Skip to content

Latest commit

 

History

History
362 lines (259 loc) · 8.73 KB

containerization.md

File metadata and controls

362 lines (259 loc) · 8.73 KB

stuttgart-things/docs/containerization

containerization is a software deployment process that bundles an application's code with all the files and libraries it needs to run on any infrastructure.

BUILD

BUILD w/BUILDX 
docker buildx build . -f Dockerfile -o dest=hello-world.tar -t hello-world:v1
BUILD OCI-IMAGE W/ BUILDAH 
buildah --storage-driver=overlay bud --format=oci \
--tls-verify=true --no-cache \
-f ~/projects/github/stuttgart-things/images/sthings-alpine/Dockerfile \
-t scr.app.4sthings.tiab.ssc.sva.de/sthings-alpine/alpine:123
BUILD CONTAINER IMAGE w/ KANIKO (NO PUSH) 
nerdctl run gcr.io/kaniko-project/executor:v1.23.1 \
--dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-alpine/  \
--no-push
nerdctl run --entrypoint sh -it sthings-kaniko:v3

# BUILD LOCAL AS TAR
executor --dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-terraform \
--no-push \
--tar-path /tmp/bla.tar

# BUILD AS REMOTE (REGISTRY) DESTINATION
executor --dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-terraform \
--destination registry.app-dev.sthings-vsphere.labul.sva.de/terr:v1
skopeo login scr.cd43.sthings-pve.labul.sva.de -u admin -p <PASSWORD>

skopeo copy -f oci tarball:/tmp/bla.tar docker://scr.cd43.sthings-pve.labul.sva.de/crossplane-demo/test:v1
BUILD CONTAINER IMAGE w/ KANIKO, MOUNT LOCAL CONTEXT + REGISTRY CERT 
nerdctl run \
-v $HOME/.docker/config.json:/kaniko/.docker/config.json:ro \
-v /home/sthings/projects/golang/homerun-react/react-app:/workspace/ \
gcr.io/kaniko-project/executor:v1.23.1 \
--dockerfile Dockerfile \
--destination scr.cd43.sthings-pve.labul.sva.de/homerun/frontend:v11 \
--skip-tls-verify

RUN

GET HTPASSWD 
nerdctl run --entrypoint htpasswd httpd:2 -Bbn <USERNAME> <PASSWORD>
OVERWRITE ENTRYPOINT OF IMAGE W/ NERDCTL 
nerdctl run -it --entrypoint sh eu.gcr.io/stuttgart-things/stagetime-server:23.1108.1227-0.3.22
JUMP INTO (ALREADY) RUNNING CONTAINER W/ DOCKER 
#https://blog.kubesimplify.com/getting-started-with-ko-a-fast-container-image-builder-for-your-go-applications

# RUN CONTAINER DETACHED
sudo docker run -d --name new-webserver nginx

# JUMP IN
sudo docker exec -it new-webserver sh
JUMP INTO (TO BE STARTED) CONTAINER W/ DOCKER 
sudo docker run -it -v /home/test/stuttgart-things:/app/ eu.gcr.io/stuttgart-things/sthings-packer:1.10.2-9.4.0 sh

IMAGE BUILD

GOLANG IMAGE BUILD IMAGE W/ KO 
# REGISTRY LOGIN
ko login scr.cd43.sthings-pve.labul.sva.de -u sthings -p <PASSWORD>

# URL FOR PUBLISHING IMAGE
export KO_DOCKER_REPO=eu.gcr.io/stuttgart-things/machineshop

# KO CONFIG (NOT MANDATORY)
cat <<EOF > .ko.yaml
---
defaultBaseImage: eu.gcr.io/stuttgart-things/sthings-alpine:3.12.2-alpine3.19
EOF

# BUILD IMAGE
ko build github.com/stuttgart-things/machineshop
BUILD IMAGE W/ DOCKER 
# CREATE DOCKERFILE
cat <<EOF > ./Dockerfile
FROM node:18-alpine
WORKDIR /app
COPY . .
RUN yarn install --production
CMD ["node", "src/index.js"]
EXPOSE 3000
EOF
# BUILD IMAGE (DOCKERFILE) EXISTS IN CURRENT DIR = .
docker build -t myapp:v3 .

