PhilsWiki

User Tools

Site Tools

Trace:
public:it:containers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
public:it:containers [2021/10/31 20:29] – [Docker] philpublic:it:containers [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-  * [[https://github.com/Clivern/Peanut| Peanut: Peanut provides a REST API, Admin Dashboard and a command line tool to deploy and configure the commonly used services like databases, message brokers, graphing, tracing, caching tools ... etc. It perfectly suited for development, manual testing, automated testing pipelines where mocking is not possible and test drives.| 
  
-  * [[https://www.nomadproject.io/docs/install|Nomad - Simple Kubernetes Alternative]] 
- 
-  * [[https://www.youtube.com/playlist?list=PLlVtbbG169nFr8RzQ4GIxUEznpNR53ERq|YT Playlist Titled Devops Master Class]] 
- 
- 
- 
-  * [[https://github.com/omaralsoudanii/jenkins-docker-ci|jenkins docker ci example]] 
- 
-==== Exams ==== 
- 
-  * [[https://killer.sh/|Kubernetes CKS/CKA/CKAD Test simulator]] 
- 
- 
-==== Videos ==== 
-  * [[https://www.youtube.com/results?search_query=docker+swarm| Youtube search docker swarm]] 
-  * [[https://www.youtube.com/watch?v=pAM2GBCDGTo|Self-Hosting Your Homelab Services with SSL -- Let's Encrypt, MetalLB, Traefik, Rancher, Kubernetes]] 
- 
- 
-==== Nvidia-Docker ==== 
-  * https://github.com/keylase/nvidia-patch 
-  * https://emby.media/community/index.php?/topic/75330-best-gpu-for-transcoding/ 
-  * https://emby.media/community/index.php?/topic/76937-docker-hwa-nvidia-instructions/ 
- 
-==== Traefik ==== 
-  * [[https://www.youtube.com/watch?v=Gk9WER6DunE|Traefik Proxy v2.0 Docker Basic Tutorial]] 
-  * [[https://www.youtube.com/watch?v=C6IL8tjwC5E|Traefik Crash Course - Architecture, L7 & L4 Proxying, Weighted Round Robin, Enabling TLS 1.2/1.3]] 
-  * [[https://doc.traefik.io/traefik/routing/entrypoints/| Traefik Entrypoints]] 
-  * [[https://github.com/containous/traefik-library-image|Main github repository]] 
-  * [[https://github.com/IronicBadger/infra/blob/master/roles/ktz-traefik/templates/traefik.yaml.j2|traefik docker template example]] 
- 
-  * [[https://hollo.me/devops/routing-to-multiple-docker-compose-development-setups-with-traefik.html|Routing to multiple docker-compose development setups]] 
- 
-=== example config === 
-<code> 
---- 
-# step 0: 
-#   docker network create --driver=bridge --attachable  --internal=false gateway 
- 
-version: "3" 
- 
-services: 
-  traefik: 
-    image: traefik:v2.5.3 
-    container_name: traefik 
-    restart: unless-stopped 
-    ports: 
-      - "80:80" 
-      - "443:443" 
-      - "8080:8080" 
-      - "2222:2222" 
-    volumes: 
-      # Here is the mount of the local `ssl` directory 
-      - ./data/letsencrypt:/letsencrypt 
-      # The docker socket is mounted for auto-discovery of new services 
-      - /var/run/docker.sock:/var/run/docker.sock:ro 
-      # Globally Available User Creds 
-      - ./data/users_credentials:/users_credentials:ro 
-      # Mount config files directly 
-      - ./data/traefik-tls.toml:/traefik-tls.toml 
-      # traefik log file 
-      - /var/log/traefik:/var/log 
-    networks: 
-      - gateway 
-    command: 
-      - "--log.level=WARN" 
-      - "--accesslog=true" 
-      - "--accessLog.filePath=/var/log/access.log" 
-      #- "--accessLog.filters.statusCodes=400-499" 
-      #- "--pilot.dashboard=false" # Still being developed  
-      - "--api.dashboard=true" 
-      - "--api.insecure=true" 
-      - "--providers.docker=true" 
-      - "--providers.docker.exposedbydefault=false" 
-      - "--providers.docker.useBindPortIP=true" 
-      - "--providers.docker.network=gateway" 
-      - "--providers.docker.watch=true" 
-      # provide a file where options can be provided 
-      # Default TLS certificates must be specified in a file :sadface: 
-      - "--providers.file.filename=/traefik-tls.toml" 
-      # Entry Points 
-      - "--entrypoints.web.address=0.0.0.0:80" 
-      - "--entrypoints.websecure.address=0.0.0.0:443" 
-      - "--entrypoints.giteassh.address=0.0.0.0:2222" 
-      # import tls options from file for the websecure entrypoint 
-      - "--entrypoints.websecure.http.tls.options=default@file" 
-      # Certificate Resolver 
-      - "--certificatesresolvers.le.acme.email=user@example.com" 
-      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" 
-      - "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory" 
-      # Staging. You'll want to replace the acme.json file. BACKUP this file!!! 
-      #- "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" 
-      - "--certificatesresolvers.le.acme.httpchallenge=true" 
-      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web" 
-    labels: 
-      - traefik.enable=true 
-      # Priority: Highest number == first prio 
-      #   https://doc.traefik.io/traefik/routing/routers/#priority 
-      # Route traffic for *.my.lan first 
