# Section 1: Quick Start

## What is docker? The three innovations

### BUILD / SHIP / RUN
The **BUILD/SHIP/RUN** cycle consists of three steps to take previously non containarized software, turn it into a docker image, put it on a registry and deploy it on containers.

Most projects that gradudated from [the cloud native foundation](https://cncf.io) make the assumption that you're using a container workflow of build/ship/run


###  The three innovations
1. The docker **IMAGE**
2. The docker **REGISTRY**
3. The docker **CONTAINER**

#### The cotainer image

* Can be thought of as a universal app packager
* Cross OS/Platform & application/language agnostic
* All images start with a FROM clause, it could start from someone else's image and could be combined
* Each subsequent section (or stanza) is executed in sequence
    * These layer get moved around servers as tarballs
    * Inside those layers are files/directories/permissions/metadata
* Example Dockerfile:
    * FROM python
    * RUN pip install flask
    * WORKDIR /app
    * COPY . .
    * CMD python app.py

#### The docker registry 

* Known as the OCI registry spec, a standard for distributing the images.
* Docker Hub is the default, github and gitlab have their own.
* A built image has a unique SHA hash that will allow or verification between two systems/hosts that the image contains the same files/metadata...
* Usualy done via the command docker push or docker pull
* **This is one of the core values of docker. We can take software that made on one machine with all its dependencies and run it on another machine, seamlessly and regardless if the two machines are running on different distributions of an OS (will run the same on Ubuntu or CentOs)**

#### The docker container 

* Running an image after downloading it into a server.
* A container is known as a **namespace**. This is what makes sure that the app running inside the containers can't see the rest of the operating system.
    * A namespace is basicly a blanch file system with only the files from the image that was built.
    * It would have it's own IP address, NIC (Network Interface Controller) and process list.
* Reruning the docker run command on that image would spin up a new instance of this image that is isolated from the first.
    * If the docker run command if run on another server with a docker engine then it yields a high availability setup.


## Quick Container Run


Using the [Play With Docker Website](https://labs.play-with-docker.com/) we can run a few demo commands before doing any local installs of Docker

* You will need an account with [Docker](https://hub.docker.com/), it's free
* Once logged in to [Play With Docker Website](https://labs.play-with-docker.com/) you will see a green start button and once clicked a timer will be show for the time remaining in the session.
* You will be able to deploy docker images on infrastructure provided by Docker.
* Steps for demo:
    * click on 'add new instances'
    * run "docker version" :
        * Gets details about the client and the engine currently running
    * connecting to from client to server can happen over many ways:
        * Socket
        * TCP/TLS
        * SSH tunnel
    * run "docker run -d -p 8800:80 httpd"
        * -d -> detach, runs in background
        * -p -> port, which ports are opened and published on host IP so that it can be accessed remotely
            * first number is the port on the host on which we're listening
            * second number is the container port on which we're connecting
        * httpd -> apache server image
        * ouput will resemble the below:
            * Unable to find image 'httpd:latest' locally
            * latest: Pulling from library/httpd
            * 1efc276f4ff9: Pull complete 
            * aed046121ed8: Pull complete 
            * 4340e7be3d7f: Pull complete 
            * 80e368ef21fc: Pull complete 
            * 80cb79a80bbe: Pull complete 
            * Digest: sha256:343452ec820a5d59eb3ab9aaa6201d193f91c3354f8c4f29705796d9353d4cc6
            * Status: Downloaded newer image for httpd:latest
            * bbaf9c895f19f301e40c7d2bd743127e372f8932b997ca238b5eaaeb13f6ec88
        * The output can be interpreted as such:
            * the various **layers** of the image are downloaded/pull
            * then it will create the networking, virtual interface, file system, load the file from the image into the file system
            * then it will startup the httpd process in its own namespace.  
    * run a curl command on the local host (machine from which this container is being instanciated) to verify that it's up: curl localhost:8800
        * output is: ```<html><body><h1>It works!</h1></body></html >```
    * run "docker ps" to view running containers:
        * | CONTAINER ID | IMAGE | COMMAND            | CREATED        | STATUS        | PORTS                | NAMES             |
          |--------------|-------|--------------------|----------------|---------------|----------------------|-------------------|
          | bbaf9c895f19 | httpd | "httpd-foreground" | 12 minutes ago | Up 12 minutes | 0.0.0.0:8800->80/tcp | confident_johnson |


## Why Docker? Why Now?


Docker's "raison d'etre" come from frictions that were being faced relating to speed a efficiency of packaging and deploying software.

