training/containers
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed files
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 14s
Details

Browse Source
This commit is contained in:
Marco Verleun
2024-01-07 21:17:15 +01:00
parent 798479528c
commit b6e70b4cac
203 changed files with 336 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/build.yaml
View File

@@ -32,9 +32,9 @@ jobs:
# steps:
# - name: Run another shell script
# run: |
# set -x
# set -x
# env | sort
# cd ${{ github.workspace }}
# ls
# ls
# cd slides
# ./build.sh once

4
.gitignore vendored
View File

@@ -43,8 +43,8 @@ crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json

11
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,11 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.3.0
hooks:
#- id: check-yaml
- id: end-of-file-fixer
- id: trailing-whitespace
#- repo: https://github.com/psf/black
# rev: 22.10.0
# hooks:
# - id: black

2
.vscode/settings.json vendored
View File

@@ -1,4 +1,4 @@
{
"ansible.python.interpreterPath": "/opt/homebrew/bin/python3",
"GitHooks.hooksDirectory": "/Users/marco/Gitea/training/containers/.git/hooks"
}
}

1
k8s/certbot.yaml
View File

@@ -33,4 +33,3 @@ subsets:
ports:
- port: 8000
protocol: TCP

1
k8s/cm-clusterissuer.yaml
View File

@@ -15,4 +15,3 @@ spec:
- http01:
ingress:
class: traefik

1
k8s/coffee-1.yaml
View File

@@ -15,4 +15,3 @@ spec:
kind: Coffee
shortNames:
- cof

1
k8s/coffee-2.yaml
View File

@@ -18,4 +18,3 @@ spec:
kind: Coffee
shortNames:
- cof

1
k8s/docker-build.yaml
View File

@@ -25,4 +25,3 @@ spec:
- name: docker-socket
hostPath:
path: /var/run/docker.sock

4
k8s/eck-cerebro.yaml
View File

@@ -28,8 +28,8 @@ spec:
- -Dconfig.file=/conf/application.conf
env:
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
valueFrom:
secretKeyRef:
name: demo-es-elastic-user
key: elastic

1
k8s/elasticsearch-cluster.yaml
View File

@@ -18,4 +18,3 @@ spec:
use-ssl: false
data-volume-size: 10Gi
java-options: "-Xms512m -Xmx512m"

2
k8s/elasticsearch-operator.yaml
View File

@@ -26,7 +26,7 @@ rules:
resources: ["storageclasses"]
verbs: ["get", "list", "create", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["persistentvolumes", "persistentvolumeclaims", "services", "secrets", "configmaps"]
resources: ["persistentvolumes", "persistentvolumeclaims", "services", "secrets", "configmaps"]
verbs: ["create", "get", "update", "delete", "list"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]

1
k8s/event-node.yaml
View File

@@ -27,4 +27,3 @@ source:
#host: node1
#reportingComponent: ""
#reportingInstance: ""

1
k8s/event-pod.yaml
View File

@@ -33,4 +33,3 @@ source:
component: gitops-sync
#reportingComponent: ""
#reportingInstance: ""

1
k8s/hacktheplanet.yaml
View File

@@ -31,4 +31,3 @@ spec:
containers:
- name: web
image: nginx

1
k8s/haproxy.yaml
View File

@@ -13,4 +13,3 @@ spec:
volumeMounts:
- name: config
mountPath: /usr/local/etc/haproxy/

1
k8s/hpa-v2-pa-httplat.yaml
View File

@@ -26,4 +26,3 @@ spec:
target:
type: Value
value: 0.1

1
k8s/just-a-pod.yaml
View File

@@ -7,4 +7,3 @@ spec:
containers:
- name: hello
image: nginx

3
k8s/kaniko-build.yaml
View File

@@ -7,7 +7,7 @@ spec:
- name: git-clone
image: alpine
command: ["sh", "-c"]
args:
args:
- |
apk add --no-cache git &&
git clone git://github.com/jpetazzo/container.training /workspace
@@ -26,4 +26,3 @@ spec:
mountPath: /workspace
volumes:
- name: workspace

4
k8s/kyverno-ingress-domain-name-1.yaml
View File

@@ -6,10 +6,10 @@ spec:
rules:
- name: create-ingress
match:
resources:
resources:
kinds:
- Service
generate:
generate:
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.namespace}}"

