Docker: Difference between revisions
No edit summary |
|||
(60 intermediate revisions by the same user not shown) | |||
Line 26: | Line 26: | ||
==Deploy App Image to Digital Ocean== | ==Deploy App Image to Digital Ocean== | ||
You will need access to a Digital Ocean (DO) droplet of sufficient size to handle your application. | |||
* [https://brandonlehr.com/dotnet/docker/digital-ocean/2018/11/07/dontnet-core-docker-nginx-digitalocean Deploying App to Digital Ocean from Brandon Lehr] using HTTPS-PORTAL in docker compose. | * [https://brandonlehr.com/dotnet/docker/digital-ocean/2018/11/07/dontnet-core-docker-nginx-digitalocean Deploying App to Digital Ocean from Brandon Lehr] using HTTPS-PORTAL in docker compose. | ||
* The function called ''Portal'' on Azure is called the [https://cloud.digitalocean.com/ ''Control Panel''] on Digital Ocean. It is the online place to set up the features. | |||
* [https://blog.machinebox.io/deploy-machine-box-in-digital-ocean-385265fbeafd Deploy Docker containers into Digital Ocean] | |||
* [https://elanderson.net/2018/08/deploying-an-asp-net-core-application-to-digitalocean/ Deploying an ASP.NET Core Application to Digital Ocean] | |||
===Custom Images on Droplets=== | |||
* When you only have ssh access to a droplet, it is necessary that any custom image installed on a droplet include SSHD. | |||
* [https://www.digitalocean.com/docs/droplets/resources/console/ How to Regain Access to Droplets using the DigitalOcean Droplet Console]. | |||
* [https://www.digitalocean.com/docs/images/custom-images/ DO page on custom images]. | |||
* get an IP add and ssh password fro the droplet. Access the droplet with ssh root@0.0.0.0 using the IP address and enter the password when requested. | |||
===Step by Step Instructions=== | ===Step by Step Instructions=== | ||
It is assumed that the Docker Desktop for Windows has been installed and the the runtime is created by .NET Core 3.0 or later and that you have created a DigitalOcean droplet and have the ssh (user) password for building the container in place, or a doclt access token for use of the DO Container registry. | |||
# Build a production version of the code (ie set the configuration to Production with the Configuration Manager.) | |||
# If running Visual Studio 2019 or later, publish a | |||
# [https://www.digitalocean.com/docs/apis-clis/doctl/how-to/install/ Install the Digital Ocean controller on windows]. It is called doctl.exe. | # [https://www.digitalocean.com/docs/apis-clis/doctl/how-to/install/ Install the Digital Ocean controller on windows]. It is called doctl.exe. | ||
# | # [https://www.digitalocean.com/docs/apis-clis/api/create-personal-access-token/ Create a DigitalOcean API token] for your account with read and write access from the Applications & API page '''in the control panel'''. Save the token string in a safe place on your workstation. | ||
# If running | # On the workstation (usually in powershell) you will enter the token after you type: .\doctl.exe auth init --context <NAME_OF_CONTAINER> | ||
# Test that everything works by typing: .\doctl.exe account get | |||
# For first time use, [https://www.digitalocean.com/docs/container-registry/quickstart/ Create a Container Registry]. | |||
# Optionally check the account: .\doctl.exe account get | |||
The following builds the container directly in the droplet. <<<. preferred mode | |||
# SSH configuration. Images must have sshd installed and configured to run on boot. If your image does not have sshd set up, you will not have SSH access to Droplets created from that image unless you recover access using the Droplet console. (DO SERVER.TXT) | |||
# Make sure that the source file in GitHub is current as the container will be built from the GitHub repository. | |||
# SSH login looks like this: ssh root@0.0.0.0: where you enter the IP address of the droplet and will be prompted for the ssh password. | |||
#Then cd into the newly created directory. (/home/app/..). (eg cd \homeapp\RegistryDemo) | |||
#If everything is configured correctly, you should be able to enter docker-compose build and see the output of the process. -- OR | |||
## git stash | |||
## git pull | |||
## git stash pop (should be just product.yml | |||
## sh Production.sh | |||
# Copy up the user secrets if required (either using echo 'stuff' > filename.json, or rsh) | |||
# Copy of the https cert if required (rsync -avz ./RegistryTest.pfx root@204.48.19.105:/root/.aspnet/https) | |||
# git clone https://github.com/TomCJones/RegistryTest.git | |||
# cd RegistryTest/ | |||
# docker-compose build | |||
Creating a certificate directly on the droplet or on a Windows machine with WSL: | |||