The three main reason are:
* Isolation:
    * During the move from mainframe to servers (early 2000s), it was very rare that an app would fully utilise the capacity of the servers on which they would run. You ended up with mutliple apps colocating on the same servers, this increased complexity in managing them and made them prone to outages (e.g: one change for an app would cause an effect on other apps).
    * This lead to the emergence of VMs (Virtual Machines), fewer apps on multiple VMs all riding on the same hosts. This would lead to an exploding number of VMs which were each spun up with their own OS. Isolation was sort of solved but complexity outweighed the benefits.
    * Then Docker comes along and removes the need for all the different operating systems on each VM. Each application has its own namespace that is isolated and managing them comes easily through the docker/kubernetes cli. You can now run multiple version of the same app on the same host without any conflict.
* Environment
    * With VMs also came the deployement of a large number of types of environments. The running joke being "Works on my machine".
    * The container image has become a sort of contract between what the app runs and where its running. Just like actual shipping containers where those who ship something don't care what the ship that was carrying the container looked like and the people transporting the container didn't care what was inside it.
        * This is done through a consistent standard (the OCI format) which has two specs, an image and a runtime spec.
        * this ensures that the container will always be run with the same consistent way and same dependencies it was built with.
* Speed
    * Not the speed of CPU and processors but the speed of business, the ability to test and execute on ideas in a timely manner

# Section 2: Course Intro

## Getting Course Ressources

### Github repo
https://github.com/bretfisher/udemy-docker-mastery

### Docker commands, cheatsheets & slides
Downloaded in the "course_ressources folder"

# Section 3: The best way to setup Docker for your OS

## Installing Docker

Get the [Docker Desktop](https://www.docker.com/products/docker-desktop/) and install it on your machine.

There are 3 major ways to run containers:
* Locally (Docker Desktop, Remote Desktop)
* Servers (Docker Engine, K8s)
* PaaS (Cloud Run, Fargate)



# Section 4: Creating and usig containers like a boss

## 17.Check the Docker Install and Config


### Check out the current version of Docker
Returns the version of the **client** as well the server, a.k.a **the engine**

In [None]:
%%bash
docker version

### Get additional information on Docker

In [None]:
%%bash
docker info

### Getting the full list of commands in Docker

This is not a full list of the commands. You will notice below the sub modules that are accessible via docker manage  
commands, under **Management Commands:**
  
Management Commands:
* builder     Manage builds
* buildx*     Docker Buildx (Docker Inc., v0.8.2)
.  
.  
.  


In [None]:
%%bash 
docker

## 18.Starting a Nginx web server

In this section we will:
* contract images to containers
* run/stop/remote containers
* check container logs and process


### Images vs. Containers

**Images** are the binaries/libraries/source code that will make up our application. A **container** is a running   
instance of that image. You can have mutliple containers running from the same image. 

Images are obtained from registries, [**Docker Hub**](https://hub.docker.com/) being the default registry.   
(sort of what github is to source code, registries are to images)

In [None]:
%%bash
# command to get the image from the registry and running it
docker container run --publish 80:80 nginx

In the background docker looked for the latest version of nginx in Docker Hub,  
pulled it into our machine and started it  
as a process. The --publish argument exposes my local port 80 and sends all  
traffic comming to it to the container's  
port 80.

If we don't want the process to run in the foreground we can add the --detach  
argument and have all the above be done in the background.

In [None]:
%%bash
docker container run --publish 80:80 --detach nginx

When the container was started in the background we got in the output the unique container ID which  
we can use to compare with the output of the ```docker ps``` or ```docker container ls``` command.

In [None]:
%%bash
# we can check that the container is actually up and running
docker ps

In [None]:
%%bash
docker container ls

To stop the running container you can use ```docker container stop ${CONTAINER_ID}```

