# Section 1: Quick Start

## What is docker? The three innovations

### BUILD / SHIP / RUN
The **BUILD/SHIP/RUN** cycle consists of three steps to take previously non containarized software, turn it into a docker image, put it on a registry and deploy it on containers.

Most projects that gradudated from [the cloud native foundation](https://cncf.io) make the assumption that you're using a container workflow of build/ship/run


###  The three innovations
1. The docker **IMAGE**
2. The docker **REGISTRY**
3. The docker **CONTAINER**

#### The docker registry 

* Known as the OCI registry spec, a standard for distributing the images.
* Docker Hub is the default, github and gitlab have their own.
* A built image has a unique SHA hash that will allow or verification between two systems/hosts that the image contains the same files/metadata...
* Usualy done via the command docker push or docker pull
* **This is one of the core values of docker. We can take software that made on one machine with all its dependencies and run it on another machine, seamlessly and regardless if the two machines are running on different distributions of an OS (will run the same on Ubuntu or CentOs)**

#### The docker container 

* Running an image after downloading it into a server.
* A container is known as a **namespace**. This is what makes sure that the app running inside the containers can't see the rest of the operating system.
    * A namespace is basicly a blanch file system with only the files from the image that was built.
    * It would have it's own IP address, NIC (Network Interface Controller) and process list.
* Reruning the docker run command on that image would spin up a new instance of this image that is isolated from the first.
    * If the docker run command if run on another server with a docker engine then it yields a high availability setup.


## Quick Container Run


Using the [Play With Docker Website](https://labs.play-with-docker.com/) we can run a few demo commands before doing any local installs of Docker

* You will need an account with [Docker](https://hub.docker.com/), it's free
* Once logged in to [Play With Docker Website](https://labs.play-with-docker.com/) you will see a green start button and once clicked a timer will be show for the time remaining in the session.
* You will be able to deploy docker images on infrastructure provided by Docker.
* Steps for demo:
    * click on 'add new instances'
    * run "docker version" :
        * Gets details about the client and the engine currently running
    * connecting to from client to server can happen over many ways:
        * Socket
        * TCP/TLS
        * SSH tunnel
    * run "docker run -d -p 8800:80 httpd"
        * -d -> detach, runs in background
        * -p -> port, which ports are opened and published on host IP so that it can be accessed remotely
            * first number is the port on the host on which we're listening
            * second number is the container port on which we're connecting
        * httpd -> apache server image
        * ouput will resemble the below:
            * Unable to find image 'httpd:latest' locally
            * latest: Pulling from library/httpd
            * 1efc276f4ff9: Pull complete 
            * aed046121ed8: Pull complete 
            * 4340e7be3d7f: Pull complete 
            * 80e368ef21fc: Pull complete 
            * 80cb79a80bbe: Pull complete 
            * Digest: sha256:343452ec820a5d59eb3ab9aaa6201d193f91c3354f8c4f29705796d9353d4cc6
            * Status: Downloaded newer image for httpd:latest
            * bbaf9c895f19f301e40c7d2bd743127e372f8932b997ca238b5eaaeb13f6ec88
        * The output can be interpreted as such:
            * the various **layers** of the image are downloaded/pull
            * then it will create the networking, virtual interface, file system, load the file from the image into the file system
            * then it will startup the httpd process in its own namespace.  
    * run a curl command on the local host (machine from which this container is being instanciated) to verify that it's up: curl localhost:8800
        * output is: ```<html><body><h1>It works!</h1></body></html >```
    * run "docker ps" to view running containers:
        * | CONTAINER ID | IMAGE | COMMAND            | CREATED        | STATUS        | PORTS                | NAMES             |
          |--------------|-------|--------------------|----------------|---------------|----------------------|-------------------|
          | bbaf9c895f19 | httpd | "httpd-foreground" | 12 minutes ago | Up 12 minutes | 0.0.0.0:8800->80/tcp | confident_johnson |


## Why Docker? Why Now?


Docker's "raison d'etre" come from frictions that were being faced relating to speed a efficiency of packaging and deploying software.

The three main reason are:
* Isolation:
    * During the move from mainframe to servers (early 2000s), it was very rare that an app would fully utilise the capacity of the servers on which they would run. You ended up with mutliple apps colocating on the same servers, this increased complexity in managing them and made them prone to outages (e.g: one change for an app would cause an effect on other apps).
    * This lead to the emergence of VMs (Virtual Machines), fewer apps on multiple VMs all riding on the same hosts. This would lead to an exploding number of VMs which were each spun up with their own OS. Isolation was sort of solved but complexity outweighed the benefits.
    * Then Docker comes along and removes the need for all the different operating systems on each VM. Each application has its own namespace that is isolated and managing them comes easily through the docker/kubernetes cli. You can now run multiple version of the same app on the same host without any conflict.
* Environment
    * With VMs also came the deployement of a large number of types of environments. The running joke being "Works on my machine".
    * The container image has become a sort of contract between what the app runs and where its running. Just like actual shipping containers where those who ship something don't care what the ship that was carrying the container looked like and the people transporting the container didn't care what was inside it.
        * This is done through a consistent standard (the OCI format) which has two specs, an image and a runtime spec.
        * this ensures that the container will always be run with the same consistent way and same dependencies it was built with.
* Speed
    * Not the speed of CPU and processors but the speed of business, the ability to test and execute on ideas in a timely manner

# Section 2: Course Intro

## Getting Course Ressources

### Github repo
https://github.com/bretfisher/udemy-docker-mastery

### Docker commands, cheatsheets & slides
Downloaded in the "course_ressources folder"

# Section 3: The best way to setup Docker for your OS

## Installing Docker

Get the [Docker Desktop](https://www.docker.com/products/docker-desktop/) and install it on your machine.

