billyto/CKAD-preparation.yml

## CKAD-preparation.yml
# Let's start with Docker

# Image is A filesytem + metadata + a command
# Dockerfile, requieres a base image ... use "docker build" command
# Images are stores in registries ie (Docker registry)
# pulling an image
docker image pull memcached
# Sequence for creating an image:
# Base image -> Derived Container -> New Image
# choice of image is important

# Creating a container and retrievin its ID
docker container run alpine apk add --no-cache python
docker container ls -l --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}'

# alpine tiny linux distro (4mb)

#inspecting changes:
docker container diff acd451f0ef03 |less

# To create the image commit the container to an image
docker container commit -m "added python" acd451f0ef03 my-image:1.0
docker image ls --format 'table {{.Repository}}\t{{.TAG}}\t{{.ID}}\t{{.Size}}' my-image:1.0

#a docker image is just a json object (Layers by a hash!)
#layers have an order and are read only, they are assmbled as a union creating a file system with the image layer on top (RW).
# all the changes on the layers go to the image layer via "copy on write"
# a new image will have all the layers of the base image, having the RW layer as the last image layer of the new image

# IMAGE SIZE MATTERS
# less resources, faster startup times, less resource consumption.
# Image size has a direct bearing on push and pull times in workflows

# Flattering an image
# A container's filesystem can be dumped into a tar:
docker container export -o lighttpd-1.1.tar $(docker container ls -lq)
# if we check the archive for w-get, there isn't any
tar -xvf lighttpd-1.1.tar | grep wget
# then can be imported as a single layer image ( w/o the redundant part)
docker image import lighttpd-1.1.tar lighttpd:1.1

# How the image was built?
docker image history lighttpd:1.0 | trunc

# BUILDING DOCKER IMAGES
# Base image specified in the Dockerfile
docker image build -t my_image .
# . is the build context
# each step uses the output intermediate image of the previous step
# intermediate images are kept to speed up future builds.

# Docker deamon vs Docker client (local files, http GET tar. or git repo)
# .dockerignore what should be excluded from the archive being sent to the deamon

# default name is "Dockerfile" at the root of the build context.
# Instructions are executed in containers in order to create:
# Filesystem content or add active/passive metadata

docker image build --build-arg USER=aws -t awscli:1.0 .
docker image build -t awscli:1.1 .

# depending the order of instructions, buidl time can be optomized, lets remove prior images
docker image rm awscli:1.0 awscli:1.1

# AUTHORING DOCKER IMAGES

# FROM Instruction  (specify base image)
# must be the first instruction
# 'scratch' means build no base image to start.
FROM <repository>[<:tag>]  #default is 'latest'
FROM <repository>[<@digest>]  #digest fo the image manifest
docker image inspect --format '{{.RepoDigests}}' ubuntu

# ENV Instruction (for both the build and the runtime)
# varibale and value persist into a derived container
# multiple varaibles can be defines with a single ENV or one ENV for each.
ENV <variable> <value>
ENV <variable> <value>
# or
ENV <variable=value> \
    <variable=value>

#ARG Instruction (vars that change from build to build)
#passsed by the comamnd line
ARG <variable[=default value]> # --build-arg
# it doesnt persist on the derived container
# altered build args break build cache at point consumed, not when declared
# Variables defined with ENV, override variables defined with ARG, thus build argument can be passed on to derived containers

ARG VERSION
...
ENV VERSION=${VERSION:-3.5.1}

#RUN Instruction (install, builds, clones, etc)
RUN <command parameter ...>  #shell form
RUN <["executable", "parameter", ...]>  #when no shell in the image
#build cache breaks only if instruction alters
# Best Practice: ie
#each RUN creates a layer
RUN apt-get update
RUN apt-get install -y wget
RUN rm- rf /var/lib/apt/lists/*
# but this creates a single layer:
RUN apt-get update && \
    apt-get install -y wget && \
    rm- rf /var/lib/apt/lists/*

# COPY Instruction (forget about ADD)
COPY <src> ... <dst>
COPY ["<src>" ... "<dst>"]
# copy artifacts to the image, globbina characters are allowed
COPY foo /bar         # File or dir called 'foo' copied as /bar
COPY foo /bar/        # File called 'foo' copied as /bar/foo, directory 'foo' copied as /bar
COPY path/foo /bar    # File or dir called 'foo' copied as /bar
COPY path/tmp* /bar/  # All files or dirs located at path, copied to a directory /bar
COPY foo bar          # File or directory called 'foo' copied as bar, lcoated relative to the previous WORKDIR instruction.

