This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
public:it:containers [2022/04/01 11:55] – [Map local uid/gid into container] phil | public:it:containers [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | * [[https:// | ||
- | |||
- | * [[https:// | ||
- | |||
- | * [[https:// | ||
- | |||
- | |||
- | * [[https:// | ||
- | |||
- | ==== Exams ==== | ||
- | |||
- | * [[https:// | ||
- | |||
- | |||
- | ==== Videos ==== | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | |||
- | ==== Nvidia-Docker ==== | ||
- | * https:// | ||
- | * https:// | ||
- | * https:// | ||
- | |||
- | ==== Traefik ==== | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | * [[https:// | ||
- | |||
- | === example config === | ||
- | < | ||
- | --- | ||
- | # step 0: | ||
- | # | ||
- | |||
- | version: " | ||
- | |||
- | services: | ||
- | traefik: | ||
- | image: traefik: | ||
- | container_name: | ||
- | restart: unless-stopped | ||
- | ports: | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | volumes: | ||
- | # Here is the mount of the local `ssl` directory | ||
- | - ./ | ||
- | # The docker socket is mounted for auto-discovery of new services | ||
- | - / | ||
- | # Globally Available User Creds | ||
- | - ./ | ||
- | # Mount config files directly | ||
- | - ./ | ||
- | # traefik log file | ||
- | - / | ||
- | networks: | ||
- | - gateway | ||
- | command: | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | #- " | ||
- | #- " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | # provide a file where options can be provided | ||
- | # Default TLS certificates must be specified in a file :sadface: | ||
- | - " | ||
- | # Entry Points | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | # import tls options from file for the websecure entrypoint | ||
- | - " | ||
- | # Certificate Resolver | ||
- | - " | ||
- | - " | ||
- | - " | ||
- | # Staging. You'll want to replace the acme.json file. BACKUP this file!!! | ||
- | #- " | ||
- | - " | ||
- | - " | ||
- | labels: | ||
- | - traefik.enable=true | ||
- | # Priority: Highest number == first prio | ||
- | # | ||
- | # Route traffic for *.my.lan first | ||
- | - traefik.http.routers.mylan.rule=hostregexp(`.*\.my\.lan`) | ||
- | - traefik.http.routers.mylan.entrypoints=web | ||
- | - traefik.http.routers.mylan.priority=1000 | ||
- | # global redirect to https | ||
- | - traefik.http.routers.http-catchall.rule=hostregexp(`{host: | ||
- | - traefik.http.routers.http-catchall.entrypoints=web | ||
- | - traefik.http.routers.http-catchall.middlewares=redirect-to-https | ||
- | - traefik.http.routers.http-catchall.priority=1 | ||
- | # middleware redirect | ||
- | - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https | ||
- | |||
- | networks: | ||
- | gateway: | ||
- | external: true | ||
- | </ | ||
- | |||
- | / | ||
- | < | ||
- | # due to Go limitations, | ||
- | # certificate, | ||
- | # | ||
- | ##certFile = "/ | ||
- | ##keyFile = "/ | ||
- | # certFile = "/ | ||
- | # keyFile = "/ | ||
- | |||
- | [tls.options] | ||
- | [tls.options.default] | ||
- | minVersion = " | ||
- | cipherSuites = [ | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | ] | ||
- | |||
- | </ | ||
- | ==== Min.io ==== | ||
- | Minimal object store server with S3 compatibility written in GO. | ||
- | |||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | ==== Garage ==== | ||
- | |||
- | S3 compatible object store. Similar to min.io. | ||
