# Understanding Containerization
### Docker Containers: Fundamentals, Security, and Hands-On Labs

## Prerequisites:

- Basic understanding of command-line interfaces (Linux/bash or Windows PowerShell preferred)
- Basic familiarity with virtualization concepts (desirable)

## Software:

- Docker Desktop installed (or another compatible Docker environment)

## Agenda

1. Introduction & Core Concepts
    - Lab 1: Basic Container Operations
3. Building Images and Dockerfiles
    - Lab 2: Creating a Dockerfile 
    - Lab 3: Docker Compose for Multi-Container App
4. Docker Security 
    - Image Security
    - Container Runtime Security
    - Demo: Compromise Emulation
5. Networking and Storage
    - Port Mapping
    - Docker Volumes
    - Lab 4: Communicating Containers
6. Conclusions and what's next






## Lab 1 - Basic Container Operations
###  See Docker CLI cheat sheet here: https://docs.docker.com/get-started/docker_cheatsheet.pdf

1. Pulling an Image

    -  Open a terminal or command prompt.

    -  Run the command: `docker pull nginx`

2. Running a Container

    - Run the command: `docker run -d -p 80:80 nginx`

    - **Explanation:** 

        - `-d` runs the container in detached mode (background)

        - `-p` 80:80 maps port 80 of the container to port 80 on your host machine.

        - The official Docker ngnix image can be found here: https://hub.docker.com/_/nginx 

3. Verifying the Container

    -   Open a web browser and go to `http://localhost`. You should see the Nginx welcome page.

    -   In your terminal, type: `docker ps` to list running containers.

4. Stopping and Removing

    - Get the container ID from `docker ps`.

    - Stop the container: docker stop <container_id>
    
    - Remove the container: docker rm <container_id>

    - Bonus command-line tricks for cleaning up unused containers and freeing up disk space:

        - `docker ps -a -q`: This command lists all containers, including stopped ones (-a flag), and extracts only their container IDs (-q flag). It provides a list of container IDs that have exited or are currently stopped.
        
        - `docker stop $(docker ps -a -q)`: Stops all running containers
        
        - `docker rm $(docker ps -a -q)`: Removes all containers

## Lab 2 - Building a Custom Docker Image for a Web App

1. Create a Working Directory

    - Open your terminal or command prompt.

    - Create a new directory for this exercise (e.g., docker-training): `mkdir docker-training`

    - Change into that directory: `cd docker-training`


2. Create a Simple Web Application:

    - Inside the docker-training directory, create an index.html file with some basic content (e.g., “Hello, Docker!”).
    
        `echo "Hello, Docker" > index.html`
        

3. Create a Dockerfile

    - Create a Dockerfile (case-sensitive) in the same directory using a text editor or code editor.

        `touch Dockerfile`

    - Specify a non-root user (e.g., appuser) to run the container:

        ```
        # Dockerfile
        FROM nginx
        COPY index.html /usr/share/nginx/html
        ```
<br>

4. Build the Custom Image

    - Build the Docker image using the Dockerfile: `docker build -t my-web-app .` (Don't forget the period at the end).

    - **Explanation**:

        - `-t my-web-app`: The -t option stands for "tag". This part of the command tags the resulting image with a name and optionally a tag in the 'name:tag' format. If you don't specify a tag, Docker will assign the latest tag by default. Here, my-web-app is the name you're giving to the Docker image. This makes it easier to reference the image later, for example, when you want to run a container based on this image.

        - `.`: This specifies the context for the build. In Docker, the build context is the set of files located in the specified PATH or URL. The Docker build process can use any files in the context to build the image. In this case, . means the current directory you're in when you run the command. Docker will look for a Dockerfile in this directory to build the image. If your Dockerfile is named differently or located elsewhere, you would need to use the -f option to specify the path to the Dockerfile.


5. Run the Container

    - Start a container from the custom image: `docker run -d -p 8080:80 my-web-app`

    - Open a web browser and go to `http://localhost:8080`

    <br>

6. Verify User is Running As

    - Check that the container is running as the non-root user: `docker exec -it <container_id> whoami`

    - **Explanation**:

        - `docker exec`: This is the main command that tells Docker to execute a specific command inside a running container.
        
        - `it`: This option is a combination of -i and -t flags:
        
            - `i` (or --interactive) keeps STDIN open even if not attached. This allows you to interact with the command if necessary.

            - `t` (or --tty) allocates a pseudo-TTY, which means it simulates a terminal, similar to what you would get if you were to log into a session on the container. This is useful for commands that require a terminal to operate properly, like shell sessions.

        - `whoami`: This is the command to be executed inside the container. whoami is a UNIX command that displays the username of the current user. When run in the context of this Docker command, it will display the username of the user inside the container, not the host machine.



## Lab 3 - Docker Compose for Multi-Container App

1. Create a Docker Compose File

    - In the same docker-training directory, create a docker-compose.yml file:

    ```
    version: '3'
    services:
        web:
            image: nginx:alpine
            ports:
                - "8080:80"
        db:
            image: postgres:latest
            environment:
                POSTGRES_USER: myuser
                POSTGRES_PASSWORD: mypassword
    ```

2. 
    