DevOps Garfield

User Tools

Site Tools

Trace: cloud_club_containers
clubs:cloud_club:cloud_club_containers
Home | clubs :: cloud club :: python_club :: 3D-Printing | projects :: Proxmox | Kubernetes | scripting | utilities | games

Table of Contents

, , , , , , , , ,

About the Club

Cloud Club Topics - Containers & Kubernetes ( k8s )

Questions

  1. What are containers?
  2. How are they different from VMs?
  3. What benefits do you get with containers?

Understanding Containers

  1. Terminology
    1. Container image - binary file containing the application and it's dependencies
    2. Container - running process in isolation from other processes
    3. Runtime tools
      1. LXC ( LinuX Containers )
        1. Portiable container
        2. Light-weight, but full OS installation focus
        3. 1 or more application(s)
        4. Multi-process
        5. Created before Docker and Kubernetes
      2. Docker
        1. Portable container
        2. Light-weight
        3. Single application-specific focus
        4. Single process
        5. Requires docker daemon ( service ) to run as root ( security risk )
        6. Created before Kubernetes was developed
        7. No concept of pods
        8. Self-healing
        9. Single box only - no cluster
      3. Podman
        1. Portable container
        2. Light-weight
        3. Single process
        4. Does not require any daemon ( less security risk )
        5. Self-healing
        6. Single box only - no cluster
        7. Created after Kubernetes to resolve the daemon security issue and to add pod functionality
      4. Kubernetes ( K8s )
        1. Originally developed on top of Docker
        2. Created with a plug-in model
          1. Can swap each plug-in with another product
        3. Developed the concept of pods ( “box” around the container(s) )
          1. Pods hold the IP for the container(s) instead of the container(s)
          2. Enhances the scaling process, especially if the pod has an “init” and/or side-car containers with it
        4. Self-healing
        5. High availability ( H/A )
        6. Clustering
    4. Repositories ( local )
      1. Location & application on local disk that hosts container images
    5. Registries ( Remote )
      1. Remote location where container images are available to downlaod
      2. Examples:
        1. Docker Hub ( public )
        2. Ironbank ( Government )
        3. Harbor ( Host your own )
        4. Docker Registry ( Host your own )
        5. Others?

Running Containers

  1. Hands-on running containers
    1. Install podman
      sudo dnf install -y podman
    2. Verify the installation
      podman --version

podman version 5.2.2
    3. List the container iamges we currently have
      podman images
    4. Find the image you need
      1. We don't have access to the internet, so look in the BLAH directory for container images in the .tar file format
      2. Load the iamges
        podman load < filebrowser.v2.32.0-s6.tar

Getting image source signatures
Copying blob 9fb3fcee28a5 done   | 
Copying blob 251ddab6d742 done   | 
Copying blob 826ed011a96f done   | 
Copying blob a2961ae79149 done   | 
Copying blob c652740d6602 done   | 
Copying blob 9044ca33e914 done   | 
Copying blob 3f54fb0f79a5 done   | 
Copying blob 04a0ae551679 done   | 
Copying blob d15b2f89029d done   | 
Copying blob ea7ed489f623 done   | 
Copying blob a0b0a42e7090 done   | 
Copying blob 5d420005b59f done   | 
Copying config 4567130c34 done   | 
Writing manifest to image destination
Loaded image: docker.io/filebrowser/filebrowser:v2.32.0-s6
      3. Look for the version tag
        podman images
REPOSITORY                         TAG         IMAGE ID      CREATED       SIZE
docker.io/filebrowser/filebrowser  v2.32.0-s6  4567130c34df  2 months ago  48.6 MB
      4. Load all of the images
        for IMG in $(ls *.tar); do podman load < $IMG; done
      5. List the images again
        podman images

