Add container security section

2023-02-06 11:09:40 -05:00
parent c2c97e76c3
commit 9788b7eefa
12 changed files with 37 additions and 1 deletions
--- a/12-deploying-containers/Makefile
+++ b/12-deploying-containers/Makefile
@ -0,0 +1,29 @@
+.PHONY: compose-up
+compose-up:
+	docker compose -f docker-compose-prod.yml up
+
+# -d flag runs containers in the background:
+.PHONY: compose-up-d
+compose-up-d:
+	docker compose -f docker-compose-prod.yml up -d
+
+###
+
+CIVO_SSH:="ssh://ubuntu@212.2.244.220"
+
+.PHONY: swarm-init
+swarm-init:
+	DOCKER_HOST=${CIVO_SSH} docker swarm init
+
+.PHONY: swarm-deploy-stack
+swarm-deploy-stack:
+	DOCKER_HOST=${CIVO_SSH} docker stack deploy -c docker-swarm.yml example-app
+
+.PHONY: swarm-remove-stack
+swarm-remove-stack:
+	DOCKER_HOST=${CIVO_SSH} docker stack rm example-app
+
+.PHONY: create-secrets
+create-secrets:
+	echo -n "foobarbaz" | DOCKER_HOST=${CIVO_SSH} docker secret create postgres-passwd -
+	echo -n "postgres://postgres:foobarbaz@db:5432/postgres" | DOCKER_HOST=${CIVO_SSH} docker secret create database-url -
--- a/12-deploying-containers/docker-compose-prod.yml
+++ b/12-deploying-containers/docker-compose-prod.yml
@ -0,0 +1,71 @@
+version: '3.7'
+
+services:
+  client-react-nginx:
+    image: sidpalas/devops-directive-docker-course-client-react-nginx:5
+    networks:
+      - frontend
+    init: true
+    ports:
+      - 80:80
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  api-node:
+    image: sidpalas/devops-directive-docker-course-api-node:8
+    networks:
+      - frontend
+      - backend
+    init: true
+    depends_on:
+      - db
+    environment:
+      - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "node", "src/healthcheck.js"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  api-golang:
+    image: sidpalas/devops-directive-docker-course-api-golang:7
+    networks:
+      - frontend
+      - backend
+    init: true
+    depends_on:
+      - db
+    environment:
+      - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "/healthcheck"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  db:
+    image: postgres:15.1-alpine
+    networks:
+      - backend
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=foobarbaz
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  pgdata:
+
+networks:
+  frontend:
+  backend:
--- a/12-deploying-containers/docker-swarm.yml
+++ b/12-deploying-containers/docker-swarm.yml
@ -0,0 +1,94 @@
+version: '3.7'
+
+services:
+  client-react:
+    image: sidpalas/devops-directive-docker-course-client-react-nginx:6
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        order: start-first
+    networks:
+      - frontend
+    ports:
+      - 80:80
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  api-node:
+    image: sidpalas/devops-directive-docker-course-api-node:8
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        order: start-first
+    environment:
+      - DATABASE_URL_FILE=/run/secrets/database-url
+    secrets:
+      - database-url
+    networks:
+      - frontend
+      - backend
+    ports:
+      - 3000:3000
+    healthcheck:
+      test: ["CMD", "node", "/usr/src/app/healthcheck.js"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  api-golang:
+    image: sidpalas/devops-directive-docker-course-api-golang:7
+    deploy:
+      mode: replicated
+      replicas: 2
+      update_config:
+        order: start-first
+    networks:
+      - frontend
+      - backend
+    environment:
+      - DATABASE_URL_FILE=/run/secrets/database-url
+    secrets:
+      - database-url
+    ports:
+      - 8080:8080
+    healthcheck:
+      test: ["CMD", "/healthcheck"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+  db:
+    image: postgres:15.1-alpine
+    networks:
+      - backend
+    ports:
+      - 5432:5432
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres-passwd
+    secrets:
+      - postgres-passwd
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  pgdata:
+
+networks:
+  frontend:
+  backend:
+
+secrets:
+  database-url:
+    external: true
+  postgres-passwd:
+    external: true