4
k8s/kyverno-ingress-domain-name-2a.yaml
View File

@@ -6,14 +6,14 @@ spec:
rules:
- name: create-ingress
match:
resources:
resources:
kinds:
- Service
preconditions:
- key: "{{request.object.spec.ports[0].name}}"
operator: Equals
value: http
generate:
generate:
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.namespace}}"

4
k8s/kyverno-ingress-domain-name-2b.yaml
View File

@@ -6,14 +6,14 @@ spec:
rules:
- name: create-ingress
match:
resources:
resources:
kinds:
- Service
preconditions:
- key: http
operator: In
value: "{{request.object.spec.ports[*].name}}"
generate:
generate:
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.namespace}}"

4
k8s/kyverno-ingress-domain-name-2c.yaml
View File

@@ -8,14 +8,14 @@ spec:
rules:
- name: create-ingress
match:
resources:
resources:
kinds:
- Service
preconditions:
- key: "{{request.object.spec.ports[*].port}}"
operator: AnyIn
value: [ 80 ]
generate:
generate:
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.namespace}}"

4
k8s/kyverno-ingress-domain-name-3.yaml
View File

@@ -11,14 +11,14 @@ spec:
name: ingress-domain-name
namespace: "{{request.object.metadata.namespace}}"
match:
resources:
resources:
kinds:
- Service
preconditions:
- key: "{{request.object.spec.ports[0].name}}"
operator: Equals
value: http
generate:
generate:
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.namespace}}"

19
k8s/kyverno-namespace-setup.yaml
View File

@@ -6,13 +6,13 @@ spec:
rules:
- name: setup-limitrange
match:
resources:
resources:
kinds:
- Namespace
generate:
generate:
kind: LimitRange
name: default-limitrange
namespace: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.name}}"
data:
spec:
limits:
@@ -31,13 +31,13 @@ spec:
memory: 250Mi
- name: setup-resourcequota
match:
resources:
resources:
kinds:
- Namespace
generate:
generate:
kind: ResourceQuota
name: default-resourcequota
namespace: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.name}}"
data:
spec:
hard:
@@ -47,17 +47,16 @@ spec:
limits.memory: 20Gi
- name: setup-networkpolicy
match:
resources:
resources:
kinds:
- Namespace
generate:
generate:
kind: NetworkPolicy
name: default-networkpolicy
namespace: "{{request.object.metadata.name}}"
namespace: "{{request.object.metadata.name}}"
data:
spec:
podSelector: {}
ingress:
- from:
- podSelector: {}

1
k8s/kyverno-pod-color-2.yaml
View File

@@ -28,4 +28,3 @@ spec:
- key: "{{ request.object.metadata.labels.color }}"
operator: NotEquals
value: "{{ request.oldObject.metadata.labels.color }}"

1
k8s/kyverno-pod-color-3.yaml
View File

@@ -25,4 +25,3 @@ spec:
message: "Once label color has been added, it cannot be removed."
deny:
conditions:

9
k8s/kyverno-tls-for-ingress.yaml
View File

@@ -6,10 +6,10 @@ spec:
rules:
- name: create-role
match:
resources:
resources:
kinds:
- Certificate
generate:
generate:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
name: "{{request.object.metadata.name}}"
@@ -26,10 +26,10 @@ spec:
- "{{request.object.metadata.name}}"
- name: create-rolebinding
match:
resources:
resources:
kinds:
- Certificate
generate:
generate:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
name: "{{request.object.metadata.name}}"
@@ -43,4 +43,3 @@ spec:
- kind: ServiceAccount
name: default
namespace: "{{request.object.metadata.namespace}}"

3
k8s/local-path-storage.yaml
View File

@@ -155,6 +155,3 @@ data:
containers:
- name: helper-pod
image: busybox

1
k8s/netpol-allow-testcurl-for-testweb.yaml
View File

@@ -11,4 +11,3 @@ spec:
- podSelector:
matchLabels:
run: testcurl

1
k8s/netpol-deny-all-for-testweb.yaml
View File

@@ -7,4 +7,3 @@ spec:
matchLabels:
app: testweb
ingress: []

1
k8s/netpol-dockercoins.yaml
View File

@@ -18,4 +18,3 @@ spec:
app: webui
ingress:
- from: []