# DOCKERFILE IN DIFFERENT LOCATION THAN BUILD COMMAND IS EXECUTED
docker build -t myapp:v3 /apps/myapp/
BUILD ARM64 IMAGE W/ NERDCTL 
# REGISTER QEMU
sudo systemctl start containerd
sudo nerdctl run --privileged --rm tonistiigi/binfmt --install all
ls -1 /proc/sys/fs/binfmt_misc/qemu*
# EXAMPLE DOCKERFILE
FROM arm64v8/golang:1.20 AS gobuilder
WORKDIR /tmp/build
COPY . .
RUN go build -o app

FROM arm64v8/alpine
ENTRYPOINT [ "/usr/local/bin/app" ]
COPY --from=gobuilder /tmp/build/app /usr/local/bin/app
# EXAMPLE BUILD
nerdctl build --platform=arm64 --output type=image,name=eu.gcr.io/stuttgart-things/wled-informer:0.1,push=true .
# EXAMPLE RUN
sudo nerdctl run eu.gcr.io/stuttgart-things/wled-informer:0.1 --platform=arm64

IMAGE HANDLING

PULL IMAGES W/ CTR 
# PULL IMAGE W/ CRT
sudo ctr images pull docker.io/library/redis:alpine
# OR FOR RKE2 BUNDLED CONTAINERD: SUDO /VAR/LIB/RANCHER/RKE2/BIN/CTR IMAGES PULL DOCKER.IO/LIBRARY/REDIS:ALPINE
LOAD IMAGES W/ CTR 
# LOAD/IMPORT CONATINER IMAGE
ctr -n=k8s.io images import <IMAGE_NAME>
ctr image export <output-filename> <image-name>
LIST IMAGES W/ CTR 
ctr --namespace k8s.io images ls -q
# OR FOR RKE2 BUNDLED CONTAINERD: SUDO /VAR/LIB/RANCHER/RKE2/BIN/CTR --ADDRESS /RUN/K3S/CONTAINERD/CONTAINERD.SOCK --NAMESPACE K8S.IO CONTAINER LS
SKOPEO

INSTALL

SKOPEO_VERSION=1.12.0
wget https://github.com/lework/skopeo-binary/releases/download/v${SKOPEO_VERSION}/skopeo-linux-amd64
sudo chmod +x skopeo-linux-amd64
sudo mv skopeo-linux-amd64 /usr/bin/skopeo && skopeo --version

COPY IMAGE BETWEEN REGISTRIES (TAG)

skopeo copy --insecure-policy docker://nginx:1.21
docker://whatever.cloud/gtc1fe/web:1.21

COPY IMAGES BETWEEN REGISTRIES

skopeo copy --all --insecure-policy
docker://nginx@sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a \ docker://whatever.cloud/gtc1fe/web@sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a

SYSTEMD

PODMAN QUATLET

redhat-multi-quatlet

# INSTALL PODLET
wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz
tar -xf podlet-x86_64-unknown-linux-gnu.tar.xz
sudo mv podlet-x86_64-unknown-linux-gnu/podlet /usr/bin/podlet
sudo chmod +x /usr/bin/podlet
# GENERATE FROM RUN COMMAND
podlet --file . --install --description webserver podman run -d --name webserver -p 80:80 nginx:latest
# GENERATE FROM EXISTING CONTAINER
podlet generate container 17803fe422cd
# DRYRUN - ROOTFUL
sudo cp ./webserver.container /etc/containers/systemd
sudo /usr/libexec/podman/quadlet --dryrun webserver.container
# ENABLE/START SERVICE - ROOTFUL
sudo cp ./webserver.container /etc/containers/systemd
sudo systemctl daemon-reload
sudo systemctl enable --now webserver.service
sudo systemctl start webserver.service
# TEST SERVICE
sudo firewall-cmd --zone=public --add-port=80/tcp
sudo firewall-cmd --zone=public --add-service=http --permanent
curl localhost

HOUSE-KEEPING

CLEANUP W/ NERDCTL 
# STOP AND DELETE ALL RUNNING CONTAINERS
sudo nerdctl stop $(sudo nerdctl ps -a | awk '{ print $1 }' | grep -v CONTAINER); sudo nerdctl rm $(sudo nerdctl ps -a | awk '{ print $1 }' | grep -v CONTAINER)

# CLEAN IMAGES BY ID
sudo nerdctl rmi $(sudo nerdctl images | grep "2 months ago" | awk '{ print $3 }')

# CLEAN IMAGES BY NAME + TAG
sudo nerdctl rmi $(sudo nerdctl images | grep "7 weeks ago" | awk '{ print $1":"$2 }')

CONTAINERD

INSTALL CONTAINERD 
wget https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz
sudo tar Cxzvf /usr/local containerd-1.7.1-linux-amd64.tar.gz
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
sudo mv containerd.service /usr/lib/systemd/system/

sudo systemctl daemon-reload
sudo systemctl enable --now containerd
sudo systemctl status containerd

sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml

sudo systemctl restart containerd
sudo systemctl status containerd
sudo journalctl -u containerd
INSTALL RUNC 
wget https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
sudo install -m 755 runc.amd64 /usr/local/sbin/runc
sudo ls /usr/local/sbin/ #check
INSTALL CNI PLUGINS 
wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
sudo mkdir -p /opt/cni/bin
sudo tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.3.0.tgz