There are 3 major ways to run containers:
* Locally (Docker Desktop, Remote Desktop)
* Servers (Docker Engine, K8s)
* PaaS (Cloud Run, Fargate)



# Section 4: Creating and usig containers like a boss

## 17.Check the Docker Install and Config


### Check out the current version of Docker
Returns the version of the **client** as well the server, a.k.a **the engine**

In [None]:
%%bash
docker version

### Get additional information on Docker

In [None]:
%%bash
docker info

### Getting the full list of commands in Docker

This is not a full list of the commands. You will notice below the sub modules that are accessible via docker manage  
commands, under **Management Commands:**
  
Management Commands:
* builder     Manage builds
* buildx*     Docker Buildx (Docker Inc., v0.8.2)
.  
.  
.  


In [None]:
%%bash 
docker

## 18.Starting a Nginx web server

In this section we will:
* contract images to containers
* run/stop/remote containers
* check container logs and process


### Images vs. Containers

**Images** are the binaries/libraries/source code that will make up our application. A **container** is a running   
instance of that image. You can have mutliple containers running from the same image. 

Images are obtained from registries, [**Docker Hub**](https://hub.docker.com/) being the default registry.   
(sort of what github is to source code, registries are to images)

In [None]:
%%bash
# command to get the image from the registry and running it
docker container run --publish 80:80 nginx

In the background docker looked for the latest version of nginx in Docker Hub,  
pulled it into our machine and started it  
as a process. The --publish argument exposes my local port 80 and sends all  
traffic comming to it to the container's  
port 80.

If we don't want the process to run in the foreground we can add the --detach  
argument and have all the above be done in the background.

In [None]:
%%bash
docker container run --publish 80:80 --detach nginx

When the container was started in the background we got in the output the unique container ID which  
we can use to compare with the output of the ```docker ps``` or ```docker container ls``` command.

In [None]:
%%bash
# we can check that the container is actually up and running
docker ps

In [None]:
%%bash
docker container ls

To stop the running container you can use ```docker container stop ${CONTAINER_ID}```

