Introduction

What you will learn in this section :

• Install Docker
• Enable Docker SWARM mode
• Create a Dockerfile
• Modify and/or override an existing docker compose file
• Create a Docker compose file from a requirement
• Deploy a docker compose file
• Create a docker stack/service with a docker compose file
• Monitor your infrastructure with Prometheus/Grafana
• Deploy a private registry with Harbor

Test environment

• Virtual machine 1:
  • Name: manager
  • vCPU: minimum 2
  • RAM: minimum 2 GB
  • IP: 192.168.56.2
• Virtual machine 2:
  • Name: worker1
  • vCPU: minimum 2
  • RAM: minimum 2 GB
  • IP: 192.168.56.3
• Virtual machine 3:
  • Name: worker1
  • vCPU: minimum 2
  • RAM: minimum 2 GB
  • IP: 192.168.56.4

REMINDER: This lab is dedicated to Docker configuration but as it is an advanced lab, you will need DevOps concepts and knowledge that are not specific to Docker but will be used in your configurations. You will need the following skills for which you can follow the free training:

• Vagrant: View training
• Traefik: View training
• Prometheus: View training
• Grafana: View training
• DevOps: View training

Of course, we will put as much information as possible at your disposal to help you advance even without these prerequisites.

git clone https://github.com/RousselTM/docker-formation
cd docker-formation/tp/6_projet
vagrant up

Pre-configuration

1. Domains

   You must declare the following domains on your machine (in the hosts file). They will be used to access the different sub-projects and must point to 127.0.0.1 (In the following lab we will introduce Traefik to optimize port management):
   • tp.elearning.rousseltm.fr: To access the applications. For example, to access application 1, we will use the address http://tp.elearning.rousseltm.fr/app1
   • registry.tp.elearning.rousseltm.fr: to access Harbor
   • grafana.tp.elearning.rousseltm.fr: to access Grafana
   • prometheus.tp.elearning.rousseltm.fr: to access Prometheus
   In a company, you must use a DNS server.

2. Docker Installation

   You can check if your machines are started with the following command:

   vagrant status

   If they are started (status running), you can connect to the manager machine with the following command:

   vagrant ssh manager

   All you have to do is install Docker on all VMs. Once installed, you must start the service and set it to start automatically.

3. SWARM Mode

   You must set up the Docker cluster with SWARM mode enabled. The 'manager' machine must be the cluster manager and the 'workerX' machines must be the cluster workers. As the machines have multiple IPs, we will use the IP 192.168.56.2 as the control plane management address.

   REMINDER: On all machines created by Vagrant there is a /vagrant folder which corresponds to the mounting of the folder in which the Vagrantfile is located: so the 6_projet folder contents. So you can use this folder to share files between machines. For example, the file containing the tokens to join the cluster. Of course in Production, you will have to use a more secure solution

   You must provide the Docker command that will store the token to join the cluster as a worker in /vagrant/swarm-token-worker.

4. Shared network

   You must create the following networks
   • common-proxy: for communication between containers via the proxy. Will be fully used in the following lab with the use of Traefik.
   • common-observability: for communication between observability containers
   We will do a mixed deployment to handle communication between sub-projects deployed with SWARM mode and those without SWARM mode. It is therefore necessary to set up the correct parameter on the 'common-proxy' network when creating it.

Sub-project 1

What you will learn in this section :

• Deploy a Harbor registry
• Import an image to a registry
• Scan an image for vulnerabilities
• Set up a docker compose file override
• Advanced use of labels (Implemented in Project 2)

REMINDER: The official Harbor website https://goharbor.io/ and you can rewatch the Harbor presentation video at this address: Harbor Presentation and Deployment

1. Deployment

   You must install Harbor with the trivy service on port 5000. If everything is ok, you should be able to access Harbor from the host machine at the address

   http://registry.tp.elearning.rousseltm.fr:5000

   INFORMATION: In the 6_projet folder, you have a folder named 'projects' whose contents will be automatically mounted in /opt/projects on all VMs. So you can use it to manage your files for the sub-projects. We recommend 1 folder per sub-project.

2. Customization

   The install.sh script generated a docker-compose.yml file, so if we want to modify parameters we will have to edit this file. But we will lose all our modifications at each execution of the script.
   
   You must propose a solution to avoid this knowing that we want the 'proxy' container to connect to the 'common-proxy' network and have the dt.owner label (Explanation of this Dynatrace label) with the value 'equipe1'. While we're at it, add a label to tell Filebeat not to process its logs.
   
   We will initially simply deploy with 'docker compose' to test and secondly as a stack 'docker stack'.
   
   

   WARNING: The override must also be taken into account by the install.sh script

Sub-project 2

1. Image build

   You must create a Dockerfile to build an image for the following GO application which will be named simple-app and will have the tag 1.0: This application must generate a binary '/app/simple-app' and use '/app' as the working directory.

2. Adding the image to the Harbor registry

   You must send this image to the project (Explanation on the concept of project in Harbor) 'library' in Harbor. We chose 'library' because it is the default Public project. Thus, the image can be used in other projects (See following lab). As a reminder, following your installation, Harbor is available at the address

   http://registry.tp.elearning.rousseltm.fr:5000

3. Vulnerability scan

   You must scan the imported image to check for vulnerabilities against CVE flaws.

4. Docker Deployment

   The configuration to be built must meet these needs:
   • 2-tier application: go and redis
   • Services must run only on workers. This configuration must be externalized to allow it to be shared with other applications in the same case.
   • Services must use the latest versions (in production use fixed versions) of official images and the GO application use the image built previously and available on Harbor.
   • 1 instance of each service
   • The GO service must export the environment variable APP='APP1'
   • The GO service must export the environment variable TASK_SLOT in which you must put the container's replica number (Templates).
   • The go application service must be attached to the 'common-proxy' network

5. Load balancing

   You must verify that when you call the application URL (http://tp.elearning.rousseltm.fr) it indeed returns this page and that the highlighted fields change correctly when you refresh the page and properly switch between the two containers:

Sub-project 3

1. Docker Deployment

   The configuration to be built must meet these needs:
   • Make Grafana accessible on port 3000
   • Make Prometheus accessible on port 9090

2. Service configuration

   The configuration to be built must meet these needs:
   • Automatically import Prometheus and Elasticsearch datasources into Grafana
   • Import dashboards with ID: 609
   • Collect Traefik metrics
   • Collect metrics from all cluster nodes
   • Collect metrics from all containers