In [None]:
%%bash
docker container stop 188eb98e7d4e

And verify that the container is no longer running

In [None]:
%%bash
docker container ls

If i want to see all the containers, even those that are not running then i use   
 ```docker container ls -a```

In [None]:
%%bash
docker container ls -a

We can always give names to our containers otherwise they will be given randomly generated  
names using this syntax `<adjective>_<name_of_famous_scientist>`.   

If we want to specify the name we use the argument `--name`

In [None]:
%%bash
docker container run --publish 80:80 --detach --name webhost nginx
docker container ls

If we want to view the container logs we use `docker container logs ${CONTAINER_NAME}`

In [None]:
%%bash
docker container logs webhost

To view the processes in the container use `docker container top ${CONTAINER_NAME}`

In [None]:
%%bash
docker container top webhost

In [None]:
%%bash
#you can see that the new container had a custom name
docker container stop d4ae91d827ab

Cleanup the containers by listing all containers and removing them using  
`docker container rm [${CONTAINER_ID}  ${CONTAINER_ID} ...]`

In [None]:
%%bash
docker container ls -a

In [None]:
%%bash
docker container rm d4a 188
docker container ls -a

## 19.Debrief, what happens when we run a container

1. Looks for images in local cache
2. Look for images in registry if not found locally
3. Download the latest version
4. Create and new container based on the image and prepare it for start-up
5. Give the container a virtual IP on private network within the docker engine
6. Open up a port on the host and forward it to the port in the container
7. Start container based on CMD found in the image's Dockerfile

## 20.Containers vs Virtual Machines

### Containers aren't mini VMs

* They are just processes
* They are limited to what ressources they can access
* They exit when process stops

## 21.Window Containers: Should you consider them?

Containers are restricted processes that are running on the host's OS kernel.  
For example a Python image built for linux/x84_64 won't run as a python.exe on   
a Windows kernel. Which is why Docker utilizes a lightwheight Linux VM to run  
the containers.

From Docker's inception in 2013 to 2016, we could build images for multiple  
architectures (amd64, arm/v6, arm/v7, i386, etc.) but not for the Windows   
kernel itself. Docker was Linux-only.

In 2016 we got "Windows Containers" support from Microsoft. When you think of   
images, realize they are always kernel (Linux/Windows) and architecture   
(arm64, amd64, etc.) specific. Docker does this seamlessly in the background  
with a "manifest". It downloads the best image for the platform your Docker  
Engine is running on.

You can enable Windows Container mode in Docker Desktop for Windows by clicking  
"Switch to Windows containers" in the Docker whale menu, which then switches  
from WSL2 to Hyper-V running a slim Windows VM. It's an either-or setting,  
you'll have to decide which OS you want to run your containers on and stick to it.  

Sadly, the truth is that Windows Containers never caught on in a major way.  
Microsoft even built a Windows-based MSSQL image, but has since discontinued   
it in 2021 in favor of their Linux-based MSSQL image.

## 22.Arm Support for MySQL

The official MySQL image only supports Intel/AMD processors. MariaDB is an  
alternative if you're using Apple M1 or Raspberry Pi (both based on arm64 processors).

## 23-24.Assignement: Manage multiple containers

[Docker Official Documentation](https://docs.docker.com) is your friend as well  as the --help argument at the end of each command.

### Assignement Instructions
* Run an `nginx`, `mysql` and `httpd` (apache) server
* Run all of the in `--detach` mode (-d), name them with --name
* Specify the ports, nginx should listen to 80:80, httpd to 8080:80 and mysql to 3306:3306
* When running mysql, use the `--env` option (-e) to pass in `MYSQL_RANDOM_ROOT_PASSWORD=yes`
* Use the `docker container logs` on mysql to find the random password on startup
* Clean it all up afterwards using the `docker container stop` and `docker container rm`
* Verify that everything got shutdown correctly using the `docker container ls`







In [None]:
%%bash
# run instances
docker container run --detach -p 80:80 --name nginx nginx
docker container run --detach -p 8080:80 --name httpd httpd
docker container run --detach -p 3306:3306 -e MYSQL_RANDOM_ROOT_PASSWORD='yes' --name mysql mysql 


In [None]:
%%bash 
#verify instances
docker container ls

In [None]:
%%bash
# find generated password
docker container logs mysql | grep "GENERATED ROOT PASSWORD"

In [None]:
%%bash
# cleanup
docker container stop nginx
docker container stop httpd
docker container stop mysql
docker container rm nginx
docker container rm httpd
docker container rm mysql

## 25.What's going on in containers: CLI process monitoring

### Useful commands to view container processes

1. docker cotainer top - process list in one container
2. docker container inspect - detials of one container config
3. docker container stats - performance stats for all containers

In [None]:
%%bash
# run instances
docker container run --detach -p 80:80 --name nginx nginx
docker container run --detach -p 3306:3306 -e MYSQL_RANDOM_ROOT_PASSWORD='yes' --name mysql mysql 

In [None]:
%%bash
docker container top nginx

In [None]:
%%bash
docker container inspect mysql

In [None]:
%%bash
docker container stats

In [None]:
%%bash
# cleanup
docker container stop nginx
docker container stop mysql
docker container rm nginx
docker container rm mysql

## 26-27. Getting a shell inside the container

### Useful commands

1. docker container run -it - start a new container interactively
