From 389357b3e50419bdc3fa6e1393e900015744b927 Mon Sep 17 00:00:00 2001
From: herveleclerc
Step 3
+ **Build the image again; which steps use the cache this time?**@@ -891,8 +889,6 @@ Step 1
**The docker image history command allows us to inspect the build cache history of an image. Try it with your new image:** -3. Creating Images with Dockerfiles (1/2) - ```shell docker image history myimage:latest @@ -942,9 +938,9 @@ Step 3 By the end of this exercise, you should be able to: -- Define a default process for an image to containerize by using the ENTRYPOINT or CMD +- Define a default process for an image to containerize by using the `ENTRYPOINT` or `CMD` Dockerfile commands -- Understand the differences and interactions between ENTRYPOINT and CMD +- Understand the differences and interactions between ENTRYPOINT and `CMD` - Ensure that a containerized process doesn’t run as root by default. ### 4.1. Setting Default Commands @@ -1078,8 +1074,8 @@ docker container run myimage 8.8.8.8 ``` -This time, you should see a ping to 8.8.8.8. Explain the difference in behavior between -these two last containers. +> This time, you should see a ping to 8.8.8.8 +>Explain the difference in behavior between these two last containers. ### 4.3. Running as Non-Root by Default @@ -1117,9 +1113,11 @@ docker container exec rootdemo ps -aux ``` ```text -USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -root 1 0 .8 0 .0 24856 1800? Ss 17 :52 0 :00 ping 8 .8.8. -root 7 0 .0 0 .0 51748 3364? Rs 17 :52 0 :00 ps -aux +sh-4.2# ps -aux +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.1 0.0 6208 1352 pts/0 Ss+ 09:23 0:00 ping 8.8.8.8 +root 7 0.2 0.0 3676 2568 pts/1 Ss 09:23 0:00 sh +root 13 0.0 0.0 7812 3012 pts/1 R+ 09:23 0:00 ps -aux ``` @@ -1154,9 +1152,11 @@ docker container exec userdemo ps -aux ``` ```text -USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND -1000 1 0 .7 0 .0 24856 1908? Ss 17 :55 0 :00 ping 8 .8.8. -1000 7 0 .0 0 .0 51748 3468? Rs 17 :55 0 :00 ps -aux +sh-4.2# ps -aux +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +1000 1 0.1 0.0 6208 1352 pts/0 Ss+ 09:23 0:00 ping 8.8.8.8 +1000 7 0.2 0.0 3676 2568 pts/1 Ss 09:23 0:00 sh +1000 13 0.0 0.0 7812 3012 pts/1 R+ 09:23 0:00 ps -aux ``` This is a simple way to tighten the security of any image that doesn’t need containerized root @@ -1222,7 +1222,7 @@ Step 3 ```shell gcc -Wall hello.c -o hello -```` +``` ```shell ./hello @@ -1310,8 +1310,8 @@ docker image ls | grep 'my-app-' ``` ```text -REPOSITORY TAG IMAGE ID CREATED SIZE -my-app-small latest f49ec3971aa6 6 seconds ago 4 .01MB +REPOSITORY TAG IMAGE ID CREATED SIZE +my-app-small latest f49ec3971aa6 6 seconds ago 4.01MB my-app-large latest a7d0c6fe0849 About a minute ago 189MB ``` @@ -1734,7 +1734,7 @@ By the end of this exercise, you should be able to: ### 7.1. Setting the Logging Driver -Docker offers a number of different logging drivers for recording the STDOUT and STDERR of +Docker offers a number of different logging drivers for recording the `STDOUT` and `STDERR` of PID 1 processes in a container; below we’ll explore the defaults which correspond to the json-file driver, and the journald driver. @@ -1751,10 +1751,10 @@ docker container logs@@ -1829,10 +1829,10 @@ journalctl CONTAINER_NAME=demo ```text -- Logs begin at Wed 2021 -05-19 15 :03:26 UTC, end at Wed 2021 -05-19 15 :11:09 UTC. -- -May 19 15 :11:02 node 138194df21dc[ 1701 ]: PING 8 .8.8.8 ( 8 .8.8.8) 56 ( 84 ) bytes of data. -May 19 15 :11:02 node 138194df21dc[ 1701 ]: 64 bytes