# Execution

# CMD Instruction (define a default command or default paramentes to ENTRYPOINT)
CMD <command parameter ...> or <parameter parameter ...>
CMD ["<command>", "<parameter>", ...]  #exec form (preferred) and used for defaul parameters.
# command line arguments override CMD

# ENTRYPOINT Instruction (used to define an executable)
ENTRYPOINT <executable parameter ...>   #shell uses linux signals, child process to the shell
ENTRYPOINT ["<executable>", "<parameter>", ...] #preferred, intented process, bypasses the shell pip 1.
# commad line arguments are appended

# (to run a container)
docker image build -t demo .
docker container run demo

# HEALTHCHECK Instruction  (Test container health)
HEALTHCHECK [options] CMD <command>
HEALTCHECK NONE
# 0 is healthy, 1 is unhealthy
# runs periodically
# --interval N  30 secs is default
# --timeout and --retries (3 times default)
# Health status is available via docker cli, when a health check fails, and event is raised.
HEALTHCHECK --interval=3s CMD --fail -m 2 http://localhost:80/ || exit 1
#to check
docker system events --since 30m --filter event=health_status

# Deferring instruction execution
# Authoring base in another base image... but some instructions needs to be used in a specific context (later)

# ONBUILD Instruction (provides a means to impose method on image use, defers execution of instruction)
ONBUILD <instruction>
	# Let's start with Docker

	# Image is A filesytem + metadata + a command
	# Dockerfile, requieres a base image ... use "docker build" command
	# Images are stores in registries ie (Docker registry)
	# pulling an image
	docker image pull memcached
	# Sequence for creating an image:
	# Base image -> Derived Container -> New Image
	# choice of image is important

	# Creating a container and retrievin its ID
	docker container run alpine apk add --no-cache python
	docker container ls -l --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}'

	# alpine tiny linux distro (4mb)

	#inspecting changes:
	docker container diff acd451f0ef03 \|less

	# To create the image commit the container to an image
	docker container commit -m "added python" acd451f0ef03 my-image:1.0
	docker image ls --format 'table {{.Repository}}\t{{.TAG}}\t{{.ID}}\t{{.Size}}' my-image:1.0

	#a docker image is just a json object (Layers by a hash!)
	#layers have an order and are read only, they are assmbled as a union creating a file system with the image layer on top (RW).
	# all the changes on the layers go to the image layer via "copy on write"
	# a new image will have all the layers of the base image, having the RW layer as the last image layer of the new image

	# IMAGE SIZE MATTERS
	# less resources, faster startup times, less resource consumption.
	# Image size has a direct bearing on push and pull times in workflows

	# Flattering an image
	# A container's filesystem can be dumped into a tar:
	docker container export -o lighttpd-1.1.tar $(docker container ls -lq)
	# if we check the archive for w-get, there isn't any
	tar -xvf lighttpd-1.1.tar \| grep wget
	# then can be imported as a single layer image ( w/o the redundant part)
	docker image import lighttpd-1.1.tar lighttpd:1.1

	# How the image was built?
	docker image history lighttpd:1.0 \| trunc

	# BUILDING DOCKER IMAGES
	# Base image specified in the Dockerfile
	docker image build -t my_image .
	# . is the build context
	# each step uses the output intermediate image of the previous step
	# intermediate images are kept to speed up future builds.

