ada mancini adamancini

## gist:970d7c08eb33d4b6f02197a642fd9475
==> create_wildcard_automated_challenge <==
#!/usr/bin/env bash

#   Note:
#   --server https://acme-v02.api.letsencrypt.org/directory
#   needed for v2 API for wildcard support

##  employs automated DNS challenge w/ google cloud dns -
##  you must configure a service account w/ google cloud and provide the DNS Administrator role
##  to support automatically setting TXT records

## docker-compose.yml
version: '3.3'
services:
  wordpress:
    image: wordpress
    restart: always
    ports:
     - 8080:79
    environment:
      WORDPRESS_DB_PASSWORD: dockertesting

## gist:b6fd0864e22093f1ad30c32aebb5edb6
#!/usr/bin/env bash

##  employs automated DNS challenge w/ google cloud dns -
##  you must configure a service account w/ google cloud and provide the DNS Administrator role
##  to support automatically setting TXT records


### renew all certs found in /etc/letsencrypt

docker run -it --rm \

## gist:6f157d54c627a3fc9f1f79204685c2dc
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: netshoot
  namespace: guestbook
  labels:
    k8s-app: netshoot
spec:
  selector:
    matchLabels:

## gist:b72642e941917db93128fdcaf0ba2abd
kind: Namespace
apiVersion: v1
metadata:
  name: guestbook
  labels:
    name: guestbook
---
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:

## gist:42c6d3efb586771934e069dcdb0ca133
 ↵ 1  annarchy  ~  nc -z
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
	  [-m minttl] [-O length] [-P proxy_username] [-p source_port]
	  [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
	  [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
	  [destination] [port]

## gist:f4f21ffdb851adce2aeb9965ce4cec80
[root@annarchy netns]# docker inspect lodestone | grep -i sandbox
            "SandboxID": "f26ee63e6db253f5de4ded7a60108a7282e9c3f432c7c0d701fceeb7f2350eef",
            "SandboxKey": "/var/run/docker/netns/f26ee63e6db2",


[root@annarchy netns]# nsenter --net=/var/run/docker/netns/f26ee63e6db2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

## gist:a35c9cdcf9aa6d9c53bb9f8d1d9472fb
 ✔  annarchy  ~/docker/src/support-tools/labs/buildargs   master ● ?  cat Dockerfile
FROM ubuntu
ENV FOO=baz
ARG BAR=fuzz
RUN env
CMD /usr/bin/env
 ✔  annarchy  ~/docker/src/support-tools/labs/buildargs   master ● ?  docker image history args
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
4b655f8a09bf        28 seconds ago      CMD ["/bin/sh" "-c" "/usr/bin/env"]             0B                  buildkit.dockerfile.v0
<missing>           28 seconds ago      RUN |1 BAR=fuzz /bin/sh -c env # buildkit       0B                  buildkit.dockerfile.v0

## gist:35e475250e8fe72eb783fbe0f168e37e
      MAYAN_DATABASES: \"{\'default\':{\'ENGINE\':\'django.db.backends.postgresql\',\'NAME\':\'${MAYAN_DATABASE_DB:-mayan}\',\'PASSWORD\':\'${MAYAN_DATABASE_PASSWORD:-mayandbpass}\',\'USER\':\'${MAYAN_DATABASE_USER:-mayan}\',\'HOST\':\'postgresql\'}}\"

## gist:f3056ae7549f11e239c562f1ca1abeeb
09:44 <@programmerq> AlexC_ as with any setup where you are sharing files from a host into a guest VM (virtualbox vmware docker-for-mac and others do this) you will take a performance hit for the files you do share. docker-for-mac is generally as performant or more performant than the virtualbox file sharing in my experience, but it is the worst about high counts of small files.
09:44 <@ada> AlexC_: was about to say ^
09:45 <@programmerq> the vagrant community dealt with similar problems with similar frameworks long before docker-for-mac existed, and a lot of the things you can do apply.
09:45 <@programmerq> basically, it boils down to only sharing the bare minimum of what needs to be shared. don't share the library dependencies-- put those in the docker image itself or in a named volume instead of on a bind mount that is shared from the host.
09:45 <@programmerq> any caches, named/anonymous volume instead of bind mount
09:45 <@programmerq> etc etc
09:45 <@ada> there are some options https://docs.docker.com/d
	==> create_wildcard_automated_challenge <==
	#!/usr/bin/env bash

	# Note:
	# --server https://acme-v02.api.letsencrypt.org/directory
	# needed for v2 API for wildcard support

	## employs automated DNS challenge w/ google cloud dns -
	## you must configure a service account w/ google cloud and provide the DNS Administrator role
	## to support automatically setting TXT records
	version: '3.3'
	services:
	wordpress:
	image: wordpress
	restart: always
	ports:
	- 8080:79
	environment:
	WORDPRESS_DB_PASSWORD: dockertesting
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: netshoot
	namespace: guestbook
	labels:
	k8s-app: netshoot
	spec:
	selector:
	matchLabels:
	kind: Namespace
	apiVersion: v1
	metadata:
	name: guestbook
	labels:
	name: guestbook
	---
	apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
	kind: Deployment
	metadata:
	↵ 1  annarchy  ~  nc -z
	usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
	[-m minttl] [-O length] [-P proxy_username] [-p source_port]
	[-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]
	[-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]
	[destination] [port]
	[root@annarchy netns]# docker inspect lodestone \| grep -i sandbox
	"SandboxID": "f26ee63e6db253f5de4ded7a60108a7282e9c3f432c7c0d701fceeb7f2350eef",
	"SandboxKey": "/var/run/docker/netns/f26ee63e6db2",


	[root@annarchy netns]# nsenter --net=/var/run/docker/netns/f26ee63e6db2 ip a
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
	valid_lft forever preferred_lft forever
	✔  annarchy  ~/docker/src/support-tools/labs/buildargs   master ● ?  cat Dockerfile
	FROM ubuntu
	ENV FOO=baz
	ARG BAR=fuzz
	RUN env
	CMD /usr/bin/env
	✔  annarchy  ~/docker/src/support-tools/labs/buildargs   master ● ?  docker image history args
	IMAGE CREATED CREATED BY SIZE COMMENT
	4b655f8a09bf 28 seconds ago CMD ["/bin/sh" "-c" "/usr/bin/env"] 0B buildkit.dockerfile.v0
	<missing> 28 seconds ago RUN \|1 BAR=fuzz /bin/sh -c env # buildkit 0B buildkit.dockerfile.v0
	09:44 <@programmerq> AlexC_ as with any setup where you are sharing files from a host into a guest VM (virtualbox vmware docker-for-mac and others do this) you will take a performance hit for the files you do share. docker-for-mac is generally as performant or more performant than the virtualbox file sharing in my experience, but it is the worst about high counts of small files.
	09:44 <@ada> AlexC_: was about to say ^
	09:45 <@programmerq> the vagrant community dealt with similar problems with similar frameworks long before docker-for-mac existed, and a lot of the things you can do apply.
	09:45 <@programmerq> basically, it boils down to only sharing the bare minimum of what needs to be shared. don't share the library dependencies-- put those in the docker image itself or in a named volume instead of on a bind mount that is shared from the host.
	09:45 <@programmerq> any caches, named/anonymous volume instead of bind mount
	09:45 <@programmerq> etc etc
	09:45 <@ada> there are some options https://docs.docker.com/d