Back-off restarting failed container openshift kubernetes - docker

I have a Dockerfile running Kong-api to deploy on openshift. It build okay, but when I check pods I get Back-off restarting failed container. Here is my dockerfile
FROM ubuntu:18.04
RUN apt-get update && apt-get install -y apt-transport-https curl lsb-core
RUN echo "deb https://kong.bintray.com/kong-deb `lsb_release -sc` main" | tee -a /etc/apt/sources.list
RUN curl -o bintray.key https://bintray.com/user/downloadSubjectPublicKey?username=bintray
RUN apt-key add bintray.key
RUN apt-get update && apt-get install -y kong
COPY kong.conf /etc/kong/
RUN kong migrations bootstrap [-c /etc/kong/kong.conf]
EXPOSE 8000 8443 8001 8444
ENTRYPOINT ["kong", "start", "[-c /etc/kong/kong.conf]"]
Where is my wrong? Please help me. Thanks in advance

In order to make the kong start correctly, you need to execute these commands when you have an active Postgres connection:
kong migrations bootstrap && kong migrations up
Also, note that the format of the current Dockerfile is not valid if you would like
to pass options within the ENTRYPOINT you can write it like that:
ENTRYPOINT ["kong", "start","-c", "/etc/kong/kong.conf"]
Also, you need to remove this line:
RUN kong migrations bootstrap [-c /etc/kong/kong.conf]
Note that the format of the above line is not valid as RUN expects a normal shell command so using [] in this case is not correct.
So as you deploy to Openshift there are several ways to achieve what you need.
You can make use of initContainers which allows you to execute the required commands before the actual service is up.
You can check the official helm chart for Kong in order to know how it works or use helm to install Kong itself.

Related

Running Kafka how docker image

if someone can help me with this, i would be very grateful, i have a docker image in which a kafka is displayed where i pretend to have 3 brokers and i would like that nothing more be created when the docker container is created, the script that i have to raise kafka will be executed, i have tried in many ways using CMD and ENTRYPOINT commands but i am not successful, the container is created for me but the script is not executed i have to enter the container to start it
Dockerfile
FROM ubuntu
RUN apt-get update
RUN apt-get install -y openjdk-8-jdk
RUN apt-get install -y wget \
&& wget http://apache.rediris.es/kafka/2.4.0/kafka_2.12-2.4.0.tgz \
&& tar -xzf kafka_2.12-2.4.0.tgz \
&& rm -R kafka_2.12-2.4.0.tgz
#WORKDIR /home
RUN chmod +x /kafka_2.12-2.4.0
### COPY ###
COPY server-1.properties /kafka_2.12-2.4.0/config/
COPY server-2.properties /kafka_2.12-2.4.0/config/
#ADD runzk-kf.sh .
COPY runzk-kf.sh /usr/local/bin/runzk-kf.sh
#COPY runzk-kf.sh .
RUN chmod +x /usr/local/bin/runzk-kf.sh
EXPOSE 2181
EXPOSE 9092
EXPOSE 9093
EXPOSE 9094
CMD ./bin/bash
script
#!/bin/sh
# turn on bash's job control
set -m
### RUN Zookeper
./kafka_2.12-2.4.0/bin/zookeeper-server-start.sh /kafka_2.12-2.4.0/config/zookeeper.properties &
### RUN Kafka brokers ###
./kafka_2.12-2.4.0/bin/kafka-server-start.sh /kafka_2.12-2.4.0/config/server.properties &
./kafka_2.12-2.4.0/bin/kafka-server-start.sh /kafka_2.12-2.4.0/config/server-1.properties &
./kafka_2.12-2.4.0/bin/kafka-server-start.sh /kafka_2.12-2.4.0/config/server-2.properties &
View all code
Sorry, but please don't do this.
Docker images should be one service, not 4. Use Compose or MiniKube + Helm Charts to orchestrate multiple.
It's not clear what property files you changed for that to work properly.
JDK 8 is end of life, use 11 or 13, which Kafka supports.
Just use existing Docker images. If you want something minimal, personally I use bitnami/kafka. If you want something more fully featured, take a look over at Confluent's repo on running 3 Brokers via Docker Compose.

