Download: Red Hat Certificate of Expertise in Containerized Application Development

Study Guide Red Hat Certificate of Expertise in Containerized Application Development Contents Prerequisites 3 Linux 3 Installation 3 Docker Refresh 3 What is Docker? 3 Basic Docker Commands 3 Containers4ASample Command 4 Running Containers Locally 4 Linking Containers 4 Container Logs 4 Docker Events 5 Docker Inspect 5 Exposing Containers 5 Volume Command 5 Security Best Practices 6 Images 6 Image Registries 6 Image Design Best Practices 7 Working with Images 7 Dockerfile Syntax 7 Custom Images 8 Image Lifecyle 9 Managing Images 9 Designing an image for application deployment 9 Private Regist...
Author: Thistarry Shared: 7/30/19
Downloads: 476 Views: 2731

Content

Study Guide Red Hat Certificate of Expertise in Containerized Application Development,

Contents

Prerequisites 3 Linux 3 Installation 3 Docker Refresh 3 What is Docker? 3 Basic Docker Commands 3 Containers4ASample Command 4 Running Containers Locally 4 Linking Containers 4 Container Logs 4 Docker Events 5 Docker Inspect 5 Exposing Containers 5 Volume Command 5 Security Best Practices 6 Images 6 Image Registries 6 Image Design Best Practices 7 Working with Images 7 Dockerfile Syntax 7 Custom Images 8 Image Lifecyle 9 Managing Images 9 Designing an image for application deployment 9, Private Registry Security 10 Image Tags and Pulls 10,

Prerequisites Linux

• Using the 3.10.x kernel or newer

Installation

• On CentOS • yum -y install docker • On Ubuntu • apt-get update && apt-get install docker

Docker Refresh What is Docker?

• Docker is open source software that automates application deployment inside software containers • Docker containers are a complete software environment. Containers have: • Code • Runtime • System Tools & Libraries • A container is designed to run the same regardless of the environment • If you are not familiar with Docker you should take the Linux Academy – Docker Quick Start course or our Docker Deep Dive course

Basic Docker Commands

• docker create • Creates a container • docker run • Creates a container and starts it running • docker stop • Stops a running container • docker rm • Remove one or more containers • docker rmi • Remove one or more images • docker exec • Run a command in a running container • docker images • List images - 4 -, • docker save • Save an image to a tar archive. (does not compress) • docker load • Load an image from a tar archive • docker export • Export a containers filesystem as a tar archive • More Docker commands can be found on docs.docker.com

Containers A Sample Command

• Let’s provision a database server. • Since MySQL expects certain variables to be passed through to the container, to instantiate a basic MySQL instance named test1-mysql, we would type in the following: • docker run -d -name=test1-mysql -env=”MYSQL_ROOT_ PASSWORD=mypassword” mysql • To see what the IP address of the running container is we would type in: • docker inspect test1-mysql |grep “IPAddress” • To stop this running container we would use: • docker stop test1-mysql

Running Containers Locally Linking Containers

• Let’s see how we link a MySQL container to a WordPress container at runtime. • First we run our MySQL container. We could use the following command to do this: • docker run -d -name=test1-mysql -env=”MYSQL_ROOT_ PASSWORD=mypassword” mysql • To link a WordPress container to this database container we would use the following command: • docker run -d -name test1-wordpress -link test1-mysql:mysql wordpress

Container Logs

• We get the container logs from Docker via the docker logs command: - 5 -, • docker logs [options] CONTAINER • An example command to get the logs from a WordPress container called test-wordpress would be the following: • docker logs -f test1-wordpress

Docker Events

• We can get real-time events from the docker host with the events command • docker events [OPTIONS]

Docker Inspect

• Docker inspect gives you low level information about docker objects. An example would be as follows: • docker inspect test1-mysql

Exposing Containers

• Docker allows you to expose a port or ports from a container so connections can be made. If the image has been designed to allow this then you can enable it via the expose option. An example is shown below: • docker run -d -name=test1-mysql -env=”MYSQL_ROOT_PASSWORD=password” -publish 3306:3306 mysql

Volume Command

• Docker allows you to set up storage via the volume command, which can help you create persistent storage between containers. An example would be as follows: • The commands to work with a volume • docker volume create -name ShareVol1 • docker volume inspect ShareVol1 • docker volume ls ShareVol1 • docker volume rm ShareVol1 • To assign the ShareVol1 to a filesystem on a ubuntu server you would do the following: • docker run -ti -v ShareVol1:/newvol1 ubuntu - 6 -,

Security Best Practices

• Docker runs as root. If you’re in the docker group you effectively have root access • Greater security can be found by running Docker inside a virtual machine • You can use software such as apparmor, seccomp or SELinux to increase security • Limit no of active processes (since Docker 1.11) • docker run -pids-limit=64 • Control new processes (kernel above 3.5.x) • docker run -security-opt=no-new-privileges • Turn off ipc • docker -ipc=false • Disable iptables changes • docker -iptables=false • Docker as read only • docker run -read-only • Volume as read only • docker run -ti -v ShareVol1:/newvol1:ro ubuntu • Use hash to pull image • docker pull debian@sha256:a253063385... • Limit memory and CPU sharing • docker -c 512 -mem 512m • Define and run a user in your Dockerfile, so you’re not running as root inside the container • RUN groupadd -r user && useradd -r -g user user

Images Image Registries

• Image registries store Docker images. When you just type in an image name it pulls it from Docker directly. So the following command: - 7 -, • docker pull centos • Is the same as typing this command: • docker pull docker.io/library/centos • You can easily run your own image repository. You can run it via a Docker pull. The following command pulls and runs a repository and makes it available on port 5000 of the Docker container: • docker run -d -p 5000:5000 -restart=always -name registry registry:2

Image Design Best Practices

• Containers should be designed to be ephemeral • Use a .dockerignore file for files you want ignored • Try not to install unnecessary packages • Use each container for a single purpose. e.g. One container for a DB, one container for an application • Minimize number of layers in a container • Utilize build cache where possible • Don’t want to use the cache? Use -co-cache=true • Use common sense when designing the image

Working with Images

• Docker containers are created from a base image • In the Dockerfile, each action adds to the ‘layer’ before it • Dockerfile syntax is designed to be clean and allows #comment blocks for commenting • File syntax consists of comments, commands, and arguments • A Dockerfile is serial, there are no ‘goto’s or loops • MAINTAINER can be placed almost anywhere but must be after the FROM

Dockerfile Syntax

• FROM • Defines a base image for the build • RUN • Is executed during the build of the image • ADD • Copies a file from the build folder to the image. If it’s a compressed file the contents will - 8 -, be extracted. Allows remote url support • COPY • Copies new files or directories from the source to the container. COPY should be used instead of ADD unless the special ADD abilities are needed • WORKDIR • Directive used to set where CMD is to be executed. It’s working directory • USER • Is used to set the UID or username which is to run the container based on the image being built • CMD • Similar to RUN, but executed when the container is running, not when its built • ENTRYPOINT • Should be used when a container should run an application after its instantiated • ONBUILD • A trigger for when the image is used as the basis for another image. • EXPOSE • Expose a port to the outside world. Enables networking between containers • ENV • Is used to set an environment variable inside the container • VOLUME • Creates a mount point inside the container

Custom Images

• You can nest images in subsequent Dockerfiles if you need to • Here is an example: • docker image1 has FROM ubuntu inside • docker image2 has FROM image1 inside plus other commands • docker image3 has FROM image2 inside plus other commands • You cannot have multiple FROM inside a Dockerfile • A sample Dockerfile is shown below that has the following properties: • It uses a base image of CentOS 6 • The MAINTAINER is kevin • yum install is run to install software • A compressed file is uncompressed and copied to the file system • Port 80 is exposed to the container • The container starts Apache when it is run • FROM centos:6 MAINTAINER kevin RUN yum -y install httpd elinks ADD mainfile.tar.gz /var/www/html - 9 -, EXPOSE 80 ENTRYPOINT [“/usr/sbin/http”, “-D”, “FOREGROUND”]

Image Lifecyle

• A need for a container arises • An image is designed and a Dockerfile is created • A Docker image is built • The image is tested • The image is modified as required • An approved image is moved to production • As changes are required, the image goes back through the cycle to be modified • When an image is no longer required its use is stopped • Old unused images are deleted and cleaned up

Managing Images Designing an image for application deployment

• A Docker image is a stripped down version of the normal operating system that would be used by the container. So what extra code is required for the app to run in a container properly? • Is the application to run in a cluster? • Is a shared Database required? • Does the container need shared volumes? • What ports need to be open? • What registries will be used to store the image? • What tagging format will be required? • The application work flow is as follows • The image is created • The image is tagged • The image is pushed to a registry • The image gets pulled from a registry and used - 10 -,

