App Container Spec
App Container Spec maybe isn't that relevant to me.
NixOS provides a
nixos-container command that is nice and simple.
Alternatively, you put some named containers in your configuration.nix.
The NixOps cloud deployment tool also provides a backend called container. This is a bit more complicated. It's a better tool if you want to deploy groups of related containers.
Docker is popular, but may be a tower of hacks.
It provides a
docker ps -a lists all your containers.
Docker has some concepts:
- a binary with some programs in it
- a running instance of an image
- contains 1 image instantiated as many containers
- some machines running Docker which work together, hosting some containers amongst themselves
- some services which share dependencies
We usually have different dependencies at run time vs build time.
In your dockerfile you specify a base image with
FROM base-image:version as name.
Docker lets you do this multiple times to specify a multistage build.
You can then refer to the name in your copy command:
COPY --from=name /path/from /path/to.
- creates a new layer in your dockerfile by executing some command and then looking at the difference.
- launch a program
CMD ["python3" "-m" "http.server"].
- listen on a port
- set an environment variable
ENV VARIABLE thing.
- move some files into your container, creating a layer.
- like copy, but with some extra stuff like tar extraction.
- set a main command for the image
- associate some storage
- change user
- set working directory
- some extra commands for after the image has finished
When using `docker run` you have the restart flag:
docker run --restart unless-stopped image.
Docker makes three networks which you can assign containers to:
- the default, available to containers as docker0.
- disables the network stack for a container?
- pretend to be the host machine?
Or you can define your own network and assign some containers to it.
This is a registry where people put their awful images.
This is a program for starting containers in the right order.
docker-compose up makes that go.
docker-compose.yml is a file which lists the containers.
`docker-compose` has similar commands to `docker`.
It should restart containers automatically.
We have three main kinds of storage:
- managed by Docker in var/lib/docker/volumes.
- bind mounts
- anywhere on the host system.
- tmpfs mounts
- in memory
The InfluxDB and Alpine Postgres Images both use volumes, so you can destroy and recreate these images without losing data.
There is a thing called Prometheus which tells you what your Docker is doing.
Not maintained, ignore it.
rkt looks reasonably simple. It's not available in Debian stable yet.
Debootstrap lets you create a sub-install of Debian. You can then chroot into it.
It doesn't give you process isolation.
This is only relevant for people with a lot of machines to look after and full-time sysadmins.