In [None]:
%%bash
docker container stop 188eb98e7d4e

And verify that the container is no longer running

In [None]:
%%bash
docker container ls

If i want to see all the containers, even those that are not running then i use   
 ```docker container ls -a```

In [None]:
%%bash
docker container ls -a

We can always give names to our containers otherwise they will be given randomly generated  
names using this syntax `<adjective>_<name_of_famous_scientist>`.   

If we want to specify the name we use the argument `--name`

In [None]:
%%bash
docker container run --publish 80:80 --detach --name webhost nginx
docker container ls

If we want to view the container logs we use `docker container logs ${CONTAINER_NAME}`

In [None]:
%%bash
docker container logs webhost

To view the processes in the container use `docker container top ${CONTAINER_NAME}`

In [None]:
%%bash
docker container top webhost

In [None]:
%%bash
#you can see that the new container had a custom name
docker container stop d4ae91d827ab

Cleanup the containers by listing all containers and removing them using  
`docker container rm [${CONTAINER_ID}  ${CONTAINER_ID} ...]`

In [None]:
%%bash
docker container ls -a

In [None]:
%%bash
docker container rm d4a 188
docker container ls -a

## 19.Debrief, what happens when we run a container

1. Looks for images in local cache
2. Look for images in registry if not found locally
3. Download the latest version
4. Create and new container based on the image and prepare it for start-up
5. Give the container a virtual IP on private network within the docker engine
6. Open up a port on the host and forward it to the port in the container
7. Start container based on CMD found in the image's Dockerfile

## 20.Containers vs Virtual Machines

### Containers aren't mini VMs

* They are just processes
* They are limited to what ressources they can access
* They exit when process stops

## 21.Window Containers: Should you consider them?

Containers are restricted processes that are running on the host's OS kernel.  
For example a Python image built for linux/x84_64 won't run as a python.exe on   
a Windows kernel. Which is why Docker utilizes a lightwheight Linux VM to run  
the containers.

From Docker's inception in 2013 to 2016, we could build images for multiple  
architectures (amd64, arm/v6, arm/v7, i386, etc.) but not for the Windows   
kernel itself. Docker was Linux-only.

In 2016 we got "Windows Containers" support from Microsoft. When you think of   
images, realize they are always kernel (Linux/Windows) and architecture   
(arm64, amd64, etc.) specific. Docker does this seamlessly in the background  
with a "manifest". It downloads the best image for the platform your Docker  
Engine is running on.

You can enable Windows Container mode in Docker Desktop for Windows by clicking  
"Switch to Windows containers" in the Docker whale menu, which then switches  
from WSL2 to Hyper-V running a slim Windows VM. It's an either-or setting,  
you'll have to decide which OS you want to run your containers on and stick to it.  

Sadly, the truth is that Windows Containers never caught on in a major way.  
Microsoft even built a Windows-based MSSQL image, but has since discontinued   
it in 2021 in favor of their Linux-based MSSQL image.

## 22.Arm Support for MySQL

The official MySQL image only supports Intel/AMD processors. MariaDB is an  
alternative if you're using Apple M1 or Raspberry Pi (both based on arm64 processors).

## 23-24.Assignement: Manage multiple containers

[Docker Official Documentation](https://docs.docker.com) is your friend as well  as the --help argument at the end of each command.

### Assignement Instructions
* Run an `nginx`, `mysql` and `httpd` (apache) server
* Run all of the in `--detach` mode (-d), name them with --name
* Specify the ports, nginx should listen to 80:80, httpd to 8080:80 and mysql to 3306:3306
* When running mysql, use the `--env` option (-e) to pass in `MYSQL_RANDOM_ROOT_PASSWORD=yes`
* Use the `docker container logs` on mysql to find the random password on startup
* Clean it all up afterwards using the `docker container stop` and `docker container rm`
* Verify that everything got shutdown correctly using the `docker container ls`







In [None]:
%%bash
# run instances
docker container run --detach -p 80:80 --name nginx nginx
docker container run --detach -p 8080:80 --name httpd httpd
docker container run --detach -p 3306:3306 -e MYSQL_RANDOM_ROOT_PASSWORD='yes' --name mysql mysql 


In [None]:
%%bash 
#verify instances
docker container ls

In [None]:
%%bash
# find generated password
docker container logs mysql | grep "GENERATED ROOT PASSWORD"

In [None]:
%%bash
# cleanup
docker container stop nginx
docker container stop httpd
docker container stop mysql
docker container rm nginx
docker container rm httpd
docker container rm mysql

## 25.What's going on in containers: CLI process monitoring

### Useful commands to view container processes

1. docker cotainer top - process list in one container
2. docker container inspect - detials of one container config
3. docker container stats - performance stats for all containers

In [None]:
%%bash
# run instances
docker container run --detach -p 80:80 --name nginx nginx
docker container run --detach -p 3306:3306 -e MYSQL_RANDOM_ROOT_PASSWORD='yes' --name mysql mysql 

In [None]:
%%bash
docker container top nginx

In [None]:
%%bash
docker container inspect mysql

In [None]:
%%bash
docker container stats

In [None]:
%%bash
# cleanup
docker container stop nginx
docker container stop mysql
docker container rm nginx
docker container rm mysql

## 26-27. Getting a shell inside the container

### Useful commands

1. docker container run -it - start a new container interactively
2. docker container exec -it - run additional commands in existing container




### docker run -it
-i : interactive  
-t : allocate a pseudo TTY (a prompt similar to ssh)  
bash : an optional argument that can be passed to the container on startup  
here it makes the container start with a bash terminal  


docker container run -it --name nginx nginx bash

#### Command 
docker container run -it --name nginx nginx bash

Notice that when exiting the shell the container gets stopped

### docker run -it

If I want to see a shell inside an already running container

#### Command:
docker container exec -it nginx bash



## 28-29 Docker networks: concepts for private and public comms in containers

When starting a container you're connecting, in the background, to a particular  
docker network (the default being the bridge network).


Each virtual network routes through a NAT firewall on host IP. The Docker deamon  
configuring the host IP on it default interface so that your containers can   
interact with the internet.

[NAT Firewal Definition](https://nordvpn.com/blog/what-is-nat-firewall/)
```  
A Network Address Translation (NAT) firewall operates on a router to protect  
private networks. It works by only allowing internet traffic to pass through if  
a device on the private network requested it. A NAT firewall protects the   
identity of a network and doesn't show internal IP addresses to the internet.
```  

All containers within a network can talk to each other inside the host  
without the -p (port). For example a mysql and a php/apache container can  
communicate on the same network named "my_web_app" without exposing their ports  
to the rest of the physical network.

This brings us to the concept of `"Batteries included, but removable"` which  
