- default user is
manager\containeradministrator - mounted volumes require a Modify permission given to Authenticated Users, otherwise move operations (user by nuget restore for example) fail. TODO: why normal write operation work even without that??
- mixing
<PackageReference>withpackages.configdoesn't work: they seem to be mutually exclusive.
- Identity pools: map user from existing idp to IAM roles -> ideal for user needing access to aws resources
- User pools: classic user directory, NO IAM mapping -> ideal for generic user authentication and authorization
- User pools can be idp for Identity pools
- User pools can autenticate against external idp such as google and fb
- https://thenewstack.io/understanding-aws-cognito-user-and-identity-pools-for-serverless-apps/
- git add --chmod=+x -- afile
- https://stackoverflow.com/a/38285462
- develop is the main branch
- use feature branches and pull requests
- don't be afraid to commit on develop sometimes
- master points to latest released version
- releases are made with
git tag -a vX.Y.Z -m '' && git push --tags - use semver
- use git-semver
- use tools like setuptools_scm, gitchangelog to avoid the need of release branches
- release automatically on tags
- CI builds only develop, feature branches and tags
Rename files:
-> use rename tool
for f in *.cbz; do mv "$f" "$(echo "$f"|sed -r 's/Donald Duck - (.*) - (.*).cbz/Donald Duck - \1-\2.cbz/')"; done
Find false cbr:
file *.cbr|grep Zip|cut -d: -f1
Rename to cbz:
file *.cbr|grep Zip|cut -d: -f1|xargs -n 6 -I {} rename 's/(.*).cbr/$1.cbz/' "{}"
Extract images from pdf:
pdfimages
- CopyOnWrite images are not for performance or big files. Always use volumes, avoid using the "writeable" default top layer.
- don't assume embedding all dependencies in application layer image is always the best: consider mapping volumes.
- never use "export running container" as image feature: no env variables, squash layers, lost reproducibility.
- docker history: show single layers forming final images (with size)
- ENV on bottom, to maximize build cache usage
- multistage builds
- volumes
- managed: docker manages it inside its workspace
- bind: mount existing directory
- image level (VOLUME): automatically creates a managed volume on the mount point -> never cleaned up! Attention!
- storageos.com to replicate volumes between hosts
- mount from other containers, isolated by seccomp
- docker inspect, GraphDriver: actual data on layers mount point
- portainer.io
- docker will die: https://cri-o.io/ (swarm already has, docker-compose?)
Network
- bridge as default (docker0)
- no service discovery not working on docker0 (no dns, reuse host resolv.conf)
- veth* nic for each container
- host: share host namespace, to be used only for special protocols (streaming) using a high port range (10000-20000)
- networking (k8s like) container: (talk only on localhost)
- additional docker network created networks (bridge different from docker0) spin up a dns on 172.0.0.11, where attached containers are registered by name
- docker network connect: connect to network at runtime
- EXPOSE is only used to automatically create iptable on random ports with -P flag, useless in k8s
SWARM
- on single host, prefer swarm
- raft algorithm
- new networks: ingress (overlay) for internal nodes communications, docker_gwbridge for external communication
- kubernetes.io -> docs human readable
- https://skaffold.dev/
- three (plus one) things to version
- application code
- deployment descriptors
- configuration + secrets (different lifecycle)
- always set resource request+limits
- Enable globally: will create administration roles in each account of organization
- Create users/groups and assign accounts/permission sets
- Setup
AWS_DEFAULT_SSO_START_URLandAWS_DEFAULT_SSO_REGIONfor use withaws-sso-util - Use https://github.com/benkehoe/aws-sso-util to populate all profiles automatically
$ aws-sso-util login
$ aws-sso-util configure populate --region us-east-1 --separator - --trim-role-name Access
- Use the various accounts with
--profileor similar AWS SDK supported mechanism