Skip to main content

Ghi chú về docker compose

Kiểm tra phiên bản compose v2

    • docker compose
# V1
docker-compose version
# V2
docker compose version

# disable v2
# docker-compose disable-v2

Tìm hiểu docker-compose.yaml file

services:
  web:
    build: .
    # CMD 
    command: bundle exec thin -p 3000
    # ENTRYPOINT
    entrypoint: /code/entrypoint.sh
    # USER
    user:
    # namespace
    userns_mode: "host"
    # [HOST:]CONTAINER[/PROTOCOL]
    # HOST - [IP:](port | range)
    # CONTAINER - port | range
    # PROTOCOL - tcp|udp
    ports:
      - '5000:5000'
      - target: 80
        host_ip: 127.0.0.1
        published: 8000-9000
        protocol: tcp
        mode: host
    expose:
      - "3000"
      - "8000"
    env_file: .env
    environment:
      RACK_ENV: development
      SHOW: "true"
      USER_INPUT:
    environment:
      - RACK_ENV=development
      - SHOW=true
      - USER_INPUT
    depends_on:
      - redis
    depends_on:
      redis:
        # service_healthy
        condition: service_started
    container_name: my_web
    credential_spec:
      # Windows  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
      file: my-credential-spec.json
      registry: my-credential-spec
    # SERVICE:ALIAS
    links:
    # /etc/hosts
    # container -> alias
    external_links:
    - redis
    - database:mysql
    # /etc/hosts
    extra_hosts:
    - "somehost:162.242.195.82"
    - "otherhost:50.31.209.229"
    # ACL
    group_add:
      - mail
    # https://docs.docker.com/engine/reference/builder/#healthcheck
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 1m30s
      timeout: 10s
      retries: 3
      start_period: 40s
    # always|never|missing|build
    pull_policy:
    # no|always|no-failure|unless-stopped
    restart:
    read_only:
    tmpfs:
    - /run
    - /tmp
    runtime: runc
    configs:
    - web_config
    - source: my_config 
      target: /redis_config 
      uid: "103"
      gid: "103"
      mode: 0440
    profiles:
    # secrets
    # /run/secrets/<secret_name>
    secrets:
    - server-certificate
    # VOLUME:CONTAINER_PATH:ACCESS_MODE
    volumes:
      - type: volume
        source: db-data
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: /var/run/postgres/postgres.sock
        target: /var/run/postgres/postgres.sock
    volumes_from:
    working_dir:
  redis:
    image: 'redis:alpine'
    domainname:
    hostname:
    labels:
    stdin_open:
    tty:
    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000
    stop_grace_period: 10s
    stop_signal: SIGTERM
    storage_opt:
      size: '1G'
    # tinit
    init: false
    # shareable
    # service:{name}
    ipc:
    isolation:
    logging:
      driver: syslog
      options:
        syslog-address: "tcp://192.168.0.42:123"
    # host|none|service:[service name]
    network_mode:
    networks:
      some-network:
        ipv4_address:
        ipv6_address:
        aliases:
          - alias1
      app_net:
        link_local_ips:
          - 57.123.22.11
        priority: 100
        mac_address:
    dns:
    - 8.8.8.8
    - 9.9.9.9
    # /etc/resolv.conf
    dns_opt:
    - use-vc
    - no-tld-query
    dns_search:
    - dc1.example.com
    - dc2.example.com
    cap_add:
      - ALL
    cap_drop:
      - NET_ADMIN
      - SYS_ADMIN
    sysctls:
      net.core.somaxconn: 1024
      net.ipv4.tcp_syncookies: 0
    privileged:
    security_opt:
    - label:user:USER
    # CPU 
    cpu_count:
    cpu_percent:
    cpu_shares:
    cpu_period:
    cpu_quota:
    cpu_rt_runtime:
    cpu_rt_period:
    cpuset:
    mem_swappiness:
    memswap_limit:
    oom_kill_disable:
    oom_score_adj:
    # /dev/shm
    shm_size:
    #
    pid:
    # os[/arch[/variant]]
    platform:
    # cgourp
    cgroup_parent:
    # https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html
    device_cgroup_rules:
      - 'c 1:3 mr'
      - 'a 7:* rmw'
    # HOST_PATH:CONTAINER_PATH[:CGROUP_PERMISSIONS]
    devices:
      - "/dev/ttyUSB0:/dev/ttyUSB0"
      - "/dev/sda:/dev/xvda:rwm"
    # Block device 
    blkio_config:
      weight: 300
      weight_device:
        - path: /dev/sda
          weight: 400
      device_read_bps:
        - path: /dev/sdb
          rate: '12mb'
      device_read_iops:
        - path: /dev/sdb
          rate: 120
      device_write_bps:
        - path: /dev/sdb
          rate: '1024k'
      device_write_iops:
        - path: /dev/sdb
          rate: 30
configs:
  web_config:
    file: ./default.nginx
  redis_config:
    external: true
networks:
  front-tier:
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"
        - subnet: "2001:3984:3989::/64"
  app_net:
    driver: bridge
volumes:
  db-data:
web:
  extends:
    # compose.yaml
    file: common.yml
    # base service
    service: webapp

Mời cà phê

Nếu cảm thấy blog mang đến những thông tin hữu ích cho công việc, cuộc sống, đam mê của bạn, đừng ngại ủng hộ một ly cà phê để mình có thêm động lực chia sẻ thêm nhiều kinh nghiệm, kiến thức nhé.

Bạn có thể ủng hộ mình qua:

Mời cà phê

Nếu cảm thấy blog mang đến những thông tin hữu ích cho công việc, cuộc sống, đam mê của bạn, đừng ngại ủng hộ một ly cà phê để mình có thêm động lực chia sẻ thêm nhiều kinh nghiệm, kiến thức nhé.

Bạn có thể ủng hộ mình qua:

Ví MoMo

image.png

Ví MoMo

Paypal

Hỗ trợ qua Paypal

Cám ơn mọi người!