1
k8s/nginx-3-with-git.yaml
View File

@@ -18,4 +18,3 @@ spec:
- name: www
mountPath: /www/
restartPolicy: OnFailure

1
k8s/openebs-pod.yaml
View File

@@ -21,4 +21,3 @@ spec:
volumeMounts:
- mountPath: /mnt/storage
name: storage

4
k8s/portworx.yaml
View File

@@ -339,7 +339,7 @@ spec:
image: portworx/oci-monitor:2.5.1
imagePullPolicy: Always
args:
["-c", "px-workshop", "-s", "/dev/loop4", "-secret_type", "k8s", "-j", "auto", "-b",
["-c", "px-workshop", "-s", "/dev/loop4", "-secret_type", "k8s", "-j", "auto", "-b",
"-x", "kubernetes"]
env:
- name: "AUTO_NODE_RECOVERY_TIMEOUT_IN_SECS"
@@ -348,7 +348,7 @@ spec:
value: "v4"
- name: CSI_ENDPOINT
value: unix:///var/lib/kubelet/plugins/pxd.portworx.com/csi.sock
livenessProbe:
periodSeconds: 30
initialDelaySeconds: 840 # allow image pull in slow networks

1
k8s/postgres.yaml
View File

@@ -37,4 +37,3 @@ spec:
resources:
requests:
storage: 1Gi

1
k8s/psp-privileged.yaml
View File

@@ -36,4 +36,3 @@ rules:
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['privileged']

1
k8s/psp-restricted.yaml
View File

@@ -35,4 +35,3 @@ rules:
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['restricted']

2
k8s/pv.yaml
View File

@@ -17,4 +17,4 @@ spec:
# kind: PersistentVolumeClaim
# apiVersion: v1
# namespace: default
# name: my-pvc-XYZ45
# name: my-pvc-XYZ45

1
k8s/registry.yaml
View File

@@ -12,4 +12,3 @@ spec:
configMapKeyRef:
name: registry
key: http.addr

1
k8s/storage-class.yaml
View File

@@ -8,4 +8,3 @@ provisioner: kubernetes.io/portworx-volume
parameters:
repl: "2"
priority_io: "high"

2
k8s/update-dashboard-yaml.sh
View File

@@ -69,7 +69,7 @@ add_namespace() {
echo ---
kubectl create serviceaccount -n kubernetes-dashboard cluster-admin \
-o yaml --dry-run=client \
#
#
echo ---
cat <<EOF
apiVersion: v1

1
k8s/user=jean.doe.yaml
View File

@@ -30,4 +30,3 @@ subjects:
- kind: ServiceAccount
name: jean.doe
namespace: users

1
k8s/volumes-for-consul.yaml
View File

@@ -61,4 +61,3 @@ spec:
operator: In
values:
- node4

2
k8s/ytt/8-library/_ytt_lib/component/service.yaml
View File

@@ -16,4 +16,4 @@ spec:
selector:
app: #@ data.values.name
type: #@ data.values.type
#@ end
#@ end

4
k8s/ytt/8-library/app.yaml
View File

@@ -1,9 +1,9 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:library", "library")
#@ load("@ytt:template", "template")
#@
#@
#@ component = library.get("component")
#@
#@
#@ defaults = {}
#@ for name in data.values:
#@ if name.startswith("_"):

2
k8s/ytt/9-overlay/_ytt_lib/component/service.yaml
View File

@@ -16,4 +16,4 @@ spec:
selector:
app: #@ data.values.name
type: #@ data.values.type
#@ end
#@ end

4
k8s/ytt/9-overlay/app.yaml
View File

@@ -1,9 +1,9 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:library", "library")
#@ load("@ytt:template", "template")
#@
#@
#@ component = library.get("component")
#@
#@
#@ defaults = {}
#@ for name in data.values:
#@ if name.startswith("_"):

2
prepare-vms/README.md
View File

@@ -273,7 +273,7 @@ You should see one or more versions of Python 3. If you don't,
install it with `brew install python`.
2) Verify that `python` points to Python3.
```
ls -la /usr/local/bin/python
```

2
prepare-vms/azuredelete.json
View File

@@ -5,4 +5,4 @@
"variables": {},
"resources": [],
"outputs": {}
}
}

2
prepare-vms/delete-triodos.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash
resource_group="workshop-rg"