from 8 .8.8.8: icmp_seq= 1 ttl= 113 time= 1 .14 ms -May 19 15 :11:03 node 138194df21dc[ 1701 ]: 64 bytes from 8 .8.8.8: icmp_seq= 2 ttl= 113 time= 1 .14 ms -May 19 15 :11:04 node 138194df21dc[ 1701 ]: 64 bytes from 8 .8.8.8: icmp_seq= 3 ttl= 113 time= 1 .19 ms +May 19 15 :11:02 node 138194df21dc[ 1701 ]: PING 8.8.8.8 ( 8.8.8.8) 56 ( 84 ) bytes of data. +May 19 15 :11:02 node 138194df21dc[ 1701 ]: 64 bytes from 8.8.8.8: icmp_seq= 1 ttl= 113 time= 1 .14 ms +May 19 15 :11:03 node 138194df21dc[ 1701 ]: 64 bytes from 8.8.8.8: icmp_seq= 2 ttl= 113 time= 1 .14 ms +May 19 15 :11:04 node 138194df21dc[ 1701 ]: 64 bytes from 8.8.8.8: icmp_seq= 3 ttl= 113 time= 1 .19 ms ``` @@ -1986,7 +1986,7 @@ docker container logs myapp You’ll see nothing, of course - the shell command we’ve containerized doesn’t write anything -to STDOUT, so there’s nothing to see in the logs. +to `STDOUT`, so there’s nothing to see in the logs. But, check out the contents of your mounted volume: @@ -2148,38 +2148,38 @@ After ten seconds (or if we press ^C again) it will forcibly kill them. **Compose file structure :** A Compose file has multiple sections: - - - `version` is mandatory. (Typically use "3".) - - `services` is mandatory. Each service corresponds to a container. - - `networks` is optional and indicates to which networks containers should be connected. - (By default, containers will be connected on a private, per-compose-file network.) - - `volumes` is optional and can define volumes to be used and/or shared by the containers. +- `version` is mandatory. (Typically use "3".) +- `services` is mandatory. Each service corresponds to a container. +- `networks` is optional and indicates to which networks containers should be connected. +(By default, containers will be connected on a private per-compose-file network.) +- `volumes` is optional and can define volumes to be used and/or shared by the containers. **Compose file versions :** - - Version 1 is legacy and shouldn't be used. - (If you see a Compose file without version and services, it's a legacy v1 file.) - - Version 2 added support for networks and volumes. - - Version 3 added support for deployment options (scaling, rolling updates, etc). +- Version 1 is legacy and shouldn't be used. + (If you see a Compose file without version and services, it's a legacy v1 file.) +- Version 2 added support for networks and volumes. +- Version 3 added support for deployment options (scaling, rolling updates, etc). -Typically use version: "3". +**Typically use version: "3"** **Containers in docker-compose.yml :** - - Each service in the YAML file must contain either build, or image. - - build indicates a path containing a Dockerfile. - - image indicates an image name (local, or on a registry). +- Each service in the YAML file must contain either build, or image. +- build indicates a path containing a Dockerfile. +- image indicates an image name (local, or on a registry). Container parameters - - command indicates what to run (like CMD in a Dockerfile). - - ports translates to one (or multiple) -p options to map ports. - You can specify local ports (i.e. x:y to expose public port x). +- command indicates what to run (like CMD in a Dockerfile). + +- ports translates to one (or multiple) -p options to map ports. + You can specify local ports (i.e. x:y to expose public port x). - - volumes translates to one (or multiple) -v options. +- volumes translates to one (or multiple) -v options. You can use relative paths here. **Environment variables :**