REPOSITORY                         TAG                IMAGE ID      CREATED       SIZE
docker.io/library/nginx            1.28.0             244abd08b283  3 days ago    197 MB
docker.io/library/nginx            stable-alpine3.21  936a1208f403  3 days ago    49.6 MB
docker.io/filebrowser/filebrowser  v2.32.0-s6         4567130c34df  2 months ago  48.6 MB
    5. At this point, we've only loaded the images into our local repository. We still need to create our containers ( running applications )
    6. Let's start wtih nginx since you've been able to create a web server and have content already
      1. Create a pod to host our container
        podman pod create --name mike-web -p 8081:80
      2. Next, create the container in the pod, specifying which image to use
      3. Create a directory for the container config and data
        mkdir web-mike
cd web-mike
      4. We use the documentation on Docker Hub, but since we don't have access, we'll use the txt files I created from there.
      5. Create the content directory as listed in the documentation
        mkdir content
      6. Use the rsync or scp commands to copy your web pages to the new content directory
      7. Create/run the container
        podman run --name mike-web --pod mike-web -v $PWD/content:/usr/share/nginx/html:ro -d docker.io/library/nginx:1.28.0
      8. Check if your app is running
        podman ps

CONTAINER ID  IMAGE                                    COMMAND               CREATED             STATUS         PORTS                    NAMES
8562cd91ac4b  localhost/podman-pause:5.2.2-1731414899                        About a minute ago  Up 27 seconds  0.0.0.0:34337->8080/tcp  3cd26dd9558f-infra
bd615795eaa1  docker.io/library/nginx:1.28.0           nginx -g daemon o...  27 seconds ago      Up 27 seconds  0.0.0.0:34337->8080/tcp  mike-web
      9. View the container logs ( -f keep displaying new lines as they are added to the logs )
        podman logs -f mike-web

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2025/04/27 03:48:45 [notice] 1#1: using the "epoll" event method
2025/04/27 03:48:45 [notice] 1#1: nginx/1.28.0
2025/04/27 03:48:45 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14) 
2025/04/27 03:48:45 [notice] 1#1: OS: Linux 5.14.0-503.14.1.el9_5.x86_64
2025/04/27 03:48:45 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 524288:524288
2025/04/27 03:48:45 [notice] 1#1: start worker processes
2025/04/27 03:48:45 [notice] 1#1: start worker process 24
2025/04/27 03:48:45 [notice] 1#1: start worker process 25
      10. Press CTRL+C to exit the logs
      11. Open the same port on the firewall to allow access
        sudo firewall-cmd --add-port=8081/tcp --permanent
sudo firewall-cmd --reload
      12. Flip back to the logs and see the entries that show we accessed the site/page
        192.168.1.121 - - [27/Apr/2025:04:03:32 +0000] "GET / HTTP/1.1" 200 7620 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
192.168.1.121 - - [27/Apr/2025:04:03:32 +0000] "GET /icons/poweredby.png HTTP/1.1" 404 555 "http://192.168.1.11:8081/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
2025/04/27 04:03:32 [error] 25#25: *1 open() "/usr/share/nginx/html/icons/poweredby.png" failed (2: No such file or directory), client: 192.168.1.121, server: localhost, request: "GET /icons/poweredby.png HTTP/1.1", host: "192.168.1.11:8081", referrer: "http://192.168.1.11:8081/"
192.168.1.121 - - [27/Apr/2025:04:03:32 +0000] "GET /poweredby.png HTTP/1.1" 404 555 "http://192.168.1.11:8081/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
2025/04/27 04:03:32 [error] 25#25: *1 open() "/usr/share/nginx/html/poweredby.png" failed (2: No such file or directory), client: 192.168.1.121, server: localhost, request: "GET /poweredby.png HTTP/1.1", host: "192.168.1.11:8081", referrer: "http://192.168.1.11:8081/"
192.168.1.121 - - [27/Apr/2025:04:03:32 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.1.11:8081/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
2025/04/27 04:03:32 [error] 25#25: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.1.121, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.11:8081", referrer: "http://192.168.1.11:8081/"
192.168.1.121 - - [27/Apr/2025:04:03:42 +0000] "GET /pg2.html HTTP/1.1" 200 186 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
2025/04/27 04:08:27 [error] 24#24: *2 open() "/usr/share/nginx/html/no/page/here" failed (2: No such file or directory), client: 192.168.1.121, server: localhost, request: "GET /no/page/here HTTP/1.1", host: "192.168.1.11:8081"
      13. Try to access a page that doesn't exist
        http://<your-server-ip>/no/page/here
      14. Flip back to the logs again and see the new entry
        192.168.1.121 - - [27/Apr/2025:04:08:27 +0000] "GET /no/page/here HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
    7. Now let's upgrade our container to a newer image
      1. Stop the pod and delete it
        podman pod stop mike-web
podman pod rm mike-web
      2. Verify it's not running - you should see the column headers, but no entries
        podman ps -a

CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES
      3. Create a new pod with the same command as before
      4. Start the container with a new image tag as follows
        podman run --name mike-web --pod mike-web -v $PWD/content:/usr/share/nginx/html:ro -d docker.io/library/nginx:stable-alpine3.21
      5. View the logs like before
      6. Access the website again - see the page still works
      7. Flip back to the logs and see the new entry showing you accessed the page or the error if you didn't get to the page
    8. Lastly, let's run a web-based file browser app to download our backups
      1. Create a new directory in your homedirectory for the new app config and data
      2. Create a directory inside there to host your files
        mkdir files
      3. Create empty files the app needs
        touch filebrowser.db
      4. Create a new files ( settings.json ) with the following content
        {
  "port": 8082,
  "baseURL": "",
  "address": "",
  "log": "stdout",
  "database": "/database/filebrowser.db",
  "root": "/srv"
}
      5. Create a pod with a different name and port number
        podman pod create --name mike-fb -p 8082:8082
      6. Run the container with the paremeters from the documentation
        podman run \
  --name mike-fb \
  --pod mike-fb \
  -v $PWD/files:/srv:rw \
  -v $PWD/filebrowser.db:/database/filebrowser.db:rw \
  -v $PWD/settings.json:/config/settings.json:rw \
  -d docker.io/filebrowser/filebrowser:v2.32.0-s6
    9. Verify your container & pod are running
      podman ps -a

CONTAINER ID  IMAGE                                         COMMAND               CREATED         STATUS                   PORTS                 NAMES
2a50be552bf6  localhost/podman-pause:5.2.2-1731414899                             16 minutes ago  Up 15 minutes            0.0.0.0:8081->80/tcp  2a8668698c07-infra
6f7b1f6d9928  docker.io/library/nginx:stable-alpine3.21     nginx -g daemon o...  15 minutes ago  Up 15 minutes            0.0.0.0:8081->80/tcp  mike-web
ed8fb91c30e4  localhost/podman-pause:5.2.2-1731414899                             6 minutes ago   Up 5 seconds             0.0.0.0:8082->80/tcp  0f100802cff6-infra
97be288c6480  docker.io/filebrowser/filebrowser:v2.32.0-s6                        5 seconds ago   Up 4 seconds (starting)  0.0.0.0:8082->80/tcp  mike-fb
    10. Access your new application
      http://<your-server-ip>:8082

Kubernetes

  1. Terminology ( Glossary )
    1. Container Runtime Interface ( CRI )
    2. Container ( application )
    3. Pod
    4. Namespace
    5. Kubernetes ( k8s )
    6. Manifest
    7. Deployment
    8. Helm chart
  2. K8s Components
    1. Control plane
    2. Worker nodes ( nodes )
    3. kubelet
    4. Cluster
    5. DaemonSet
    6. ReplicaSet
    7. Container Storage Interface ( CSI )
    8. Options of components: Kubernetes Lanscape
  3. Cluster management tools
    1. kubectl ( CLI )
    2. Lens ( Desktop app )
    3. k9s ( Terminal User Interface or TUI )
clubs/cloud_club/cloud_club_containers.txt · Last modified: by 127.0.0.1