means that the defaults work well in most cases but are easily customizable  
(creating mutliple network, one per app, or different networks depending on  
security requirements)

You can attach container to more than one virtual network (or none).





In [None]:
%%bash
docker container run -d  -p 80:80 --name nginx nginx

In [None]:
%%bash
#Here we see that the host port 80 is exposed to the container's port 80 
#through a tcp connexion
docker container port nginx

In [None]:
%%bash
#We may assume that the container uses the same IP as the host but by default 
#that is not true. We'll use the format comand instead of grep to filter
#to the correct node in the json output off the docker inspect command
docker container inspect --format "{{.NetworkSettings.IPAddress}}" nginx

In [None]:
%%bash 
docker container stop nginx
docker container rm nginx

In [None]:
%%bash
#check the host's IP address, it does't have to match that of the host
ifconfig en0

## 30.Docker Netwoks: CLI Management of Virtual Networks

### Useful commands

* Show networks `docker network ls`
* Inspect a network `docker network inspect`
* Create a network `docker network create --driver`
    * It has the optional `--driver` argument that we can use to specify built-in  
    or third-party driver to create virtual networks
* Attach/detach a network to a conttainer `docker netwrok connect/disconnect`
    * Used t connect/disconnect a live running container so that a NIC is   
    created/destroyed on a virtual network for that container.

In [None]:
%%bash
docker network ls

### Bridge Network 

The bridge network is the default network that bridges throught the [NAT firewall](https://www.comparitech.com/blog/vpn-privacy/nat-firewall/)  
to the physical network that your host is connected to.

* (Note) A NAT firewall works by only allowing internet traffic to pass through the gateway if a device on the private network requested it. 


In [None]:
%%bash 
docker network inspect bridge


In [None]:
%%bash
## to find a specific item in the docker netork inspect
docker network inspect bridge --format {{.IPAM.Config}} 

### The host network

A special kind of network that skips the virtual network of Docker and attaches  
the container directly to the host interface. Its a boost for performance but  
sacrifices in security.

In [None]:
%%bash
docker network inspect host

### Creating a new network

Notice how the default for `DRIVER` for the new network was `bridge`. It's a  
built-in driver that create a virtual network locally with its own subnet. It  
lacks some of the more advanced features, such as private networking between hosts  
like other 3rd party driver like `Weave`

In [None]:
%%bash
docker network create my_app_net

In [None]:
%%bash
docker network ls

In [None]:
%%bash
#check out all the arguments that you can specify during the creatiion of networks
docker network create --help

### Assigning a network to a container on startup

Using the `--network` option

In [None]:
%%bash
docker container run -d -p 80:80 --name nginx --network my_app_net nginx

In [None]:
%%bash
#You will see the new container running on this network
docker network inspect my_app_net

### Connecting running containers to existing networks

In [None]:
%%bash
docker network --help

In [None]:
%%bash
docker container ls

In [None]:
%%bash
docker network ls 

In [None]:
%%bash
## connect the nginx container (aready connected to the my_app_net) to the default  
## bridge network
docker network connect bridge nginx

In [None]:
%%bash
##inspecting the nginx container, you'll now see that its on two networks
docker container inspect --format {{.NetworkSettings.Networks}} nginx

In [None]:
%%bash
## to reverse out the above
docker network disconnect bridge nginx

In [None]:
%%bash
##inspecting the nginx container, you'll now see only one left
docker container inspect --format {{.NetworkSettings.Networks}} nginx

In [None]:
%%bash
docker container stop nginx

In [None]:
%%bash
docker container rm nginx

## 31.Docker Networks: DNS & how containers find each other

### Key concepts

* Undertand how DNS is the key to inter-container comms
    * You can't fully rely on IP adresses and need DNS because things are  
    dynamic (i.e: if you stop a few containers but restart them in a different  
    order, they may not have the same IP address)
    * Docker uses the container names as the equivalent of host names when   
    containers are talking to each other.
* Understand how custom & default networks differ in how they deal with DNS
* Learn how to use `--link` in the `container run` command to enable DNS on the   
default bridge network


In [None]:
%%bash
docker container run -d -p 80:80 --name nginx --network my_app_net nginx

### Automatic DNS resolution

On the new netwrok **my_app_net** you get a special feature because its not the   
default bridge network and that is `automatic DNS resolution` for all containers  
on that network using their name. When a new container is created on that network  
it will be able to communicate with other containers, on that network, regardless  
of what the IP address is.

In [None]:
%%bash
docker container run -d --name nginx_2 --network my_app_net nginx

In [None]:
%%bash
docker network inspect my_app_net --format {{.Containers}}

In [None]:
%%bash
# you can see from output that the two containers are able to communicate using  
# only the container names
docker container exec  -i nginx_2 ping nginx

### Shortcommings of the default bridge network

The bridge network does not have any built-in DNS resolution. You can use `--link`  
to create manual links between the containers as a workaround. However its much  
easier to create a new network so as not to have to create these links every time.  
Later when using `Docker Compose` it gets even easier as it will create these  
virtual networks when you start up an entire app.

## 32-33.Assignment: Using Containers for CLI Testing

Scenario: You need to check the different versions of curl installed on two different  
linux distros. In the VM era you'd have to wait for the OS to install and the VMs to  
startup. Now all you have to do is spin up two containers and run your commands  
from them. 

### Start a Centos container

    docker run --rm -it centos:7 bash

**from within the container's shell**

    yum update curl    
    curl --version

### Start a ubuntu container

    docker run --rm -it ubuntu:14.04 bash

**from within the container's shell**

    apt-get update && apt-get install curl
    curl --version

## 35-36.Assignment: DNS Robin Test

DNS Round Robin is the concept of two hosts with DNS aliases that respond to the  
same DNS name.

[Wikipedia Round-robin DNS](https://en.wikipedia.org/wiki/Round-robin_DNS): 

In its simplest implementation, round-robin DNS works by responding to DNS requests  
not only with a single potential IP address, but with a list of potential IP addresses   
corresponding to several servers that host identical services.The order in   
which IP addresses from the list are returned is the basis for the term round robin.   

Since Docker Engine 1.11, we can have multiple containers on a network respond to  
the ssame DNS address.


### Assignment steps:

1. create a vitual network
2. create two containers from the elasticsearch:2 image
    * research and use `--network-alias search` when creating the containers to  
    give them an addtional DNS name to responde to
3. run alpine `nslookup search` with `--net` to see the two containers list for   
the same DNS name
4. run centos `curl -s search:9200` with `--net` multiple times untill you see both  
name fields show

In [None]:
%%bash
##create network 
docker network create my_app_net

##create two elasctisearch containers 
docker container run -d --name elasticsearch_1 --network my_app_net --network-alias search elasticsearch:2
docker container run -d --name elasticsearch_2 --network my_app_net --network-alias search elasticsearch:2

##create alpine and centos containers
docker run -d -t --name alpine_1 --network my_app_net alpine
docker run -dt --name centos_1 --network my_app_net centos:7

##nslookup from within the alpine container
docker exec alpine_1 nslookup search

##curl from within the centos container
docker exec centos_1 curl -s search:9200

##cleanup 
docker container rm -f alpine_1
docker container rm -f centos_1
docker container rm -f elasticsearch_1
docker container rm -f elasticsearch_2
docker network rm my_app_net


# Section 5: Container images, where to find them and how to build them

## 37.What's In An Image (And What Isn't)

What is an image:
* An application's binaries and dependencies
* The metadata about the image and how to run it

**Official Definition**:  
"An image is an ordered collection of root filesystem changes and the   
corresponding execution parameters for use within a container runtime."

It is not a complete OS, it has no kernel/drivers etc. The host provides the  
kernel. This is one of the main differences with virtual machines, a container  
doesn't boot up a full operating system,

## 38.The Mighty Hub: Using Docker Hub Registry Images

The official registry is found here: [Docker Hub](https://hub.docker.com/)

Each application can have multiple images on the registry (e.g: nginx has   
~90,000 images). To begin with, an easy choice is to start with the official   
images that are curated by the team at Docker (who usualy work hand in hand   
with the team that created the software).

You can find documentation on how to run the image within its page on the hub.

There are multiple versions of most official images. Each version can have more   
than one tag.


## 39.Images & Their Layers: Discover The Image Cache

Images don't just come as a single piece of data. They're usualy stacks of code   
that build on top of each other (much like commits).

They are designed using the union file concept of making layers of changes.

The below is a history of the image layers. Every image start with a blank base   
layer called "scratch", every change since then on the image file system is an   
added layer. Every new layer has its own unique hash code (sha265).

Images being stacks of layers can "share" cached layers that are common across   
images (e.g: Two images can use the same scratch layer of Debian Jessie)

In deploying containers, if you modify one of the files in the base layer that is   
shared among containers. Only the difference is copied out. This is known as copy   
on write, the differencing elements in the layers are copied into the container   
that does the changes (not affecting the other containers). This means that the  
containers can write files that will go on disk but the base image is read only  
and will not be affected by what the containers do.

The docker inspect command return metadata on the image in JSON format.


In [None]:
%%bash
## inspect the nginx history
docker image history nginx:latest

In [None]:
%%bash
## get the metadata on the image
docker image inspect nginx

## 40.Image Tagging & Publishing to Docker Hub

Images don't have names, they have `IMAGE IDs`, `TAGs`.

The syntax for image tags is: \<user>/\<repo>:\<tag>

A tag is a pointer to a specific image commit.

You can have multiple tag to a single image ID.

In [None]:
%%bash
## you can retag existing docker images
docker image tag nginx karimitn/nginx

In [None]:
%%bash
## push your image into you own repo in the registry
docker image push karimitn/nginx

## 41.Building Images: The Dockerfile Basics

The Dockerfile is like a recipe for creating containers.

You will find code arranged into sections called `Stanzas` . The Script will look  
like a bash script but technically it is not (it's a language unique to Docker).  

To run it you use the command `docker run -f <some-docker-file>`

The first stanza is the `FROM` command, its mandatory and is usually a minimal  
linux distribution.

Next is the`ENV` stanza, they are the main way of setting keys and values to run  
containers.

NOTE: Each stanza is an individual layer of the docker image. So the order in which  
they are setup is critical as they work top-down.

`RUN` is used to run CLI commands in the container as its being built. The &&  
in the stanza is used to bundle the commands together and make them into a single  
layer.

`EXPOSE`, by default no TCP or UDP port are open inside a container. They don't  
expose anything to the virtual network unless they are listed in this stanza.  
This however doesn't mean these ports are open automatically on our host, that's  
what the `-p` flag is used for.

`CMD` is arequired stanza that will be run everytime a new container is run from  
from the image or restart a container.


In [None]:
%%bash

cat ./course_ressources/udemy-docker-mastery/dockerfile-sample-1/Dockerfile

## 42.Building Images: Running Docker Builds

So what do we do with a Dockerfile? It's barelt 3Mb in size so how will we be able to  
use it for anything? 

The `FROM` stanza will pull the linux distro from docker hub into my local cache.  
It will then execute each of those stanzas inside my docker engine and then cache  
them as layers. Each layer once built has a cache that gets stored this way the next  
time you want to build this image (or another image that uses the same layer)  
we can do it much quicker.

If you change any line in a stanza then that line will be rerun (not usuing the cached layer).  
Every stanza following that will also be rerun not from the cache.

For example if you changed the EXPOSE stanza (e.g: added port 8080) then the CMD  
stanza will also be rerun not from cache on the next build. This means if you want  
to keep your build times low then you should preferably put the layers that are least  
likely to change in the future at the top of the stack.


In [None]:
%%bash
ls -ltra ./course_ressources/udemy-docker-mastery/dockerfile-sample-1/Dockerfile

In [None]:
%%bash 
docker image build -t custom_nginx -f ./course_ressources/udemy-docker-mastery/dockerfile-sample-1/Dockerfile .

## 43.Building Images: Extending Official Images

`WORKDIR` is used to change the working directory  
`COPY` is used to copy files from your local machine or build servers into the  
the containers.  
`CMD` command is mandatory but in this Dockerfile it is missing. However in the  
`FROM` command we're using nginx, which has its own cmd specified in it. We inherit  
from the images from which we're "froming". This is used to chain images and create  
dependencies.


In [None]:
%%bash 
ls -ltra ./course_ressources/udemy-docker-mastery/dockerfile-sample-2


In [None]:
%%bash 
cat ./course_ressources/udemy-docker-mastery/dockerfile-sample-2/Dockerfile


In [None]:
%%bash 
cd ./course_ressources/udemy-docker-mastery/dockerfile-sample-2/
docker image build -t nginx-with-html .

In [None]:
%%bash