Private Registry Security

• You can download and run a private registry from within Docker. • The following command pulls and runs a repository and makes it available on port 5000 of the docker container • docker run -d -p 5000:5000 -restart=always -name registry registry:2 • You can set the registry to use a folder on the host server with a command like the following: • docker run -d -p 5000:5000 -restart=always -name registry -v /usr/ data:/var/lib/registry registry:2 • You can use TLS to secure the communications with the repository. To do this with a self signed certificate you would do the following: • Generate the key • openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain. key -x509 -days 365 -out certs/domain.crt • Run the registry with the key added like the following: • docker run -d -p 5000:5000 -restart=always -name registry -v / usr/data:/var/lib/registry REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2 • With a self-signed cert you will need to add a copy of the cert to any Docker installs that will use the repo. This can be done by copying the domain.crt to the proper location and calling it ca.crt as shown in this example for the previous docker run command: • cp certs/domain.crt /etc/docker/certs.d/centos-master\:5000/ca.crt

Image Tags and Pulls

• You can group your images together using names and tags. The format of the tag command is as follows: • docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] • Tagging an image will help you keep track of them. It makes it easier to see if there are different versions for instance. • If you’re using an external registry, for example, you need to tag your image with the target its going to before you can push the image. • To push an image to centos-master:5000/ubuntu:v1, for instance, you would need to do the following: • docker pull ubuntu • To get the image - 11 -, • docker tag ubuntu centos-master:5000/ubuntu:v1 • Tagging the image • docker push centos-master:5000/ubuntu:v1 • Pushing the image to the repository - 12 -]
15