2
prepare-vms/deploy-FD.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash
# time ./workshopctl start \
# --infra infra/azure \

2
prepare-vms/deploy-triodos.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash
resource_group="workshop-rg"

2
prepare-vms/infra/azure
View File

@@ -1,2 +1,2 @@
INFRACLASS=terraform
TERRAFORM=azure
TERRAFORM=azure

1
prepare-vms/infra/example.openstack-cli
View File

@@ -21,4 +21,3 @@ export OS_FLAVOR=s1-4
export OS_IMAGE=896c5f54-51dc-44f0-8c22-ce99ba7164df
# You can create a key with `openstack keypair create --public-key ~/.ssh/id_rsa.pub containertraining`
export OS_KEY=containertraining

2
prepare-vms/lib/cli.sh
View File

@@ -92,4 +92,4 @@ need_settings() {
need_login_password() {
USER_LOGIN=$(yq -r .user_login < tags/$TAG/settings.yaml)
USER_PASSWORD=$(yq -r .user_password < tags/$TAG/settings.yaml)
}
}

4
prepare-vms/lib/commands.sh
View File

@@ -59,7 +59,7 @@ _cmd_clean() {
info "Removing $TAG..."
rm -rf "$TAG"
fi
done
done
}
_cmd createuser "Create the user that students will use"
@@ -291,7 +291,7 @@ EOF
COMPOSE_VERSION=v2.11.1
# shellcheck disable=SC2016
COMPOSE_PLATFORM='linux-$(uname -m)'
# Just in case you need Compose 1.X, you can use the following lines.
# (But it will probably only work for x86_64 machines.)
#COMPOSE_VERSION=1.29.2

16
prepare-vms/lib/find-ubuntu-ami.sh
View File

@@ -19,14 +19,14 @@ where:
-i <image>
-k <kernel>
<sorting> is one of:
-R by region
-N by name
-V by version
-A by arch
-T by type
-D by date
-I by image
-K by kernel
-R by region
-N by name
-V by version
-A by arch
-T by type
-D by date
-I by image
-K by kernel
<options> can be:
-q just show AMI

2
prepare-vms/lib/infra.sh
View File

@@ -27,4 +27,4 @@ infra_opensg() {
infra_disableaddrchecks() {
warning "infra_disableaddrchecks is unsupported on $INFRACLASS."
}
}

2
prepare-vms/lib/infra/linode.sh
View File

@@ -54,7 +54,7 @@ infra_stop() {
info "Counting instances..."
linode_get_ids_by_tag $TAG | wc -l
info "Deleting instances..."
linode_get_ids_by_tag $TAG |
linode_get_ids_by_tag $TAG |
xargs -n1 -P10 \
linode-cli linodes delete
}

4
prepare-vms/lib/infra/openstack-cli.sh
View File

@@ -31,8 +31,8 @@ infra_start() {
infra_stop() {
info "Counting instances..."
oscli_get_instances_json $TAG |
jq -r .[].Name |
oscli_get_instances_json $TAG |
jq -r .[].Name |
wc -l
info "Deleting instances..."
oscli_get_instances_json $TAG |

2
prepare-vms/lib/infra/scaleway.sh
View File

@@ -35,7 +35,7 @@ infra_stop() {
info "Counting instances..."
scw_get_ids_by_tag $TAG | wc -l
info "Deleting instances..."
scw_get_ids_by_tag $TAG |
scw_get_ids_by_tag $TAG |
xargs -n1 -P10 \
scw instance server delete zone=${SCW_ZONE} force-shutdown=true with-ip=true
}

1
prepare-vms/lib/tailhist.html
View File

@@ -39,4 +39,3 @@
</body>
</html>

2
prepare-vms/templates/cards-v2.html
View File

@@ -146,7 +146,7 @@ div {
*/
/**/
width: 33%;
/**/
/**/
}
p {

2
prepare-vms/templates/cards.html
View File

@@ -146,7 +146,7 @@ div {
*/
/**/
width: 33%;
/**/
/**/
}
p {

2
prepare-vms/terraform/azure/provider.tf
View File

@@ -10,4 +10,4 @@ terraform {
provider "azurerm" {
features {}
}
}

1
prepare-vms/terraform/openstack/keypair.tf
View File

@@ -2,4 +2,3 @@ resource "openstack_compute_keypair_v2" "ssh_deploy_key" {
name = var.prefix
public_key = file("~/.ssh/id_rsa.pub")
}

