Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com
phy->VM->COntainer
one server one app
VM
==========
Hypervisor
=========
bare metal
Containers
=========
Container engine
=========
OS
DOCKER
ericuser4/ubuntu:54.193.71.169
docker tool box with virtual box, docker for windows 10, play with docker
rhel,centos,suse --rpm based
debian,ubuntu - deb based
ctrl-pq to comeout of a container without exit
initially - LXC not portable system containers.first used by docker, then docker
developed libcontainerd..this is background engine,containerd,
linking containers
apt-get update
apt-get install iputils-ping
docker file -- FROM,RUN,COPY,ENV,WORKDIR,CMD,ENTRYPOINT,EXPOSE,
docker build/docker image build
docker compose - multi container orchestration ONLY on single host, Docker-
compose.yaml or other name
docker swarm orchestration platform -- like Mesos,K8
swarm architecture -- managers min 3 for HA,workers, etcd key-value pair db for
cluster info
etcd only on managers
manager workrs -can be bare metal, VMs or cloud instances
tomcat-> replica=4
layer 7 routing mesh, in DNS *.xyz.com -> LB IP...app.xyz.com:8080 -> LB, max 2k
nodes with 9 manager
k8 max 5k nodes in a single cluster with max 5/7 master
1 leader,2 follower, quorum, less thn 100ms latency for manager-manager
communication
CNN,CNI two networking model--CNN used by docker, CNI by K8
swram rolling upgrade
compose with swarm -- stack for multi container across multi hosts
docker network create --driver overlay uber-net
docker has default CNN network plugin driver
K8 relies on 3pp network CNI plugin
docker networking - bridge single host container networking
NAT ing happens in bridge host ip/port to container ip port,seperate namespace
host: container port mapped exclusively to host network, to all interface
macvlan -
docker network create --driver macvlan --subnet 10.0.0.0/16 --gateway=10.0.0.1 -o
parent=eth0 macvlan
multus
two swarm nodes can be on different subnet...can work with overlay
overlay-vxlan, l2 over l3
overlay be default in swarm with vteps connecting to docker0 bridge in each node..
like br-tun of openstack...
all SDN playrs have container network plugin
in kubernetes only L2...
docker deep drive/kubernetest up and running
runtime credentials --in manifest yaml is not secure, also in docker image built
its very static
for tht use config map and secret from 3pp vault
pod to serv and srv to pod -- kube proxy
calico
etcd,bird,confd,felix
pod cidr:192.168.0.0
felix - across node , /26 on each node
RBAC
authentication,authrization,admission control
https://training.play-with-docker.com/ops-s1-hello/
Lab 1
https://github.com/docker/labs/blob/master/beginner/chapters/alpine.md
Lab 2
https://github.com/docker/labs/blob/master/beginner/chapters/webapps.md
Install Harbor
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
Network Lab
https://github.com/docker/labs/tree/master/networking
7838134980
hamidulrahman82@gmail.com
ssh ip172-18-0-44-bj0ivr0j98i000d5j8ag@direct.labs.play-with-docker.com