ................................................................................................................. 326 15.2.3 WordPress Database Migration ........................................................................ 328 15.2.4 Automatic Updates in WordPress .................................................................... 329 15.2.5 MariaDB ..................................................................................................................... 330 15.2.6 Node.js Server .......................................................................................................... 331 15.2.7 The Map Application ............................................................................................. 332 15.2.8 Cron Jobs ................................................................................................................... 334 15.2.9 Backups ...................................................................................................................... 334 15.3 The Development Environment ...................................................................................... 335 15.4 Production Environment and Migration ..................................................................... 337 15.5 Updates ...................................................................................................................................... 339 15.6 Tips for the Transition ......................................................................................................... 340 15.7 Results ........................................................................................................................................ 341 16 GitLab 343 16.1 GitLab Quick Start ................................................................................................................. 344 16.2 GitLab Web Installation ...................................................................................................... 346 16.3 HTTPS via a Reverse Proxy Setup ................................................................................... 348 16.4 Email Dispatch ........................................................................................................................ 348 16.4.1 Sending Emails with Your Own Exim Mail Server ....................................... 349 16.4.2 Integration into the GitLab Configuration ..................................................... 350 16.5 Secure Shell Access ............................................................................................................... 352 16.6 Volumes and Backup ........................................................................................................... 352 16.6.1 Backing Up GitLab Application Files ................................................................. 353 16.6.2 Restore ....................................................................................................................... 353 16.7 Custom Docker Registry for GitLab ............................................................................... 355 16.8 The Complete docker-compose File .............................................................................. 356 16.9 Using GitLab ............................................................................................................................. 358 16.9.1 User ............................................................................................................................. 359 16.9.2 Projects ....................................................................................................................... 36017

📄 Page 17

Contents16.9.3 Wiki ............................................................................................................................. 361 16.9.4 Tickets and Issues ................................................................................................... 361 16.10 GitLab Runner ......................................................................................................................... 362 16.10.1 Installation ................................................................................................................ 362 16.10.2 The Shell Executor .................................................................................................. 364 16.10.3 The Docker Executor .............................................................................................. 364 16.10.4 The Kubernetes Executor ..................................................................................... 365 16.11 Mattermost .............................................................................................................................. 369 16.11.1 Connecting to GitLab ............................................................................................ 371 17 Continuous Integration and Continuous Delivery 375 17.1 The dockerbuch.info Website with gohugo.io ......................................................... 376 17.1.1 Running Hugo as a Docker Container ............................................................. 377 17.1.2 Hugo Quick Start .................................................................................................... 378 17.2 Docker Images for the CI/CD Pipeline .......................................................................... 380 17.2.1 Web Server Docker Image ................................................................................... 381 17.2.2 Link Checker ............................................................................................................. 381 17.2.3 HTML Validator ....................................................................................................... 382 17.3 The CI/CD Pipeline ................................................................................................................ 384 17.3.1 CI/CD with the GitLab Shell Runner ................................................................. 384 17.3.2 Testing the Pipeline ............................................................................................... 388 17.3.3 CI with the GitLab Docker Runner .................................................................... 389 17.3.4 CI/CD with Kubernetes in the Google Cloud ................................................ 393 18 Security 397 18.1 Software Installation ........................................................................................................... 397 18.2 Origin of Docker Images ..................................................................................................... 398 18.2.1 External Registries ................................................................................................. 399 18.3 "root" in Docker Images ...................................................................................................... 401 18.3.1 Nginx Web Server without "root" Privileges ................................................. 401 18.4 The Docker Daemon ............................................................................................................. 403 18.4.1 Rootless Docker ....................................................................................................... 40418

