# Docker and Kubernetes
> - This notebook describes the process of using a production-style development workflow to build, test and deploy Docker applications with Kubernetes, a set of notes from https://www.udemy.com/docker-and-kubernetes-the-complete-guide/.
- Author: Brant Yukan, b.rant@ucla.edu
- Date: 9/13/19

## Goal: Use Docker to easily install and run software without troubleshooting setup  or dependencies.
- e.g. docker run -it redis
- An image is a file with all the dependencies and configurations required to run a program.  Containers are instances of an image.

### install on mac

In [5]:
!brew cask install docker


To re-install docker, run:
  [32mbrew cask reinstall docker[39m


In [8]:
!docker version

Client: Docker Engine - Community
 Version:           19.03.2
 API version:       1.40
 Go version:        go1.12.8
 Git commit:        6a30dfc
 Built:             Thu Aug 29 05:26:49 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.2
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.8
  Git commit:       6a30dfc
  Built:            Thu Aug 29 05:32:21 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683


### using docker

In [11]:
# start up new container using image with name hello-world
# first time, daemon pulls image from docker hub, after that it's saved in image cache
!docker run hello-world


Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/



- A container is a set of processes that have a groupig of resources specifically assigned to it.
- An image is a filesystem snapshot and startup command.
- When you create an image, your Linux kernel creates a control gorup, isolates a portion of the hard drive, RAM, CPU, and network to a container.  The filesystem snapshot gets placed in that subsection of the hard drive.  The startup command uses namespacing and runs on the isolated set of resources.

### docker CLI

In [17]:
# default command overrride
!docker run busybox echo hi there

hi there


In [19]:
# folders inside the container
!docker run busybox ls

bin
dev
etc
home
proc
root
sys
tmp
usr
var


In [21]:
# ls and echo don't exist inside the hello-world filesystem.
!docker run hello-world echo hi there

docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "exec: \"echo\": executable file not found in $PATH": unknown.
[31mERRO[0m[0001] error waiting for container: context canceled 


In [24]:
# linux systems used to store passwords in here, but now it's in shadow which is hidden.
!docker run busybox cat /etc/passwd
# !docker run busybox cat /etc/shadow

root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/false
bin:x:2:2:bin:/bin:/bin/false
sys:x:3:3:sys:/dev:/bin/false
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/false
www-data:x:33:33:www-data:/var/www:/bin/false
operator:x:37:37:Operator:/var:/bin/false
nobody:x:65534:65534:nobody:/home:/bin/false


In [3]:
# lists all running containers running on machine
# !docker run busybox ping google.com
!docker ps
!docker ps --all  # all containers that we've ever started up on the machine

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


- docker run creates and starts an image

In [21]:
!docker create hello-world
# !docker create busybox echo hi there

758d268415b3d06b98486971a18851856b2a7d51d8a69f55a12b67b43022fb02


In [22]:
# -a attaches to the the container, and prints out output
!docker start -a 758d268415b3d06b98486971a18851856b2a7d51d8a69f55a12b67b43022fb02


Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/



- start a container again that has exited

In [11]:
!docker ps --all

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
de35e291bbf4        hello-world         "/hello"            3 minutes ago       Exited (0) 2 minutes ago                        frosty_raman
db6aa915f408        busybox             "ping google.com"   10 minutes ago      Exited (0) 10 minutes ago                       vigorous_tharp
55d90a513220        busybox             "cat /etc/passwd"   18 hours ago        Exited (0) 18 hours ago                         cranky_dirac
fd72095fd08d        busybox             "cat /etc/shadow"   18 hours ago        Exited (0) 18 hours ago                         brave_galileo
e4e789077ee7        busybox             "cat /etc/passwd"   18 hours ago        Exited (0) 18 hours ago                         nice_solomon
9ff64b236e53        hello-world         "echo hi there"     18 hours ago        Created                                         infallible_antonelli
45