-      - traefik.http.routers.mylan.rule=hostregexp(`.*\.my\.lan`) 
-      - traefik.http.routers.mylan.entrypoints=web 
-      - traefik.http.routers.mylan.priority=1000 
-      # global redirect to https 
-      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) 
-      - traefik.http.routers.http-catchall.entrypoints=web 
-      - traefik.http.routers.http-catchall.middlewares=redirect-to-https 
-      - traefik.http.routers.http-catchall.priority=1 
-      # middleware redirect 
-      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https 
- 
-networks: 
-  gateway: 
-    external: true 
-</code> 
- 
-/traefik-tls.toml 
-<code> 
-# due to Go limitations, it is highly recommended that you use an ECDSA 
-# certificate, or you may experience compatibility issues 
-#[[tls.certificates]] 
-##certFile = "/path/to/signed_cert_plus_intermediates" 
-##keyFile = "/path/to/private_key" 
-#  certFile = "/traefik/certs/default.crt" 
-#  keyFile = "/traefik/certs/default.crt" 
- 
-[tls.options] 
-  [tls.options.default] 
-    minVersion = "VersionTLS12" 
-    cipherSuites = [ 
-      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 
-      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 
-      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 
-      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 
-      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", 
-      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" 
-    ] 
- 
-</code> 
-==== Min.io ==== 
-Minimal object store server with S3 compatibility written in GO. 
- 
-  * [[https://min.io/download#/linux | Main site and download]] 
-  * [[https://hub.docker.com/r/minio/minio/dockerfile|Docker Hub]] 
- 
-==== Kubernetes ==== 
- 
-  * [[https://www.reddit.com/r/devops/comments/pdqigh/how_to_write_kubernetes_yamls/|How to write Kubernetes yaml]] 
-  * [[https://blog.alexellis.io/bare-metal-kubernetes-with-k3s/|Bare-metal Kubernetes with K3S]] 
-  * [[https://rancher.com/docs/k3s/latest/en/cluster-access/|Rancher K3S Setup]] 
- 
-1. Run this on hypervisor: 
-<code>curl -sfL https://get.k3s.io | sh -</code> 
- 
-2. Verify it worked: 
-<code>k3s kubectl get node</code> 
- 
-Docs: https://rancher.com/docs/k3s/latest/en/cluster-access/ 
- 
- 
-3. Copy ''%%/etc/rancher/k3s/k3s.yaml%%'' on the hypervisor to your machine at ''%%~/.kube/config%%''. Then replace “localhost” with the IP or name of your K3s server. ''%%kubectl%%'' can now manage your K3s cluster. 
-==== Docker ==== 
-  * [[https://www.youtube.com/watch?v=5cNrTU6o3Fw|Pods and Containers - Kubernetes Networking | Container Communication inside the Pod]] 
-  * [[https://www.splitgraph.com/blog/docker-compose-production|Blog post - Docker Compose in Production]] 
-  * [[https://developers.redhat.com/blog/2020/11/19/transitioning-from-docker-to-podman/| Docker to Podman]] 
- 
- 
-=== Contexts === 
-  * [[https://www.docker.com/blog/how-to-deploy-on-remote-docker-hosts-with-docker-compose/|Deploy docker containers on a remote host with docker-compose]] 
- 
-=== Format commands === 
-[[https://container42.com/2016/03/27/docker-quicktip-7-psformat/|source]] 
- 
-Paste this into ''%%~/.docker/config.json%%'': 
-<code> 
-{ 
-  "psFormat": "table {{.Names}}\\t{{.Image}}\\t{{.RunningFor}} ago\\t{{.Status}}\\t{{.Command}}", 
-  "imagesFormat": "table {{.Repository}}\\t{{.Tag}}\\t{{.ID}}\\t{{.Size}}" 
-} 
-</code> 
- 
- 
-===== Podman ===== 
-Seems to not require mapping UID and GIDs. 
- 
-Ubuntu 20.10 supports podman install. 
- 
-If on 20.04 you can add the repo: https://podman.io/getting-started/installation 
- 
-[[https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics/|Rootless Podman basics]] 
- 
-  - On ubuntu 20.04 and earlier install the podman repo. 
-  - Install<code> 
-apt-get install -y slirp4netns podman 
-</code> 
-  - Edit max user name spaces <code> 
-$ echo “user.max_user_namespaces=28633” > /etc/sysctl.d/userns.conf   
-$ sysctl -p /etc/sysctl.d/userns.conf 
-</code> 
- 
-[[https://podman.io/getting-started/installation#configuration-files|Podman Config files]] 
-[[https://developers.redhat.com/blog/2020/11/19/transitioning-from-docker-to-podman/| Podman to Docker]] 
- 
- 
-=== Docker features that are unsupported in Podman === 
- 
- 
- 
- 
-[[https://github.com/containers/podman-compose|podman-compose]] 
- 
- 
- 
- 
-[[https://github.com/j8r/dockerfiles/tree/master/systemd/ubuntu| Ubuntu Container with systemd]] 
- 
- 
- 
- 
- 
-===== app container ===== 
-https://github.com/google/gvisor 
-https://firecracker-microvm.github.io/ 
- 
- 
-===== DevOps discussion ===== 
-https://www.reddit.com/r/devops/comments/p11l4k/devops_engineer_is_the_new_sysadmin/ 
-https://medium.com/nerd-for-tech/devops-engineer-is-the-new-sysadmin-5bc46b86d413 
public/it/containers.1635730183.txt.gz · Last modified: 2021/10/31 20:29 by phil

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki