Compare commits
167 Commits
Author | SHA1 | Date | |
---|---|---|---|
836332cb75 | |||
dff19b33a0 | |||
f3aa5556ad | |||
b9719cbad0 | |||
3316304f3d | |||
2edc63c692 | |||
14beeea518 | |||
1f3f4c5c27 | |||
8251b20d08 | |||
4456c275cf | |||
cf66e90918 | |||
e3d9d28681 | |||
6a33698b0f | |||
6e9ca7331a | |||
f32be9efaa | |||
8c37f7b192 | |||
4bcc9c435b | |||
687afd20d3 | |||
7842eed5e7 | |||
01af118af1 | |||
dd06907fba | |||
7d33e4cc28 | |||
ccc49544b2 | |||
653f2d9c6d | |||
b762a59477 | |||
1af13b49eb | |||
afc7252292 | |||
2f77ba4249 | |||
ebaf81efbc | |||
44f820ff24 | |||
3f1ad29bb7 | |||
6731d71795 | |||
e27e029921 | |||
503ddfbcc4 | |||
|
c7bbd0119f | ||
|
1f24d456e0 | ||
|
c4e9cd0f1d | ||
|
2981665f1f | ||
|
d9f0c9ac45 | ||
|
eee88b403c | ||
|
25f962b5e1 | ||
|
0d954877e5 | ||
|
3a9b88700e | ||
|
d7a15dd12a | ||
|
d3334672ce | ||
|
e5d371490c | ||
|
9cdc998137 | ||
|
8dff10bcaa | ||
|
b4d6426abc | ||
|
08ac9d963d | ||
|
d7d4b09c4f | ||
|
3ad69345c3 | ||
|
7e006777d7 | ||
|
2bca273ff4 | ||
|
b6ea4168d4 | ||
|
726bfd126b | ||
|
1d79efa7fa | ||
|
893c0c1bd5 | ||
|
615af9ff0d | ||
|
fec54de67b | ||
|
b4f92f7c6b | ||
|
3a38099971 | ||
|
6ccdca1634 | ||
|
302bbda11a | ||
|
6f818a549f | ||
|
cb16e5d1f3 | ||
|
54beb2b872 | ||
|
7d6a447fca | ||
|
0fdedec7a2 | ||
|
9a4c1b53dd | ||
|
1fd29da9be | ||
|
2dac6361da | ||
|
858d6c7607 | ||
|
16d65a70fe | ||
|
664ad9edab | ||
|
95a8d8a72b | ||
|
d5044a9db7 | ||
|
96670a1d03 | ||
|
5abe931855 | ||
|
8801e0e0ca | ||
|
9b5581d3bd | ||
|
798c396e89 | ||
|
9eab81d81e | ||
|
720eadbeae | ||
|
1bec479199 | ||
|
2be5c745e8 | ||
|
5b6733e711 | ||
|
8725352c3f | ||
|
f1f2012af5 | ||
|
9ddebfdd36 | ||
|
9bf480301d | ||
|
d35fc60923 | ||
|
6ab1ec709f | ||
|
56890c941a | ||
|
e96065a503 | ||
|
5c1574e643 | ||
|
b37be73687 | ||
|
42f8dbe70c | ||
|
a1b127be03 | ||
|
9bccc3cf99 | ||
|
5ded522cbf | ||
|
ace32adb9d | ||
|
5572d7a5b3 | ||
|
572dc47f99 | ||
|
5c65399cec | ||
|
6086449d15 | ||
|
5c00304375 | ||
|
0efc3a5c19 | ||
|
782d9421ae | ||
|
d002206c3e | ||
|
e04817f421 | ||
|
0f44699cfa | ||
|
966b2e2857 | ||
|
de74d48616 | ||
|
14c67643bb | ||
|
acdcd83ced | ||
|
8511b9af07 | ||
|
f2af4b0ae4 | ||
|
7ceaaee2a7 | ||
|
25f25d8126 | ||
|
8a8994297d | ||
|
4e7c2668fc | ||
|
7bb2ef8c6d | ||
|
433353af1c | ||
|
ac4adc8665 | ||
|
67e75bb1cb | ||
|
06d835a3cd | ||
|
9950c06246 | ||
|
8dd3914433 | ||
|
958126d5a7 | ||
|
f390971d25 | ||
|
64a1666f12 | ||
|
5d5e551104 | ||
|
13386236e4 | ||
|
2376af82e7 | ||
|
0edef34461 | ||
|
e991a5ab73 | ||
|
62e2117581 | ||
|
4b6b5476c5 | ||
|
e43a605d37 | ||
|
eccb882c59 | ||
|
dbae842f9c | ||
|
dcfbefe0af | ||
|
e9f8d4443a | ||
|
ad6f32f830 | ||
|
3de6451f5c | ||
|
b66f1c3224 | ||
|
23e02b9a44 | ||
|
5cccd65849 | ||
|
9646231353 | ||
|
3cbe2e686e | ||
|
172c616131 | ||
|
a2932698bd | ||
|
6190776cb6 | ||
|
3323acf03e | ||
|
559d5f335e | ||
|
6916e6a595 | ||
|
bb961ef28d | ||
|
0b402b3ebf | ||
|
4ed7232ea2 | ||
|
9f31a47053 | ||
|
b1d106ea7c | ||
|
288a57ea63 | ||
|
f232e36815 | ||
|
fe2686fe00 | ||
|
a33ed89ab3 | ||
|
f77065be98 |
@ -1 +1,2 @@
|
|||||||
node_modules
|
node_modules
|
||||||
|
app/Dockerfile
|
15
.drone.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
kind: pipeline
|
||||||
|
name: default
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: docker
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
registry: git.ericxliu.me
|
||||||
|
username: master
|
||||||
|
password: 1f8af4f82c0bd4dc24c1a03eaea6da13f54fed1c
|
||||||
|
repo: git.ericxliu.me/master/getting-started
|
||||||
|
tags: latest
|
||||||
|
platform: linux/amd64
|
||||||
|
custom_dns: [ 8.8.8.8 ]
|
||||||
|
mtu: 1450
|
30
.github/workflows/build.yml
vendored
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
name: Build and Push Docker Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
env:
|
||||||
|
IMAGE_NAME: ${{ github.repository_owner }}/${{ github.event.repository.name }}
|
||||||
|
DOCKER_HOST: tcp://docker.local:2375
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
repository: ${{ github.repository }}
|
||||||
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Log in to the Docker registry
|
||||||
|
run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ secrets.DOCKER_REGISTRY }} -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
|
||||||
|
|
||||||
|
- name: Build the Docker image
|
||||||
|
run: docker build -t ${{ secrets.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest .
|
||||||
|
|
||||||
|
- name: Push the Docker image
|
||||||
|
run: docker push ${{ secrets.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
node_modules
|
node_modules
|
||||||
|
app/Dockerfile
|
46
Dockerfile
@ -1,36 +1,62 @@
|
|||||||
# Install the base requirements for the app.
|
# Install the base requirements for the app.
|
||||||
# This stage is to support development.
|
# This stage is to support development.
|
||||||
FROM python:alpine AS base
|
ARG BUILDPLATFORM="linux/amd64"
|
||||||
|
ARG TARGETPLATFORM="linux/amd64"
|
||||||
|
|
||||||
|
FROM --platform=$BUILDPLATFORM python:alpine AS base
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY requirements.txt .
|
COPY requirements.txt .
|
||||||
RUN pip install -r requirements.txt
|
|
||||||
|
|
||||||
# Run tests to validate app
|
RUN ping -c5 8.8.8.8
|
||||||
FROM node:12-alpine AS app-base
|
RUN ping -c5 208.67.222.222
|
||||||
|
RUN ifconfig
|
||||||
|
RUN uname -a
|
||||||
|
RUN cat /etc/resolv.conf
|
||||||
|
RUN route
|
||||||
|
RUN ip address
|
||||||
|
RUN ip route
|
||||||
|
RUN nslookup google.com
|
||||||
|
# RUN apk update
|
||||||
|
# RUN apk add --no-cache curl dig
|
||||||
|
# RUN dig https://google.com
|
||||||
|
# RUN curl -IL google.com
|
||||||
|
# RUN curl ifconfig.me
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
RUN pip3 install --default-timeout=100 -r requirements.txt
|
||||||
|
|
||||||
|
FROM --platform=$BUILDPLATFORM node:18-alpine AS app-base
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY app/package.json app/yarn.lock ./
|
COPY app/package.json app/yarn.lock ./
|
||||||
RUN yarn install
|
|
||||||
COPY app/spec ./spec
|
COPY app/spec ./spec
|
||||||
COPY app/src ./src
|
COPY app/src ./src
|
||||||
|
|
||||||
|
# Run tests to validate app
|
||||||
|
FROM app-base AS test
|
||||||
|
RUN yarn install
|
||||||
RUN yarn test
|
RUN yarn test
|
||||||
|
|
||||||
# Clear out the node_modules and create the zip
|
# Clear out the node_modules and create the zip
|
||||||
FROM app-base AS app-zip-creator
|
FROM app-base AS app-zip-creator
|
||||||
RUN rm -rf node_modules && \
|
COPY --from=test /app/package.json /app/yarn.lock ./
|
||||||
apk add zip && \
|
COPY app/spec ./spec
|
||||||
|
COPY app/src ./src
|
||||||
|
RUN apk add zip && \
|
||||||
zip -r /app.zip /app
|
zip -r /app.zip /app
|
||||||
|
|
||||||
# Dev-ready container - actual files will be mounted in
|
# Dev-ready container - actual files will be mounted in
|
||||||
FROM base AS dev
|
FROM --platform=$BUILDPLATFORM base AS dev
|
||||||
CMD ["mkdocs", "serve", "-a", "0.0.0.0:8000"]
|
CMD ["mkdocs", "serve", "-a", "0.0.0.0:8000"]
|
||||||
|
|
||||||
# Do the actual build of the mkdocs site
|
# Do the actual build of the mkdocs site
|
||||||
FROM base AS build
|
FROM --platform=$BUILDPLATFORM base AS build
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN mkdocs build
|
RUN mkdocs build
|
||||||
|
|
||||||
# Extract the static content from the build
|
# Extract the static content from the build
|
||||||
# and use a nginx image to serve the content
|
# and use a nginx image to serve the content
|
||||||
FROM nginx:alpine
|
FROM --platform=$TARGETPLATFORM nginx:alpine
|
||||||
COPY --from=app-zip-creator /app.zip /usr/share/nginx/html/assets/app.zip
|
COPY --from=app-zip-creator /app.zip /usr/share/nginx/html/assets/app.zip
|
||||||
COPY --from=build /app/site /usr/share/nginx/html
|
COPY --from=build /app/site /usr/share/nginx/html
|
||||||
|
22
Jenkinsfile
vendored
@ -1,22 +0,0 @@
|
|||||||
pipeline {
|
|
||||||
options {
|
|
||||||
timeout(time: 1, unit: 'HOURS')
|
|
||||||
}
|
|
||||||
agent {
|
|
||||||
label 'ubuntu-1804 && amd64 && docker'
|
|
||||||
}
|
|
||||||
stages {
|
|
||||||
stage('build and push') {
|
|
||||||
when {
|
|
||||||
branch 'master'
|
|
||||||
}
|
|
||||||
sh "docker build docker/getting-started ."
|
|
||||||
|
|
||||||
steps {
|
|
||||||
withDockerRegistry([url: "", credentialsId: "dockerbuildbot-index.docker.io"]) {
|
|
||||||
sh("docker push docker/getting-started")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
10
README.md
@ -1,12 +1,13 @@
|
|||||||
# Docker Getting Started Tutorial
|
# Docker Getting Started Tutorial
|
||||||
|
|
||||||
This tutorial has been written with the intent of helping folks get up and running
|
This tutorial was written with the intent of helping folks get up and running
|
||||||
with containers and is designed to work with Docker Desktop. While not going too much
|
with containers and is designed to work with Docker Desktop. While not going too much
|
||||||
into depth, it covers the following topics:
|
into depth, it covers the following topics:
|
||||||
|
|
||||||
- Running your first container
|
- Running your first container
|
||||||
- Building containers
|
- Building containers
|
||||||
- Learning what containers are running and removing them
|
- Learning what containers are
|
||||||
|
- Running and removing containers
|
||||||
- Using volumes to persist data
|
- Using volumes to persist data
|
||||||
- Using bind mounts to support development
|
- Using bind mounts to support development
|
||||||
- Using container networking to support multi-container applications
|
- Using container networking to support multi-container applications
|
||||||
@ -30,13 +31,14 @@ This project has a `docker-compose.yml` file, which will start the mkdocs applic
|
|||||||
local machine and help you see changes instantly.
|
local machine and help you see changes instantly.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker-compose up
|
docker compose up
|
||||||
```
|
```
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
If you find typos or other issues with the tutorial, feel free to create a PR and suggest fixes!
|
If you find typos or other issues with the tutorial, feel free to create a PR and suggest fixes!
|
||||||
|
|
||||||
If you have ideas on how to make the tutorial better or new content, please open an issue first before working on your idea. While we love input, we want to keep the tutorial is scoped to new-comers.
|
If you have ideas on how to make the tutorial better or want to suggest adding new content, please open an
|
||||||
|
issue first before working on your idea. While we love input, we want to keep the tutorial scoped to new-comers.
|
||||||
As such, we may reject ideas for more advanced requests and don't want you to lose any work you might
|
As such, we may reject ideas for more advanced requests and don't want you to lose any work you might
|
||||||
have done. So, ask first and we'll gladly hear your thoughts!
|
have done. So, ask first and we'll gladly hear your thoughts!
|
||||||
|
@ -9,12 +9,14 @@
|
|||||||
"dev": "nodemon src/index.js"
|
"dev": "nodemon src/index.js"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"body-parser": "^1.19.0",
|
"express": "^4.18.2",
|
||||||
"express": "^4.17.1",
|
"mysql2": "^2.3.3",
|
||||||
"mysql": "^2.17.1",
|
"sqlite3": "^5.1.2",
|
||||||
"sqlite3": "^4.1.0",
|
"uuid": "^9.0.0",
|
||||||
"uuid": "^3.3.3",
|
"wait-port": "^1.0.4"
|
||||||
"wait-port": "^0.2.2"
|
},
|
||||||
|
"resolutions": {
|
||||||
|
"ansi-regex": "5.0.1"
|
||||||
},
|
},
|
||||||
"prettier": {
|
"prettier": {
|
||||||
"trailingComma": "all",
|
"trailingComma": "all",
|
||||||
@ -24,8 +26,8 @@
|
|||||||
"singleQuote": true
|
"singleQuote": true
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"jest": "^24.9.0",
|
"jest": "^29.3.1",
|
||||||
"nodemon": "^1.19.2",
|
"nodemon": "^2.0.20",
|
||||||
"prettier": "^1.18.2"
|
"prettier": "^2.7.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
const db = require('../../src/persistence/sqlite');
|
const db = require('../../src/persistence/sqlite');
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
|
const location = process.env.SQLITE_DB_LOCATION || '/etc/todos/todo.db';
|
||||||
|
|
||||||
const ITEM = {
|
const ITEM = {
|
||||||
id: '7aef3d7c-d301-4846-8358-2a91ec9d6be3',
|
id: '7aef3d7c-d301-4846-8358-2a91ec9d6be3',
|
||||||
@ -8,8 +9,8 @@ const ITEM = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
if (fs.existsSync('/etc/todos/todo.db')) {
|
if (fs.existsSync(location)) {
|
||||||
fs.unlinkSync('/etc/todos/todo.db');
|
fs.unlinkSync(location);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
const db = require('../../src/persistence');
|
const db = require('../../src/persistence');
|
||||||
const addItem = require('../../src/routes/addItem');
|
const addItem = require('../../src/routes/addItem');
|
||||||
const ITEM = { id: 12345 };
|
const ITEM = { id: 12345 };
|
||||||
const uuid = require('uuid/v4');
|
const {v4 : uuid} = require('uuid');
|
||||||
|
|
||||||
jest.mock('uuid/v4', () => jest.fn());
|
jest.mock('uuid', () => ({ v4: jest.fn() }));
|
||||||
|
|
||||||
jest.mock('../../src/persistence', () => ({
|
jest.mock('../../src/persistence', () => ({
|
||||||
removeItem: jest.fn(),
|
removeItem: jest.fn(),
|
||||||
|
@ -6,7 +6,7 @@ const addItem = require('./routes/addItem');
|
|||||||
const updateItem = require('./routes/updateItem');
|
const updateItem = require('./routes/updateItem');
|
||||||
const deleteItem = require('./routes/deleteItem');
|
const deleteItem = require('./routes/deleteItem');
|
||||||
|
|
||||||
app.use(require('body-parser').json());
|
app.use(express.json());
|
||||||
app.use(express.static(__dirname + '/static'));
|
app.use(express.static(__dirname + '/static'));
|
||||||
|
|
||||||
app.get('/items', getItems);
|
app.get('/items', getItems);
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
const waitPort = require('wait-port');
|
const waitPort = require('wait-port');
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
const mysql = require('mysql');
|
const mysql = require('mysql2');
|
||||||
|
|
||||||
const {
|
const {
|
||||||
MYSQL_HOST: HOST,
|
MYSQL_HOST: HOST,
|
||||||
@ -21,7 +21,12 @@ async function init() {
|
|||||||
const password = PASSWORD_FILE ? fs.readFileSync(PASSWORD_FILE) : PASSWORD;
|
const password = PASSWORD_FILE ? fs.readFileSync(PASSWORD_FILE) : PASSWORD;
|
||||||
const database = DB_FILE ? fs.readFileSync(DB_FILE) : DB;
|
const database = DB_FILE ? fs.readFileSync(DB_FILE) : DB;
|
||||||
|
|
||||||
await waitPort({ host, port : 3306});
|
await waitPort({
|
||||||
|
host,
|
||||||
|
port: 3306,
|
||||||
|
timeout: 10000,
|
||||||
|
waitForDns: true,
|
||||||
|
});
|
||||||
|
|
||||||
pool = mysql.createPool({
|
pool = mysql.createPool({
|
||||||
connectionLimit: 5,
|
connectionLimit: 5,
|
||||||
@ -29,11 +34,12 @@ async function init() {
|
|||||||
user,
|
user,
|
||||||
password,
|
password,
|
||||||
database,
|
database,
|
||||||
|
charset: 'utf8mb4',
|
||||||
});
|
});
|
||||||
|
|
||||||
return new Promise((acc, rej) => {
|
return new Promise((acc, rej) => {
|
||||||
pool.query(
|
pool.query(
|
||||||
'CREATE TABLE IF NOT EXISTS todo_items (id varchar(36), name varchar(255), completed boolean)',
|
'CREATE TABLE IF NOT EXISTS todo_items (id varchar(36), name varchar(255), completed boolean) DEFAULT CHARSET utf8mb4',
|
||||||
err => {
|
err => {
|
||||||
if (err) return rej(err);
|
if (err) return rej(err);
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
const db = require('../persistence');
|
const db = require('../persistence');
|
||||||
const uuid = require('uuid/v4');
|
const {v4 : uuid} = require('uuid');
|
||||||
|
|
||||||
module.exports = async (req, res) => {
|
module.exports = async (req, res) => {
|
||||||
const item = {
|
const item = {
|
||||||
|
5970
app/yarn.lock
2
build.sh
@ -9,6 +9,6 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
docker buildx build \
|
docker buildx build \
|
||||||
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
--platform linux/amd64,linux/arm64 \
|
||||||
-t docker/getting-started:latest \
|
-t docker/getting-started:latest \
|
||||||
$( (( $WILL_PUSH == 1 )) && printf %s '--push' ) .
|
$( (( $WILL_PUSH == 1 )) && printf %s '--push' ) .
|
||||||
|
BIN
docs/tutorial/image-building-best-practices/hvs.png
Normal file
After Width: | Height: | Size: 125 KiB |
@ -1,7 +1,50 @@
|
|||||||
|
## Security Scanning
|
||||||
|
|
||||||
|
When you have built an image, it is good practice to scan it for security vulnerabilities using the `docker scan` command.
|
||||||
|
Docker has partnered with [Snyk](http://snyk.io) to provide the vulnerability scanning service.
|
||||||
|
|
||||||
|
For example, to scan the `getting-started` image you created earlier in the tutorial, you can just type
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker scan getting-started
|
||||||
|
```
|
||||||
|
|
||||||
|
The scan uses a constantly updated database of vulnerabilities, so the output you see will vary as new
|
||||||
|
vulnerabilities are discovered, but it might look something like this:
|
||||||
|
|
||||||
|
```plaintext
|
||||||
|
✗ Low severity vulnerability found in freetype/freetype
|
||||||
|
Description: CVE-2020-15999
|
||||||
|
Info: https://snyk.io/vuln/SNYK-ALPINE310-FREETYPE-1019641
|
||||||
|
Introduced through: freetype/freetype@2.10.0-r0, gd/libgd@2.2.5-r2
|
||||||
|
From: freetype/freetype@2.10.0-r0
|
||||||
|
From: gd/libgd@2.2.5-r2 > freetype/freetype@2.10.0-r0
|
||||||
|
Fixed in: 2.10.0-r1
|
||||||
|
|
||||||
|
✗ Medium severity vulnerability found in libxml2/libxml2
|
||||||
|
Description: Out-of-bounds Read
|
||||||
|
Info: https://snyk.io/vuln/SNYK-ALPINE310-LIBXML2-674791
|
||||||
|
Introduced through: libxml2/libxml2@2.9.9-r3, libxslt/libxslt@1.1.33-r3, nginx-module-xslt/nginx-module-xslt@1.17.9-r1
|
||||||
|
From: libxml2/libxml2@2.9.9-r3
|
||||||
|
From: libxslt/libxslt@1.1.33-r3 > libxml2/libxml2@2.9.9-r3
|
||||||
|
From: nginx-module-xslt/nginx-module-xslt@1.17.9-r1 > libxml2/libxml2@2.9.9-r3
|
||||||
|
Fixed in: 2.9.9-r4
|
||||||
|
```
|
||||||
|
|
||||||
|
The output lists the type of vulnerability, a URL to learn more, and importantly which version of the relevant library
|
||||||
|
fixes the vulnerability.
|
||||||
|
|
||||||
|
There are several other options, which you can read about in the [docker scan documentation](https://docs.docker.com/engine/scan/).
|
||||||
|
|
||||||
|
As well as scanning your newly built image on the command line, you can also [configure Docker Hub](https://docs.docker.com/docker-hub/vulnerability-scanning/)
|
||||||
|
to scan all newly pushed images automatically, and you can then see the results in both Docker Hub and Docker Desktop.
|
||||||
|
|
||||||
|
![Hub vulnerability scanning](hvs.png){: style=width:75% }
|
||||||
|
{: .text-center }
|
||||||
|
|
||||||
## Image Layering
|
## Image Layering
|
||||||
|
|
||||||
Did you know that you can look at what makes up an image? Using the `docker image history`
|
Did you know that you can look at how an image is composed? Using the `docker image history`
|
||||||
command, you can see the command that was used to create each layer within an image.
|
command, you can see the command that was used to create each layer within an image.
|
||||||
|
|
||||||
1. Use the `docker image history` command to see the layers in the `getting-started` image you
|
1. Use the `docker image history` command to see the layers in the `getting-started` image you
|
||||||
@ -15,23 +58,23 @@ command, you can see the command that was used to create each layer within an im
|
|||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
IMAGE CREATED CREATED BY SIZE COMMENT
|
IMAGE CREATED CREATED BY SIZE COMMENT
|
||||||
a78a40cbf866 18 seconds ago /bin/sh -c #(nop) CMD ["node" "src/index.j… 0B
|
05bd8640b718 53 minutes ago CMD ["node" "src/index.js"] 0B buildkit.dockerfile.v0
|
||||||
f1d1808565d6 19 seconds ago /bin/sh -c yarn install --production 85.4MB
|
<missing> 53 minutes ago RUN /bin/sh -c yarn install --production # b… 83.3MB buildkit.dockerfile.v0
|
||||||
a2c054d14948 36 seconds ago /bin/sh -c #(nop) COPY dir:5dc710ad87c789593… 198kB
|
<missing> 53 minutes ago COPY . . # buildkit 4.59MB buildkit.dockerfile.v0
|
||||||
9577ae713121 37 seconds ago /bin/sh -c #(nop) WORKDIR /app 0B
|
<missing> 55 minutes ago WORKDIR /app 0B buildkit.dockerfile.v0
|
||||||
b95baba1cfdb 13 days ago /bin/sh -c #(nop) CMD ["node"] 0B
|
<missing> 10 days ago /bin/sh -c #(nop) CMD ["node"] 0B
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) ENTRYPOINT ["docker-entry… 0B
|
<missing> 10 days ago /bin/sh -c #(nop) ENTRYPOINT ["docker-entry… 0B
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) COPY file:238737301d473041… 116B
|
<missing> 10 days ago /bin/sh -c #(nop) COPY file:4d192565a7220e13… 388B
|
||||||
<missing> 13 days ago /bin/sh -c apk add --no-cache --virtual .bui… 5.35MB
|
<missing> 10 days ago /bin/sh -c apk add --no-cache --virtual .bui… 7.85MB
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) ENV YARN_VERSION=1.21.1 0B
|
<missing> 10 days ago /bin/sh -c #(nop) ENV YARN_VERSION=1.22.19 0B
|
||||||
<missing> 13 days ago /bin/sh -c addgroup -g 1000 node && addu… 74.3MB
|
<missing> 10 days ago /bin/sh -c addgroup -g 1000 node && addu… 152MB
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) ENV NODE_VERSION=12.14.1 0B
|
<missing> 10 days ago /bin/sh -c #(nop) ENV NODE_VERSION=18.12.1 0B
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
|
<missing> 11 days ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B
|
||||||
<missing> 13 days ago /bin/sh -c #(nop) ADD file:e69d441d729412d24… 5.59MB
|
<missing> 11 days ago /bin/sh -c #(nop) ADD file:57d621536158358b1… 5.29MB
|
||||||
```
|
```
|
||||||
|
|
||||||
Each of the lines represents a layer in the image. The display here shows the base at the bottom with
|
Each line represents a layer in the image. The display here shows the base at the bottom with
|
||||||
the newest layer at the top. Using this, you can also quickly see the size of each layer, helping
|
the newest layer at the top. Using this you can also quickly see the size of each layer, helping to
|
||||||
diagnose large images.
|
diagnose large images.
|
||||||
|
|
||||||
1. You'll notice that several of the lines are truncated. If you add the `--no-trunc` flag, you'll get the
|
1. You'll notice that several of the lines are truncated. If you add the `--no-trunc` flag, you'll get the
|
||||||
@ -52,7 +95,7 @@ times for your container images.
|
|||||||
Let's look at the Dockerfile we were using one more time...
|
Let's look at the Dockerfile we were using one more time...
|
||||||
|
|
||||||
```dockerfile
|
```dockerfile
|
||||||
FROM node:12-alpine
|
FROM node:18-alpine
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN yarn install --production
|
RUN yarn install --production
|
||||||
@ -64,14 +107,14 @@ You might remember that when we made a change to the image, the yarn dependencie
|
|||||||
way to fix this? It doesn't make much sense to ship around the same dependencies every time we build, right?
|
way to fix this? It doesn't make much sense to ship around the same dependencies every time we build, right?
|
||||||
|
|
||||||
To fix this, we need to restructure our Dockerfile to help support the caching of the dependencies. For Node-based
|
To fix this, we need to restructure our Dockerfile to help support the caching of the dependencies. For Node-based
|
||||||
applications, those dependencies are defined in the `package.json` file. So, what if we copied only that file in first,
|
applications, those dependencies are defined in the `package.json` file. So what if we start by copying only that file in first,
|
||||||
install the dependencies, and _then_ copy in everything else? Then, we only recreate the yarn dependencies if there was
|
install the dependencies, and _then_ copy in everything else? Then, we only recreate the yarn dependencies if there was
|
||||||
a change to the `package.json`. Make sense?
|
a change to the `package.json`. Make sense?
|
||||||
|
|
||||||
1. Update the Dockerfile to copy in the `package.json` first, install dependencies, and then copy everything else in.
|
1. Update the Dockerfile to copy in the `package.json` first, install dependencies, and then copy everything else in.
|
||||||
|
|
||||||
```dockerfile hl_lines="3 4 5"
|
```dockerfile hl_lines="3 4 5"
|
||||||
FROM node:12-alpine
|
FROM node:18-alpine
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY package.json yarn.lock ./
|
COPY package.json yarn.lock ./
|
||||||
RUN yarn install --production
|
RUN yarn install --production
|
||||||
@ -88,9 +131,9 @@ a change to the `package.json`. Make sense?
|
|||||||
`.dockerignore` files are an easy way to selectively copy only image relevant files.
|
`.dockerignore` files are an easy way to selectively copy only image relevant files.
|
||||||
You can read more about this
|
You can read more about this
|
||||||
[here](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
[here](https://docs.docker.com/engine/reference/builder/#dockerignore-file).
|
||||||
In this case, the `node_modules` folder should be omitted in the second `COPY` step because otherwise,
|
In this case, the `node_modules` folder should be omitted in the second `COPY` step because otherwise
|
||||||
it would possibly overwrite files which were created by the command in the `RUN` step.
|
it would possibly overwrite files which were created by the command in the `RUN` step.
|
||||||
For further details on why this is recommended for Node.js applications and other best practices,
|
For further details on why this is recommended for Node.js applications as well as further best practices,
|
||||||
have a look at their guide on
|
have a look at their guide on
|
||||||
[Dockerizing a Node.js web app](https://nodejs.org/en/docs/guides/nodejs-docker-webapp/).
|
[Dockerizing a Node.js web app](https://nodejs.org/en/docs/guides/nodejs-docker-webapp/).
|
||||||
|
|
||||||
@ -103,34 +146,23 @@ a change to the `package.json`. Make sense?
|
|||||||
You should see output like this...
|
You should see output like this...
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
Sending build context to Docker daemon 219.1kB
|
[+] Building 16.1s (10/10) FINISHED
|
||||||
Step 1/6 : FROM node:12-alpine
|
=> [internal] load build definition from Dockerfile 0.0s
|
||||||
---> b0dc3a5e5e9e
|
=> => transferring dockerfile: 175B 0.0s
|
||||||
Step 2/6 : WORKDIR /app
|
=> [internal] load .dockerignore 0.0s
|
||||||
---> Using cache
|
=> => transferring context: 2B 0.0s
|
||||||
---> 9577ae713121
|
=> [internal] load metadata for docker.io/library/node:18-alpine 0.0s
|
||||||
Step 3/6 : COPY package.json yarn.lock ./
|
=> [internal] load build context 0.8s
|
||||||
---> bd5306f49fc8
|
=> => transferring context: 53.37MB 0.8s
|
||||||
Step 4/6 : RUN yarn install --production
|
=> [1/5] FROM docker.io/library/node:18-alpine 0.0s
|
||||||
---> Running in d53a06c9e4c2
|
=> CACHED [2/5] WORKDIR /app 0.0s
|
||||||
yarn install v1.17.3
|
=> [3/5] COPY package.json yarn.lock ./ 0.2s
|
||||||
[1/4] Resolving packages...
|
=> [4/5] RUN yarn install --production 14.0s
|
||||||
[2/4] Fetching packages...
|
=> [5/5] COPY . . 0.5s
|
||||||
info fsevents@1.2.9: The platform "linux" is incompatible with this module.
|
=> exporting to image 0.6s
|
||||||
info "fsevents@1.2.9" is an optional dependency and failed compatibility check. Excluding it from installation.
|
=> => exporting layers 0.6s
|
||||||
[3/4] Linking dependencies...
|
=> => writing image sha256:d6f819013566c54c50124ed94d5e66c452325327217f4f04399b45f94e37d25 0.0s
|
||||||
[4/4] Building fresh packages...
|
=> => naming to docker.io/library/getting-started 0.0s
|
||||||
Done in 10.89s.
|
|
||||||
Removing intermediate container d53a06c9e4c2
|
|
||||||
---> 4e68fbc2d704
|
|
||||||
Step 5/6 : COPY . .
|
|
||||||
---> a239a11f68d8
|
|
||||||
Step 6/6 : CMD ["node", "src/index.js"]
|
|
||||||
---> Running in 49999f68df8f
|
|
||||||
Removing intermediate container 49999f68df8f
|
|
||||||
---> e709c03bc597
|
|
||||||
Successfully built e709c03bc597
|
|
||||||
Successfully tagged getting-started:latest
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You'll see that all layers were rebuilt. Perfectly fine since we changed the Dockerfile quite a bit.
|
You'll see that all layers were rebuilt. Perfectly fine since we changed the Dockerfile quite a bit.
|
||||||
@ -139,38 +171,35 @@ a change to the `package.json`. Make sense?
|
|||||||
|
|
||||||
1. Build the Docker image now using `docker build -t getting-started .` again. This time, your output should look a little different.
|
1. Build the Docker image now using `docker build -t getting-started .` again. This time, your output should look a little different.
|
||||||
|
|
||||||
```plaintext hl_lines="5 8 11"
|
```plaintext hl_lines="10 11 12"
|
||||||
Sending build context to Docker daemon 219.1kB
|
[+] Building 1.2s (10/10) FINISHED
|
||||||
Step 1/6 : FROM node:12-alpine
|
=> [internal] load build definition from Dockerfile 0.0s
|
||||||
---> b0dc3a5e5e9e
|
=> => transferring dockerfile: 37B 0.0s
|
||||||
Step 2/6 : WORKDIR /app
|
=> [internal] load .dockerignore 0.0s
|
||||||
---> Using cache
|
=> => transferring context: 2B 0.0s
|
||||||
---> 9577ae713121
|
=> [internal] load metadata for docker.io/library/node:18-alpine 0.0s
|
||||||
Step 3/6 : COPY package.json yarn.lock ./
|
=> [internal] load build context 0.2s
|
||||||
---> Using cache
|
=> => transferring context: 450.43kB 0.2s
|
||||||
---> bd5306f49fc8
|
=> [1/5] FROM docker.io/library/node:18-alpine 0.0s
|
||||||
Step 4/6 : RUN yarn install --production
|
=> CACHED [2/5] WORKDIR /app 0.0s
|
||||||
---> Using cache
|
=> CACHED [3/5] COPY package.json yarn.lock ./ 0.0s
|
||||||
---> 4e68fbc2d704
|
=> CACHED [4/5] RUN yarn install --production 0.0s
|
||||||
Step 5/6 : COPY . .
|
=> [5/5] COPY . . 0.5s
|
||||||
---> cccde25a3d9a
|
=> exporting to image 0.3s
|
||||||
Step 6/6 : CMD ["node", "src/index.js"]
|
=> => exporting layers 0.3s
|
||||||
---> Running in 2be75662c150
|
=> => writing image sha256:91790c87bcb096a83c2bd4eb512bc8b134c757cda0bdee4038187f98148e2eda 0.0s
|
||||||
Removing intermediate container 2be75662c150
|
=> => naming to docker.io/library/getting-started 0.0s
|
||||||
---> 458e5c6f080c
|
|
||||||
Successfully built 458e5c6f080c
|
|
||||||
Successfully tagged getting-started:latest
|
|
||||||
```
|
```
|
||||||
|
|
||||||
First off, you should notice that the build was MUCH faster! And, you'll see that steps 1-4 all have
|
First off, you should notice that the build was MUCH faster! You'll see that several steps are using
|
||||||
`Using cache`. So, hooray! We're using the build cache. Pushing and pulling this image and updates to it
|
previously cached layers. So, hooray! We're using the build cache. Pushing and pulling this image and updates to it
|
||||||
will be much faster as well. Hooray!
|
will be much faster as well. Hooray!
|
||||||
|
|
||||||
|
|
||||||
## Multi-Stage Builds
|
## Multi-Stage Builds
|
||||||
|
|
||||||
While we're not going to dive into it too much in this tutorial, multi-stage builds are an incredibly powerful
|
While we're not going to dive into it too much in this tutorial, multi-stage builds are an incredibly powerful
|
||||||
tool to help use multiple stages to create an image. There are several advantages for them:
|
tool which help us by using multiple stages to create an image. They offer several advantages including:
|
||||||
|
|
||||||
- Separate build-time dependencies from runtime dependencies
|
- Separate build-time dependencies from runtime dependencies
|
||||||
- Reduce overall image size by shipping _only_ what your app needs to run
|
- Reduce overall image size by shipping _only_ what your app needs to run
|
||||||
@ -178,7 +207,7 @@ tool to help use multiple stages to create an image. There are several advantage
|
|||||||
### Maven/Tomcat Example
|
### Maven/Tomcat Example
|
||||||
|
|
||||||
When building Java-based applications, a JDK is needed to compile the source code to Java bytecode. However,
|
When building Java-based applications, a JDK is needed to compile the source code to Java bytecode. However,
|
||||||
that JDK isn't needed in production. Also, you might be using tools like Maven or Gradle to help build the app.
|
that JDK isn't needed in production. You might also be using tools such as Maven or Gradle to help build the app.
|
||||||
Those also aren't needed in our final image. Multi-stage builds help.
|
Those also aren't needed in our final image. Multi-stage builds help.
|
||||||
|
|
||||||
```dockerfile
|
```dockerfile
|
||||||
@ -191,7 +220,7 @@ FROM tomcat
|
|||||||
COPY --from=build /app/target/file.war /usr/local/tomcat/webapps
|
COPY --from=build /app/target/file.war /usr/local/tomcat/webapps
|
||||||
```
|
```
|
||||||
|
|
||||||
In this example, we use one stage (called `build`) to perform the actual Java build using Maven. In the second
|
In this example, we use one stage (called `build`) to perform the actual Java build with Maven. In the second
|
||||||
stage (starting at `FROM tomcat`), we copy in files from the `build` stage. The final image is only the last stage
|
stage (starting at `FROM tomcat`), we copy in files from the `build` stage. The final image is only the last stage
|
||||||
being created (which can be overridden using the `--target` flag).
|
being created (which can be overridden using the `--target` flag).
|
||||||
|
|
||||||
@ -199,11 +228,11 @@ being created (which can be overridden using the `--target` flag).
|
|||||||
### React Example
|
### React Example
|
||||||
|
|
||||||
When building React applications, we need a Node environment to compile the JS code (typically JSX), SASS stylesheets,
|
When building React applications, we need a Node environment to compile the JS code (typically JSX), SASS stylesheets,
|
||||||
and more into static HTML, JS, and CSS. If we aren't doing server-side rendering, we don't even need a Node environment
|
and more into static HTML, JS, and CSS. Although if we aren't performing server-side rendering, we don't even need a Node environment
|
||||||
for our production build. Why not ship the static resources in a static nginx container?
|
for our production build. Why not ship the static resources in a static nginx container?
|
||||||
|
|
||||||
```dockerfile
|
```dockerfile
|
||||||
FROM node:12 AS build
|
FROM node:18 AS build
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY package* yarn.lock ./
|
COPY package* yarn.lock ./
|
||||||
RUN yarn install
|
RUN yarn install
|
||||||
@ -215,13 +244,13 @@ FROM nginx:alpine
|
|||||||
COPY --from=build /app/build /usr/share/nginx/html
|
COPY --from=build /app/build /usr/share/nginx/html
|
||||||
```
|
```
|
||||||
|
|
||||||
Here, we are using a `node:12` image to perform the build (maximizing layer caching) and then copying the output
|
Here, we are using a `node:18` image to perform the build (maximizing layer caching) and then copying the output
|
||||||
into an nginx container. Cool, huh?
|
into an nginx container. Cool, huh?
|
||||||
|
|
||||||
|
|
||||||
## Recap
|
## Recap
|
||||||
|
|
||||||
By understanding a little bit about how images are structured, we can build images faster and ship fewer changes.
|
By understanding a little bit about how images are structured, we can build images faster and ship fewer changes.
|
||||||
|
Scanning images gives us confidence that the containers we are running and distributing are secure.
|
||||||
Multi-stage builds also help us reduce overall image size and increase final container security by separating
|
Multi-stage builds also help us reduce overall image size and increase final container security by separating
|
||||||
build-time dependencies from runtime dependencies.
|
build-time dependencies from runtime dependencies.
|
||||||
|
|
||||||
|
@ -27,14 +27,12 @@ You'll notice a few flags being used. Here's some more info on them:
|
|||||||
|
|
||||||
## The Docker Dashboard
|
## The Docker Dashboard
|
||||||
|
|
||||||
Before going too far, we want to highlight the Docker Dashboard, which gives
|
Before going any further, we want to highlight the Docker Dashboard, which gives
|
||||||
you a quick view of the containers running on your machine. It gives you quick
|
you a quick view of the containers running on your machine. It provides you
|
||||||
access to container logs, lets you get a shell inside the container, and lets you
|
access to container logs, lets you get a shell inside the container, and allows you to easily manage container lifecycle (stop, remove, etc.).
|
||||||
easily manage container lifecycle (stop, remove, etc.).
|
|
||||||
|
|
||||||
To access the dashboard, follow the instructions for either
|
To access the dashboard, follow the instructions in the
|
||||||
[Mac](https://docs.docker.com/docker-for-mac/dashboard/) or
|
[Docker Desktop manual](https://docs.docker.com/desktop/). If you open the dashboard
|
||||||
[Windows](https://docs.docker.com/docker-for-windows/dashboard/). If you open the dashboard
|
|
||||||
now, you will see this tutorial running! The container name (`jolly_bouman` below) is a
|
now, you will see this tutorial running! The container name (`jolly_bouman` below) is a
|
||||||
randomly created name. So, you'll most likely have a different name.
|
randomly created name. So, you'll most likely have a different name.
|
||||||
|
|
||||||
@ -43,12 +41,13 @@ randomly created name. So, you'll most likely have a different name.
|
|||||||
|
|
||||||
## What is a container?
|
## What is a container?
|
||||||
|
|
||||||
Now that you've run a container, what _is_ a container? Simply put, a container is
|
Now that you've successfully run a container, let's ask ourselves what _is_ a container? Simply put, a container is
|
||||||
simply another process on your machine that has been isolated from all other processes
|
another process on your machine that has been isolated from all other processes
|
||||||
on the host machine. That isolation leverages [kernel namespaces and cgroups](https://medium.com/@saschagrunert/demystifying-containers-part-i-kernel-space-2c53d6979504), features that have been
|
on the host machine. That isolation leverages [kernel namespaces and cgroups](https://medium.com/@saschagrunert/demystifying-containers-part-i-kernel-space-2c53d6979504), features that have been
|
||||||
in Linux for a long time. Docker has worked to make these capabilities approachable and easy to use.
|
in Linux for a long time. Docker has worked to make these capabilities approachable and easy to use.
|
||||||
|
|
||||||
!!! info "Creating Containers from Scratch"
|
!!! info
|
||||||
|
"Creating Containers from Scratch"
|
||||||
If you'd like to see how containers are built from scratch, Liz Rice from Aqua Security
|
If you'd like to see how containers are built from scratch, Liz Rice from Aqua Security
|
||||||
has a fantastic talk in which she creates a container from scratch in Go. While she makes
|
has a fantastic talk in which she creates a container from scratch in Go. While she makes
|
||||||
a simple container, this talk doesn't go into networking, using images for the filesystem,
|
a simple container, this talk doesn't go into networking, using images for the filesystem,
|
||||||
@ -59,8 +58,8 @@ in Linux for a long time. Docker has worked to make these capabilities approacha
|
|||||||
## What is a container image?
|
## What is a container image?
|
||||||
|
|
||||||
When running a container, it uses an isolated filesystem. This custom filesystem is provided
|
When running a container, it uses an isolated filesystem. This custom filesystem is provided
|
||||||
by a **container image**. Since the image contains the container's filesystem, it must contain everything
|
by a **container image**. Since the image contains the container's filesystem, it must include everything
|
||||||
needed to run an application - all dependencies, configuration, scripts, binaries, etc. The
|
needed to run the application - all dependencies, configuration, scripts, binaries, etc. The
|
||||||
image also contains other configuration for the container, such as environment variables,
|
image also contains other configuration for the container, such as environment variables,
|
||||||
a default command to run, and other metadata.
|
a default command to run, and other metadata.
|
||||||
|
|
||||||
@ -68,6 +67,6 @@ We'll dive deeper into images later on, covering topics such as layering, best p
|
|||||||
|
|
||||||
!!! info
|
!!! info
|
||||||
If you're familiar with `chroot`, think of a container as an extended version of `chroot`. The
|
If you're familiar with `chroot`, think of a container as an extended version of `chroot`. The
|
||||||
filesystem is simply coming from the image. But, a container adds additional isolation not
|
filesystem is simply coming from the image whereas a container adds additional isolation that is not
|
||||||
available when simply using chroot.
|
available when simply using chroot.
|
||||||
|
|
||||||
|
Before Width: | Height: | Size: 121 KiB After Width: | Height: | Size: 280 KiB |
@ -4,12 +4,12 @@ application stack. The following question often arises - "Where will MySQL run?
|
|||||||
container or run it separately?" In general, **each container should do one thing and do it well.** A few
|
container or run it separately?" In general, **each container should do one thing and do it well.** A few
|
||||||
reasons:
|
reasons:
|
||||||
|
|
||||||
- There's a good chance you'd have to scale APIs and front-ends differently than databases
|
- There's a good chance you'd have to scale APIs and front-ends differently than databases.
|
||||||
- Separate containers let you version and update versions in isolation
|
- Separate containers let you version and update versions in isolation.
|
||||||
- While you may use a container for the database locally, you may want to use a managed service
|
- While you may use a container for the database locally, you may want to use a managed service
|
||||||
for the database in production. You don't want to ship your database engine with your app then.
|
for the database in production. You don't want to ship your database engine with your app then.
|
||||||
- Running multiple processes will require a process manager (the container only starts one process),
|
- Running multiple processes will require a process manager (the container only starts one process),
|
||||||
which adds complexity to container startup/shutdown
|
which adds complexity to container startup/shutdown.
|
||||||
|
|
||||||
And there are more reasons. So, we will update our application to work like this:
|
And there are more reasons. So, we will update our application to work like this:
|
||||||
|
|
||||||
@ -37,8 +37,8 @@ For now, we will create the network first and attach the MySQL container at star
|
|||||||
docker network create todo-app
|
docker network create todo-app
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Start a MySQL container and attach it the network. We're also going to define a few environment variables that the
|
1. Start a MySQL container and attach it to the network. We're also going to define a few environment variables that the
|
||||||
database will use to initialize the database (see the "Environment Variables" section in the [MySQL Docker Hub listing](https://hub.docker.com/_/mysql/)) (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
database will use to initialize the database (see the "Environment Variables" section in the [MySQL Docker Hub listing](https://hub.docker.com/_/mysql/)).
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -d \
|
docker run -d \
|
||||||
@ -46,7 +46,18 @@ For now, we will create the network first and attach the MySQL container at star
|
|||||||
-v todo-mysql-data:/var/lib/mysql \
|
-v todo-mysql-data:/var/lib/mysql \
|
||||||
-e MYSQL_ROOT_PASSWORD=secret \
|
-e MYSQL_ROOT_PASSWORD=secret \
|
||||||
-e MYSQL_DATABASE=todos \
|
-e MYSQL_DATABASE=todos \
|
||||||
mysql:5.7
|
mysql:8.0
|
||||||
|
```
|
||||||
|
|
||||||
|
If you are using PowerShell then use this command.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
docker run -d `
|
||||||
|
--network todo-app --network-alias mysql `
|
||||||
|
-v todo-mysql-data:/var/lib/mysql `
|
||||||
|
-e MYSQL_ROOT_PASSWORD=secret `
|
||||||
|
-e MYSQL_DATABASE=todos `
|
||||||
|
mysql:8.0
|
||||||
```
|
```
|
||||||
|
|
||||||
You'll also see we specified the `--network-alias` flag. We'll come back to that in just a moment.
|
You'll also see we specified the `--network-alias` flag. We'll come back to that in just a moment.
|
||||||
@ -86,6 +97,8 @@ For now, we will create the network first and attach the MySQL container at star
|
|||||||
|
|
||||||
Hooray! We have our `todos` database and it's ready for us to use!
|
Hooray! We have our `todos` database and it's ready for us to use!
|
||||||
|
|
||||||
|
To exit the sql terminal type `exit` in the terminal.
|
||||||
|
|
||||||
|
|
||||||
## Connecting to MySQL
|
## Connecting to MySQL
|
||||||
|
|
||||||
@ -112,7 +125,7 @@ which ships with a _lot_ of tools that are useful for troubleshooting or debuggi
|
|||||||
And you'll get an output like this...
|
And you'll get an output like this...
|
||||||
|
|
||||||
```text
|
```text
|
||||||
; <<>> DiG 9.14.1 <<>> mysql
|
; <<>> DiG 9.18.8 <<>> mysql
|
||||||
;; global options: +cmd
|
;; global options: +cmd
|
||||||
;; Got answer:
|
;; Got answer:
|
||||||
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32162
|
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32162
|
||||||
@ -138,6 +151,8 @@ which ships with a _lot_ of tools that are useful for troubleshooting or debuggi
|
|||||||
What this means is... our app only simply needs to connect to a host named `mysql` and it'll talk to the
|
What this means is... our app only simply needs to connect to a host named `mysql` and it'll talk to the
|
||||||
database! It doesn't get much simpler than that!
|
database! It doesn't get much simpler than that!
|
||||||
|
|
||||||
|
When you're done, run `exit` to close out of the container.
|
||||||
|
|
||||||
|
|
||||||
## Running our App with MySQL
|
## Running our App with MySQL
|
||||||
|
|
||||||
@ -150,32 +165,46 @@ The todo app supports the setting of a few environment variables to specify MySQ
|
|||||||
|
|
||||||
!!! warning Setting Connection Settings via Env Vars
|
!!! warning Setting Connection Settings via Env Vars
|
||||||
While using env vars to set connection settings is generally ok for development, it is **HIGHLY DISCOURAGED**
|
While using env vars to set connection settings is generally ok for development, it is **HIGHLY DISCOURAGED**
|
||||||
when running applications in production. Diogo Monica, the former lead of security at Docker,
|
when running applications in production. Diogo Monica, a former lead of security at Docker,
|
||||||
[wrote a fantastic blog post](https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/)
|
[wrote a fantastic blog post](https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/)
|
||||||
explaining why.
|
explaining why.
|
||||||
|
|
||||||
A more secure mechanism is to use the secret support provided by your container orchestration framework. In most cases,
|
A more secure mechanism is to use the secret support provided by your container orchestration framework. In most cases,
|
||||||
these secrets are mounted as files in the running container. You'll see many apps (including the MySQL image and the todo app)
|
these secrets are mounted as files in the running container. You'll see many apps (including the MySQL image and the todo app)
|
||||||
also support env vars with a `_FILE` suffix to point to a file containing the file.
|
also support env vars with a `_FILE` suffix to point to a file containing the variable.
|
||||||
|
|
||||||
As an example, setting the `MYSQL_PASSWORD_FILE` var will cause the app to use the contents of the referenced file
|
As an example, setting the `MYSQL_PASSWORD_FILE` var will cause the app to use the contents of the referenced file
|
||||||
as the connection password. Docker doesn't do anything to support these env vars. Your app will need to know to look for
|
as the connection password. Docker doesn't do anything to support these env vars. Your app will need to know to look for
|
||||||
the variable and get the file contents.
|
the variable and get the file contents.
|
||||||
|
|
||||||
|
|
||||||
With all of that explained, let's start our dev-ready container!
|
With all of that explained, let's start our dev-ready container!
|
||||||
|
|
||||||
1. We'll specify each of the environment variables above, as well as connect the container to our app network (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
1. We'll specify each of the environment variables above, as well as connect the container to our app network.
|
||||||
|
|
||||||
```bash hl_lines="3 4 5 6 7"
|
```bash hl_lines="3 4 5 6 7"
|
||||||
docker run -dp 3000:3000 \
|
docker run -dp 3000:3000 \
|
||||||
-w /app -v ${PWD}:/app \
|
-w /app -v "$(pwd):/app" \
|
||||||
--network todo-app \
|
--network todo-app \
|
||||||
-e MYSQL_HOST=mysql \
|
-e MYSQL_HOST=mysql \
|
||||||
-e MYSQL_USER=root \
|
-e MYSQL_USER=root \
|
||||||
-e MYSQL_PASSWORD=secret \
|
-e MYSQL_PASSWORD=secret \
|
||||||
-e MYSQL_DB=todos \
|
-e MYSQL_DB=todos \
|
||||||
node:12-alpine \
|
node:18-alpine \
|
||||||
|
sh -c "yarn install && yarn run dev"
|
||||||
|
```
|
||||||
|
|
||||||
|
If you are using PowerShell then use this command.
|
||||||
|
|
||||||
|
```powershell hl_lines="3 4 5 6 7"
|
||||||
|
docker run -dp 3000:3000 `
|
||||||
|
-w /app -v "$(pwd):/app" `
|
||||||
|
--network todo-app `
|
||||||
|
-e MYSQL_HOST=mysql `
|
||||||
|
-e MYSQL_USER=root `
|
||||||
|
-e MYSQL_PASSWORD=secret `
|
||||||
|
-e MYSQL_DB=todos `
|
||||||
|
node:18-alpine `
|
||||||
sh -c "yarn install && yarn run dev"
|
sh -c "yarn install && yarn run dev"
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -185,9 +214,10 @@ With all of that explained, let's start our dev-ready container!
|
|||||||
```plaintext hl_lines="7"
|
```plaintext hl_lines="7"
|
||||||
# Previous log messages omitted
|
# Previous log messages omitted
|
||||||
$ nodemon src/index.js
|
$ nodemon src/index.js
|
||||||
[nodemon] 1.19.2
|
[nodemon] 2.0.20
|
||||||
[nodemon] to restart at any time, enter `rs`
|
[nodemon] to restart at any time, enter `rs`
|
||||||
[nodemon] watching dir(s): *.*
|
[nodemon] watching path(s): *.*
|
||||||
|
[nodemon] watching extensions: js,mjs,json
|
||||||
[nodemon] starting `node src/index.js`
|
[nodemon] starting `node src/index.js`
|
||||||
Connected to mysql db at host mysql
|
Connected to mysql db at host mysql
|
||||||
Listening on port 3000
|
Listening on port 3000
|
||||||
@ -199,7 +229,7 @@ With all of that explained, let's start our dev-ready container!
|
|||||||
is **secret**.
|
is **secret**.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker exec -ti <mysql-container-id> mysql -p todos
|
docker exec -it <mysql-container-id> mysql -p todos
|
||||||
```
|
```
|
||||||
|
|
||||||
And in the mysql shell, run the following:
|
And in the mysql shell, run the following:
|
||||||
|
Before Width: | Height: | Size: 113 KiB After Width: | Height: | Size: 244 KiB |
@ -37,11 +37,11 @@ see a few flaws in the Dockerfile below. But, don't worry! We'll go over them.
|
|||||||
1. Create a file named `Dockerfile` in the same folder as the file `package.json` with the following contents.
|
1. Create a file named `Dockerfile` in the same folder as the file `package.json` with the following contents.
|
||||||
|
|
||||||
```dockerfile
|
```dockerfile
|
||||||
FROM node:12-alpine
|
FROM node:18-alpine
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN yarn install --production
|
RUN yarn install --production
|
||||||
CMD ["node", "src/index.js"]
|
CMD ["node", "./src/index.js"]
|
||||||
```
|
```
|
||||||
|
|
||||||
Please check that the file `Dockerfile` has no file extension like `.txt`. Some editors may append this file extension automatically and this would result in an error in the next step.
|
Please check that the file `Dockerfile` has no file extension like `.txt`. Some editors may append this file extension automatically and this would result in an error in the next step.
|
||||||
@ -54,7 +54,7 @@ see a few flaws in the Dockerfile below. But, don't worry! We'll go over them.
|
|||||||
|
|
||||||
This command used the Dockerfile to build a new container image. You might
|
This command used the Dockerfile to build a new container image. You might
|
||||||
have noticed that a lot of "layers" were downloaded. This is because we instructed
|
have noticed that a lot of "layers" were downloaded. This is because we instructed
|
||||||
the builder that we wanted to start from the `node:12-alpine` image. But, since we
|
the builder that we wanted to start from the `node:18-alpine` image. But, since we
|
||||||
didn't have that on our machine, that image needed to be downloaded.
|
didn't have that on our machine, that image needed to be downloaded.
|
||||||
|
|
||||||
After the image was downloaded, we copied in our application and used `yarn` to
|
After the image was downloaded, we copied in our application and used `yarn` to
|
||||||
|
Before Width: | Height: | Size: 166 KiB After Width: | Height: | Size: 308 KiB |
@ -24,7 +24,7 @@ What you'll see is that the files created in one container aren't available in a
|
|||||||
commands (why we have the `&&`). The first portion picks a single random number and writes
|
commands (why we have the `&&`). The first portion picks a single random number and writes
|
||||||
it to `/data.txt`. The second command is simply watching a file to keep the container running.
|
it to `/data.txt`. The second command is simply watching a file to keep the container running.
|
||||||
|
|
||||||
1. Validate we can see the output by `exec`'ing into the container. To do so, open the Dashboard and click the first action of the container that is running the `ubuntu` image.
|
1. Validate we can see the output by `exec`'ing into the container. To do so, open the Dashboard, find your Ubuntu container, click on the "triple dot" menu to get additional actions, and click on the "Open in terminal" menu item.
|
||||||
|
|
||||||
![Dashboard open CLI into ubuntu container](dashboard-open-cli-ubuntu.png){: style=width:75% }
|
![Dashboard open CLI into ubuntu container](dashboard-open-cli-ubuntu.png){: style=width:75% }
|
||||||
{: .text-center }
|
{: .text-center }
|
||||||
@ -54,7 +54,10 @@ What you'll see is that the files created in one container aren't available in a
|
|||||||
And look! There's no `data.txt` file there! That's because it was written to the scratch space for
|
And look! There's no `data.txt` file there! That's because it was written to the scratch space for
|
||||||
only the first container.
|
only the first container.
|
||||||
|
|
||||||
1. Go ahead and remove the first container using the `docker rm -f` command.
|
1. Go ahead and remove the first container using the `docker rm -f <container-id>` command.
|
||||||
|
```bash
|
||||||
|
docker rm -f <container-id>
|
||||||
|
```
|
||||||
|
|
||||||
## Container Volumes
|
## Container Volumes
|
||||||
|
|
||||||
@ -91,7 +94,7 @@ Every time you use the volume, Docker will make sure the correct data is provide
|
|||||||
docker volume create todo-db
|
docker volume create todo-db
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Stop the todo app container once again in the Dashboard (or with `docker rm -f <id>`), as it is still running without using the persistent volume.
|
1. Stop the todo app container once again in the Dashboard (or with `docker rm -f <container-id>`), as it is still running without using the persistent volume.
|
||||||
|
|
||||||
1. Start the todo app container, but add the `-v` flag to specify a volume mount. We will use the named volume and mount
|
1. Start the todo app container, but add the `-v` flag to specify a volume mount. We will use the named volume and mount
|
||||||
it to `/etc/todos`, which will capture all files created at the path.
|
it to `/etc/todos`, which will capture all files created at the path.
|
||||||
@ -105,7 +108,7 @@ Every time you use the volume, Docker will make sure the correct data is provide
|
|||||||
![Items added to todo list](items-added.png){: style="width: 55%; " }
|
![Items added to todo list](items-added.png){: style="width: 55%; " }
|
||||||
{: .text-center }
|
{: .text-center }
|
||||||
|
|
||||||
1. Remove the container for the todo app. Use the Dashboard or `docker ps` to get the ID and then `docker rm -f <id>` to remove it.
|
1. Remove the container for the todo app. Use the Dashboard or `docker ps` to get the ID and then `docker rm -f <container-id>` to remove it.
|
||||||
|
|
||||||
1. Start a new container using the same command from above.
|
1. Start a new container using the same command from above.
|
||||||
|
|
||||||
|
@ -36,7 +36,8 @@ an example command that you will need to run to push to this repo.
|
|||||||
|
|
||||||
To fix this, we need to "tag" our existing image we've built to give it another name.
|
To fix this, we need to "tag" our existing image we've built to give it another name.
|
||||||
|
|
||||||
1. Login to the Docker Hub using the command `docker login -u YOUR-USER-NAME`.
|
1. Login to Docker Hub by either clicking on the "Sign In" button in Docker Desktop or using the
|
||||||
|
command `docker login -u YOUR-USER-NAME`.
|
||||||
|
|
||||||
1. Use the `docker tag` command to give the `getting-started` image a new name. Be sure to swap out
|
1. Use the `docker tag` command to give the `getting-started` image a new name. Be sure to swap out
|
||||||
`YOUR-USER-NAME` with your Docker ID.
|
`YOUR-USER-NAME` with your Docker ID.
|
||||||
@ -58,7 +59,7 @@ an example command that you will need to run to push to this repo.
|
|||||||
Now that our image has been built and pushed into a registry, let's try running our app on a brand
|
Now that our image has been built and pushed into a registry, let's try running our app on a brand
|
||||||
new instance that has never seen this container image! To do this, we will use Play with Docker.
|
new instance that has never seen this container image! To do this, we will use Play with Docker.
|
||||||
|
|
||||||
1. Open your browser to [Play with Docker](http://play-with-docker.com).
|
1. Open your browser to [Play with Docker](https://labs.play-with-docker.com/).
|
||||||
|
|
||||||
1. Log in with your Docker Hub account.
|
1. Log in with your Docker Hub account.
|
||||||
|
|
||||||
@ -89,4 +90,4 @@ can use the latest version of the image.
|
|||||||
Now that we have that figured out, let's circle back around to what we noticed at the end of the last
|
Now that we have that figured out, let's circle back around to what we noticed at the end of the last
|
||||||
section. As a reminder, we noticed that when we restarted the app, we lost all of our todo list items.
|
section. As a reminder, we noticed that when we restarted the app, we lost all of our todo list items.
|
||||||
That's obviously not a great user experience, so let's learn how we can persist the data across
|
That's obviously not a great user experience, so let's learn how we can persist the data across
|
||||||
restarts!
|
restarts!
|
||||||
|
Before Width: | Height: | Size: 117 KiB After Width: | Height: | Size: 278 KiB |
@ -14,7 +14,7 @@ changes and then restart the application. There are equivalent tools in most oth
|
|||||||
## Quick Volume Type Comparisons
|
## Quick Volume Type Comparisons
|
||||||
|
|
||||||
Bind mounts and named volumes are the two main types of volumes that come with the Docker engine. However, additional
|
Bind mounts and named volumes are the two main types of volumes that come with the Docker engine. However, additional
|
||||||
volume drivers are available to support other uses cases ([SFTP](https://github.com/vieux/docker-volume-sshfs), [Ceph](https://ceph.com/geen-categorie/getting-started-with-the-docker-rbd-volume-plugin/), [NetApp](https://netappdvp.readthedocs.io/en/stable/), [S3](https://github.com/elementar/docker-s3-volume), and more).
|
volume drivers are available to support other use cases ([SFTP](https://github.com/vieux/docker-volume-sshfs), [Ceph](https://ceph.com/geen-categorie/getting-started-with-the-docker-rbd-volume-plugin/), [NetApp](https://netappdvp.readthedocs.io/en/stable/), [S3](https://github.com/elementar/docker-s3-volume), and more).
|
||||||
|
|
||||||
| | Named Volumes | Bind Mounts |
|
| | Named Volumes | Bind Mounts |
|
||||||
| - | ------------- | ----------- |
|
| - | ------------- | ----------- |
|
||||||
@ -34,21 +34,36 @@ To run our container to support a development workflow, we will do the following
|
|||||||
|
|
||||||
So, let's do it!
|
So, let's do it!
|
||||||
|
|
||||||
1. Make sure you don't have any previous `getting-started` containers running.
|
1. Make sure you don't have any of your own `getting-started` containers running (only the tutorial itself should be running).
|
||||||
|
|
||||||
1. Run the following command (replace the ` \ ` characters with `` ` `` in Windows PowerShell). We'll explain what's going on afterwards:
|
1. Also make sure you are in app source code directory, i.e. `/path/to/getting-started/app`. If you aren't, you can `cd` into it, .e.g:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd /path/to/getting-started/app
|
||||||
|
```
|
||||||
|
|
||||||
|
1. Now that you are in the `getting-started/app` directory, run the following command. We'll explain what's going on afterwards:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -dp 3000:3000 \
|
docker run -dp 3000:3000 \
|
||||||
-w /app -v ${PWD}:/app \
|
-w /app -v "$(pwd):/app" \
|
||||||
node:12-alpine \
|
node:18-alpine \
|
||||||
|
sh -c "yarn install && yarn run dev"
|
||||||
|
```
|
||||||
|
|
||||||
|
If you are using PowerShell then use this command.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
docker run -dp 3000:3000 `
|
||||||
|
-w /app -v "$(pwd):/app" `
|
||||||
|
node:18-alpine `
|
||||||
sh -c "yarn install && yarn run dev"
|
sh -c "yarn install && yarn run dev"
|
||||||
```
|
```
|
||||||
|
|
||||||
- `-dp 3000:3000` - same as before. Run in detached (background) mode and create a port mapping
|
- `-dp 3000:3000` - same as before. Run in detached (background) mode and create a port mapping
|
||||||
- `-w /app` - sets the "working directory" or the current directory that the command will run from
|
- `-w /app` - sets the container's present working directory where the command will run from
|
||||||
- `-v ${PWD}:/app` - bind mount the current directory from the host in the container into the `/app` directory
|
- `-v "$(pwd):/app"` - bind mount (link) the host's present `getting-started/app` directory to the container's `/app` directory. Note: Docker requires absolute paths for binding mounts, so in this example we use `pwd` for printing the absolute path of the working directory, i.e. the `app` directory, instead of typing it manually
|
||||||
- `node:12-alpine` - the image to use. Note that this is the base image for our app from the Dockerfile
|
- `node:18-alpine` - the image to use. Note that this is the base image for our app from the Dockerfile
|
||||||
- `sh -c "yarn install && yarn run dev"` - the command. We're starting a shell using `sh` (alpine doesn't have `bash`) and
|
- `sh -c "yarn install && yarn run dev"` - the command. We're starting a shell using `sh` (alpine doesn't have `bash`) and
|
||||||
running `yarn install` to install _all_ dependencies and then running `yarn run dev`. If we look in the `package.json`,
|
running `yarn install` to install _all_ dependencies and then running `yarn run dev`. If we look in the `package.json`,
|
||||||
we'll see that the `dev` script is starting `nodemon`.
|
we'll see that the `dev` script is starting `nodemon`.
|
||||||
@ -58,9 +73,10 @@ So, let's do it!
|
|||||||
```bash
|
```bash
|
||||||
docker logs -f <container-id>
|
docker logs -f <container-id>
|
||||||
$ nodemon src/index.js
|
$ nodemon src/index.js
|
||||||
[nodemon] 1.19.2
|
[nodemon] 2.0.20
|
||||||
[nodemon] to restart at any time, enter `rs`
|
[nodemon] to restart at any time, enter `rs`
|
||||||
[nodemon] watching dir(s): *.*
|
[nodemon] watching path(s): *.*
|
||||||
|
[nodemon] watching extensions: js,mjs,json
|
||||||
[nodemon] starting `node src/index.js`
|
[nodemon] starting `node src/index.js`
|
||||||
Using sqlite database at /etc/todos/todo.db
|
Using sqlite database at /etc/todos/todo.db
|
||||||
Listening on port 3000
|
Listening on port 3000
|
||||||
@ -69,7 +85,7 @@ So, let's do it!
|
|||||||
When you're done watching the logs, exit out by hitting `Ctrl`+`C`.
|
When you're done watching the logs, exit out by hitting `Ctrl`+`C`.
|
||||||
|
|
||||||
1. Now, let's make a change to the app. In the `src/static/js/app.js` file, let's change the "Add Item" button to simply say
|
1. Now, let's make a change to the app. In the `src/static/js/app.js` file, let's change the "Add Item" button to simply say
|
||||||
"Add". This change will be on line 109.
|
"Add". This change will be on line 109 - remember to save the file.
|
||||||
|
|
||||||
```diff
|
```diff
|
||||||
- {submitting ? 'Adding...' : 'Add Item'}
|
- {submitting ? 'Adding...' : 'Add Item'}
|
||||||
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 238 KiB |
Before Width: | Height: | Size: 126 KiB After Width: | Height: | Size: 282 KiB |
@ -12,35 +12,18 @@ So, how do we get started?
|
|||||||
|
|
||||||
## Installing Docker Compose
|
## Installing Docker Compose
|
||||||
|
|
||||||
If you installed Docker Desktop/Toolbox for either Windows or Mac, you already have Docker Compose!
|
If you installed Docker Desktop for Windows, Mac, or Linux you already have Docker Compose!
|
||||||
Play-with-Docker instances already have Docker Compose installed as well. If you are on
|
Play-with-Docker instances already have Docker Compose installed as well. If you are on
|
||||||
a Linux machine, you will need to install Docker Compose using
|
another system, you can install Docker Compose using [the instructions here](https://docs.docker.com/compose/install/).
|
||||||
[the instructions here](https://docs.docker.com/compose/install/).
|
|
||||||
|
|
||||||
After installation, you should be able to run the following and see version information.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
docker-compose version
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Creating our Compose File
|
## Creating our Compose File
|
||||||
|
|
||||||
1. At the root of the app project, create a file named `docker-compose.yml`.
|
1. Inside of the app folder, create a file named `docker-compose.yml` (next to the `Dockerfile` and `package.json` files).
|
||||||
|
|
||||||
1. In the compose file, we'll start off by defining the schema version. In most cases, it's best to use
|
1. In the compose file, we'll start off by defining a list of services (or containers) we want to run as part of our application.
|
||||||
the latest supported version. You can look at the [Compose file reference](https://docs.docker.com/compose/compose-file/)
|
|
||||||
for the current schema versions and the compatibility matrix.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3.7"
|
|
||||||
```
|
|
||||||
|
|
||||||
1. Next, we'll define the list of services (or containers) we want to run as part of our application.
|
|
||||||
|
|
||||||
```yaml hl_lines="3"
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -49,70 +32,62 @@ And now, we'll start migrating a service at a time into the compose file.
|
|||||||
|
|
||||||
## Defining the App Service
|
## Defining the App Service
|
||||||
|
|
||||||
To remember, this was the command we were using to define our app container (replace the ` \ ` characters with `` ` `` in Windows PowerShell).
|
To remember, this was the command we were using to define our app container.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -dp 3000:3000 \
|
docker run -dp 3000:3000 \
|
||||||
-w /app -v ${PWD}:/app \
|
-w /app -v "$(pwd):/app" \
|
||||||
--network todo-app \
|
--network todo-app \
|
||||||
-e MYSQL_HOST=mysql \
|
-e MYSQL_HOST=mysql \
|
||||||
-e MYSQL_USER=root \
|
-e MYSQL_USER=root \
|
||||||
-e MYSQL_PASSWORD=secret \
|
-e MYSQL_PASSWORD=secret \
|
||||||
-e MYSQL_DB=todos \
|
-e MYSQL_DB=todos \
|
||||||
node:12-alpine \
|
node:18-alpine \
|
||||||
sh -c "yarn install && yarn run dev"
|
sh -c "yarn install && yarn run dev"
|
||||||
```
|
```
|
||||||
|
|
||||||
1. First, let's define the service entry and the image for the container. We can pick any name for the service.
|
1. First, let's define the service entry and the image for the container. We can pick any name for the service.
|
||||||
The name will automatically become a network alias, which will be useful when defining our MySQL service.
|
The name will automatically become a network alias, which will be useful when defining our MySQL service.
|
||||||
|
|
||||||
```yaml hl_lines="4 5"
|
```yaml hl_lines="2 3"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Typically, you will see the command close to the `image` definition, although there is no requirement on ordering.
|
1. Typically, you will see the command close to the `image` definition, although there is no requirement on ordering.
|
||||||
So, let's go ahead and move that into our file.
|
So, let's go ahead and move that into our file.
|
||||||
|
|
||||||
```yaml hl_lines="6"
|
```yaml hl_lines="4"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
command: sh -c "yarn install && yarn run dev"
|
command: sh -c "yarn install && yarn run dev"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
1. Let's migrate the `-p 3000:3000` part of the command by defining the `ports` for the service. We will use the
|
1. Let's migrate the `-p 3000:3000` part of the command by defining the `ports` for the service. We will use the
|
||||||
[short syntax](https://docs.docker.com/compose/compose-file/#short-syntax-1) here, but there is also a more verbose
|
[short syntax](https://docs.docker.com/compose/compose-file/#short-syntax-2) here, but there is also a more verbose
|
||||||
[long syntax](https://docs.docker.com/compose/compose-file/#long-syntax-1) available as well.
|
[long syntax](https://docs.docker.com/compose/compose-file/#long-syntax-2) available as well.
|
||||||
|
|
||||||
```yaml hl_lines="7 8"
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
|
```yaml hl_lines="5 6"
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
command: sh -c "yarn install && yarn run dev"
|
command: sh -c "yarn install && yarn run dev"
|
||||||
ports:
|
ports:
|
||||||
- 3000:3000
|
- 3000:3000
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v ${PWD}:/app`) by using
|
1. Next, we'll migrate both the working directory (`-w /app`) and the volume mapping (`-v "$(pwd):/app"`) by using
|
||||||
the `working_dir` and `volumes` definitions. Volumes also has a [short](https://docs.docker.com/compose/compose-file/#short-syntax-3) and [long](https://docs.docker.com/compose/compose-file/#long-syntax-3) syntax.
|
the `working_dir` and `volumes` definitions. Volumes also has a [short](https://docs.docker.com/compose/compose-file/#short-syntax-4) and [long](https://docs.docker.com/compose/compose-file/#long-syntax-4) syntax.
|
||||||
|
|
||||||
One advantage of Docker Compose volume definitions is we can use relative paths from the current directory.
|
One advantage of Docker Compose volume definitions is we can use relative paths from the current directory.
|
||||||
|
|
||||||
```yaml hl_lines="9 10 11"
|
```yaml hl_lines="7 8 9"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
command: sh -c "yarn install && yarn run dev"
|
command: sh -c "yarn install && yarn run dev"
|
||||||
ports:
|
ports:
|
||||||
- 3000:3000
|
- 3000:3000
|
||||||
@ -123,12 +98,10 @@ docker run -dp 3000:3000 \
|
|||||||
|
|
||||||
1. Finally, we need to migrate the environment variable definitions using the `environment` key.
|
1. Finally, we need to migrate the environment variable definitions using the `environment` key.
|
||||||
|
|
||||||
```yaml hl_lines="12 13 14 15 16"
|
```yaml hl_lines="10 11 12 13 14"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
command: sh -c "yarn install && yarn run dev"
|
command: sh -c "yarn install && yarn run dev"
|
||||||
ports:
|
ports:
|
||||||
- 3000:3000
|
- 3000:3000
|
||||||
@ -145,7 +118,7 @@ docker run -dp 3000:3000 \
|
|||||||
|
|
||||||
### Defining the MySQL Service
|
### Defining the MySQL Service
|
||||||
|
|
||||||
Now, it's time to define the MySQL service. The command that we used for that container was the following (replace the ` \ ` characters with `` ` `` in Windows PowerShell):
|
Now, it's time to define the MySQL service. The command that we used for that container was the following:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -d \
|
docker run -d \
|
||||||
@ -153,35 +126,31 @@ docker run -d \
|
|||||||
-v todo-mysql-data:/var/lib/mysql \
|
-v todo-mysql-data:/var/lib/mysql \
|
||||||
-e MYSQL_ROOT_PASSWORD=secret \
|
-e MYSQL_ROOT_PASSWORD=secret \
|
||||||
-e MYSQL_DATABASE=todos \
|
-e MYSQL_DATABASE=todos \
|
||||||
mysql:5.7
|
mysql:8.0
|
||||||
```
|
```
|
||||||
|
|
||||||
1. We will first define the new service and name it `mysql` so it automatically gets the network alias. We'll
|
1. We will first define the new service and name it `mysql` so it automatically gets the network alias. We'll
|
||||||
go ahead and specify the image to use as well.
