Provides Docker, Kubernetes runtime and CLI tools for local development.
NOTE: you need either Docker Desktop (free for personal use) or Rancher Desktop (free). Pick one only.
Rancher Desktop Container Management and Kubernetes on the Desktop. Is the replacement for Docker Desktop. Use either one of them.
Download and install the latest binary for your platform from rancherdesktop.io. Unpack and move Rancher Desktop.app to /Applicationse.g., Rancher.Desktop-x.y.z.aarch64.dmg for Mac M1
rdctl - this CLI can be used to do all action that you can do at Rancher Desktop UI via command-line
# example:
rdctl list-settings
rdctl set --container-runtime dockerd --kubernetes-version 1.24.3
rdctl set --kubernetes-enabled=true
rdctl shutdown
Configuration
It is recommended assign:
8 GB or above memory
minimum 4 CPU
Enable Traefik
Make sure you enabled following settings. ie., dockerd(moby) , PATH manual etc.
Docker Experimental Features
You can turn on experimental Docker CLI features in one of two ways. Either by setting an environment variable temporarily:
export DOCKER_CLI_EXPERIMENTAL=enabled
or by turning the feature on in the config file $HOME/.docker/config.json permanently:
{
"experimental" : "enabled"
}
docker version should show Client > Experimental : true.
Optionally, You can also turn on docker engine's experimental features:
Change the docker engine configuration file /etc/docker/daemon.json or create one if it doesn’t exist already:
To SSH into lima VM managed by Rancher Desktop, run this command:
LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" "/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl" shell 0
ls -la /etc/docker/
# to restart docker daemon inside lima VM
sudo service docker restart
and added /etc/docker/daemon.json with the below settings.
Make sure dns, bip values match to your local network.
brew install kubectx # to switch kube context, namespace quickly. https://github.com/ahmetb/kubectx
brew install kubens # to switch kube quickly
brew install kubernetes-helm # package manager for Kubernetes
brew install kustomize # Kubernetes native configuration management
brew install stefanprodan/tap/kustomizer # package manager for distributing Kubernetes configuration as OCI artifacts
brew install derailed/k9s/k9s # Manage Your k8s In Style!
brew install istioctl # Istio configuration command line utility
brew install dive # A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image
brew install crane # A tool for interacting with remote images and registries.
brew tap anchore/syft && brew install syft # SBOM tool
brew install cosign # Container Signing, Verification and Storage in an OCI registry.
brew install skaffold # build and deploy docker images
go install sigs.k8s.io/bom/cmd/bom@latest # Create SPDX-compliant Bill of Materials
Usage
docker info
docker version
docker stats
docker context list
# to use tools like dive, you may need to switch context to rancher-desktop
docker context use rancher-desktop
docker top CONTAINER
docker volume ls
docker network ls
# List builder instances
docker buildx ls
# inspect current builder instance
docker buildx inspect
docker buildx imagetools inspect <MULTI_PLATFORM_IMAGE>
docker buildx imagetools inspect --raw nginx:alpine | jq
Images
docker build .
docker tag
docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
docker images
docker login -u aaaa -p bbb
# Log in to your repository, I am using GitHub container registry
export GITHUB_PACKAGES_TOKEN=ghp_YOUR_TOKEN
docker login -u {github_username} -p {[token](https://github.com/settings/tokens)} ghcr.io
# inspect image
docker inspect redislabs/redismod:edge
docker inspect --format "{{.Architecture}}" redislabs/redismod:edge
# Remove one or more images
docker rmi docker.vectorized.io/vectorized/redpanda:v21.11.2
# default from docker.io
docker pull jwsy/jade-shooter:v1.1
docker images | grep jwsy
docker run -d -p 8080:80 jwsy/jade-shooter:v1.1
docker run -d -p 80:80 --name=nginx --restart=always nginx
# `e2a5` is output from above command
docker exec -it e2a5 sh
docker images
# save load
docker save -o local_jwsy_jade-shooter_v1.2.tar
docker load -i local_jwsy_jade-shooter_v1.2.tar
# Generate a key-pair: cosign.key and cosign.pub
cosign generate-key-pair
# Export your COSIGN_PASSWORD to prevent CLI prompting
export COSIGN_PASSWORD=$COSIGN_PASSWORD
Sign the container image while pushing:
# Sign the image with Keyless mode
docker push --sign=cosign devopps/hello-world
# Sign the image and store the signature in the registry
docker push --sign=cosign --cosign-key cosign.key devopps/hello-world
Verify the container image while pulling:
# Verify the image with Keyless mode
docker pull --verify=cosign devopps/hello-world
# push first
docker push -ghcr.io/xmlking/grpc-starter-kit/base:v0.2.0
# then sigh and verify
COSIGN_EXPERIMENTAL=1 cosign sign ghcr.io/xmlking/grpc-starter-kit/base:v0.2.0
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/xmlking/grpc-starter-kit/base:v0.2.0
Generate and upload the SBOM
We will use the syft to generate the SBOM and once its generated we will attach to image using cosign
# Let’s first generate the SBOM
syft packages ghcr.io/junaid18183/sampleapp:0.0.1 -o spdx > latest.spdx
cosign attach sbom --sbom latest.spdx ghcr.io/xmlking/sampleapp:0.0.1
Dive
To explore docker image layers:
dive spring-service:1.6.5-SNAPSHOT
Compose
docker compose -f infra/redis.yml up redis
docker compose -f infra/redpanda.yml up redpanda
docker compose -f infra/redpanda.yml logs
docker compose -f infra/redis.yml down
docker compose -f infra/redpanda.yml down
# this will stop redpanda and remove all volumes
docker compose -f infra/redpanda.yml down -v
docker compose -f infra/redpanda.yml ps
# name of the container can be found from output of above command
docker exec -it infra_redpanda_1 /bin/bash
docker exec -it infra_redpanda_1 rpk version
docker exec -it infra_redpanda_1 rpk topic list
docker exec -it infra_redpanda_1 rpk cluster info
# verify if docker `compose` getting correctly resolved application config from .env
docker compose config # implicitly set `env-file` to `.env`
docker compose --env-file .env --env-file .secrets config # explicitly set `env-file` to `.env` and `.secrets`
# ssh to container (if needed to debug)
docker compose exec -it redpanda \
rpk topic consume twitch_chat --brokers=localhost:9092
# Or
docker exec -it redpanda-1 \
rpk topic produce twitch_chat --brokers=localhost:9092
docker exec -it redpanda-1 \
rpk topic consume twitch_chat --brokers=localhost:9092