2. docker container exec -it - run additional commands in existing container




### docker run -it
-i : interactive  
-t : allocate a pseudo TTY (a prompt similar to ssh)  
bash : an optional argument that can be passed to the container on startup  
here it makes the container start with a bash terminal  


docker container run -it --name nginx nginx bash

#### Command 
docker container run -it --name nginx nginx bash

Notice that when exiting the shell the container gets stopped

### docker run -it

If I want to see a shell inside an already running container

#### Command:
docker container exec -it nginx bash



## 28-29 Docker networks: concepts for private and public comms in containers

When starting a container you're connecting, in the background, to a particular  
docker network (the default being the bridge network).


Each virtual network routes through a NAT firewall on host IP. The Docker deamon  
configuring the host IP on it default interface so that your containers can   
interact with the internet.

[NAT Firewal Definition](https://nordvpn.com/blog/what-is-nat-firewall/)
```  
A Network Address Translation (NAT) firewall operates on a router to protect  
private networks. It works by only allowing internet traffic to pass through if  
a device on the private network requested it. A NAT firewall protects the   
identity of a network and doesn't show internal IP addresses to the internet.
```  

All containers within a network can talk to each other inside the host  
without the -p (port). For example a mysql and a php/apache container can  
communicate on the same network named "my_web_app" without exposing their ports  
to the rest of the physical network.

This brings us to the concept of `"Batteries included, but removable"` which  
means that the defaults work well in most cases but are easily customizable  
(creating mutliple network, one per app, or different networks depending on  
security requirements)

You can attach container to more than one virtual network (or none).





In [None]:
%%bash
docker container run -d  -p 80:80 --name nginx nginx

In [None]:
%%bash
#Here we see that the host port 80 is exposed to the container's port 80 
#through a tcp connexion
docker container port nginx

In [None]:
%%bash
#We may assume that the container uses the same IP as the host but by default 
#that is not true. We'll use the format comand instead of grep to filter
#to the correct node in the json output off the docker inspect command
docker container inspect --format "{{.NetworkSettings.IPAddress}}" nginx

In [None]:
%%bash 
docker container stop nginx
docker container rm nginx

In [None]:
%%bash
#check the host's IP address, it does't have to match that of the host
ifconfig en0

## 30.Docker Netwoks: CLI Management of Virtual Networks

### Useful commands

* Show networks `docker network ls`
* Inspect a network `docker network inspect`
* Create a network `docker network create --driver`
    * It has the optional `--driver` argument that we can use to specify built-in  
    or third-party driver to create virtual networks
* Attach/detach a network to a conttainer `docker netwrok connect/disconnect`
    * Used t connect/disconnect a live running container so that a NIC is   
    created/destroyed on a virtual network for that container.

In [None]:
%%bash
docker network ls

### Bridge Network 

The bridge network is the default network that bridges throught the [NAT firewall](https://www.comparitech.com/blog/vpn-privacy/nat-firewall/)  
to the physical network that your host is connected to.

* (Note) A NAT firewall works by only allowing internet traffic to pass through the gateway if a device on the private network requested it. 


In [None]:
%%bash 
docker network inspect bridge


In [None]:
%%bash
## to find a specific item in the docker netork inspect
docker network inspect bridge --format {{.IPAM.Config}} 

### The host network

A special kind of network that skips the virtual network of Docker and attaches  
the container directly to the host interface. Its a boost for performance but  
sacrifices in security.

In [None]:
%%bash
docker network inspect host

### Creating a new network

Notice how the default for `DRIVER` for the new network was `bridge`. It's a  
built-in driver that create a virtual network locally with its own subnet. It  
lacks some of the more advanced features, such as private networking between hosts  
like other 3rd party driver like `Weave`

In [None]:
%%bash
docker network create my_app_net

In [None]:
%%bash
docker network ls

In [None]:
%%bash
#check out all the arguments that you can specify during the creatiion of networks
docker network create --help

### Assigning a network to a container on startup

Using the `--network` option

In [None]:
%%bash
docker container run -d -p 80:80 --name nginx --network my_app_net nginx

In [None]:
%%bash
#You will see the new container running on this network
docker network inspect my_app_net

### Connecting running containers to existing networks

In [None]:
%%bash
docker network --help

In [None]:
%%bash
docker container ls

In [None]:
%%bash
docker network ls 

In [None]:
%%bash
## connect the nginx container (aready connected to the my_app_net) to the default  
## bridge network
docker network connect bridge nginx

In [None]:
%%bash
##inspecting the nginx container, you'll now see that its on two networks
docker container inspect --format {{.NetworkSettings.Networks}} nginx

In [None]:
%%bash
## to reverse out the above
docker network disconnect bridge nginx

In [None]:
%%bash
##inspecting the nginx container, you'll now see only one left
docker container inspect --format {{.NetworkSettings.Networks}} nginx

In [None]:
%%bash
docker container stop nginx

## 31.Docker Networks: DNS & how containers find each other