- | |||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | ==== Kubernetes ==== | ||
- | |||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | 1. Run this on hypervisor: | ||
- | < | ||
- | |||
- | 2. Verify it worked: | ||
- | < | ||
- | |||
- | Docs: https:// | ||
- | |||
- | |||
- | 3. Copy '' | ||
- | ===== Docker ===== | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | |||
- | ==== Deploy docker containers on remote hosts with docker-compose ==== | ||
- | * [[https:// | ||
- | |||
- | |||
- | === Environment variable === | ||
- | |||
- | DOCKER_HOST=“ssh:// | ||
- | |||
- | === Context === | ||
- | |||
- | < | ||
- | $ docker context ls | ||
- | NAME | ||
- | … | ||
- | remote | ||
- | $ cd hello-docker | ||
- | $ docker-compose ‐‐context remote up -d | ||
- | </ | ||
- | |||
- | < | ||
- | $ docker context create remote ‐‐docker “host=ssh:// | ||
- | remote | ||
- | Successfully created context “remote” | ||
- | |||
- | $ docker context ls | ||
- | NAME DESCRIPTION | ||
- | default * Current DOCKER_HOST… | ||
- | remote | ||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | === Format commands === | ||
- | [[https:// | ||
- | |||
- | Paste this into '' | ||
- | < | ||
- | { | ||
- | " | ||
- | " | ||
- | } | ||
- | </ | ||
- | |||
- | |||
- | ===== Podman ===== | ||
- | Seems to not require mapping UID and GIDs. | ||
- | |||
- | Ubuntu 20.10 supports podman install. | ||
- | |||
- | If on 20.04 you can add the repo: https:// | ||
- | |||
- | [[https:// | ||
- | |||
- | - On ubuntu 20.04 and earlier install the podman repo. | ||
- | - Install< | ||
- | apt-get install -y slirp4netns podman | ||
- | </ | ||
- | - Edit max user name spaces < | ||
- | $ echo “user.max_user_namespaces=28633” > / | ||
- | $ sysctl -p / | ||
- | </ | ||
- | |||
- | [[https:// | ||
- | [[https:// | ||
- | |||
- | |||
- | ==== subuid and subgid ==== | ||
- | |||
- | * https:// | ||
- | |||
- | Pre-generating all possible values for /etc/subuid and / | ||
- | |||
- | An example python program to generate the files: | ||
- | |||
- | < | ||
- | f = open("/ | ||
- | for uid in range(1000, 65536): | ||
- | f.write(" | ||
- | f.close() | ||
- | |||
- | f = open("/ | ||
- | for uid in range(1000, 65536): | ||
- | f.write(" | ||
- | f.close() | ||
- | </ | ||
- | |||
- | |||
- | ==== Map local uid/gid into container ==== | ||
- | |||
- | * https:// | ||
- | |||
- | < | ||
- | #!/bin/bash | ||
- | |||
- | # https:// | ||
- | |||
- | subuidSize=$(( $(podman info --format "{{ range .Host.IDMappings.UIDMap }}+{{.Size }}{{end }}" ) - 1 )) | ||
- | subgidSize=$(( $(podman info --format "{{ range .Host.IDMappings.GIDMap }}+{{.Size }}{{end }}" ) - 1 )) | ||
- | |||
- | uid=$(id -u) | ||
- | gid=$(id -g) | ||
- | |||
- | podman run --rm -it \ | ||
- | -v ./ | ||
- | --user $uid:$gid \ | ||
- | --uidmap $uid:0:1 \ | ||
- | --uidmap 0:1:$uid \ | ||
- | --uidmap $(($uid+1)): | ||
- | --gidmap $gid:0:1 \ | ||
- | --gidmap 0:1:$gid \ | ||
- | --gidmap $(($gid+1)): | ||
- | docker.io/ | ||
- | </ | ||
- | |||
- | === Docker features that are unsupported in Podman === | ||
- | |||
- | |||
- | |||
- | |||
- | [[https:// | ||
- | |||
- | |||
- | |||
- | |||
- | [[https:// | ||
- | |||
- | |||
- | |||
- | |||
- | |||
- | ===== app container ===== | ||
- | https:// | ||
- | https:// | ||
- | |||
- | |||
- | ===== DevOps discussion ===== | ||
- | https:// | ||
- | https:// |