$ ansible localhost -m lineinfile -a "path=~/.profile regexp=\"^export DOCKER_HOST\" line=\"export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock\""
$ . ~/.profile
$ mkdir -p ~/.config/docker
$ echo "{ \"data-root\":\"/var/tmp/$(id -un)/\" }" | tee ~/.config/docker/daemon.json
$ killall dockerd
$ dockerd-rootless.sh &
1. Preparation work before using Docker
Starting April 2023, Docker will be run as a user with non-root privileges, rootless mode.
Before the change, we had to run docker as a privileged (root) user, as in docker
, but from now on we should run docker as docker
without "sudo".
To enable the rootless mode, you will need to add the DOCKER_HOST environment variable to your ~/.profile and a working area on a non-NFS file system in your ~/.config/docker/daemon.json file.
2. Official Docker Tutorial: Part2.
-
Original: Part2: Sample application
Open this Containerizing an application page and read the instructions. However, if you do not read it properly, it may not work properly, so I will post a list of commands that work well.
Please run this on the ThinkPad (192.168.100.21-27) in Seminar Room 10 or on your own PC with Docker installed.
$ cd
$ git clone -b v1 https://github.com/docker-training/node-bulletin-board
$ cd node-bulletin-board/bulletin-board-app
$ docker image build -t bulletinboard:1.0 .
$ docker container run --publish 8000:8080 --detach --name bb bulletinboard:1.0
【Note】
image build" can be abbreviated to "build".
Similarly, "container run" can be abbreviated as "run", "--publish" as "-p", and "--detach" as "-d".
As noted in the documentation, once you have successfully done this, go to http://localhost:8000/ and make sure the bulletinboard app is running.
If you are using OpenVPN, this will be the IP address of the ThinkPad where you ran the command, like http://192.168.100.2x:8000/.
The last command written can be used to force stop + remove.
$ docker container rm --force bb
This method of using "rm --force" is to stop and delete at the same time. If you want to do the same thing carefully, you can use the "stop" and "rm" commands in turn, as follows.
$ docker container run --publish 8000:8080 --detach --name bb bulletinboard:1.0
$ docker container stop bb
$ docker ps -a
The last ps -a
run will show containers that are stopped but have state saved.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbc4687ae162 bulletinboard:1.0 "npm start" 5 seconds ago Exited (0) 1 second ago bb
In this state, delete the bb image that is still on the file system.
$ docker container rm bb
To avoid deleting unwanted images after execution, you can run the docker command with the --rm option, which will immediately remove them from the filesystem when stopped.
The following is a more general way of writing the command, using an abbreviated system.
## Run docker container run command with "--rm" option
$ docker run --rm -p 8000:8080 -d --name bb bulletinboard:1.0
## Run the "docker container rm" command to only stop the container that was started, not run it
$ docker stop bb
## Make sure no information about the bb container is displayed
$ docker ps -a
If you do not specify "--rm" at startup, you will still have a remnant container with the name "bb" when you stop it. In this state, you can run the container with the name "bb" again.
## Start
$ docker run -p 8000:8080 -d --name bb bulletinboard:1.0
## stop
$ docker stop bb
## Verify that the container with the name "bb" is stopped
$ docker ps -a
## Run the container named "bb" again, but make sure it fails
$ docker run -p 8000:8080 -d --name bb bulletinboard:1.0
## Use "start" to restart a stopped container
$ docker start bb
## Use "ps" to check container status
$ docker ps
## Stop it again, remove it with rm command, and it will run fine
$ docker stop bb
$ docker ps -a
$ docker rm bb
$ docker run -p 8000:8080 -d --name bb bulletinboard:1.0
## Stop the container again and remove the image
$ docker stop bb
$ docker rm bb
The next section of this tutorial, Part 4. Share the application , explains how to register an image on DockerHub. Share the application ^]explains how to register an image with DockerHub. (Note that the "gordon" part should be changed to your ID information.) Deploy to Kubernetes explains how to run this bulletinboard:1.0 on Kubernetes.