2
prepare-vms/terraform/openstack/network.tf
View File

@@ -19,5 +19,3 @@ resource "openstack_networking_router_interface_v2" "router_internal" {
router_id = openstack_networking_router_v2.router.id
subnet_id = openstack_networking_subnet_v2.internal.id
}

1
prepare-vms/terraform/openstack/secgroup.tf
View File

@@ -9,4 +9,3 @@ resource "openstack_networking_secgroup_rule_v2" "full_access" {
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.full_access.id
}

2
slides/.vscode/settings.json vendored
View File

@@ -1,3 +1,3 @@
{
"ansible.python.interpreterPath": "/opt/homebrew/bin/python3"
}
}

2
slides/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine:3.17
RUN apk add --no-cache py3-pip git zip inotify-tools
COPY requirements.txt .
RUN pip3 install -r requirements.txt
RUN pip3 install -r requirements.txt

1
slides/TODO
View File

@@ -5,4 +5,3 @@ https://www.youtube.com/watch?v=MHv6cWjvQjM&list=PLkA60AVN3hh-biQ6SCtBJ-WVTyBmmY
Cilium: Network and Application Security with BPF and XDP
https://www.youtube.com/watch?v=ilKlmTDdFgk&list=PLkA60AVN3hh-biQ6SCtBJ-WVTyBmmYho8&index=9

4
slides/airgapped/Importing_Images.md
View File

@@ -159,7 +159,7 @@ total 919644
```
]
You could also do a `tar tvf python_image.tar`
You could also do a `tar tvf python_image.tar`
---
@@ -257,4 +257,4 @@ The push refers to repository [node1:443/python]
974e52a24adf: Waiting
latest: digest: sha256:cbaa654007e0c2f2e2869ae69f9e9924826872d405c02647f65f5a72b597e853 size: 2007
```
]
]

2
slides/autopilot/gotoslide.js
View File

@@ -8,7 +8,7 @@
var io = require('socket.io-client');
var socket = io('http://localhost:3000');
socket.on('connect_error', function(){
socket.on('connect_error', function(){
console.log('connection error');
socket.close();
});

1
slides/autopilot/remote.js
View File

@@ -18,4 +18,3 @@ socket.on('slide change', function (n) {
slideshow.gotoSlide(n);
leader = true;
});

1
slides/autopilot/tmux-style.sh
View File

@@ -4,4 +4,3 @@
tmux set-option -g status-left ""
tmux set-option -g status-right ""
tmux set-option -g status-style bg=cyan

6
slides/build.sh
View File

@@ -4,7 +4,7 @@ set -e
build_slides() {
./index.py
for YAML in *.yml; do
./markmaker.py $YAML > $YAML.html || {
./markmaker.py $YAML > $YAML.html || {
rm $YAML.html
break
}
@@ -30,7 +30,7 @@ forever)
echo >&2 "First install 'inotifywait' with apt, brew, etc."
exit
fi
while true; do
inotifywait -e modify -e delete -e create -r .
build_slides
@@ -40,4 +40,4 @@ forever)
*)
echo "$0 <once|forever>"
;;
esac
esac

1
slides/compose.yaml
View File

@@ -13,4 +13,3 @@ services:
- ..:/repo
working_dir: /repo/slides
command: ./build.sh forever

2
slides/containers/Advanced_Dockerfiles.md
View File

@@ -235,7 +235,7 @@ instructions.
It also affects `CMD` and `ENTRYPOINT`, since it sets the working
directory used when starting the container.
```dockerfile
WORKDIR /src
```

10
slides/containers/Building_Images_Interactively.md
View File

@@ -5,7 +5,7 @@ In this section, we will create our first container image.
It will be a basic distribution image, but we will pre-install
the package `figlet`.
We will:
We will:
* Create a container from a base image.
@@ -124,11 +124,11 @@ Let's run this image:
```bash
$ docker run -it <newImageId>
root@fcfb62f0bfde:/# figlet hello
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
|_| |_|\___|_|_|\___/
```
It works! 🎉

8
slides/containers/Building_Images_With_Dockerfiles.md
View File

@@ -284,11 +284,11 @@ The resulting image is not different from the one produced manually.
```bash
$ docker run -ti figlet
root@91f3c974c9a1:/# figlet hello
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
|_| |_|\___|_|_|\___/
```