In [14]:
!docker start -a 68e42d6ce2ea
# can't replace default command of a container that's already been created

hi there


In [26]:
!docker create busybox echo hi there

340349d7bb40cf1f97029babc21ab86328eff7d6bafea33c2684477661262a0c


In [28]:
!docker start 340349d7bb40cf1f97029babc21ab86328eff7d6bafea33c2684477661262a0c

340349d7bb40cf1f97029babc21ab86328eff7d6bafea33c2684477661262a0c


In [30]:
# docker logs does not re-run.  It gets a record of all the logs that have been emitted from that container.
!docker logs 340349d7bb40cf1f97029babc21ab86328eff7d6bafea33c2684477661262a0c

hi there


#### stop running container, ^C or stop/kill
- stop sends a SIGTERM hardware signal message to stop at its own time; docker automatically kills after 10 seconds
- kill issues a SIGKILL, shut down right now

In [22]:
!docker create busybox ping google.com

d6904dc52d0d3c039401cfb9a63cdfec70dd8ab4af60f8995aff1091114e041d


In [23]:
!docker start d6904dc52d0d3c039401cfb9a63cdfec70dd8ab4af60f8995aff1091114e041d
!docker logs d6904dc52d0d3c039401cfb9a63cdfec70dd8ab4af60f8995aff1091114e041d

d6904dc52d0d3c039401cfb9a63cdfec70dd8ab4af60f8995aff1091114e041d
PING google.com (172.217.6.78): 56 data bytes
64 bytes from 172.217.6.78: seq=0 ttl=37 time=5.438 ms


In [47]:
!docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
f7769ba90a0a        busybox             "ping google.com"   5 minutes ago       Up 3 minutes                            eloquent_boyd


In [48]:
!docker stop f7769ba90a0a

f7769ba90a0a


In [50]:
!docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


In [51]:
# !docker kill f7769ba90a0a

Error response from daemon: Cannot kill container: f7769ba90a0a: Container f7769ba90a0a605cc53ed8313b6c2f79e401eeb796ed3e3984d32f5fcd64035b is not running


- redis is an in-memory data store commonly used with web applications

In iTerm2, run:
```console
docker run redis
```

In [58]:
# you have to execute commands inside the container
!redis-cli

/bin/sh: redis-cli: command not found


In [60]:
!docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
b8219f9e6d4c        redis               "docker-entrypoint.s…"   8 minutes ago       Up 8 minutes        6379/tcp            amazing_northcutt


-it allows us to provide input to the container, -i means attach terminal to STDIN of the container's command ; -t lets the output show up pretty
***
**docker exec -it b8219f9e6d4c redis-cli**  
**set myvalue 5**  
**get myvalue**

### how to open up shell in context of your running container

In [62]:
!docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
b8219f9e6d4c        redis               "docker-entrypoint.s…"   22 minutes ago      Up 22 minutes       6379/tcp            amazing_northcutt


Get full terminal access to the container, get out with ^D
sh is a command processor to open a shell.  Others are bash, powershell, zsh, sh.  Most containers have sh, some have bash.


**docker exec -it b8219f9e6d4c sh**

##### Container Isolation
- containers don't share their file system
- You have to specifically form a connection between two containers.

# Creating Docker Images
- The process is to specify a base image, run commands to install additional programs, then provde a command to run on startup.
- create a dockerfile, plaintext with lines of configuration about programs it contains and what it does when it starts up
- client passes the file to a server, which builds a usable image
    1. specify a base image
    2. run commands to install additional programs
    3. specify a command to run on container startup

# create an image that runs redis-server
mkdir redis-image
cd redis-image
code .

- make a file named Dockerfile:

Dockerfile contents:
- Use an existing docker image as a base
- alpine comes with a preinstalled set of programs that are useful, such as apk package manager
```Dockerfile
FROM alpine
```

- Download and install a dependency
- executes command while preparing custom image
- apk is the Apache package manager.
```Dockerfile
RUN apk add --update redis
```
- Tell the image what to do when it starts as a container
- what should be ran when image is used to start a new container
```Dockerfile
CMD ["redis-server"]
```