For DockerHub, see Docker, Docker Hub, Docker Composer describes it.
If you find the official tutorial difficult to follow, please do not force yourself to continue.
3. Another way to run bulletinboard:1.0 with Kubernetes
In the aforementioned official tutorial, bulletinboard:1.0 was registered in the public repository using https://hub.docker.com/.
Here is a way to use Harbor (https://inovtst9.u-aizu.ac.jp/ ), a Docker Hub compatible environment.
3.1. Create a project in Harbor
First, create a project that will serve as a container for registering your own Docker container (bulletinboard:1.0).
In the following, replace "s12xxxxxxx" with your AINS ID.
-
go to https://inovtst9.u-aizu.ac.jp/ and login with your AINS-ID and password. 2. Click the "+ NEW PROJECT" button and enter the same name as your AINS-ID, s12xxxxxxx.
Next, go back to the shell on your Thinkpad and use the docker command to register the project you just created, inovtst9.u-aizu.ac.jp/s12xxxxx (project name "s12xxxxx" is your AINS-ID), with bulletinboard:1. Register bulletinboard:1.0 to the project name "s12xxxxxxx".
First, register Harbor login information in /root/.docker/config.json using docker login command.
$ docker login inovtst9.u-aizu.ac.jp
Username: yasu-abe
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Then, using the login information, transfer the image file of the container you have docker built at hand to Harbor (inovtst9.u-aizu.ac.jp).
$ docker tag bulletinboard:1.0 inovtst9.u-aizu.ac.jp/$(id -un)/bulletinboard:1.0
$ docker push inovtst9.u-aizu.ac.jp/$(id -un)/bulletinboard:1.0
After running docker push
, you will see the image being transferred as follows.
The push refers to repository [inovtst9.u-aizu.ac.jp/s12xxxxx/bulletinboard]
248fe273fb1c: Pushed
73284181b5e4: Pushed
d5c7192737ed: Pushed
...
If no errors appear, bulletinboard:1.0 is now registered with Harbor. The registered bulletinboard:1.0 is now located at Harbor - DockerHub compatible environment
After completing this step, be sure to remove the ID/Password information from the /root/docker/config.json file at the end.
$ docker logout inovtst9.u-aizu.ac.jp
3.2. Using Harbor from Kubernetes
In the official tutorial Deploy to Kubernetes , the bb.yaml file was prepared.
Here, we will use the image stored in Harbor based on the bb.yaml file.
From here on, "s12xxxxxxx" should be replaced with your AINS ID.
Change the contents of the bb.yaml file as follows Remember to replace "s12xxxxxxx" with your AINS-ID.
apiVersion: apps/v1
kind: Deployment
metadata:
name: bb-demo
spec:
replicas: 1
selector:
matchLabels:
bb: web
template:
metadata:
labels:
bb: web
spec:
containers:
- name: bb-site
image: inovtst9.u-aizu.ac.jp/s12xxxxx/bulletinboard:1.0
---
apiVersion: v1
kind: Service
metadata:
name: bb-entrypoint
spec:
type: LoadBalancer
selector:
bb: web
ports:
- port: 8080
targetPort: 8080
nodePort: 30001
Apply this edited bb.yaml file.
$ kubectl -n $(id -un) apply -f bb.yaml
deployment.apps/bb-demo created
service/bb-entrypoint created
If all is well, you will end up with a two-line "… created" message as shown above. created" message as shown above. After a few moments, check the running service with the following command.
$ kubectl -n $(id -un) get svc bb-entrypoint
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
bb-entrypoint LoadBalancer 10.233.26.95 192.168.100.165 8080:30001/TCP 5m45s
Here we see the IP address displayed in the EXTERNAL-IP field. In this example, it is "192.168.100.165", but the number at the end should be different.
Using the IP address displayed in the result of your run, confirm that the image registered with Harbor is running on Kubernetes from a web browser like the following.
## Example: Note that each ".161" at the end is different
$ browse http://192.168.100.161:8080/
## or
$ google-chrome http://192.168.100.161:8080/
That’s all.