Skip to content

๐Ÿš€ DevOps Docker Training Notes

๐Ÿ“… Day 1 โ€” Traditional vs Containerized Deployment

๐Ÿ—๏ธ Traditional Deployment / Old Deployment

๐Ÿ–ฅ๏ธ Virtualized Deployment

โŒ VM Disadvantages:

  • Each VM needs its own OS โ†’ high CPU, memory, and storage consumption.
  • Higher cost for enterprise OS editions.
  • Can deploy multiple applications in one VM, but no isolation.
  • Middleware conflicts โ€” can't run multiple versions (e.g., Java 11 vs Java 17).
  • Environment inconsistencies (e.g., config files, env variables).
  • AMIs can help maintain consistency but still require full OS per VM.

๐Ÿ”ด Summary:

  • Each VM โ†’ full OS โ†’ high cost and compute usage.
  • Middleware/software compatibility issues.
  • No proper isolation for apps within same VM.

๐Ÿ“ฆ Containerized Deployment

๐Ÿงฑ What is a Container?

  • Includes: App code + dependencies + config files + env variables.
  • Containers share the host OS (no separate OS required).
  • Each container has its own OS libraries โ†’ interacts with OS kernel.
  • Multiple containers can run on a single host OS.

๐Ÿ› ๏ธ Use Cases:

  • Applications
  • Databases
  • Tools (e.g., Jenkins, Nexus)

๐Ÿ” Isolation:

  • Container runtime provides:
  • Separate process space
  • Network space
  • Storage space
  • Mount space
  • High CPU โ†’ container may hang.
  • Out of memory โ†’ container is killed by OS (via cgroups).

๐Ÿ“… Day 2 โ€” Container Types and Tools

๐Ÿงฐ Container Use Cases:

๐ŸŒ Web Servers:

  • HTTPD, NGINX, HAProxy

๐Ÿ’ป Application Servers:

  • Java, Python, Node.js, JBoss, Tomcat, Go

๐Ÿ—„๏ธ Database Servers:

  • MySQL, Oracle, MongoDB, PostgreSQL, Couchbase, Cassandra

โœ‰๏ธ Messaging Servers:

  • Kafka, RabbitMQ

๐Ÿ› ๏ธ Other Tools:

  • Jenkins, Nexus, SonarQube

๐Ÿณ Containerization Tools:

๐Ÿ”ง Runtime Tools:

  • Docker
  • Podman
  • containerd

๐Ÿ“ฆ Orchestration Tools:

  • Docker Swarm
  • Kubernetes
  • OpenShift

๐Ÿณ Docker Editions:

  1. Community Edition โ€” Free
  2. Enterprise Edition โ€” Paid
  3. DTR: Docker Trusted Registry
  4. UCP: Universal Control Plane (GUI for managing containers)

Docker images built on any OS or flavor (RHEL, Ubuntu, etc.) can be stored in registries like Nexus/ECR and run on any platform.

๐Ÿ“… Day 3 โ€” Docker Setup & Runtime

๐Ÿš€ Container Limits

  • Number of containers depends on available CPU and RAM.

๐Ÿงฉ OS Compatibility:

  • Best OS for Docker: Ubuntu
  • Docker not compatible with RHEL in production (no support).

๐Ÿ”ง Docker Daemon

  • Background service managing:
  • Docker images
  • Containers
  • Networks
  • Volumes

๐Ÿงฐ Installing Docker on Ubuntu (AWS):

```bash sudo apt update -y sudo apt install docker.io -y sudo service docker start docker info Regular users will face permission issues.

โœ… Add User to Docker Group: bash Copy code sudo usermod -aG docker $USER

OR

sudo usermod -aG docker ubuntu Logout and SSH again. Then run:

bash Copy code docker ps ๐Ÿ“… Class 4 โ€” Docker Registries ๐Ÿ‹ Docker Image Storage ๐Ÿ” Secure Registries: Use HTTPS for registries like Nexus, ECR.

Docker Hub provides only one private repo โ†’ limited use in real-time.

๐Ÿ“ Docker Concepts Registry: Central image storage.

Repository: Collection of related images (usually different versions).

๐Ÿ”„ Image Pull Behavior: If registry not mentioned:

Docker checks local

Else pulls from Docker Hub

โ˜๏ธ Create Repos in Nexus / ECR ๐Ÿ”น ECR: Image format: registryURL/repository:tag

๐Ÿ”น Nexus: Go to Settings โ†’ Repositories โ†’ Create Repository โ†’ Docker (hosted)

Use port 8083 for reverse proxy

โš ๏ธ Insecure Registry Configuration: If using HTTP (insecure) registry:

Edit the daemon config:

bash Copy code sudo vi /etc/docker/daemon.json Add:

json Copy code { "insecure-registries": [":8083"] } ๐Ÿ“ If using for practice, and IP changes after restarting Nexus, you'll need to update the IP in daemon.json.

๐Ÿ“… Day 5 โ€” Docker Image Build & Deployment โœ… Docker Advantages: Easy to share & deploy using Docker images

Lightweight โ€” shares host OS, saves resources

Version management

Middleware compatibility solved

๐Ÿ› ๏ธ Docker Build Server Setup: Install the following on Docker build server:

Docker

Git

Maven

Java

Don't write Dockerfiles directly on Docker server.

๐Ÿ“ Real-Time Workflow: Write Dockerfile in project repo.

Commit & push to GitHub.

Clone repo to Docker build server.

Build image and push to registry (ECR/Nexus).

Another deployment server pulls image and runs container.

๐Ÿ”— Build and deploy happen on different servers.

๐ŸŒ Accessing the Application: Expose container ports to access apps via browser or API.

๐Ÿ“… Day 6 โ€” Tagging & ECR Authentication ๐Ÿท๏ธ Docker Image Tagging If image was created without proper name (e.g., missing registry/repo), use:

bash Copy code docker tag oldimagename:tag newregistry/repository:newtag You can see multiple names, but the Image ID remains the same.

๐Ÿ” Docker Login to ECR To authenticate with ECR registry:

Go to ECR repo

Click View Push Commands

Use the first command (requires AWS CLI):

bash Copy code aws ecr get-login-password --region | \ docker login --username AWS --password-stdin .dkr.ecr..amazonaws.com Must be executed on Docker build server.

๐Ÿ›ก๏ธ ECR Security Features: ๐Ÿ” Tag Immutability: Prevents overwriting existing image versions.

Enable this to ensure image stability.

Same concept applies to Nexus.

๐Ÿ” Scan on Push: Automatically checks for vulnerabilities when image is pushed.

๐Ÿ” KMS Encryption: Encrypt images stored in ECR using AWS KMS.

๐Ÿ›‚ IAM Role & AWS CLI Access โœ… For Docker Build Server: Create and attach IAM policy with full ECR access.

Install AWS CLI.

Authenticate before push.

๐Ÿ” Note: Token is valid for 4 hours โ†’ must re-authenticate frequently.

โœ… For Deployment Server: Install AWS CLI.

Attach read-only IAM policy.

Authenticate and pull images.

yaml