- build uses the Dockerfile to generate an image. '.' is the build context, which are the files and folders in our project
- The build process creates a temporary intermediate container and takes a snapshot of its filesystem and its default command.
- At each instrution step, we create a new container from the previous step, execute a command or change its file system, and take a snapshot of its filesystem and save it as an ouptut for next instruction along the chain.  The image from the last step is the final one.

```console
cd redis-image

docker build .

Successfully built 74873fee6d3c

docker run 74873fee6d3c
```
... Ready to accept connections

- Docker build uses an image that's already cached in your machine if the command is the same and has been done before.
- But the sequence of commands has to be the same.  Docker build uses the cache only up until any saved sequence or subsequence.
- If you add a line to change the Dockerfile, try to add it at the bottom.

# Tagging an Image

In [2]:
!docker build -t byukan/redis:latest redis-image

Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM alpine
 ---> 961769676411
Step 2/4 : RUN apk add --update gcc
 ---> Running in 3118057c32d8
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/10) Installing binutils (2.32-r0)
(2/10) Installing gmp (6.1.2-r1)
(3/10) Installing isl (0.18-r0)
(4/10) Installing libgomp (8.3.0-r0)
(5/10) Installing libatomic (8.3.0-r0)
(6/10) Installing libgcc (8.3.0-r0)
(7/10) Installing mpfr3 (3.1.5-r1)
(8/10) Installing mpc1 (1.1.0-r0)
(9/10) Installing libstdc++ (8.3.0-r0)
(10/10) Installing gcc (8.3.0-r0)
Executing busybox-1.30.1-r2.trigger
OK: 92 MiB in 24 packages
Removing intermediate container 3118057c32d8
 ---> d55abcf1f349
Step 3/4 : RUN apk add --update redis
 ---> Running in 1c9e138529d2
(1/1) Installing redis (5.0.5-r0)
Executing redis-5.0.5-r0.pre-install
Executing redis-5.0.5-r0.post-install
Executing busybox-1.30.1-r

In [3]:
!docker run byukan/redis

1:C 23 Sep 2019 00:37:27.760 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 23 Sep 2019 00:37:27.760 # Redis version=5.0.5, bits=64, commit=47edd290, modified=0, pid=1, just started
1:M 23 Sep 2019 00:37:27.762 * Running mode=standalone, port=6379.
1:M 23 Sep 2019 00:37:27.762 # Server initialized
1:M 23 Sep 2019 00:37:27.762 * Ready to accept connections
^C
1:signal-handler (1569199550) Received SIGINT scheduling shutdown...
1:M 23 Sep 2019 00:45:50.966 # User requested shutdown...
1:M 23 Sep 2019 00:45:50.966 * Saving the final RDB snapshot before exiting.
1:M 23 Sep 2019 00:45:50.974 * DB saved on disk
1:M 23 Sep 2019 00:45:50.974 # Redis is now ready to exit, bye bye...


# Generate Image from Container
- without Dockerfile
- Generally, you'll want to use the Dockerfile because it's easier to rerun.

- docker run -it alpine sh
> - apk add --update redis
- get id of running container:
- docker ps
- docker commit -c 'CMD ["redis-server"]' 891302133f1d

- Then, 
- docker run 811bcd5935af581
- stats up a new container out of the image we just created

# Create Node JS web app and wrap it in a Docker container
- create Node JS web app
- create a Dockerfile
- Build image from dockerfile
- run image as a container
- connect to web app from a browser

```console
cd redis-image
mkdir simpleweb
cd simpleweb
code .
```

- install dependencies
- npm install
- start server, this command runs on container startup
- npm start