# running the below and navigating to localhost:80 will display a page with this text:
# You just successfully ran a container with a custom file copied into the image at build time!
docker run -p 80:80 --rm --name nginx-with-html nginx-with-html 

In [None]:
%%bash
docker rm -f nginx-with-html

## 44-45.Assignment Build Your Own Dockerfile and Run Containers From It

You don't necessarily need to understand the app that you're trying to "Dockerize".  
You may however need to search and match images with what you need to build.

In this assignement you're going to take an existing Node.js app and Dockerize it.  
You don't have to know much about Node.js to be able to Dockerize it.

Instruction for assignment are in   
./course_ressources/udemy-docker-mastery/dockerfile-assignment-1/Dockerfile


Assignment Dockerfile :  

FROM node:6-alpine

EXPOSE 3000

RUN apk add --update tini

WORKDIR /usr/src/app

COPY package.json package.json

RUN npm install && npm cache clean --force

COPY . .

CMD [ "/sbin/tini", "--", "node", "./bin/www" ]

In [None]:
%%bash
#after modifying the Dockerfile
cd ./course_ressources/udemy-docker-mastery/dockerfile-assignment-1/
docker build -t testnode .

In [None]:
%%bash 
docker run --name testnode_1 -p 80:3000 testnode

In [None]:
%%bash
docker rm -f testnode_1

In [None]:
%%bash
# tag and push image to your registry
docker tag testnode karimitn/testnode

docker push karimitn/testnode

In [None]:
%%bash 
docker image rm karimitn/testnode

In [None]:
%%bash 
#docker image rm nginx-with-html

## 46.Usign Prune to Keep You Docker System Clean

In [None]:
%%bash 
docker system df

In [None]:
%%bash
docker image prune

In [None]:
%%bash
docker system prune

# Section 6 : Container Lifetime and  Persistent Data: Volumes

## 47.Container lifetime and persistent data

Containers are designed to be imutable and ephemarale, so how do you persist data?  
This bring us to the concept of `separation of concerns`, the container should only   
contain the applications binaries and not the data that it generates.  

Docker has two solutions:

1. Data volumes: make special location outside of containers' UFS (Union File System)
2. Bind mounts: link container path to host path
 

## 48.Persistent Data: Data Volumes

Let's checkout the [mysql image](https://hub.docker.com/_/mysql).  

In the Dockerfile you will see a `VOLUME` command:  VOLUME /var/lib/mysql  

This command tell the container that any file that we put in there will outlive  
the containers untill we delete the volume.


In [None]:
%%bash
docker pull mysql

In [None]:
%%bash 
docker image inspect mysql -f {{.ContainerConfig.Volumes}}

In [None]:
%%bash
docker run --name mysql -d -e MYSQL_ALOW_EMPTY_PASSWORD=True mysql

In [None]:
%%bash
# we can see that the running container is gettig its own unique location to store  
# data on the host. It thinks its writing to /var/lib/mysql but in actaullity it's 
# writing to the hosts /var/lib/docker/volumes/b62... directory
docker container inspect mysql -f {{.Mounts}}

In [None]:
%%bash
docker volume ls

In [None]:
%%bash
# in a linux machine you can just navigate to that mountpoint and see the data
# however on Mac or Windows you can't because under teh hood the docker engine 
# is starting a linux VM in which the data lives
docker volume inspect b62458d4f569966acd39a8db334d505198ae766869ea948eb568e13600ebe4cb

### Named volumes

The problem with volums is that from the `docker volume inspect` commnad you can't  
see which containers are connected to the volume but from teh `docker container inspect`  
you actually can.

During the startup of a new container you can specify named containers to which   
the containers will write. This is achieved using `-v`

In [None]:
%%bash
docker run --name mysql2 -d -e MYSQL_ALOW_EMPTY_PASSWORD=True  -v mysql-db:/var/lib/mysql mysql 

In [None]:
%%bash
docker volume inspect mysql-db

## 48-49.Persisting Data: Bind Mounts

A mapping of host file/directory into a container file/directory. They are not  
specified in the Dockerfiles because they ar host specific.  

`... run -v /User/Karim/stuff:/path/container`

Docker knows that its a bind mount and not a volume because mounts are start with  
a forward slash.

What differenciates them from volumes is that when you change files from the host  
these changes cann be seen in realtime inside the container which is usefull for  
development purposes.


In [None]:
%%bash
cd ./course_ressources/udemy-docker-mastery/dockerfile-sample-2
docker run -d -p 80:80 --name nginx -v $(pwd):/usr/share/nginx/html nginx

In [None]:
%%bash 
docker run -d -p 8080:80 --name nginx2 nginx

### Understanding how mount points work

If you go to localhost:80 you will see that the html being displayed is not the  
default from nginx but the one from the directory that is being mapped to the  
container. However if you go to localhost:8080 which was started without the mount  
the you will see the default index.html being displayed. That is because if two files  
(from host and from container) have the same name, the one from the host "wins" and  
is the one used.

## 51-52. Assignment: Database Upgrades with Named Volumes

Updating the patch version of a postgres database. Outside of a container you  
would upgrade the software however in containers you would not update what's  
in a container but rather spin up a new container. So how should you proceed?  

### Assignemnt Steps:

1. Create a postgres container witha named volume psql-data using versio 9.6.1  
2. Use docker hub to learn the volume path and the version needed to run it.  
3. Check the logs on the startup of the firt container (admin user, default db)  
and stop it.  
4. Create a new postgress container with the same named volume using the newer  
versio 9.6.2 (make sure the first container is stopped as you can't have two   
containers using the same db)
5. Check the logs and validate (you will see fewer startup log lines as the new  
container doesn't have to repeat the same tasks that the first container has already  
done)

NOTE: this only works wit patch versions, most SQL DBs require manual commands   
to upgrade DB to major/minor versions (its a DB limitation, not a container one).  





In [None]:
%%bash
#check on existing volumes, you wont yet see psql-data volume
docker volume ls

In [None]:
%%bash
# Run a postgres container of version 9.6.1-alpine.
# Giving it a volume name that doesn't yet exist will get docker to create it
# From the documentation you can see that the directory is used for access to volumes --> VOLUME [/var/lib/postgresql/data]
# Link to image layers: https://hub.docker.com/layers/postgres/library/postgres/9.6.1-alpine/images/sha256-a47bdf2113e9a02e55899a26adebe3f5c64a3bd5c6e7e8abec39f18237607cf8?context=explore
docker run -d -p 80:5432 --name postgres_9.6.1 -v psql-data:/var/lib/postgresql/data postgres:9.6.1-alpine

In [None]:
%%bash
# Check the that volume was created
docker volume inspect psql-data

In [None]:
%%bash
#inspec the image of postgres to see where it's configured for volumes
docker image inspect postgres:9.6.1-alpine -f {{.ContainerConfig.Volumes}}


In [None]:
%%bash
#inspect the container to see to which volume it is mounted
docker container inspect postgres_9.6.1 -f {{.Mounts}}

In [None]:
%%bash 
# check the logs of the first container
docker container logs postgres_9.6.1

In [None]:
%%bash
#stop the old container
docker container stop postgres_9.6.1

In [None]:
%%bash
