containerization is a software deployment process that bundles an application's code with all the files and libraries it needs to run on any infrastructure.
BUILD w/BUILDX
docker buildx build . -f Dockerfile -o dest=hello-world.tar -t hello-world:v1BUILD OCI-IMAGE W/ BUILDAH
buildah --storage-driver=overlay bud --format=oci \
--tls-verify=true --no-cache \
-f ~/projects/github/stuttgart-things/images/sthings-alpine/Dockerfile \
-t scr.app.4sthings.tiab.ssc.sva.de/sthings-alpine/alpine:123BUILD CONTAINER IMAGE w/ KANIKO (NO PUSH)
nerdctl run gcr.io/kaniko-project/executor:v1.23.1 \
--dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-alpine/ \
--no-pushnerdctl run --entrypoint sh -it sthings-kaniko:v3
# BUILD LOCAL AS TAR
executor --dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-terraform \
--no-push \
--tar-path /tmp/bla.tar
# BUILD AS REMOTE (REGISTRY) DESTINATION
executor --dockerfile Dockerfile \
--context git://github.com/stuttgart-things/stuttgart-things \
--context-sub-path images/sthings-terraform \
--destination registry.app-dev.sthings-vsphere.labul.sva.de/terr:v1skopeo login scr.cd43.sthings-pve.labul.sva.de -u admin -p <PASSWORD>
# OPTIONAL READ DOCKER REG SECRET
cat /run/containers/0/auth.json
skopeo copy -f oci tarball:/tmp/bla.tar docker://scr.cd43.sthings-pve.labul.sva.de/crossplane-demo/test:v1BUILD CONTAINER IMAGE w/ KANIKO, MOUNT LOCAL CONTEXT + REGISTRY CERT
nerdctl run \
-v $HOME/.docker/config.json:/kaniko/.docker/config.json:ro \
-v /home/sthings/projects/golang/homerun-react/react-app:/workspace/ \
gcr.io/kaniko-project/executor:v1.23.1 \
--dockerfile Dockerfile \
--destination scr.cd43.sthings-pve.labul.sva.de/homerun/frontend:v11 \
--skip-tls-verify
GET HTPASSWD
nerdctl run --entrypoint htpasswd httpd:2 -Bbn <USERNAME> <PASSWORD>OVERWRITE ENTRYPOINT OF IMAGE W/ NERDCTL
nerdctl run -it --entrypoint sh eu.gcr.io/stuttgart-things/stagetime-server:23.1108.1227-0.3.22JUMP INTO (ALREADY) RUNNING CONTAINER W/ DOCKER
#https://blog.kubesimplify.com/getting-started-with-ko-a-fast-container-image-builder-for-your-go-applications
# RUN CONTAINER DETACHED
sudo docker run -d --name new-webserver nginx
# JUMP IN
sudo docker exec -it new-webserver shJUMP INTO (TO BE STARTED) CONTAINER W/ DOCKER
sudo docker run -it -v /home/test/stuttgart-things:/app/ eu.gcr.io/stuttgart-things/sthings-packer:1.10.2-9.4.0 shGOLANG IMAGE BUILD IMAGE W/ KO
# REGISTRY LOGIN
ko login scr.cd43.sthings-pve.labul.sva.de -u sthings -p <PASSWORD>
# URL FOR PUBLISHING IMAGE
export KO_DOCKER_REPO=eu.gcr.io/stuttgart-things/machineshop
# KO CONFIG (NOT MANDATORY)
cat <<EOF > .ko.yaml
---
defaultBaseImage: eu.gcr.io/stuttgart-things/sthings-alpine:3.12.2-alpine3.19
EOF
# BUILD IMAGE
ko build github.com/stuttgart-things/machineshopBUILD IMAGE W/ DOCKER
# CREATE DOCKERFILE
cat <<EOF > ./Dockerfile
FROM node:18-alpine
WORKDIR /app
COPY . .
RUN yarn install --production
CMD ["node", "src/index.js"]
EXPOSE 3000
EOF# BUILD IMAGE (DOCKERFILE) EXISTS IN CURRENT DIR = .
docker build -t myapp:v3 .