2
slides/containers/Buildkit.md
View File

@@ -232,7 +232,7 @@ Sometimes, binary releases be like:
Linux_arm64.tar.gz
Linux_ppc64le.tar.gz
Linux_s390x.tar.gz
Linux_x86_64.tar.gz
Linux_x86_64.tar.gz
```
This needs a bit of custom mapping.

44
slides/containers/Cmd_And_Entrypoint.md
View File

@@ -71,11 +71,11 @@ And run it:
```bash
$ docker run figlet
_ _ _
| | | | | |
| | _ | | | | __
_ _ _
| | | | | |
| | _ | | | | __
|/ \ |/ |/ |/ / \_
| |_/|__/|__/|__/\__/
| |_/|__/|__/|__/\__/
```
---
@@ -87,7 +87,7 @@ If we want to get a shell into our container (instead of running
```bash
$ docker run -it figlet bash
root@7ac86a641116:/#
root@7ac86a641116:/#
```
* We specified `bash`.
@@ -105,10 +105,10 @@ In other words, we would like to be able to do this:
```bash
$ docker run figlet salut
_
| |
, __, | | _|_
/ \_/ | |/ | | |
_
| |
, __, | | _|_
/ \_/ | |/ | | |
\/ \_/|_/|__/ \_/|_/|_/
```
@@ -173,10 +173,10 @@ And run it:
```bash
$ docker run figlet salut
_
| |
, __, | | _|_
/ \_/ | |/ | | |
_
| |
, __, | | _|_
/ \_/ | |/ | | |
\/ \_/|_/|__/ \_/|_/|_/
```
@@ -232,10 +232,10 @@ Run it without parameters:
```bash
$ docker run myfiglet
_ _ _ _
| | | | | | | | |
| | _ | | | | __ __ ,_ | | __|
|/ \ |/ |/ |/ / \_ | | |_/ \_/ | |/ / |
_ _ _ _
| | | | | | | | |
| | _ | | | | __ __ ,_ | | __|
|/ \ |/ |/ |/ / \_ | | |_/ \_/ | |/ / |
| |_/|__/|__/|__/\__/ \/ \/ \__/ |_/|__/\_/|_/
```
@@ -247,11 +247,11 @@ Now let's pass extra arguments to the image.
```bash
$ docker run myfiglet hola mundo
_ _
| | | | |
| | __ | | __, _ _ _ _ _ __| __
_ _
| | | | |
| | __ | | __, _ _ _ _ _ __| __
|/ \ / \_|/ / | / |/ |/ | | | / |/ | / | / \_
| |_/\__/ |__/\_/|_/ | | |_/ \_/|_/ | |_/\_/|_/\__/
| |_/\__/ |__/\_/|_/ | | |_/ \_/|_/ | |_/\_/|_/\__/
```
We overrode `CMD` but still used `ENTRYPOINT`.
@@ -269,7 +269,7 @@ We use the `--entrypoint` parameter:
```bash
$ docker run -it --entrypoint bash myfiglet
root@6027e44e2955:/#
root@6027e44e2955:/#
```
---

10
slides/containers/Compose_For_Dev_Stacks.md
View File

@@ -278,7 +278,7 @@ For the full list, check: https://docs.docker.com/compose/compose-file/
`frontcopy_www`, `frontcopy_www_1`, `frontcopy_db_1`
- Alternatively, use `docker-compose -p frontcopy`
- Alternatively, use `docker-compose -p frontcopy`
(to set the `--project-name` of a stack, which default to the dir name)
@@ -292,10 +292,10 @@ We have `ps`, `docker ps`, and similarly, `docker-compose ps`:
```bash
$ docker-compose ps
Name Command State Ports
Name Command State Ports
----------------------------------------------------------------------------
trainingwheels_redis_1 /entrypoint.sh red Up 6379/tcp
trainingwheels_www_1 python counter.py Up 0.0.0.0:8000->5000/tcp
trainingwheels_redis_1 /entrypoint.sh red Up 6379/tcp
trainingwheels_www_1 python counter.py Up 0.0.0.0:8000->5000/tcp
```
Shows the status of all the containers of our stack.
@@ -378,7 +378,7 @@ Use `docker-compose down -v` to remove everything including volumes.
- `docker-compose down -v`/`--volumes` deletes volumes
(but **not** `docker-compose down && docker-compose down -v`!)
---
## Managing volumes explicitly

1
slides/containers/Connecting_Containers_With_Links.md
View File

@@ -220,4 +220,3 @@ We've learned how to:
* Create links between containers.
* Use names and links to communicate across containers.

2
slides/containers/Container_Engines.md
View File

@@ -30,7 +30,7 @@ Note: strictly speaking, the Docker API is not fully REST.
