polynomial

Docker ๐Ÿฌ and Kubernetes ๐Ÿšข

Polynomial Time 's photo
Polynomial Time
ยท

6 min read

When writing this I am on MacOS with an M3 chip. and Rancher Desktop! But should work for everyone similarly.

brew install --cask rancher # This should install rancher desktop

In โ›ญ Settings and preference I have

Container Engine : dockerd (moby)

Virtual Machine : VZ and VZ (Enable Rosetta support) checked

The first step is to Build an Image and Navigate the docker commands

Docker command structure is docker <type> <command>

For example: if you want to have any interaction with containers you will say

docker container <command>command can be as simple aslsto list containers

docker network <command> Similarly, if u want to do something with the network

#First things first create a Dockerfile
#Create a docker image by building it 
docker build -t <image-name>:<tag> . 

docker image ls #This will show all images

docker run --name my-container my-image:latest

docker container attach <"container_id"> #attach to container running in detach mode if u have opned it in -it  

# This commands can also be used for network ie: docker network kill <"network_id">
docker container kill <"container_id"> #kills an running container immediately

docker container stop <"container_id"> #Gracefully stop container ie: 10s to stop resources and then kill 

docker container prune # Remove all unused container

Additional tags for run command

#Additional Flags 
#when you launch docker your microservice port could be internal to the container ie: 8080 
#you want to expose this so will do -p 80:8080 so will be able to access application at http://yourwebiste.com:80
-p <local_machine_port>:<docker_port> 
#This will print whats going inside container to terminal 
--attach STDOUT --attach STDERR
#will remove or delete container after it exits 
--rm 
#Attach a volume (local)
-v "$(pwd)/local_folder":container_folder
#set working directory 
-w /<working_directory>
#Run in detach mode means just show container id and exit 
-d
#Open on interactive mode ie: provide STDInput in with pseudo TTL
-it

Connect to the container

# Use following command to connect to container when in bash 
docker exec -it <container_id> /bin/bash
#Copy files & Folders in running container 
docker cp <source_location> <container_id>:<desination_path>

Docker Networking ๐Ÿ“ก

Docker networks are of the following types (DRIVER)

  1. None

  2. default Bridge

  3. User-defined Bridge

  4. Host Network

  5. MacVLAN Network

  6. Overlay Network

  7. IPvLan

#Here are basic commands that we would use often for networking
docker network ls # list networks 
docker network inspect <network_name> # 
docker network connect <network_id> <container_id>
docker network disconnect <network_id> <container_id>


#1. <default-Bridge>
#This is the default the network driver when you create a container
#It shows as interface:docker0 and gateway:172.17.0.1 subnet:172.17.0.0/16

docker container run --name "nginx" -d  nginx:latest
#this will create a nginx container and attach it to default network bridge 
#Default bridge creates a virtual network interface, this can be checked by `ifconfig` will see something like `vethe879@if1` 
#And acts as DHCP so assignes a IP address, this can be checked by docker network inspect command 
#Means ! - By default
# Containers reach Internet
# You cannot reach Container | Expose port to achieve this -p 80:80
# All container within bridge can communicate with each other

#2. <User-defined-Bridge>
docker network create <"network-name">
#This will create a new network, Below is example how you attach container to network 
docker container run --network "network-name" --name "nginx" -d nginx:latest
#Means ! - By default 
# Container in other networks cannot reach container in network-name 
# Should also get DNS meaning ping <"container-name"> should work ( Did not work for me on rancher desktop ))

#3. <host>
docker container run --network host --name "nginx" -d nginx:latest
#This will run application with same ip as host, just like running application installed on your machine

#4. <MacVLAN>
#MacVLAN allow us to connect the docker container directly to our physical network 
#They will get their own MAC Address and IP address on network ie: Home network

#ToDo: READ on Vlan 
docker network create -d macvlan \
    --subnet <YOUR_SUBNET> \
    --gateway <YOUR_GATEWAY> \
    -o parent=<YOUR_PARENT_INTERFACE> \
    <NETWORK_NAME>
#1.Subnet : Home network subnet  2.Gateway : Routers Address
#3.O Flag : VLAN interface of the system where container will be deployed ie: eth0.10 this can be determined by using ifconfig
#Creating container in network 
docker container run --network "network_name" --ip "10.7.1.22" --name "nginx" -d nginx:latest
#--ip this should be unique IP address in network 
# NOTE: For this to work you might need to Turn ON promiscuous mode on each network device.
# WARNING: If you dont specify --ip docker dhcp will assign random address which could conflict with network dhcp
# INFO: MacVLAN has 2 modes above is (bridge mode) another mode is (802./q)

#4. <IPVLAN> (L2)
#Allows Host to share MacAddress with container (which solves promiscuous issue existed in macvlan )
#So each container will have unique IP but same macaddress as Host
#Router/Switch in the network should be Okay with this otherwise there is a problem 

docker network create -d ipvlan \
    --subnet <YOUR_SUBNET> \
    --gateway <YOUR_GATEWAY> \
    -o parent=<YOUR_PARENT_INTERFACE> \
    <NETWORK_NAME>

#5. <IPVLAN> (L3)
#This connects containers directly to Hosts network interface. which solves all the problems
#But network does not know where to reach container and there is no internet connectivity 
#To Achieve network you have to configure router table and tell it
#ToDO: Skipping this for Now

#6 <Overlay network>
#This is used in case of multiple host (used in kubernaties / Docker Swarm)

#7 <None network>
#Means no connectivity ! 
docker container run --network None --name "nginx" -d nginx:latest

Connect to eks using kubectl

  1. Setup was profile locally for this method

  2. log in using `aws sso login --profile <your-profile>`

For more Info on AWS commands and setup check aws blog

aws eks update-kubeconfig --name <cluster-name> \
--region <region> \ 
--role-arn <role that gives access to eks> \
--profile <aws saved profile> \
--alias <context_name>

kubectl config get-contexts #This will list all kube context 

kubectl config use-context <context_name> #this will select the context name

kubectl config delete-context <context-name> #Will delete the context

Kubectl commands

# Namespace
kubectl get namespace #This will show all the namespace available
kubectl create namespace <namespace-name> #Creates new namespace 
kubectl delete namespace <namespace-name> #Delete's namespace

#Pod 
kubectl get pod -n <namespace>
kubectl delete pod <pod-name> -n <namespace>
kubectl logs <pod-name> -n <namespace>

#Ingress
kubectl get ingress -n <namespace>
kubectl describe ingress <ingress-name> -n <namespace>

#Services
kubectl get svc -n <namespace> #gives services in the namespace 
kubectl describe svc -n <svc-name> -n <namespace>

Adding and checking secrets in eks

#Secrets 
kubectl create secret generic <secret-name> \
  --from-literal='key1=value1' \
  --from-literal='key2=value2' \
  --namespace=<namespace-name> # This will create a secret <secret-name> with key:value pairs

#check if secret has been created

kubectl describe secret <store-name> --n <namespace-name>

#This will give json output, the values will be base64 encoded
kubectl get secret <store-name> --n <namespace-name> -o json

#Connect to a POD 
kubectl exec -it <pod-name> -n <namespace> -- /bin/bash

dget pods

create namespace

Commands//

https://codeshare.io/gLVg40

what is ssh config file

ย