docker run -d -p 80:5432 --name postgres_9.6.2 -v psql-data:/var/lib/postgresql/data postgres:9.6.2-alpine

In [None]:
%%bash
# You will see a lot less log lines because the database is already created, you're  
# Just starting a new container on a later patch version to use that database where it is
docker container logs postgres_9.6.2

In [None]:
%%bash
#cleanup
docker container stop postgres_9.6.2
docker container rm -f postgres_9.6.1 postgres_9.6.2
docker volume rm psql-data

## 53.File Permissions Across Multiple Containers

At some point you'll have file permission problems, maybe you want multiple   
containers to access the same volume(s), or maybe you're bind mounting existing  
files into a container.  

NOTE: This is for pure LINUX hosts, if using Docker Desktop locally it will do   
the translation of host permissions (macOS, Windows) into the containers (Linux).  


File ownership between the host and container are just numbers (sometime you will  
see the user friendly names but there is a one-to-one aliasing between those in  
`/etc/passwd & /etc/group`). The host will have those files and your container will  
also have its own set of these files. The linux kernel only care about these IDs.  

Two separate problems can occur: 

1. The `/etc/passwd` is different across containers:  
Creating a named user in one container and running it as user ID 700 but in another  
container it has another user ID means the two containers have different `/etc/passwd`  
files. Different names are fine as long as the IDs math, two processes trying to  
access the same file must have a matching userID or groupID.

2. Two containers are running as different users:  
Maybe the user/group IDs and/or the USER statement in your Dockerfiles are   
different, and the two containers are technically running under different IDs.  
To troubleshoot this you:  
    *  Use `ps aux` in each container to see a list of the processes/usernames  
    that are running. The process needs a matchin userID or groupID to access the  
    files  
    * Find the UID/GID in each container's `/etc/passwd` and `/etc/group` to  
    translate names to numbers, you'll likely find a mismatch between the container  
    that wrote the file and the container that is trying to read it.  
    * Find a way to sync up the UID/GID, this is usualy easier to do in your own  
    custom images than in the official 3rd party images. This may mean creating a new  
    user in the one Dockerfile and the startup user with [USER](https://docs.docker.com/engine/reference/builder/#user)



## 54-55.Assignment: Edit Code Running In Containers With Bind Mounts

You can edit files on host operating system and have them available in-sync inside  
a running container. This is very cool for developement purposes as you can see changes  
directly in the containers' behavior.

### Assignment Steps:
1. start a jekyll static website using the instructor's image in bretfisher/jekyll-serve
2. make sure it is mounted to the working directory in which the assignment files   
are present
3. Update some of the files in the mounted directory and see them being reflected  
in the 


In [None]:
%%bash
#start the container
cd ./course_ressources/udemy-docker-mastery/bindmount-sample-1
docker run -d -p 80:4000 -v $(pwd):/site --name jekyll-demo bretfisher/jekyll-serve 



In [None]:
%%bash
# add some line to the markdown file that generates the static file
# this change will be seem directly in the website as it hot reloads
echo "Here is some addtional line" >> course_ressources/udemy-docker-mastery/bindmount-sample-1/_posts/2020-07-21-welcome-to-jekyll.markdown


In [None]:
%%bash
# check the logs and see this in action 
docker container logs jekyll-demo

In [None]:
%%bash
# cleanup
docker container rm -f jekyll-demo

## 56.Database Passwords in Containers

When running postgres now, you'll need to either set a password, or tell it to   
allow any connection. 

Passwords need to be set during `docker run` using environment variables  
`POSTGRES_PASSWORD=mypasswd` or tell ti to ignore passowrds `POSTGRES_HOST_AUTH_METHOD=trust`

# Section 7: Making It Easier with Docker Compose: The multi-container tool

## 57.Docker Compose & The docker-compose.yml File

Few software services are standalone, they would require other sevices to be running  
(databases, front-end etc). How do  you make sure that the entire plant is up and running.

There are two components:
1. The docker-compose.yml file
2. The docker-compose CLI

In [None]:
%%bash
# A basic temaplate
cat course_ressources/udemy-docker-mastery/compose-sample-1/template.yml

In [None]:
%%bash
# The docker-compose.yml file for the jekyll website that we ran in a previous
# assignment
cat course_ressources/udemy-docker-mastery/compose-sample-1/docker-compose.yml

In [None]:
%%bash
# The docker-compose.yml file for a sample wordpress setup
cat course_ressources/udemy-docker-mastery/compose-sample-1/compose-2.yml

In [None]:
%%bash
# The docker-compose.yml file for a 3 database cluster behind a ghost webserver
cat course_ressources/udemy-docker-mastery/compose-sample-1/compose-3.yml

## 58.Trying Out Basic Compose Commands

CLI tool come with Windows/Mac but on Linux you'll need to download it. It is not a   
production-grade tool but its ideal for loca dev and test.

Two of its most common commands are:
1. docker compose up # setup volumes/networks & start all containers
2. docker compose down #stop all containers and remove containers/volumes/networks

If you had a Dockerfile and a docker-compose.yml, the "new develloper onboarding"  
would look like this:
* git clone github.com/some_path
* docker compose up

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-sample-2/
ls -ltra .

printf '\n\ndocker-compose.yml\n---------------------\n'
cat docker-compose.yml

printf '\n\nnginx.conf\n---------------------\n'
cat nginx.conf

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-sample-2/
docker-compose up 

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-sample-2/
docker-compose down

## 59.Version Dependenciess in Multi-Tier Apps
It's important to remember that every app with dependencies, will also have  
version requirements for those dependencies.

If you add an app and a database to a Compose file, then that app is going to  
have specific database versions it is compatible with.

Version dependencies aren't new, so they aren't technically a Docker thing, but  
we *do* use Docker and Compose to control versions of apps like Drupal, PostgreSQL,  
MySQL, Redis, Wordpress, etc.

Therefore, when building your Dockerfile and docker-compose.yml file, remember  
that you'll need to check the compatible versions in that apps documentation


## 60-61-62.Assignment: Build a Compose File for a Multi-Container Project

Steps:
* Build a basic Drupal content management server. It will need a database behind it.  
Use postgres
* Use port to expose Drupal to 8080 so you can localhost:8080
* Be sure to set POSTGRES_PASSWORD
* Walk through Drupal setup via browser
* Tip: Drupal assumes the database is in localhost. S the Drupal Container will  
assume its within the container (for a container localhost is itself, the container).  
That is in conflict with the principle of one container, one service (use the service name  
instead for DNS resolution)
* Extra credit: Use volumes to store Drupal data

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-assignment-1
ls -trla
mkdir assignment-submission

Answer
```
version: '2'