	# Docker deamon vs Docker client (local files, http GET tar. or git repo)
	# .dockerignore what should be excluded from the archive being sent to the deamon

	# default name is "Dockerfile" at the root of the build context.
	# Instructions are executed in containers in order to create:
	# Filesystem content or add active/passive metadata

	docker image build --build-arg USER=aws -t awscli:1.0 .
	docker image build -t awscli:1.1 .

	# depending the order of instructions, buidl time can be optomized, lets remove prior images
	docker image rm awscli:1.0 awscli:1.1

	# AUTHORING DOCKER IMAGES

	# FROM Instruction (specify base image)
	# must be the first instruction
	# 'scratch' means build no base image to start.
	FROM <repository>[<:tag>] #default is 'latest'
	FROM <repository>[<@digest>] #digest fo the image manifest
	docker image inspect --format '{{.RepoDigests}}' ubuntu

	# ENV Instruction (for both the build and the runtime)
	# varibale and value persist into a derived container
	# multiple varaibles can be defines with a single ENV or one ENV for each.
	ENV <variable> <value>
	ENV <variable> <value>
	# or
	ENV <variable=value> \
	<variable=value>

	#ARG Instruction (vars that change from build to build)
	#passsed by the comamnd line
	ARG <variable[=default value]> # --build-arg
	# it doesnt persist on the derived container
	# altered build args break build cache at point consumed, not when declared
	# Variables defined with ENV, override variables defined with ARG, thus build argument can be passed on to derived containers

	ARG VERSION
	...
	ENV VERSION=${VERSION:-3.5.1}

	#RUN Instruction (install, builds, clones, etc)
	RUN <command parameter ...> #shell form
	RUN <["executable", "parameter", ...]> #when no shell in the image
	#build cache breaks only if instruction alters
	# Best Practice: ie
	#each RUN creates a layer
	RUN apt-get update
	RUN apt-get install -y wget
	RUN rm- rf /var/lib/apt/lists/*
	# but this creates a single layer:
	RUN apt-get update && \
	apt-get install -y wget && \
	rm- rf /var/lib/apt/lists/*

	# COPY Instruction (forget about ADD)
	COPY <src> ... <dst>
	COPY ["<src>" ... "<dst>"]
	# copy artifacts to the image, globbina characters are allowed
	COPY foo /bar # File or dir called 'foo' copied as /bar
	COPY foo /bar/ # File called 'foo' copied as /bar/foo, directory 'foo' copied as /bar
	COPY path/foo /bar # File or dir called 'foo' copied as /bar
	COPY path/tmp* /bar/ # All files or dirs located at path, copied to a directory /bar
	COPY foo bar # File or directory called 'foo' copied as bar, lcoated relative to the previous WORKDIR instruction.

	# Execution

	# CMD Instruction (define a default command or default paramentes to ENTRYPOINT)
	CMD <command parameter ...> or <parameter parameter ...>
	CMD ["<command>", "<parameter>", ...] #exec form (preferred) and used for defaul parameters.
	# command line arguments override CMD

	# ENTRYPOINT Instruction (used to define an executable)
	ENTRYPOINT <executable parameter ...> #shell uses linux signals, child process to the shell
	ENTRYPOINT ["<executable>", "<parameter>", ...] #preferred, intented process, bypasses the shell pip 1.
	# commad line arguments are appended

	# (to run a container)
	docker image build -t demo .
	docker container run demo

	# HEALTHCHECK Instruction (Test container health)
	HEALTHCHECK [options] CMD <command>
	HEALTCHECK NONE
	# 0 is healthy, 1 is unhealthy
	# runs periodically
	# --interval N 30 secs is default
	# --timeout and --retries (3 times default)
	# Health status is available via docker cli, when a health check fails, and event is raised.
	HEALTHCHECK --interval=3s CMD --fail -m 2 http://localhost:80/ \|\| exit 1
	#to check
	docker system events --since 30m --filter event=health_status

	# Deferring instruction execution
	# Authoring base in another base image... but some instructions needs to be used in a specific context (later)

	# ONBUILD Instruction (provides a means to impose method on image use, defers execution of instruction)
	ONBUILD <instruction>