docker

Install minikube

Install docker
http://www.panticz.de/docker

Install minikube
https://minikube.sigs.k8s.io/docs/start/

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_$(dpkg --print-architecture).deb
sudo dpkg -i minikube_latest_*.deb
rm minikube_latest_*.deb
 
sudo usermod -aG docker $USER && newgrp docker
 
minikube start
 
minikube addons enable ingress

Install kubectl
https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management

Docker networking 

docker network ls
docker network inspect bridge
docker network inspect host
docker network inspect none
 
ip addr show docker0
ip link show docker0
ip -c link show type bridge
 
ip netns
docker inspect ${DOCKER_ID}
 
ip link # attached to bridge
# vethxxx@ifx
ip -n ${INTERFACE_ID} # assignet do container
# eth0@ifx
 
ip -n ${NAMESPACE_ID} addr
 
docker run -p 8080:80 nginx # forward internal port 80 to host port 8080
#iptables -t nat -A PREROUTING -j DNAT --dport 8080 -to-destination 80
#iptables -t nat -A Docker -j DNAT --dport 8080 --to-destination 172.17.0.3:80
iptables -nvL -t nat

Move Elasticsearch data to dedicated LV 

# create lvm
pvcreate /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_*
vgcreate data /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_*
lvcreate --name elasticsearch --size 2T data
mkfs.ext4 /dev/data/elasticsearch
 
# pre-sync data
mount /dev/data/elasticsearch /mnt/
rsync -aHAXx --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
 
# sync data
docker stop elasticsearch
rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
umount /mnt
 
# mount new LV

GitLab: Docker CI pipeline

Optinal: Create nested LXD container
http://www.panticz.de/lxd/nesting

CONTAINER_NAME=gitlab-runner1-dev
lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true
#-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55
 
lxc exec ${CONTAINER_NAME} -- apt update
lxc exec ${CONTAINER_NAME} -- apt dist-upgrade
lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades
lxc exec ${CONTAINER_NAME} -- apt autoremove
 
lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys
lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml"
lxc exec ${CONTAINER_NAME} -- netplan apply
 
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
lxc restart ${CONTAINER_NAME}

Install Docker inside LXD container
# http://www.panticz.de/install-docker

podman

Install

sudo apt-get install -y software-properties-common uidmap
sudo add-apt-repository -y ppa:projectatomic/ppa
sudo apt-get -y install podman

Container

podman run --name nginx -v /tmp/html:/usr/share/nginx/html:ro -d -p 8080:80 docker://nginx
 
podman run \
    -dt \
    -p 8080:8080/tcp \
    -e HTTPD_VAR_RUN=/var/run/httpd \
    -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
    -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
    -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
    registry.fedoraproject.org/f27/

Links
https://podman.io/

Docker: Anisble snippets

Ansible docker modules
https://docs.ansible.com/ansible/latest/modules/docker_container_module.html

- name: Enable autostart for running containers
  shell: docker update --restart=always $(docker ps -q)

- name: Get container info
  docker_container_info:
    name: www1
  register: result

- name: Does container exist?
  debug:
    msg: "The container {{ 'exists' if result.exists else 'does not exist' }}"

- name: Stop container
  docker_container:
    name: "{{ result.container.Name }}"
    state: stopped
  when:
    - result.exists
    - result.container.State.Running

Docker: Container

Ubuntu

docker run -it ubuntu:18.04

Import MySql / Mariadb dump into container

cat gogs.sql | docker exec -i gitea_db_1 mysql --host=localhost --user=gitea --password=gitea gitea

Apache

docker run -d --name apache -p 8080:80 httpd:latest

Nginx
https://hub.docker.com/_/nginx

docker run --name nginx -v /tmp:/usr/share/nginx/html:ro -d -p 8080:80 nginx

GitLab runner

docker run -d --name gitlab-runner --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest
 
docker run --rm -t -i -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
    ...

Gitea

Install as Docker container
http://www.panticz.de/docker/container/gitea

APT packages
https://gitlab.com/packaging/gitea

Download archive
https://dl.gitea.io/gitea/

Migrate from gogs
https://docs.gitea.io/en-us/upgrade-from-gogs/

Backup
https://docs.gitea.io/en-us/backup-and-restore/

Install gitea on Kubernetes
https://docs.gitea.com/installation/install-on-kubernetes

helm repo add gitea-charts https://dl.gitea.com/charts/
helm install gitea gitea-charts/gitea

Links
https://gitea.io/

Docker: HAProxy

Container
https://hub.docker.com/_/haproxy

Configuration
/tmp/haproxy/haproxy.cfg

global
  maxconn 4096
  #stats timeout 30s
  #debug
 
defaults
  log global
  mode http
  option httplog
  option dontlognull
  timeout connect 5000
  timeout client 50000
  timeout server 50000
  log 127.0.0.1 local0
  #option httpchk
 
frontend frontend1
  bind :80
  mode http
  use_backend backend1
 
backend backend1
  mode http
  balance roundrobin
  option httpchk GET / HTTP/1.1
  http-check expect status 400
  server www1 172.17.0.2:80 check
  server www2 172.17.0.4:80 check
  server www3 172.17.0.6:80 check
 
listen stats 
  bind :9000
  mode http
  stats enable
  stats hide-version
  stats realm Haproxy\ Statistics
  stats refresh 60s
  stats show-node
  stats auth haproxy:password
  stats uri /

Deploy

docker run -d --name haproxy -v /tmp/haproxy:/usr/local/etc/haproxy:ro -p 8080:80 -p 9000:9000 haproxy:latest
docker logs -f  haproxy
Subscribe to docker