services:
  drupal:
    image: drupal:8.8.2
    ports:
      - "8080:80"
    volumes:
      - drupal-modules:/var/www/html/modules
      - drupal-profiles:/var/www/html/profiles       
      - drupal-sites:/var/www/html/sites      
      - drupal-themes:/var/www/html/themes
  postgres:
    image: postgres:12.1
    environment:
      - POSTGRES_PASSWORD=mypasswd

volumes:
  drupal-modules:
  drupal-profiles:
  drupal-sites:
  drupal-themes:

        
        
```

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-assignment-1/answer
docker compose up

In [None]:
%%bash
cd course_ressources/udemy-docker-mastery/compose-assignment-1/answer
docker compose down -v

## 63- Adding image building into compose files

Docker compose will build images they're not found. 

In [7]:
%%bash
cd  ./course_ressources/udemy-docker-mastery/compose-sample-3
ls -ltra

# You can see that you specify dockerfile for the nginx image and you're linking
# the html directory into the Apache container's directory
cat docker-compose.yml

cat nginx.Dockerfile

total 24
-rw-r--r--   1 karimitani  staff   347 Aug 18 18:48 docker-compose.yml
drwxr-xr-x  14 karimitani  staff   448 Aug 18 18:48 html
-rw-r--r--   1 karimitani  staff    64 Aug 18 18:48 nginx.Dockerfile
drwxr-xr-x   6 karimitani  staff   192 Aug 18 18:48 .
-rw-r--r--   1 karimitani  staff   298 Aug 18 18:48 nginx.conf
drwxr-xr-x  36 karimitani  staff  1152 Aug 18 18:48 ..
version: '2'

# based off compose-sample-2, only we build nginx.conf into image
# uses sample HTML static site from https://startbootstrap.com/themes/agency/

services:
  proxy:
    build:
      context: .
      dockerfile: nginx.Dockerfile
    ports:
      - '80:80'
  web:
    image: httpd
    volumes:
      - ./html:/usr/local/apache2/htdocs/
FROM nginx:1.13

COPY nginx.conf /etc/nginx/conf.d/default.conf


## 64-65.Assignment : Build and Run Compose

Building a custom drupal image for local testing.

Assignment directions:
* Start with the compose file from the last assignment
* Make you Dockerfile and docker-compose.yl in dir compose-assignemt-2
* Use the README.md for details

When you have a build and image key in the compose file you change the purpose of 
the image command. You're not pulling the image with that name form the registry  
but are actually building from the directory specified inthe build/context field  
and name that image with the name specified in the image field


Submission:


```
Dockerfile
FROM drupal:8.2

#RUN apt package manager command to install git
RUN apt-get update \
    && apt-get install -y git \
    && rm -rf /var/lib/apt/lists/*



WORKDIR /var/www/html/themes

#use git to clone the theme
RUN git clone --branch 8.x-3.x --single-branch --depth 1 https://git.drupalcode.org/project/bootstrap.git \
    #we need to change permissions on files
    && chown -R www-data:www-data bootstrap 

WORKDIR /var/www/html
FROM drupal:8.2

#RUN apt package manager command to install git
RUN apt-get update \
    && apt-get install -y git \
    && rm -rf /var/lib/apt/lists/*



WORKDIR /var/www/html/themes

#use git to clone the theme
RUN git clone --branch 8.x-3.x --single-branch --depth 1 https://git.drupalcode.org/project/bootstrap.git \
    #we need to change permissions on files
    && chown -R www-data:www-data bootstrap 

WORKDIR /var/www/html

```

```
docker-compose.yml
version: '2'

services:
  drupal:
    image: custom-drupal
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8080:80"
    volumes:
      - drupal-modules:/var/www/html/modules
      - drupal-profiles:/var/www/html/profiles
      - drupal-sites:/var/www/html/sites
      - drupal-themes:/var/www/html/themes

  postgres:
    image: postgres:12.1
    environment:
      - POSTGRES_PASSWORD=mypasswd
    volumes:
      - drupal-data:/var/lib/postgresql/data
volumes:
  drupal-modules:
  drupal-profiles:
  drupal-sites:
  drupal-themes:
  drupal-data:

```

In [15]:
%%bash
cd  ./course_ressources/udemy-docker-mastery/compose-assignment-2
ls -ltra
docker-compose up 

total 24
-rw-r--r--   1 karimitani  staff  3619 Aug 18 18:48 README.md
drwxr-xr-x   4 karimitani  staff   128 Aug 18 18:48 answer
drwxr-xr-x   6 karimitani  staff   192 Aug 18 18:48 .
drwxr-xr-x  36 karimitani  staff  1152 Aug 18 18:48 ..
-rw-r--r--   1 karimitani  staff   434 Sep 13 04:08 Dockerfile
-rw-r--r--   1 karimitani  staff   576 Sep 13 04:16 docker-compose.yml


Creating network "compose-assignment-2_default" with the default driver
Creating volume "compose-assignment-2_drupal-modules" with default driver
Creating volume "compose-assignment-2_drupal-profiles" with default driver
Creating volume "compose-assignment-2_drupal-sites" with default driver
Creating volume "compose-assignment-2_drupal-themes" with default driver
Creating volume "compose-assignment-2_drupal-data" with default driver
Building drupal
#1 [internal] load build definition from Dockerfile
#1 sha256:bb29ab4b8b67eef3785c7934ae48de63903be38b4d938d8c39f9791d93786781
#1 transferring dockerfile:
#1 transferring dockerfile: 478B 1.1s done
#1 DONE 1.2s

#2 [internal] load .dockerignore
#2 sha256:1f95ca88be94589e82719ee2aec8bb8fc8dbb5be2d2142fd826a4b3005d4adcd
#2 transferring context:
#2 transferring context: 2B 0.0s done
#2 DONE 0.3s

#3 [internal] load metadata for docker.io/library/drupal:8.2
#3 sha256:98e346af38bc52429da738db4b04bbf3643a0f0d6f6b8e9090f966c75f00fe9c
#3 DONE 4.6s



CalledProcessError: Command 'b'cd  ./course_ressources/udemy-docker-mastery/compose-assignment-2\nls -ltra\ndocker-compose up \n'' returned non-zero exit status 1.