Using docker to create CI server agents

I'm trying to set up a local GoCD CI server using docker for both the base server and agents. I can get everything running fine, but issues spring up when I try make sure the agent containers have everything installed in them that I need to build my projects.
I want to preface this with I'm aware that I might not be using these technologies correctly, but I don't know much better atm. If there are better ways of doing things, I'd love to learn.
To start, I'm using the official GoCD docker image and that works just fine.
Creating a blank agent also works just fine.
However, one of my projects requires node, yarn and webpack to be build (good ol' react site).
Of course a standard agent container has nothing but the agent installed on it so I've had a shot using a Dockerfile to install all the tech I need to build my projects.
FROM gocd/gocd-agent-ubuntu-18.04:v19.11.0
SHELL ["/bin/bash", "-c"]
USER root
RUN apt-get update
RUN apt-get install -y git curl wget build-essential ca-certificates libssl-dev htop openjdk-8-jre python python-pip
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update && apt-get install -y yarn
# This user is created in the base agent image
USER go
ENV NVM_DIR /home/go/.nvm
ENV NODE_VERSION 10.17.0
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.1/install.sh | bash \
&& . $NVM_DIR/nvm.sh \
&& nvm install $NODE_VERSION \
&& nvm alias default $NODE_VERSION \
&& nvm use default \
&& npm install -g webpack webpack-cli
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/v$NODE_VERSION/bin:$PATH
This is the current version of this file, but I've been through many many iterations of frustrations where an globally installed npm package is never on the path and thus not conveniently available.
The docker build works fine, its just that in this iteration of the Dockerfile, webpack is not found when the agent tries running a build.
My question is:
Is a Dockerfile the right place to do things like install yarn, node, webpack etc... ?
If so, how can I ensure everything I install through npm is actually available?
If not, what are the current best practices about this?
Any help, thoughts and anecdotes are fully welcomed and appreciated!
Cheers~!
You should separate gocd-server and gocd-agent to various containers.
Pull images:
docker pull gocd/gocd-server:v18.10.0 docker pull
gocd/gocd-agent-alpine-3.8:v18.10.0
Build and run them, check if it's ok. Then connect into bash in agent container
docker exec -it gocd-agent bash
Install the binaries using the alpine package manager.
apk add --no-cache nodejs yarn
Then logout and update the container image. Now you have an image with needed packeges. Also read this article.
You have two options with gocd agents.
The first one is the agent use docker, and create other containers, for any purpose that the pipeline needs. So you can have a lot of agents with this option, and the rules or definitions occurs in the pipeline. The agent only execute.
The second one, is an agent with al kind of program installed you needed. I use this one. For this case, you use a Dockerfile with all, and generate the image for all the agents.
For example i have an agent with gcloud, kubectl, sonar scanner and jmeter, who test with sonar before the deploy, then deploy in gcp, and for last step, it test with jmeter after the deploy.

docker-compose empty volume with a rails app on OSX

Not sure how to ask this question because I can't understand the problem. Also, I'm not a docker expert and this may be a stupid issue.
I have a Rails project with docker-compose. And there's 2 situations. First I'm able to build and run the app with docker-compose up and everything looks fine, the problem is the code is not reloading when I change it. Second, when I add a volume in docker-compose.yml, docker-compose up exit because Gemfile can't be found, the mounted folder is empty.
Dockerfile and docker-compose.yml extract, I renamed some stuff:
# File: Dockerfile.app
FROM ruby:2.5-slim-stretch
RUN apt-get update -qq && apt-get install -y redis-tools
RUN apt-get install -y autoconf bison build-essential #(..etc...)
RUN echo "gem: --no-document" > ~/.gemrc
RUN gem install bundler
ADD . /docker-projects
WORKDIR /docker-projects/project1/core
ENV BUNDLE_APP_CONFIG /docker-projects/project1/core/.bundle
RUN /bin/sh -c bundle install --local --jobs
# File: docker-compose.yml
app:
build: .
dockerfile: Dockerfile.app
command: /bin/sh -c "bundle exec rails s -p 8080 -b 0.0.0.0"
ports:
- "8080:8080"
expose:
- "8080"
volumes:
- .:/docker-projects
links:
- redis
- mysql
- memcached
My 'docker-projects' is a big project made of different rails_engines and gems libraries. We manage this with the 'repo' tool.
Running docker-compose build app work fine, and I can see bundle install logs. Then docker-compose up app exit with error 'Gemfile not found'.
It was working with no problem till I decided to recover 50gb of space from docker containers and rebuild everything. Not sure what changed.
If I add the volume(docker-compose), the mounted volume is empty. If I remove the volume(docker-compose), the code is not reloading as it was.
Versions I'm using:
Docker version 18.09.7, build 2d0083d
OSX 10.14.5
docker (through brew) with xhyve driver
I tried with a new basic docker-compose project and I didn't have this issue. Any ideas? I'll keep looking.
Thanks.
Ok, I found the problem. This is the command I was using to generate my docker-machine:
docker-machine create default \
--driver xhyve \
--xhyve-cpu-count 4 \
--xhyve-memory-size 12288 \
--xhyve-disk-size 256000 \
--xhyve-experimental-nfs-share \
--xhyve-boot2docker-url https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso
I probably did an upgrade in the middle because didn't work anymore. The docker-maching showed some warnings about NFS conflicts with my existing /etc/exports definition but the machine was created.
After searching around, I realize I have to rewrite the command above like this:
docker-machine create default \
--driver=xhyve \
--xhyve-cpu-count=4 \
--xhyve-memory-size=12288 \
--xhyve-disk-size=256000 \
--xhyve-boot2docker-url="https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso" \
--xhyve-experimental-nfs-share=/Users \
--xhyve-experimental-nfs-share-root "/"
The difference beside the '=' is the *-nfs-share options. I commented my /etc/exports to avoid the conflict warning, and recreated the machine. Now it works like it was before.
The option --xhyve-experimental-nfs-share-root is "/xhyve-nfsshares" by default, so I changed to "/" where I have it.