Similar documents

FRONT & REAR SUSPENSION SECTIONSU
FRONT & REAR SUSPENSION SECTIONSU CONTENTS FRONT SUSPENSION ...2 WHEELARCH HEIGHT (UNLADEN*1) ...15 Precautions ...2 WHEEL RUNOUT ...15 PRECAUTIONS ...2 WHEEL BALANCE...15 Preparation ...2 REAR SUSPENSION...16 SPECIAL SERVICE TOOLS ...2 Precautions ...16 COMMERCIAL SERVICE TOOLS...2 PRECAUTIONS ...1
2010 SP 5.0 SPR # Description Product
2010 SP 5.0 SPR # Description Product 221873 Cannot drag the endpoint of this underdefined sketch SolidWorks line 322870 Centerline in drawing does not update to new position SolidWorks when feature is modified. 352787 ModelDoc2::SketchModifyFlip does not flip sketch SolidWorks API with external poi
LIMITED WARRANTY
LIMITED WARRANTY THE LICENSOR expressly disclaims any warranty for the Program, Editor, and Manual(s). The Program, Editor and Manual(s) are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability, fitness for
CAD 製図基準テンプレート ユーザマニュアル
CAD 製図基準テンプレート ユーザマニュアル 目次 1 はじめに ... 1 2 SXF テンプレート ファイルの概要 ... 1 (1) テンプレートファイル(*.dwt) ... 1 (2) 画層テンプレート(*.dwg) ... 3 3 AUTOCAD の設定 ... 5 1 テンプレートファイルの読み込み ... 5 2 画層情報の取り込み ... 6 3 図面表題欄情報の入力 ... 9 4 尺度付きテンプレート ファイルの使用 ... 11 1 オブジェクトの作図 ... 11 2 文字の入力 ... 12 3 寸法の作図 ... 14 5 カスタムテンプレート ファイルの使用
Epilepsy warning
DVDPAGE_SYBERIA_UK.qxd 8/12/04 10:13 Page 1 Epilepsy warning Please read before using this game or allowing your children to use it. When subject to certain types of light effects, some people are prone to epilepsy attacks, leading to loss of consciousness. This may be due to images flashing up in q
Autodesk SOFTWARE LICENSE AGREEMENT
Autodesk SOFTWARE LICENSE AGREEMENT SUOMI READ CAREFULLY: AUTODESK, INC. (“AUTODESK”) LICENSES THIS SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”). BY SELECTING THE “I ACCEPT” BUTTON AT THE END OF THIS AGREEMENT OR
1 SYNDICATE CONTENTS
SYNDICATE CONTENTS Introduction ...3 Game Overview ...4 Object Of The Game ...5 Quickstart...6 Main Menu Options ...14 F1. Configure Company ...14 F2. Begin Mission ...14 F3. Load And Save Game...14 F4. Restart Game...14 F5. Quit To DOS...14 CHAPTER 1: CONFIGURING YOUR COMPANY ...15 Select Detail To
1 SYNDICATE CONTENTS
SYNDICATE CONTENTS Introduction ...3 Game Overview ...4 Object Of The Game ...5 Quickstart...6 Main Menu Options ...14 F1. Configure Company ...14 F2. Begin Mission ...14 F3. Load And Save Game...14 F4. Restart Game...14 F5. Quit To DOS...14 CHAPTER 1: CONFIGURING YOUR COMPANY ...15 Select Detail To
Reduce Stress
CHAPTER FIVE Reduce Stress To reduce stress, you need to understand stress. Stress is the result of your perception of events. It is indicated by how you react to situations. What is stressful to you might not be stressful to someone else and vice versa. You are not born with more or fewer stress- p
Version Control with Subversion For Subversion 1.7 (Compiled from r4526)
Version Control with Subversion For Subversion 1.7 (Compiled from r4526) Ben Collins-Sussman Brian W. Fitzpatrick C. Michael Pilato Version Control with Subversion: For Subversion 1.7: (Compiled from r4526) by Ben Collins-Sussman, Brian W. Fitzpatrick, and C. Michael Pilato Copyright © 2002, 2003, 2
Lose Weight
CHAPTER SIX Lose Weight Information is your most powerful weapon in the fight against fat. Information, not willpower, and certainly not some new fad diet, will assist you in making healthy choices in your diet and lifestyle. The diet industry is constantly bombarding us with new weight loss trends:
Think Yourself Healthy 1. Lower your stress levels.
CHAPTER SEVEN Think Yourself Healthy You are born with self-corrective potential for health. An ill body occurs when the harmonious balance of mind and body is upset. But you can think yourself healthy; how you think and what you feel influences your physical health. The reverse is also true: if you
Reduce Cholesterol For A Healthier Heart
CHAPTER ELEVEN Reduce Cholesterol For A Healthier Heart This information is not meant to conflict with your doctor’s advice, which you should obtain before making any major changes in your lifestyle. Coronary heart disease is the leading cause of death in the United States. Unless you have a congeni
Stop Smoking 1. If at first you don’t succeed, try, try again.
CHAPTER TWELVE Stop Smoking We are all aware of the dangers of smoking ... and how difficult it can be to stop. You want to quit, but you’ve tried before and failed. Now you fear that this habit is stronger than you are. It frequently seems that this addiction is overpowering—dominating your thought
Become a Success
CHAPTER FOURTEEN Become a Success Statistics show that highly successful people are: 1) self-confident; 2) impatient and excessive about their personal and professional pursuits; 3) committed to their work to the degree of being workaholics; 4) people who want, need and demand to be in control; 5) p
How To Make Your Own Self-Hypnosis Tapes/CDs
CHAPTER SIXTEEN How To Make Your Own Self-Hypnosis Tapes/CDs The affirmations at the end of each chapter can be used as self-talk or they can be included in a self-hypnosis format for daily mind-programming. Self-talk is a matter of thinking or speaking positive suggestions that support your self- c
Freelicks.net – Speed, Tone and Theory Speed
Freelicks.net – Speed, Tone and Theory Speed Legato example 3 (E minor scale) Speedpicking example 1 e|-12-14-15-12-14-15-| e|-| b|-| b|-| g|-| g|-12-12-12-12-12-12-12-| d|-| d|-| a|-| a|-| e|-| e|-| You may pick the very first note of this pattern Play this example as sixteenth notes OR sixteenth n
My lovably ordinary brother Syd
http://www.timesonline.co.uk/article/0,,2092-2271741,00.html The Sunday Times July 16, 2006 My lovably ordinary brother Syd The ‘crazy diamond’ founder of Pink Floyd was no acid casualty or recluse. He loved art and DIY, his sister Rosemary tells his biographer Tim Willis in her first interview for
Calculating Take-off V-speeds for the SimCheck A300
Calculating Take-off V-speeds for the SimCheck A300 In the A300's Airspeed indicator you can click on the hidden clickzone to get the actual V-Speeds based on the 8500ft RWY in reference to weight! But what if you want to Take-Off at a different Rwy e.g. at a RWY with 4000m lengt not 2600? You have
##RTFHeader ##HelpLanguageID=0x0409
##RTFHeader ##HelpLanguageID=0x0409 Date Version, Reason Log: v0509200900, Cleaned up all tags. v0516200900, Fonts standardized. v0526200900, Removed superfluous symbol font. v1022200900, Localization tasks. v1029200900, Modified #342, Vertical and Horizontal for #343, #344 ##HelpTopicID=0x0999 Help
CONTENTS
CONTENTS Basics... 2 Keystroke basics... 2 Introduction ... 2 First things to understand ... 2 The Script Editor ... 4 The “Edit” button ... 4 The “Tools” button ... 5 Event Tester... 5 Device Analyzer ... 7 Running a script ... 8 Script contents ... 9 Minimal file contents ... 9 Target.tmh ... 9 Th
Isol8 MANUAL
Isol8 5-BAND FREQUENCY MONITOR MANUAL TBProAudio 2018 1. Introduction Welcome to Isol8, an advanced mix monitoring tool. Isol8 helps you to understand and improve your mix in the frequency domain. Isol8 divides the frequency band into 5 regions. Each band can be soloed / muted individually, so you c
Items new to The Conquerors Expansion are outlined in
bold. Items this civilization cannot research are shaded. Aztecs Unique unit: Jaguar Warrior (anti-infantry infantry) Unique technology: Garland Wars (+4 infantry attack) Team Bonus: Relics +33% gold z Start with Eagle Warrior, not Scout Cavalry z Villagers carry +5 z All military units created 15%
The certainty principle (review) D. A. Arbatsky∗ August, 2006
The certainty principle (review) D. A. Arbatsky∗ August, 2006 Abstract The certainty principle (2005) allowed to generalize and unify both the Heisenberg uncertainty principle (1927) and the Mandelshtam-Tamm relation (1945). It turned out to be applicable to any quantum systems, including relativist
25 +25W STEREO AMPLIFIER WITH MUTE & ST-BY
® TDA7265 25 +25W STEREO AMPLIFIER WITH MUTE & ST-BY WIDE SUPPLY VOLTAGE RANGE (UP TO ±25V ABS MAX.) SPLIT SUPPLY HIGH OUTPUT POWER 25 + 25W @ THD =10%, RL = 8Ω, VS = +20V NO POP AT TURN-ON/OFF MUTE (POP FREE) STAND-BY FEATURE (LOW Iq) SHORT CIRCUIT PROTECTION THERMAL OVERLOAD PROTECTION Multiwatt11
INTEGRATED CIRCUITS DATA SHEET TDA8501 PAL/NTSC encoder Preliminary specification April 1993 File under Integrated Circuits, IC02
INTEGRATED CIRCUITS DATA SHEET TDA8501 PAL/NTSC encoder Preliminary specification April 1993 File under Integrated Circuits, IC02 FEATURES GENERAL DESCRIPTION • Two input stages: R, G, B and −(R−Y), −(B−Y), Y with The TDA8501 is a highly integrated PAL/NTSC encoder IC multiplexing which is designed
INTEGRATED CIRCUITS DATA SHEET TDA8560Q 2 × 40 W/2 Ω stereo BTL car radio power amplifier with diagnostic facility Product specification 1996 Jan 08 Supersedes data of March 1994
INTEGRATED CIRCUITS DATA SHEET TDA8560Q 2 × 40 W/2 Ω stereo BTL car radio power amplifier with diagnostic facility Product specification 1996 Jan 08 Supersedes data of March 1994 File under Integrated Circuits, IC01 FEATURES • Thermally protected • Requires very few external components • Reverse pol
INTEGRATED CIRCUITS DATA SHEET TDA8505 SECAM encoder Preliminary specification July 1994 Supersedes data of May 1993 File under Integrated Circuits, IC02
INTEGRATED CIRCUITS DATA SHEET TDA8505 SECAM encoder Preliminary specification July 1994 Supersedes data of May 1993 File under Integrated Circuits, IC02 Philips Semiconductors FEATURES GENERAL DESCRIPTION • Two input stages, R, G, B and Y, −(R−Y), −(B−Y) with The TDA8505 is a highly integrated SECA
INTEGRATED CIRCUITS DATA SHEET TEA5710; TEA5710T AM/FM radio receiver circuit Product specification March 1994 File under Integrated Circuits, IC01
INTEGRATED CIRCUITS DATA SHEET TEA5710; TEA5710T AM/FM radio receiver circuit Product specification March 1994 File under Integrated Circuits, IC01 FEATURES APPLICATIONS • Wide supply voltage range: 2.0 to 12 V • Portable AM/FM radio • Low current consumption: 7.5 mA at AM, 9.0 mA at FM • Clock radi
The Speed Reading Course
The Speed Reading Course By Peter Shepherd & Gregory Unsworth-Mitchell Email: email is hidden Web site: Tools for Transformation Copyright © 1997 Peter Shepherd The Speed Reading Course Introduction We all learn to read at school, after a fashion. But for most of us, this is not an optimal use of ou