# Ensure that the DNS name has already been registered (e.g. trustregistry.org) | |||
# Load certbot.eff.org | |||
# Follow directions in [https://certbot.eff.org/docs/using.html#manual certbot user guide] for a manual, standalone certificate. | |||
## If using DNS challenge, have the DNS record open at the registry site. | |||
# openssl pkcs12 -export -in trorg.pem -inkey trorg.key -out trorg.pfx | |||
# openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out trorg.pfx | |||
The use of registry complicates the flow and is not recommended for initial testing with a single droplet. | |||
# Ensure the workstation is signed into Digital ocean: ./doctl.exe registry login | |||
# Tag the container to be pushed: docker tag registrytest:dev registry.digitalocean.com/tomjones/tomjones | |||
# Push contain from workstation to cloud: docker push registry.digitalocean.com/tomjones/tomjones | |||
===Deploy image from GitHub=== | |||
* [https://www.digitalocean.com/community/tutorials/how-to-install-git-on-ubuntu-18-04 How To Install Git on Ubuntu 18.04] | |||
* [https://www.digitalocean.com/community/tutorials/how-to-install-git-on-ubuntu-20-04 How To Install Git on Ubuntu 20.04] | |||
* Configure Git - if it has already been configure check by keying: git config --list | |||
root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git --version | |||
git version 2.25.1 | |||
root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git config --list | |||
core.repositoryformatversion=0 | |||
core.filemode=true | |||
core.bare=false | |||
core.logallrefupdates=true | |||
remote.origin.url=https://github.com/TomCJones/RegistryTest.git | |||
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* | |||
branch.master.remote=origin | |||
branch.master.merge=refs/heads/master | |||
==The Environment== | |||
Environmental variable are chital to the successful operation of a net core project running in a Linux Docker environment. | |||
For example: | |||
*APPDATA in a windows development environment is typically: | |||
*$home ina Linux environment is typically: | |||
==References== | ==References== | ||
* [https://docs.docker.com/storage/bind-mounts/ bind mounts]' | |||
* [https://jimmybogard.com/user-secrets-in-docker-based-net-core-worker-applications/ User Secrets from ASP.NET]. | |||
* [https://docs.microsoft.com/en-us/aspnet/core/security/docker-https?view=aspnetcore-3.1 HTTPS on aspnetcore 3.1] | |||
[[Category: Glossary]] | [[Category: Glossary]] | ||
[[Category: Profile]] | |||
[[Category: Best Practice]] | [[Category: Best Practice]] |
Latest revision as of 20:21, 29 April 2021
Full Title or Meme
Docker is a system for building, deploying and running complex images of a program with its runtime.
Context
- This wiki page is focus on the user of Digital Ocean from a Windows workstation targeting the Kantara preferred instance.
- With the rise of cloud computing the need arose to give users an easy way to create a run-time package that could be sent to any cloud Platform as a Service provider (PaaS) with complete interoperability.
Solutions
Docker was released in 2013 and solved many of the problems that developers had running containers end-to-end focused on these low-level features:
- A container image format
- A method for building container images (Dockerfile/docker build)
- A way to manage container images (docker images, docker rm , etc.)
- A way to manage instances of containers (docker ps, docker rm , etc.)
- A way to share container images (docker push/pull)
- A way to run containers (docker run)
Open Container Initiative was created to expand the scope of docker solutions. There are for high-level docker support.
- Open Container Initiative (OCI)
- OCI runtime specification.
- Google code for running containers as a tool and library called runc
When you run a Docker container, these are the steps Docker actually goes through:
- Download the image
- Unpack the image into a "bundle". This flattens the layers into a single filesystem.
- Run the container from the bundle
Deploy App Image to Digital Ocean
You will need access to a Digital Ocean (DO) droplet of sufficient size to handle your application.