📄 Page 18

Contents18.5 User Namespaces .................................................................................................................. 404 18.5.1 Functionality ............................................................................................................ 405 18.6 Control Groups ........................................................................................................................ 406 18.7 Secure Computing Mode .................................................................................................... 408 18.8 AppArmor Security Profiles ............................................................................................... 408 18.8.1 AppArmor Profile for Docker .............................................................................. 408 18.8.2 Custom AppArmor Rules ...................................................................................... 409 19 Swarm and Amazon Elastic Container Service 411 19.1 Swarm versus Kubernetes ................................................................................................. 411 19.2 Docker Swarm ......................................................................................................................... 412 19.2.1 Swarm Quick Start ................................................................................................. 413 19.2.2 “Hello World” in the Swarm ............................................................................... 414 19.3 Docker Swarm in the Hetzner Cloud ............................................................................. 417 19.3.1 CLI Installation and Configuration with “hcloud” ....................................... 418 19.3.2 Installing Docker with “cloud-init” ................................................................... 419 19.3.3 Creating Cloud Instances ..................................................................................... 420 19.3.4 Launching the Diary App in Docker Swarm ................................................... 422 19.3.5 Secure Sockets Layer Certificates ...................................................................... 423 19.3.6 Simulating a Server Failure ................................................................................. 426 19.3.7 Security ...................................................................................................................... 427 19.4 Amazon Elastic Container Service .................................................................................. 428 19.4.1 Quick Start: Launching a Container in the AWS Cloud .............................. 428 19.4.2 Amazon Elastic Container Service with “docker compose” ..................... 431 20 Kubernetes 435 20.1 Minikube ................................................................................................................................... 436 20.1.1 Autocompletion for “kubectl” ............................................................................ 438 20.1.2 The First Deployment in Minikube ................................................................... 438 20.1.3 Object Configuration in Files .............................................................................. 441 20.1.4 Kubernetes as a Cloud Platform ........................................................................ 443 20.1.5 Grafana Setup in Minikube ................................................................................. 44419

📄 Page 19

Contents20.2 Amazon Elastic Kubernetes Service .............................................................................. 447 20.2.1 Creating Clusters with “eksctl” .......................................................................... 448 20.2.2 Deleting Data Clusters .......................................................................................... 452 20.3 Microsoft Azure Kubernetes Service ............................................................................. 452 20.3.1 Creating Clusters .................................................................................................... 453 20.3.2 Installing an Application ...................................................................................... 455 20.3.3 Starting the Application ....................................................................................... 457 20.3.4 First Test .................................................................................................................... 459 20.3.5 Tidying Up ................................................................................................................. 460 20.4 Google Kubernetes Engine ................................................................................................ 461 20.4.1 Creating a Project and Cluster ........................................................................... 461 20.4.2 The “gcloud” Command ....................................................................................... 462 20.4.3 The Diary Application in the Google Kubernetes Engine .......................... 464 20.4.4 Using Secure Sockets Layer Certificates from Let’s Encrypt ..................... 466 Appendices 471 A Podman as a Docker Alternative .................................................................................... 471 B The Authors .............................................................................................................................. 483 Index .......................................................................................................................................................... 485 Service Pages .....................................................................................................................................  I Legal Notes .........................................................................................................................................  II20

📄 Page 20

Preface In the early 2000s, virtualization software turned the daily lives of many developers upside down: suddenly it was possible to run Linux and Windows on one machine, to easily try out programs in different environments or web apps in old versions of web browsers, to install and test different software stacks in virtual machines in parallel, and much more. Of course, virtual machines continue to play a major role for developers; moreover, the cloud in its current form isn’t even conceivable without virtualization. Nevertheless, a shift away from virtual machines to containers began a few years ago and seems to be accelerating more and more. Containers allow certain software components (web servers, programming languages, databases) to run without the overhead of a virtual machine. Why install an entire operating system (usually Linux) on a virtual machine for just one very specific func- tion? Rarely does the paradigm “less is more” apply as well as it does to container technology. The concept of “less” expresses itself in countless advantages: containers are much faster to set up than virtual machines, are easier to replicate across different develop- ment systems, use fewer resources, and offer much better scaling and load balancing capabilities. Not only are containers a blessing for development teams, but they also provide entirely new methods of deployment, that is, in the productive operation of the developed solution. Docker Docker is the container software par excellence. While there are now certainly interest- ing alternatives, Docker has created the container market as such. In a survey of thou- sands of developers by the Stack Overflow website (https://insights.stackoverflow.com/ survey/2020), Docker was the most important platform after Linux and Windows. Docker was even number one in the “Most Wanted Platform” question. So, Docker is the tool most developers want to familiarize themselves with. And among developers already using Docker, Docker ranked number two in the “Most Loved Platform” ques- tion. (Linux had a few percent higher approval in this case.) However, the Docker Inc. company got into financial trouble in 2019. Then, in Novem- ber of that year, cloud provider Mirantis bought Docker’s enterprise division, turning Docker Enterprise into a new product called Mirantis Kubernetes Engine. Since then, the remaining company has been more concerned with the needs of “ordinary” developers and development teams that aren’t part of huge corporations.21Personal Copy for Narahari Simhadri, jijap65164@datoinf.com