PHP and redis in same docker image

I'm trying to add redis to a php:7.0-apache image, using this Dockerfile:
FROM php:7.0-apache
RUN apt-get update && apt-get -y install build-essential tcl
RUN cd /tmp \
&& curl -O http://download.redis.io/redis-stable.tar.gz \
&& tar xzvf redis-stable.tar.gz \
&& cd redis-stable \
&& make \
&& make install
COPY php.ini /usr/local/etc/php/
COPY public /var/www/html/
RUN chown -R root:www-data /var/www/html
RUN chmod -R 1755 /var/www/html
RUN find /var/www/html -type d -exec chmod 1775 {} +
RUN mkdir -p /var/redis/6379
COPY 6379.conf /etc/redis/6379.conf
COPY redis_6379 /etc/init.d/redis_6379
RUN chmod 777 /etc/init.d/redis_6379
RUN update-rc.d redis_6379 defaults
RUN service apache2 restart
RUN service redis_6379 start
It build and run fines but redis is never started? When I run /bin/bash inside my container and manually input "service redis_6379 start" it works, so I'm assuming my .conf and init.d files are okay.
While I'm aware it'd much easier using docker-compose, I'm specifically trying to avoid having to use it for specific reasons.
There are multiple things wrong here:
Starting processes in dockerfile has no effect. A dockerfile builds an image. The processes need to be started at container construction time. This can be done using an entrypoint can be defined in the dockerfile by using ENTRYPOINT. That entrypoint is typically a script that is executed when an actual container is started.
There is no init process in docker by default. Issuing service calls will fail without further work. If you need to start multiple processes you can look for the docs of the supervisord program.
Running both redis and a webserver in one container is not best practice. For a php application using redis you'd typically have 2 containers - one running redis and one running apache and let them interact via network.
I suggest you read the docker documentation before continuing. All this is described in depth there.
I am agree with #Richard. Use two or more containers according to your needs then --link them, in order to get the things work!

How to configure Debian SSHD for remote debugging in a Docker container?

I'm trying to setup remote debugging to a Docker Debian container, to debug a Ruby application on my Windows laptop.
This is the post that lead me in this direction:
https://intellij-support.jetbrains.com/hc/en-us/community/posts/207649545-Use-RubyMine-and-Docker-for-development-run-and-debug-before-deployment-for-testing-
I have the Ruby app and SSHD running in the container, though the recipe I found for configuring SSHD isn't fully compatible with the Linux distro that the Ruby image is based on.
I based my SSHD configuration on this Docker documentation page: https://docs.docker.com/engine/examples/running_ssh_service/
My image is based on the ruby:2.2 image from Docker Hub, which uses Debian 8 as opposed to Ubuntu 16.04 used in the SSHD example above.
I can get to a SSH prompt but I can't login with the screencast password for root that's set in the dockerfile.
I'm open to whatever solution works, either properly enabling root login or adding a new user with the correct permissions to allow for remote debugging. I'm just curious which path would be most straight forward in the Debian context. And if it's creating a new user, what permissions do they need?
Also, to be clear I'm treating this as a trial run and will obviously make sure to strip out the SSHD functionality in some way when I go to deploy the app for any context outside of development.
Thanks in advance for your help.
This is my current dockerfile
FROM ruby:2.2
RUN apt-get update && apt-get install -y \
build-essential \
libpq-dev \
nodejs \
openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:screencast' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's#session\s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
RUN mkdir /MyApp
WORKDIR /MyApp
ADD Gemfile /MyApp/Gemfile
ADD Gemfile.lock /MyApp/Gemfile.lock
RUN bundle install
ADD . /MyApp
and this is my docker-compose.yml
version: '2'
services:
web:
build: .
command: /CivilService/docker-dev-start.sh
volumes:
- .:/CivilService
ports:
- "3000:3000"
- "3022:22"
The docker-dev-start.sh looks like this
#!/bin/bash
# start the SSH server for connecting the debugger in development
/usr/sbin/sshd -D &
bundle exec rails s -p 3000 -b '0.0.0.0'
Different distro's can have slightly different SSH configs so replacing specific strings might not work.
To cover any type of PermitRootLogin string use:
RUN sed -i 's/PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config

Resources