- Deploying App to Digital Ocean from Brandon Lehr using HTTPS-PORTAL in docker compose.
- The function called Portal on Azure is called the Control Panel on Digital Ocean. It is the online place to set up the features.
- Deploy Docker containers into Digital Ocean
- Deploying an ASP.NET Core Application to Digital Ocean
Custom Images on Droplets
- When you only have ssh access to a droplet, it is necessary that any custom image installed on a droplet include SSHD.
- How to Regain Access to Droplets using the DigitalOcean Droplet Console.
- DO page on custom images.
- get an IP add and ssh password fro the droplet. Access the droplet with ssh root@0.0.0.0 using the IP address and enter the password when requested.
Step by Step Instructions
It is assumed that the Docker Desktop for Windows has been installed and the the runtime is created by .NET Core 3.0 or later and that you have created a DigitalOcean droplet and have the ssh (user) password for building the container in place, or a doclt access token for use of the DO Container registry.
- Build a production version of the code (ie set the configuration to Production with the Configuration Manager.)
- If running Visual Studio 2019 or later, publish a
- Install the Digital Ocean controller on windows. It is called doctl.exe.
- Create a DigitalOcean API token for your account with read and write access from the Applications & API page in the control panel. Save the token string in a safe place on your workstation.
- On the workstation (usually in powershell) you will enter the token after you type: .\doctl.exe auth init --context <NAME_OF_CONTAINER>
- Test that everything works by typing: .\doctl.exe account get
- For first time use, Create a Container Registry.
- Optionally check the account: .\doctl.exe account get
The following builds the container directly in the droplet. <<<. preferred mode
- SSH configuration. Images must have sshd installed and configured to run on boot. If your image does not have sshd set up, you will not have SSH access to Droplets created from that image unless you recover access using the Droplet console. (DO SERVER.TXT)
- Make sure that the source file in GitHub is current as the container will be built from the GitHub repository.
- SSH login looks like this: ssh root@0.0.0.0: where you enter the IP address of the droplet and will be prompted for the ssh password.
- Then cd into the newly created directory. (/home/app/..). (eg cd \homeapp\RegistryDemo)
- If everything is configured correctly, you should be able to enter docker-compose build and see the output of the process. -- OR
- git stash
- git pull
- git stash pop (should be just product.yml
- sh Production.sh
- Copy up the user secrets if required (either using echo 'stuff' > filename.json, or rsh)
- Copy of the https cert if required (rsync -avz ./RegistryTest.pfx root@204.48.19.105:/root/.aspnet/https)
- git clone https://github.com/TomCJones/RegistryTest.git
- cd RegistryTest/
- docker-compose build
Creating a certificate directly on the droplet or on a Windows machine with WSL:
- Ensure that the DNS name has already been registered (e.g. trustregistry.org)
- Load certbot.eff.org
- Follow directions in certbot user guide for a manual, standalone certificate.
- If using DNS challenge, have the DNS record open at the registry site.
- openssl pkcs12 -export -in trorg.pem -inkey trorg.key -out trorg.pfx
- openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out trorg.pfx
The use of registry complicates the flow and is not recommended for initial testing with a single droplet.
- Ensure the workstation is signed into Digital ocean: ./doctl.exe registry login
- Tag the container to be pushed: docker tag registrytest:dev registry.digitalocean.com/tomjones/tomjones
- Push contain from workstation to cloud: docker push registry.digitalocean.com/tomjones/tomjones
Deploy image from GitHub
- How To Install Git on Ubuntu 18.04
- How To Install Git on Ubuntu 20.04
- Configure Git - if it has already been configure check by keying: git config --list
root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git --version git version 2.25.1 root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git config --list core.repositoryformatversion=0 core.filemode=true core.bare=false core.logallrefupdates=true remote.origin.url=https://github.com/TomCJones/RegistryTest.git remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* branch.master.remote=origin branch.master.merge=refs/heads/master
The Environment
Environmental variable are chital to the successful operation of a net core project running in a Linux Docker environment. For example:
- APPDATA in a windows development environment is typically:
- $home ina Linux environment is typically: