DevOp
Why Docker: Matrix from Hell ultimate kubernetes resource planning guide tensorflow von-neumann and future-of devops docker-containers-an-absolute-prevail-over-virtual-machines getting-started-with-google-colab
Kubernetes 是 Container 管理平台, 而不只是 Docker 管理
Key Concepts K8S intro Facebook Tupperware vs Google Borg
Use knative-on-kubernetes to Deploy Serverless Application Deploying Scalable Web Application with Docker and Kubernetes what is devops a-short-guide-to Using Docker for Data Science Environment
Docker on AWS Dockerize Acceptance Tests Kubernetes Guide for Docker Swarm Users Docker Remote Interpreter using PyCharm Jenkins and Kubernetes with Docker Desktop
Deploying Frontend Applications
PyPI Container eea.docker.plone
# Learning Docker p.12 $ sudo docker pull busybox $ sudo docker images $ sudo docker run busybox echo "Hello World" $ sudo service docker status # /var/log/upstart/docker.log
$ sudo docker run -t -i busybox:ubuntu-14.04
$ sudo docker pull thedockerbook/helloworld $ sudo docker pull egistry.example.com/myapp $ sudo docker search mysql
-t 啟動 Terminal 方便互動設定
$ sudo docker run -t -i -p 8090:8080 marr/plone:v500 /bin/bash
docker run -d -p 8080:80 -h pypi.local -v /shares/pypi:/srv/pypi:rw --name pypi docker.io/codekoala/pypi:latest chcon -Rt svirt_sandbox_file_t /shares/pypi updated ~/.pypirc to reflect the internal server
$ sudo docker login Username: marr Password: Email: ooxx@xyz.com WARNING: login credentials saved in /home/user/.docker/config.json Login Succeeded
$ sudo docker push marr/plone The push refers to a repository [docker.io/marr/plone] (len: 1) ... v500: digest: sha256:.... 635d6 size: 58915
Plone 範例 預設已包含 ZeoServer 執行形式 IMIO Example Storage Location Settings docker-compose-setup UnifiedInstaller help script: su-exec tiny
Makefile Example jupyter with Nix Ubuntu 12.04 測試 http://datakurre.pandala.org/2015/07/building-docker-containers-from-scratch.html 產生下列錯誤
Error: Error downloading extends for URL https://dist.plone.org/release/5-latest/versions.cfg: (SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)'),)
Dockerfile LABEL 協助標示 ENTRYPOINT & CMD
Docker Compose for Local Development
Data Storage
Data Volume 依開發或服務模式來設定
Inversion of Control: wired
Image
A Docker Image is a collection of all of the files that make up a software application. The base image does not have any parent. The name 'latest' is used if no specifying. The easiest way of thinking about a container is as the read-write layer that sits on one or more read-only images. A Docker Layer could represent either read-only images or read-write images. However, the top layer of a container stack is always the read-write layer, which hosts a Docker Container. A Docker Registry is a place where the Docker Images can be stored in order to be publicly found, accessed, and used by the worldwide developers.
clair: Check Images for Vulnerabilities
testthedocs: ttd-textlint Linting Tool for Text as Container
Application Health Check with Golang and Multi-Stage Docker Build
Adding Kubernetes Deployment and Scaling to a Dockerized Loopback App
Proxy with Application Docker Using IPtable and Redsocks
Kubernates
Pod: 通常 Pod 只執行一個 Container 少數會採 SideCar 模式 http://kubernetes.io/docs/reference
app example understanding-kubernetes-value kubernetes-flat-nat-less-networking
Node: a worker machine, part of a cluster
Cluster: a set of Nodes that run containerized applications managed
Edge Router: a router that enforces the firewall policy for the cluster
service mesh:
Ansible
AttributeError Relationalist Object Has no Attribute source
ansible-playbook SSL Configuration Kubernetes implements health checks using readiness and liveness probes. A readiness probe is used to determine if a Pod can serve traffic. Failure of a readiness probe would result in the Pod being removed from the Endpoints that make up a Service, resulting in the Pod not being routed any traffic until the readiness probe succeeds. A liveness probe, on the other hand, is used to indicate if a service is responsive or if it’s hung or deadlocked. The failure of a liveness probe results in the kubelet restarting the individual container. health-checks-in-distributed-systems
Dynamic Credential: Vault Integration
Ansible, Chef, Puppet 是用來自動設定軟體; Terraform 則是用關注基礎架構本身的自動化, 主要描述 Cloud instance, volume, networking
成本效益
導入 Docker 不完全是為了節省成本,而是簡化管理流程。早期可以是用 Elastic Beanstalk 再 Opsworks + Docker 最後全用 Docker 再改成 ECS + Spot,對於不重要的測試環境就全部用 Spot。
Benjamin Cheng: 同樣開一台 8G 與 2G 的 instance 來比,記憶體給 OS 或是 Opsworks 這些服務的用量是差不多的,假設這些東西加起來需要 1G,兩台 8G 的機器就可以擠出 14G 的可用記憶體,換成 2G 機器需要 14 台,總費用來看 8G x 2 會比 2G x 14 省。
K8S 搭配 Amazon EKS 及 Spot Instance 節省 90% 費用 Node Drainage 及 Node Label 如何搭配使用
for Data Science Env -- Approach A : Start with a base linux distro of your choice Approach B : Use an already available image with all your tools installed how-to-develop-a-flask-graphql-graphene-mysql-and-docker-starter-kit
Container 提供 base system runtime, GPU Passthrough 解決容器中無法存取硬體資源的問題, 對於 Steam Client 而言, 這個環境仍然使用 OpenGL 不需要更改程式碼.