Application Containerization - HackMD

<style> .reveal .slides { text-align: left; } .reveal .slides pre { width: 100%; } .reveal .slides img { background-color: #FFFFFF; } .reveal .slides .miku-smaller { font-size: 0.85em; } .reveal .slides .miku-center { text-align: center; } </style> <div class="miku-center"> # Application<br>Containerization </div> <br> <div style="text-align: right"> ##### Mikucat ![](https://media.discordapp.net/attachments/692950392169955348/699631908388208740/CC0_button.png =100x) </div> --- ## WHY? - CTFd (學術部出題) - Ops (網管部維運) - ~~找雲端相關工作~~ --- ### Benefits - Consistent - Portability - Agility --- ### Container? ![](https://i.imgur.com/7guaQAF.jpg =63%x) --- ### Container ![](https://www.docker.com/wp-content/uploads/2021/11/container-what-is-container.png =54%x) --- ### Containerfile vs Image vs Container ![](https://i.imgur.com/TSRSZsu.png =70%x) --- ### Containerfile 建置 image 的一種腳本 ---- ### `FROM` ![](https://i.imgur.com/GoHytZX.png) ---- ### `COPY` ![](https://i.imgur.com/vFCT6dD.png) ---- ### `RUN` ![](https://i.imgur.com/LAlXmgu.png) ---- ### `CMD` 設定容器啟動時執行的指令/可執行檔 ### `WORKDIR` 設定建置時在 image 裡的當前目錄 ---- ### More Dockerfile Syntaxs [https://docs.docker.com/engine/reference/builder/](https://docs.docker.com/engine/reference/builder/) ![](https://i.kym-cdn.com/photos/images/original/000/017/668/Mao_RTFM_vectorize_by_cmenghi.png =50%x) --- ### Docker CLI Introduction [12/14 黑客社程式線社課](https://hackmd.io/@mikucat0309/hackersir-docker) --- ### 建立映像檔 `-t` 參數為 image 加上標籤，方便辨識與使用 tag 格式 `user/name:version` ```bash docker build -t joinclub:2021 . ``` --- ### 運行 ```bash docker run --name joinclub \ -d -p 8000:8000 joinclub:2021 ``` --- ### Best Practice - Merge operation modify same files - Stateless - Flexbility - Multi-Stage build - Remove redundant tools ---- ### Merge operation modify same files Docker/OCI image 是由多層==檔案變動紀錄==所構成 Containerfile 每一行指令都會形成一層 ![](https://docs.docker.com/storage/storagedriver/images/overlay_constructs.jpg =60%x) ---- ### Stateless 設定、狀態藉由環境變數傳入或掛載等方式來維持 ---- ### Flexbility image 保持彈性可以包容未來的變動 --- ![](https://i.imgur.com/k9VfrkS.jpg =70%x) --- ### Example ![](https://i.imgur.com/6HLxWy9.jpg =60%x) ---- ## Example 1 ```dockerfile= [1-3|5-7] RUN curl -fsSLO https://example.com/linux.zip RUN unzip linux.zip RUN rm linux.zip RUN curl -fsSLO https://example.com/linux.zip \ && unzip linux.zip \ && rm linux.zip ``` ---- ### Example 2 ```dockerfile= [|3] FROM debian:bullseye RUN apt update && apt install -y openssh-server RUN echo 'root:my_password' | chpasswd RUN systemctl enable ssh RUN mkdir /var/run/sshd RUN sed -i 's/#PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config RUN sed -i 's|session\s*required\s*pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] ``` ---- ### Example 3 ```dockerfile= [|3] FROM debian:bullseye COPY npc /usr/bin/npc CMD ["/usr/bin/npc", "-server=1.2.3.4:5678", "-vkey=123456"] ``` ---- ### Example 4 <div class="miku-smaller"> ```dockerfile= [|1-10|12-15] FROM --platform=$BUILDPLATFORM alpine:3.15 AS builder ARG VERSION WORKDIR / RUN set -ex \ && wget -qO geosite.dat "https://github.com/v2fly/domain-list-community/releases/latest/download/dlc.dat" \ && wget -qO geoip.dat "https://github.com/v2fly/geoip/releases/latest/download/geoip.dat" RUN set -ex \ && wget -qO xray.zip "https://github.com/XTLS/Xray-core/releases/download/v${VERSION}/Xray-linux-64.zip" \ && unzip xray.zip xray \ && echo '{}' > config.json FROM scratch COPY --from=builder geosite.dat geoip.dat xray config.json / EXPOSE 443 CMD [ "/xray","-config","/config.json" ] ``` </div> --- ### Demo 以黑客社社員管理系統為例 [Dockerfile](https://github.com/mikucat0309/JoinClub-2021/blob/master/Dockerfile) --- ### Other Build Tools - Docker buildkit - buildah - kaniko --- ### Conclusion ![](https://i.imgur.com/gukCRWK.png =80%x) --- ### 感謝聆聽聯絡方式 - Telegram: mikucat0309 - Mail: admin@mikuc.at