# DOCKERFILE IN DIFFERENT LOCATION THAN BUILD COMMAND IS EXECUTED
docker build -t myapp:v3 /apps/myapp/EXTRACT CONTAINER IMAGE
docker pull ghcr.io/stuttgart-things/dagger:20250613-095510
docker create --name dagger ghcr.io/stuttgart-things/dagger:20250613-095510 /bin/sh
docker export dagger -o dagger.tar
mkdir dagger-fs
tar -xf dagger.tar -C dagger-fsBUILD ARM64 IMAGE W/ NERDCTL
# REGISTER QEMU
sudo systemctl start containerd
sudo nerdctl run --privileged --rm tonistiigi/binfmt --install all
ls -1 /proc/sys/fs/binfmt_misc/qemu*# EXAMPLE DOCKERFILE
FROM arm64v8/golang:1.20 AS gobuilder
WORKDIR /tmp/build
COPY . .
RUN go build -o app
FROM arm64v8/alpine
ENTRYPOINT [ "/usr/local/bin/app" ]
COPY --from=gobuilder /tmp/build/app /usr/local/bin/app# EXAMPLE BUILD
nerdctl build --platform=arm64 --output type=image,name=eu.gcr.io/stuttgart-things/wled-informer:0.1,push=true .# EXAMPLE RUN
sudo nerdctl run eu.gcr.io/stuttgart-things/wled-informer:0.1 --platform=arm64HARBOR PULL THROUGH MIRROR
cat <<EOF > ./harbor.yaml
adminPassword: whatever
clusterDomain: example.com
exposureType: ingress
externalURL: harbor.example.com
global:
defaultStorageClass: nfs4-csi
storageClass: nfs4-csi
ingress:
core:
annotations:
cert-manager.io/cluster-issuer: cluster-issuer-approle
ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
extraTls:
- hosts:
- harbor.example.com
secretName: harbor.example.com-tls
hostname: harbor.example.com
ingressClassName: nginx
tls: true
ipFamily:
ipv4:
enabled: true
ipv6:
enabled: false
persistence:
enabled: true
persistentVolumeClaim:
jobservice:
size: 1Gi
registry:
size: 12Gi
trivy:
size: 5Gi
resourcePolicy: ""
service:
type: ClusterIP
EOF
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm upgrade --install harbor -n harbor --create-namespace --values values.yaml --version 24.4.1 bitnami/harbor
- Go to the Registries tab.
- Create the endpoint for Dockerhub
- Create a new proxy cache project (e.g. name: docker) using the registry
# THIS IS A LOCAL TEST IF THE MIRROR (named docker) IS WORKING
docker pull harbor.example/docker/nginx:1.26.3-alpinecat <<EOF > ./mirror.yaml
---
ingress:
enabled: true
className: nginx
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: docker.harbor.example.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: docker-mirror
hosts:
- docker.harbor.example.com
EOF
helm upgrade --install harbor-mirror oci://ghcr.io/hiddenmarten/harbor-project-proxy --values mirror.yaml -n harborproxy-cache-harbor harbor-project-proxy proxy-issue
sudo cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.harbor.example.com"],
"group": "dockerroot"
}
EOF
sudo systemctl restart dockerPULL IMAGES W/ CTR
# PULL IMAGE W/ CRT
sudo ctr images pull docker.io/library/redis:alpine
# OR FOR RKE2 BUNDLED CONTAINERD: SUDO /VAR/LIB/RANCHER/RKE2/BIN/CTR IMAGES PULL DOCKER.IO/LIBRARY/REDIS:ALPINELOAD IMAGES W/ CTR
# LOAD/IMPORT CONATINER IMAGE
ctr -n=k8s.io images import <IMAGE_NAME>
ctr image export <output-filename> <image-name>LIST IMAGES W/ CTR
ctr --namespace k8s.io images ls -q
# OR FOR RKE2 BUNDLED CONTAINERD: SUDO /VAR/LIB/RANCHER/RKE2/BIN/CTR --ADDRESS /RUN/K3S/CONTAINERD/CONTAINERD.SOCK --NAMESPACE K8S.IO CONTAINER LSSKOPEO
SKOPEO_VERSION=1.12.0
wget https://github.com/lework/skopeo-binary/releases/download/v${SKOPEO_VERSION}/skopeo-linux-amd64
sudo chmod +x skopeo-linux-amd64
sudo mv skopeo-linux-amd64 /usr/bin/skopeo && skopeo --versionskopeo copy --insecure-policy docker://nginx:1.21
docker://whatever.cloud/gtc1fe/web:1.21skopeo copy --all --insecure-policy
docker://nginx@sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a \ docker://whatever.cloud/gtc1fe/web@sha256:ff2a5d557ca22fa93669f5e70cfbeefda32b98f8fd3d33b38028c582d700f93a# SHELL1
kubectl -n registry run skopeo \
--image=bdwyertech/skopeo \
--restart=Never \
--overrides='
{
"spec": {
"containers": [{
"name": "skopeo",
"image": "bdwyertech/skopeo",
"stdin": true,
"tty": true,
"securityContext": { "runAsUser": 0 }
}]
}
}' \
--stdin --tty --attach
# SHELL2 - COPY (PREBUILD IMAGE) TAR TO POD
kubectl -n registry cp base.tar skopeo2:/tmp
# SHELL1 - LOGIN, PUSH + VERIFY
skopeo login \
registry-docker-registry.registry.svc.cluster.local:5000 \
--tls-verify=false
skopeo copy \
docker-archive:/tmp/base.tar \
docker://registry-docker-registry.registry.svc.cluster.local:5000/shuffle/shuffle:app_sdk_0.0.25 \
--tls-verify=false
apk add curl
curl -u ${REG_USER}:${REG_PASSWORD} \
http://registry-docker-registry.registry.svc.cluster.local:5000/v2/_catalogPODMAN QUATLET
# INSTALL PODLET
wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz
tar -xf podlet-x86_64-unknown-linux-gnu.tar.xz
sudo mv podlet-x86_64-unknown-linux-gnu/podlet /usr/bin/podlet
sudo chmod +x /usr/bin/podlet# GENERATE FROM RUN COMMAND
podlet --file . --install --description webserver podman run -d --name webserver -p 80:80 nginx:latest# GENERATE FROM EXISTING CONTAINER
podlet generate container 17803fe422cd# DRYRUN - ROOTFUL
sudo cp ./webserver.container /etc/containers/systemd
sudo /usr/libexec/podman/quadlet --dryrun webserver.container# ENABLE/START SERVICE - ROOTFUL
sudo cp ./webserver.container /etc/containers/systemd
sudo systemctl daemon-reload
sudo systemctl enable --now webserver.service
sudo systemctl start webserver.service# TEST SERVICE
sudo firewall-cmd --zone=public --add-port=80/tcp
sudo firewall-cmd --zone=public --add-service=http --permanent
curl localhostCLEANUP W/ NERDCTL
# STOP AND DELETE ALL RUNNING CONTAINERS
sudo nerdctl stop $(sudo nerdctl ps -a | awk '{ print $1 }' | grep -v CONTAINER); sudo nerdctl rm $(sudo nerdctl ps -a | awk '{ print $1 }' | grep -v CONTAINER)
# CLEAN IMAGES BY ID
sudo nerdctl rmi $(sudo nerdctl images | grep "2 months ago" | awk '{ print $3 }')
# CLEAN IMAGES BY NAME + TAG
sudo nerdctl rmi $(sudo nerdctl images | grep "7 weeks ago" | awk '{ print $1":"$2 }')INSTALL CONTAINERD
wget https://github.com/containerd/containerd/releases/download/v1.7.1/containerd-1.7.1-linux-amd64.tar.gz
sudo tar Cxzvf /usr/local containerd-1.7.1-linux-amd64.tar.gz
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
sudo mv containerd.service /usr/lib/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now containerd
sudo systemctl status containerd
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl status containerd
sudo journalctl -u containerdINSTALL RUNC
wget https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
sudo install -m 755 runc.amd64 /usr/local/sbin/runc
sudo ls /usr/local/sbin/ #checkINSTALL CNI PLUGINS
wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
sudo mkdir -p /opt/cni/bin
sudo tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.3.0.tgz