Some operations (e.g. dealing with interactive containers
and log streaming) don't fit the REST model.
---
class: pic

2
slides/containers/Container_Networking_Basics.md
View File

@@ -92,7 +92,7 @@ $ docker run -d -P nginx
- In other scenarios (`docker-machine`, local VM...):
*use the IP address of the Docker VM*
---
## Connecting to our web server (GUI)

2
slides/containers/Containers_From_Scratch.md
View File

@@ -1,3 +1,3 @@
# Building containers from scratch
(This is a "bonus section" done if time permits.)
(This is a "bonus section" done if time permits.)

4
slides/containers/Copy_On_Write.md
View File

@@ -246,7 +246,7 @@ If you see the abbreviation "thinp" it stands for "thin provisioning".
(Instead of the block level for Device Mapper.)
- In practice, we create a "subvolume" and
- In practice, we create a "subvolume" and
later take a "snapshot" of that subvolume.
Imagine: `mkdir` with Super Powers and `cp -a` with Super Powers.
@@ -275,7 +275,7 @@ class: extra-details
- You can run out of chunks (and get `No space left on device`)
even though `df` shows space available.
(Because chunks are only partially allocated.)
- Quick fix:

2
slides/containers/Copying_Files_During_Build.md
View File

@@ -93,7 +93,7 @@ Success!
* It is possible to do e.g. `COPY . .`
(but it might require some extra precautions to avoid copying too much)
* In older Dockerfiles, you might see the `ADD` command; consider it deprecated
(it is similar to `COPY` but can automatically extract archives)

2
slides/containers/Docker_Overview.md
View File

@@ -252,7 +252,7 @@ class: extra-details
* No re-usable components, APIs, tools.
<br/>(At best: VM abstractions, e.g. libvirt.)
Analogy:
Analogy:
* Shipping containers are not just steel boxes.
* They are steel boxes that are a standard size, with the same hooks and holes.

6
slides/containers/Dockerfile_Tips.md
View File

@@ -308,19 +308,19 @@ That entrypoint will generally be a script, performing any combination of:
```dockerfile
#!/bin/sh
set -e
# first arg is '-f' or '--some-option'
# or first arg is 'something.conf'
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- redis-server "$@"
fi
# allow the container to be started with '--user'
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
chown -R redis .
exec su-exec redis "$0" "$@"
fi
exec "$@"
```

3
slides/containers/Ecosystem.md
View File

@@ -153,7 +153,7 @@ Would we give the same answers to the questions on the previous slide?
## The CNCF
- Non-profit, part of the Linux Foundation; founded in December 2015.
- Non-profit, part of the Linux Foundation; founded in December 2015.
*The Cloud Native Computing Foundation builds sustainable ecosystems and fosters
a community around a constellation of high-quality projects that orchestrate
@@ -170,4 +170,3 @@ Would we give the same answers to the questions on the previous slide?
class: pic
![Cloud Native Landscape](https://landscape.cncf.io/images/landscape.png)

10
slides/containers/First_Containers.md
View File

@@ -99,11 +99,11 @@ The `figlet` program takes a message as parameter.
```bash
root@04c0bb0a6c07:/# figlet hello
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
|_| |_|\___|_|_|\___/
```
Beautiful! 😍
@@ -192,7 +192,7 @@ Now try to run `figlet`. Does that work?
## Starting another container
What if we start a new container, and try to run `figlet` again?
```bash
$ docker run -it ubuntu
root@b13c164401fb:/# figlet

