Docker: Difference between revisions

Full Title or Meme

Docker is a system for building, deploying and running complex images of a program with its runtime.

Context

• This wiki page is focus on the user of Digital Ocean from a Windows workstation targeting the Kantara preferred instance.
• With the rise of cloud computing the need arose to give users an easy way to create a run-time package that could be sent to any cloud Platform as a Service provider (PaaS) with complete interoperability.

Solutions

Docker was released in 2013 and solved many of the problems that developers had running containers end-to-end focused on these low-level features:

1. A container image format
2. A method for building container images (Dockerfile/docker build)
3. A way to manage container images (docker images, docker rm , etc.)
4. A way to manage instances of containers (docker ps, docker rm , etc.)
5. A way to share container images (docker push/pull)
6. A way to run containers (docker run)

Open Container Initiative was created to expand the scope of docker solutions. There are for high-level docker support.

• Open Container Initiative (OCI)
• OCI runtime specification.
• Google code for running containers as a tool and library called runc

When you run a Docker container, these are the steps Docker actually goes through:

1. Download the image
2. Unpack the image into a "bundle". This flattens the layers into a single filesystem.
3. Run the container from the bundle

Deploy App Image to Digital Ocean

You will need access to a Digital Ocean (DO) droplet of sufficient size to handle your application.

• Deploying App to Digital Ocean from Brandon Lehr using HTTPS-PORTAL in docker compose.
• The function called Portal on Azure is called the Control Panel on Digital Ocean. It is the online place to set up the features.
• Deploy Docker containers into Digital Ocean
• Deploying an ASP.NET Core Application to Digital Ocean

Custom Images on Droplets

• When you only have ssh access to a droplet, it is necessary that any custom image installed on a droplet include SSHD.
• How to Regain Access to Droplets using the DigitalOcean Droplet Console.
• DO page on custom images.
• get an IP add and ssh password fro the droplet. Access the droplet with ssh root@0.0.0.0 using the IP address and enter the password when requested.

Step by Step Instructions

It is assumed that the Docker Desktop for Windows has been installed and the the runtime is created by .NET Core 3.0 or later and that you have created a DigitalOcean droplet and have the ssh (user) password for building the container in place, or a doclt access token for use of the DO Container registry.

1. Build a production version of the code (ie set the configuration to Production with the Configuration Manager.)
2. If running Visual Studio 2019 or later, publish a
3. Install the Digital Ocean controller on windows. It is called doctl.exe.
4. Create a DigitalOcean API token for your account with read and write access from the Applications & API page in the control panel. Save the token string in a safe place on your workstation.
5. On the workstation (usually in powershell) you will enter the token after you type: .\doctl.exe auth init --context <NAME_OF_CONTAINER>
6. Test that everything works by typing: .\doctl.exe account get
7. For first time use, Create a Container Registry.
8. Optionally check the account: .\doctl.exe account get

The following builds the container directly in the droplet

1. SSH configuration. Images must have sshd installed and configured to run on boot. If your image does not have sshd set up, you will not have SSH access to Droplets created from that image unless you recover access using the Droplet console.
2. Make sure that the source file in GitHub is current as the contain will be build from the GitHub repository.
3. SSH login looks like this: ssh root@0.0.0.0: where you enter the IP address of the droplet and will be prompted for the ssh password.
4. Then cd into the newly created directory. (/home/app/..)
5. If everything is configured correctly, you should be able to enter docker-compose build and see the output of the process.
6. Copy up the user secrets if required (either using echo 'stuff' > filename.json, or rsh)
7. Copy of the https cert if required (rsync -avz ./RegistryTest.pfx root@204.48.19.105:/root/.aspnet/https)
8. git clone https://github.com/TomCJones/RegistryTest.git
9. cd RegistryTest/
10. docker-compose build

Creating a certificate directly on the droplet or on a Windows machine with WSL:

1. load certbot.eff.org
2. follow directions in certbot user guide for a manual, standalone certificate.
   1. If using DNS challenge, have the DNS record open at the registry site.
3. openssl pkcs12 -export -in trorg.pem -inkey trorg.key -out trorg.pfx
4. openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out trorg.pfx

The use of registry complicates the flow and is not recommended for initial testing with a single droplet.

1. Ensure the workstation is signed into Digital ocean: ./doctl.exe registry login
2. Tag the container to be pushed: docker tag registrytest:dev registry.digitalocean.com/tomjones/tomjones
3. Push contain from workstation to cloud: docker push registry.digitalocean.com/tomjones/tomjones

Deploy image from GitHub

• How To Install Git on Ubuntu 18.04
• How To Install Git on Ubuntu 20.04
• Configure Git - if it has already been configure check by keying: git config --list

root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git --version
git version 2.25.1
root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git config --list
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/TomCJones/RegistryTest.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master

References

• bind mounts'
• User Secrets from ASP.NET.
• HTTPS on aspnetcore 3.1