## Add files inside a container
- copying build files
- first argument is copy from path on your machine realative to build context, meaning what is specified in the __docker build .__ command.
- second argument is place to copy stuff to inside the container
```Dockerfile
COPY ./ ./
```

copy put files into the root directory of the container.  
The build process we used is not best practice because if we have any files or folers that conflict with the default folder   system, then we'd overwrite files or folders inside the container.  
ls shows files that were created by npm  
- Copy into a nested directory instead.  e.g.:
```Dockerfile
WORKDIR /usr/app
```
- Any following command will be executed relative to this path.
- Then, Copy won't copy into the root directory, it will copy into the workdir instead.


```Dockerfile
# Specify a base image
FROM node:alpine

WORKDIR /usr/app

# Install some dependencies
COPY ./ ./
RUN npm install

# Default command
CMD ["npm", "start"]
```


- We dont't have to rerun all the steps of reinstalling dependencies after copy if you modify some files.

```Dockerfile
# Specify a base image
FROM node:alpine

WORKDIR /usr/app

# Install some dependencies
# With this build process, if you make changes to index.js, you won't have to reinstall all the dependencies again.
# You won't invalidate the cache for parts taht are working.
# Split the copy operation out into 2 different steps
# npm install only cares about the package.json file
COPY ./package.json ./
RUN npm install 
COPY ./ ./

# Default command
CMD ["npm", "start"]
```

in codechef-NLP/redis-image/simpleweb:
```console
docker build -t byukan/simpleweb .
docker run byukan/simpleweb
```

```console
BYUKAN-M-H10C:simpleweb byukan$ docker run byukan/simpleweb

> @ start /
> node index.js

Listening on port 8080
```

## Container Port Mapping

- http://localhost:8080/ in browser
- The container has its own isolated set of ports that can receive traffic, but by default no incomming traffic to your computer is going to be directed to your container.
- Create a port mapping so that requests made to a port on your local network get forwarded to a port on the docker container.
- There's no limitation by default of the container's ability to reach out.

route incoming requests on this port on local host to : port inside container

build if you haven't already
```console
docker build -t byukan/simpleweb .
docker run -p 5000:8080 byukan/simpleweb

```

Then, go to http://localhost:5000/


```console
docker run -it byukan/simpleweb sh
```  

```console
docker ps
docker exec -it  sh
```
- When you modify a file inside the container, you have to do additional fancy configuration.  You'd have to completely rebuild the container.

# Web App that displays number of times someone has visited the server
- need 2 separate components:
- will need a Node App web server to respond to http requests and generate html to show inside browser
- also needs a redis server (in-memory data store) to keep track of number of times the page has been visited.
- If you put both components in 1 container, you'd run into trouble if you introduce more web application servers to respond to http requests.  Then you'd have disconnected instances.  
- Instead have 1 single instance and if you want to scale, then create more instances of the Node server.  Each Docker container containing the node app connects to the container w/ the Redis server.

### App Server code

In [2]:
!mkdir visits

modify index.js      package.json files  Dockerfile
- Connect containers with some form of networking.
- To connect 2 separate containers, you can use Docker Compose, which is used to start up multiple Docker containers at the same time.
- Docker compose automates some of the arguments we were passing to 'docker run'.
```console
docker build -t byukan/visits:latest .
docker run redis
docker run byukan/visits
```

# Docker Compose
- compile all the docker cli commands into a docker-compose.yml file.  Then feed it into a docker-compose CLI.
- We'll use docker-compose to create a resdis-ser ver using the 'redis' image, then a node-app container using the dockerfile that maps port 8081 to 8081.
```yml
# docker-compose.yml
version: '3'
services:
  redis-server:
    image: 'redis'
  node-app:
    build: .
      - "4001:8081"
```
- By defining the two containers in the same docker-compose.yml, they will automatically get configured to talk to each other.

- Instead of saying run, and instead of saying build and run:
- -d launches a group of containers in the background
```console
docker-compose up
docker-compose up --build
docker-compose up -d
```


- close them using:
```console
docker-compose down
```


### Restart container when server crashes

```javascript
const redis = require('redis');
const process = require('process');

// instance of express application
const app = express();
// set up connection to redis server
// specify the host/url/address we're trying to connect to
const client = redis.createClient({
    host: 'redis-server',
    post: 6379
});
client.set('visits', 0);

// route handler for root route
app.get('/', (req, res) => {
    process.exit(0);
```