[wip] Docker notes

Prerequisite knowledge

• Container virtualization
• From the Docker Engine running on the host OS, create an execution environment in which the middleware environment called a container is built, and run the application in it.
• Means for solving dependency problems
• By packaging all the dependencies required to execute the application in a container and delivering this package as it is, the application can be operated in the same environment (container) from the development environment to the production environment.
• Docker Engine
• Resident program for using Docker
• Image
• A collection of configuration files required to start a container (= application execution environment)
• Container
• Start the container (= application execution environment) from the image

#Image list
$ docker images

#Image deletion
#It seems that the container will remain, so delete the container and then delete the image
$ docker rmi [Image ID]

#Display a list of currently running containers
# -a displays a list of currently existing containers
$ docker ps

#Check container details
$docker inspect container name

#Delete container
$ docker rm [Container ID]

DockerFile Dockerfile

FROM ruby:2.5
RUN apt-get update -qq && apt-get install -y nodejs postgresql-client
WORKDIR /myapp
COPY Gemfile /myapp/Gemfile
COPY Gemfile.lock /myapp/Gemfile.lock
RUN bundle install
COPY . /myapp

# Add a script to be executed every time the container starts.
COPY entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
EXPOSE 3000

# Start the main process.
CMD ["rails", "server", "-b", "0.0.0.0"]

entrypoint.sh

#!/bin/bash
set -e

# Remove a potentially pre-existing server.pid for Rails.
rm -f /myapp/tmp/pids/server.pid

# Then exec the container's main process (what's set as CMD in the Dockerfile).
exec "$@"

From https://docs.docker.com/compose/rails/

• EXPOSE
• Specify which port on the given network to listen on when the container runs * http://docs.docker.jp/v17.06/engine/reference/builder.html
• ENTRYPOINT and CMD
• If ENTRYPOINT is not specified
• Specify the process and its arguments with CMD
• Any process can be started
• docker run [RET]
• When the process is started without specifying the process, the contents specified by CMD are the specifications of the process to be started and the arguments to it.
• When specifying ENTRYPOINT
• Specify a specific process determined by ENTRYPOINT
• Other processes cannot be started
• docker run RET
• You can give the default additional arguments from the CMD item when no additional arguments are specified.

docker-compose A tool for predefining and running multi-container Docker applications To prevent the hassle and mistakes of starting individual containers and to share the environment smoothly

Excerpts of frequently used items

• docker-compose -h
• Manual
• docker-compose ps
• Show list of containers
• docker-compose top
• Display process information for each container
• docker-compose logs
• Output service log
• docker-compose build
• Build image from DockerFile (do not create container)
• If the image is written in yml, its image name, if it is not local, pull it remotely
• If the image is not written, build the image by referring to the Dockerfile written in build.
  • --no-cache
• If you don't want to use the cache because you updated the Dockerfile
• docker-compose up
• From image construction to container construction / startup
• If you have a cache, use it to build * --build
• Rebuild without using cache (new image and container) * -d
• Run in the background
• docker-compose run [service] [command]
• From building the image, build and start the container, and execute the command in the container of the specified service.
• Fails if no service is specified in the argument
  • -d
• Detached mode: Run the container in the background and show the new container name
  • --rm
• Deleted after running the container. Ignore in detached mode
  • --no-deps
• Do not start the linked service
• docker-compose stop
• Stop container
• docker-compose down
• Without options, only containers and networks will be deleted
• Separately specified when deleting images, volumes, and undefined containers
  • -v, --volumes
• Delete the named volume in the volumes section of the Compose file
• Also, delete the anonymous volume attached to the container.
• Other
  • https://docs.docker.com/compose/reference/

Fargate

• Overview
• Serverless container engine
• Host machine disappears, OS, Docker Engine, ecs-agent are abstracted and hidden in Fargate platform
• AWS is responsible for OS version upgrades and security measures
• Containerization eliminates the need for management and operation of virtual machines
• No cluster management required (capacity)
• After estimating how much resources are needed as a whole, select the instance type, calculate the total number of units required, etc.
• Seamless scaling
• The capacity status of the entire cluster should be constantly monitored and scaled with the container.
• No need to manage the host machine (security, etc.)
• OS and middleware version upgrades, security patch application, etc.
• Cooperation with Session Manager
• One feature of the AWS Systems Manager service
• Allows terminal access to servers (managed instances) managed on AWS
• SSH is vulnerable to attack because it is necessary to open the SSH port to the outside.
• It is safe because it is not necessary to open the SSH port and it is sufficient to secure HTTPS communication in the outbound direction when viewed from the server.
• You can connect to a container on Fargate via Session Manager
• Cannot connect to containers on Fargate by default * https://aws.amazon.com/jp/blogs/startup/techblog-container-fargate-1/
• Introduce SSM agent to Fargate task to enable EC2-equivalent access * https://speakerdeck.com/iselegant/bastion-using-aws-fargate?slide=20

reference

• [Illustration] Understanding the whole picture of Docker -Part 1-
  • https://qiita.com/etaroid/items/b1024c7d200a75b992fc
• Introduction to Containers for Startups-Introduction
  • https://aws.amazon.com/jp/blogs/startup/techblog-container-introduction/
• Getting Started with Containers for Startups – AWS Fargate
  • https://aws.amazon.com/jp/blogs/startup/techblog-container-fargate-1/
• Explain the CMD and ENTRY POINT of Dockerfile again
  • https://qiita.com/uehaj/items/e6dd013e28593c26372d
• Summary of docker-compose command
  • https://qiita.com/wasanx25/items/d47caf37b79e855af95f
• Continued: "Bastion ~ Serverless stepping stone design realized by AWS Fargate"
  • https://iselegant.hatenablog.com/entry/2020/09/28/012409
• Let's try AWS Systems Manager (SSM)
  • https://blog.serverworks.co.jp/tech/2020/04/16/systems_manager_yattemiyou/
• Connect to a container application running on Fargate with Session Manager
  • https://developer.medley.jp/entry/2020/09/18/180404