|
go ahead and specify the image to use as well.
|
||||||
|
|
||||||
```yaml hl_lines="6 7"
|
```yaml hl_lines="4 5"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
# The app service definition
|
# The app service definition
|
||||||
mysql:
|
mysql:
|
||||||
image: mysql:5.7
|
image: mysql:8.0
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Next, we'll define the volume mapping. When we ran the container with `docker run`, the named volume was created
|
1. Next, we'll define the volume mapping. When we ran the container with `docker run`, the named volume was created
|
||||||
automatically. However, that doesn't happen when running with Compose. We need to define the volume in the top-level
|
automatically. However, that doesn't happen when running with Compose. We need to define the volume in the top-level
|
||||||
`volumes:` section and then specify the mountpoint in the service config. By simply providing only the volume name,
|
`volumes:` section and then specify the mountpoint in the service config. By simply providing only the volume name,
|
||||||
the default options are used. There are [many more options available](https://docs.docker.com/compose/compose-file/#volume-configuration-reference) though.
|
the default options are used. There are [many more options available](https://docs.docker.com/compose/compose-file/#volumes-top-level-element) though.
|
||||||
|
|
||||||
```yaml hl_lines="8 9 10 11 12"
|
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
|
```yaml hl_lines="6 7 8 9 10"
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
# The app service definition
|
# The app service definition
|
||||||
mysql:
|
mysql:
|
||||||
image: mysql:5.7
|
image: mysql:8.0
|
||||||
volumes:
|
volumes:
|
||||||
- todo-mysql-data:/var/lib/mysql
|
- todo-mysql-data:/var/lib/mysql
|
||||||
|
|
||||||
@ -191,14 +160,12 @@ docker run -d \
|
|||||||
|
|
||||||
1. Finally, we only need to specify the environment variables.
|
1. Finally, we only need to specify the environment variables.
|
||||||
|
|
||||||
```yaml hl_lines="10 11 12"
|
```yaml hl_lines="8 9 10"
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
# The app service definition
|
# The app service definition
|
||||||
mysql:
|
mysql:
|
||||||
image: mysql:5.7
|
image: mysql:8.0
|
||||||
volumes:
|
volumes:
|
||||||
- todo-mysql-data:/var/lib/mysql
|
- todo-mysql-data:/var/lib/mysql
|
||||||
environment:
|
environment:
|
||||||
@ -213,11 +180,9 @@ At this point, our complete `docker-compose.yml` should look like this:
|
|||||||
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3.7"
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: node:12-alpine
|
image: node:18-alpine
|
||||||
command: sh -c "yarn install && yarn run dev"
|
command: sh -c "yarn install && yarn run dev"
|
||||||
ports:
|
ports:
|
||||||
- 3000:3000
|
- 3000:3000
|
||||||
@ -231,7 +196,7 @@ services:
|
|||||||
MYSQL_DB: todos
|
MYSQL_DB: todos
|
||||||
|
|
||||||
mysql:
|
mysql:
|
||||||
image: mysql:5.7
|
image: mysql:8.0
|
||||||
volumes:
|
volumes:
|
||||||
- todo-mysql-data:/var/lib/mysql
|
- todo-mysql-data:/var/lib/mysql
|
||||||
environment:
|
environment:
|
||||||
@ -249,41 +214,40 @@ Now that we have our `docker-compose.yml` file, we can start it up!
|
|||||||
|
|
||||||
1. Make sure no other copies of the app/db are running first (`docker ps` and `docker rm -f <ids>`).
|
1. Make sure no other copies of the app/db are running first (`docker ps` and `docker rm -f <ids>`).
|
||||||
|
|
||||||
1. Start up the application stack using the `docker-compose up` command. We'll add the `-d` flag to run everything in the
|
1. Start up the application stack using the `docker compose up` command. We'll add the `-d` flag to run everything in the
|
||||||
background.
|
background.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
When we run this, we should see output like this:
|
When we run this, we should see output like this:
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
Creating network "app_default" with the default driver
|
[+] Running 3/3
|
||||||
Creating volume "app_todo-mysql-data" with default driver
|
⠿ Network app_default Created 0.0s
|
||||||
Creating app_app_1 ... done
|
⠿ Container app-mysql-1 Started 0.4s
|
||||||
Creating app_mysql_1 ... done
|
⠿ Container app-app-1 Started 0.4s
|
||||||
```
|
```
|
||||||
|
|
||||||
You'll notice that the volume was created as well as a network! By default, Docker Compose automatically creates a
|
You'll notice that the volume was created as well as a network! By default, Docker Compose automatically creates a
|
||||||
network specifically for the application stack (which is why we didn't define one in the compose file).
|
network specifically for the application stack (which is why we didn't define one in the compose file).
|
||||||
|
|
||||||
1. Let's look at the logs using the `docker-compose logs -f` command. You'll see the logs from each of the services interleaved
|
1. Let's look at the logs using the `docker compose logs -f` command. You'll see the logs from each of the services interleaved
|
||||||
into a single stream. This is incredibly useful when you want to watch for timing-related issues. The `-f` flag "follows" the
|
into a single stream. This is incredibly useful when you want to watch for timing-related issues. The `-f` flag "follows" the
|
||||||
log, so will give you live output as it's generated.
|
log, so will give you live output as it's generated.
|
||||||
|
|
||||||
If you don't already, you'll see output that looks like this...
|
If you don't already, you'll see output that looks like this...
|
||||||
|
|
||||||
```plaintext
|
```plaintext
|
||||||
mysql_1 | 2019-10-03T03:07:16.083639Z 0 [Note] mysqld: ready for connections.
|
mysql_1 | 2022-11-23T04:01:20.185015Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.31' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server - GPL.
|
||||||
mysql_1 | Version: '5.7.27' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL)
|
|
||||||
app_1 | Connected to mysql db at host mysql
|
app_1 | Connected to mysql db at host mysql
|
||||||
app_1 | Listening on port 3000
|
app_1 | Listening on port 3000
|
||||||
```
|
```
|
||||||
|
|
||||||
The service name is displayed at the beginning of the line (often colored) to help distinguish messages. If you want to
|
The service name is displayed at the beginning of the line (often colored) to help distinguish messages. If you want to
|
||||||
view the logs for a specific service, you can add the service name to the end of the logs command (for example,
|
view the logs for a specific service, you can add the service name to the end of the logs command (for example,
|
||||||
`docker-compose logs -f app`).
|
`docker compose logs -f app`).
|
||||||
|
|
||||||
!!! info "Pro tip - Waiting for the DB before starting the app"
|
!!! info "Pro tip - Waiting for the DB before starting the app"
|
||||||
When the app is starting up, it actually sits and waits for MySQL to be up and ready before trying to connect to it.
|
When the app is starting up, it actually sits and waits for MySQL to be up and ready before trying to connect to it.
|
||||||
@ -310,16 +274,16 @@ quickly see what container is our app and which container is the mysql database.
|
|||||||
|
|
||||||
## Tearing it All Down
|
## Tearing it All Down
|
||||||
|
|
||||||
When you're ready to tear it all down, simply run `docker-compose down` or hit the trash can on the Docker Dashboard
|
When you're ready to tear it all down, simply run `docker compose down` or hit the trash can on the Docker Dashboard
|
||||||
for the entire app. The containers will stop and the network will be removed.
|
for the entire app. The containers will stop and the network will be removed.
|
||||||
|
|
||||||
!!! warning "Removing Volumes"
|
!!! warning "Removing Volumes"
|
||||||
By default, named volumes in your compose file are NOT removed when running `docker-compose down`. If you want to
|
By default, named volumes in your compose file are NOT removed when running `docker compose down`. If you want to
|
||||||
remove the volumes, you will need to add the `--volumes` flag.
|
remove the volumes, you will need to add the `--volumes` flag.
|
||||||
|
|
||||||
The Docker Dashboard does _not_ remove volumes when you delete the app stack.
|
The Docker Dashboard does _not_ remove volumes when you delete the app stack.
|
||||||
|
|
||||||
Once torn down, you can switch to another project, run `docker-compose up` and be ready to contribute to that project! It really
|
Once torn down, you can switch to another project, run `docker compose up` and be ready to contribute to that project! It really
|
||||||
doesn't get much simpler than that!
|
doesn't get much simpler than that!
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@ We're not going to go deep-dive here, but here are a few other areas to look at
|
|||||||
## Container Orchestration
|
## Container Orchestration
|
||||||
|
|
||||||
Running containers in production is tough. You don't want to log into a machine and simply run a
|
Running containers in production is tough. You don't want to log into a machine and simply run a
|
||||||
`docker run` or `docker-compose up`. Why not? Well, what happens if the containers die? How do you
|
`docker run` or `docker compose up`. Why not? Well, what happens if the containers die? How do you
|
||||||
scale across several machines? Container orchestration solves this problem. Tools like Kubernetes,
|
scale across several machines? Container orchestration solves this problem. Tools like Kubernetes,
|
||||||
Swarm, Nomad, and ECS all help solve this problem, all in slightly different ways.
|
Swarm, Nomad, and ECS all help solve this problem, all in slightly different ways.
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@ repo_url: https://github.com/docker/getting-started
|
|||||||
edit_uri: ""
|
edit_uri: ""
|
||||||
|
|
||||||
# Copyright
|
# Copyright
|
||||||
copyright: 'Copyright © 2020 Docker'
|
copyright: 'Copyright © 2020-2022 Docker'
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
theme:
|
theme:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
mkdocs==1.0.4
|
mkdocs==1.3.0
|
||||||
mkdocs-material==4.6.3
|
mkdocs-material==4.6.3
|
||||||
mkdocs-minify-plugin==0.2.3
|
mkdocs-minify-plugin==0.2.3
|
||||||
pygments==2.6.1
|
pygments==2.7.4
|
||||||
pymdown-extensions==7.0
|
pymdown-extensions==7.0
|
||||||
|