2
slides/containers/Multi_Stage_Builds.md
View File

@@ -248,7 +248,7 @@ We will change our Dockerfile to:
* add the `hello` binary to the second stage
* make sure that `CMD` is in the second stage
* make sure that `CMD` is in the second stage
The resulting Dockerfile is on the next slide.

2
slides/containers/Naming_And_Inspecting.md
View File

@@ -114,7 +114,7 @@ $ docker inspect <containerID> | jq .
## Using `--format`
You can specify a format string, which will be parsed by
You can specify a format string, which will be parsed by
Go's text/template package.
```bash

24
slides/containers/Orchestration_Overview.md
View File

@@ -26,8 +26,8 @@ middleware, and services.*
--
*[...] orchestration is often discussed in the context of
__service-oriented architecture__, __virtualization__, provisioning,
*[...] orchestration is often discussed in the context of
__service-oriented architecture__, __virtualization__, provisioning,
Converged Infrastructure and __dynamic datacenter__ topics.*
--
@@ -53,15 +53,15 @@ What does that really mean?
## Example 1: dynamic cloud instances
- Every night, scale down
(by shutting down extraneous replicated instances)
- Every morning, scale up
(by deploying new copies)
- "Pay for what you use"
(i.e. save big $$$ here)
---
@@ -71,7 +71,7 @@ What does that really mean?
How do we implement this?
- Crontab
- Autoscaling (save even bigger $$$)
That's *relatively* easy.
@@ -113,11 +113,11 @@ Now, how are things for our IAAS provider?
- If only we could turn off unused servers during the night...
- Problem: we can only turn off a server if it's totally empty!
(i.e. all VMs on it are stopped/moved)
- Solution: *migrate* VMs and shutdown empty servers
(e.g. combine two hypervisors with 40% load into 80%+0%,
<br/>and shut down the one at 0%)
@@ -132,11 +132,11 @@ How do we implement this?
- Start hosts again when capacity gets low
- Ability to "live migrate" VMs
(Xen already did this 10+ years ago)
- Rebalance VMs on a regular basis
- what if a VM is stopped while we move it?
- should we allow provisioning on hosts involved in a migration?
@@ -148,7 +148,7 @@ How do we implement this?
According to Wikipedia (again):
*In computing, scheduling is the method by which threads,
*In computing, scheduling is the method by which threads,
processes or data flows are given access to system resources.*
The scheduler is concerned mainly with:
@@ -439,4 +439,4 @@ It depends on:
???
:EN:- Orchestration overview
:FR:- Survol de techniques d'orchestration
:FR:- Survol de techniques d'orchestration

2
slides/containers/Resource_Limits.md
View File

@@ -215,7 +215,7 @@ On the other hand, the application will never be slowed down because of swap.
- Most storage drivers do not support limiting the disk usage of containers.
(With the exception of devicemapper, but the limit cannot be set easily.)
- This means that a single container could exhaust disk space for everyone.
- In practice, however, this is not a concern, because:

2
slides/containers/Start_And_Attach.md
View File

@@ -31,7 +31,7 @@ Analogy: attaching to a container is like plugging a keyboard and screen to a ph
* The "detach" sequence is `^P^Q`.
* Otherwise you can detach by killing the Docker client.
(But not by hitting `^C`, as this would deliver `SIGINT` to the container.)
What does `-it` stand for?

10
slides/containers/Windows_Containers.md
View File

@@ -23,9 +23,9 @@ At the end of this section, you will be able to:
Remember that a container must run on the kernel of the OS it's on.
- This is both a benefit and a limitation.
(It makes containers lightweight, but limits them to a specific kernel.)
- At its launch in 2013, Docker did only support Linux, and only on amd64 CPUs.
- Since then, many platforms and OS have been added.
@@ -45,10 +45,10 @@ Remember that a container must run on the kernel of the OS it's on.
- Early 2016, Windows 10 gained support for running Windows binaries in containers.
- These are known as "Windows Containers"
- Win 10 expects Docker for Windows to be installed for full features
- These must run in Hyper-V mini-VM's with a Windows Server x64 kernel
- These must run in Hyper-V mini-VM's with a Windows Server x64 kernel
- No "scratch" containers, so use "Core" and "Nano" Server OS base layers
@@ -161,4 +161,4 @@ Places to Look:
- Docker Captain [Nicholas Dille](https://dille.name/blog/)
- Docker Captain [Stefan Scherer](https://stefanscherer.github.io/)
- Docker Captain [Stefan Scherer](https://stefanscherer.github.io/)

Some files were not shown because too many files have changed in this diff Show More