Docker – Manuel Bogner's Blog

get shell for docker vm on mac

Manuel Bogner — Thu, 30 Nov 2023 00:46:30 +0000

For setting values on the docker vm on your mac you need to get a shell. Elastic has some statements online that don’t work on latest MacOS (14.1.1 + docker desktop 24.0.6). To get a shell you can use this command:

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Inspect docker container image without starting it

Manuel Bogner — Sun, 19 Nov 2023 12:53:23 +0000

docker create --name suspect-container suspect-image:version
docker export suspect-container | tar t > suspect-container-files.txt

These two commands result in a file containing a list of all files included in the container image.

You can also export the complete container into a tar file:

docker export suspect-container > test.tar

keycloak in docker compose with healthcheck

Manuel Bogner — Mon, 13 Nov 2023 00:09:14 +0000

Docker images from quay.io/keycloak/keycloak don’t contain any commands for a usual healthcheck and installing software is also not trivial. In a discussion on https://github.com/keycloak/keycloak/issues/17273 I found a solution that checks /proc/net/tcp for an open port 8080. That file contains all open ports in hex format. cat and grep are included in the image. So a healthcheck can be realised without installing any additional software.

As running the container isn’t that trivial and documentation is a bit hard to find – here my full docker compose config with the healthcheck:

  keycloak:
    image: quay.io/keycloak/keycloak:latest
    hostname: keycloak
    container_name: keycloak
    command:
      - start-dev
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: s3cr3t
    ports:
      - "127.0.0.1:8080:8080"
    healthcheck:
      test: cat /proc/net/tcp | grep '00000000:1F90 00000000:0000' || exit 1
      interval: 5s
      timeout: 2s
      retries: 20
      start_period: 10s

docker pull proxyconnect tcp: dial tcp: lookup http.docker.internal on 192.168.65… timeout

Manuel Bogner — Mon, 06 Nov 2023 08:21:23 +0000

After upgrading to macOS 14.1 my docker installation stopped woring and when I tried to pull an image it answered with the following error message:

➜  ~ docker pull ubuntu                                                                                                                        
Using default tag: latest                                                                                                                      
Error response from daemon: Get "https://registry-1.docker.io/v2/": proxyconnect tcp: dial tcp: lookup http.docker.internal on 192.168.65.7:53:
 read udp 192.168.65.6:62314->192.168.65.7:53: i/o timeout

192.168.65.0/24 is the configured docker internal network of Docker Desktop. It was running on defaults and I wasn’t aware of any manual changes. DNS of my host system worked properly:

➜  ~ host registry-1.docker.io                                                                                                                 
registry-1.docker.io has address 34.194.164.123                                                                                                
registry-1.docker.io has address 18.215.138.58                                                                                                 
registry-1.docker.io has address 52.1.184.176                                                                                                  
registry-1.docker.io has IPv6 address 2600:1f18:2148:bc00:8334:ca86:c3d6:a507                                                                  
registry-1.docker.io has IPv6 address 2600:1f18:2148:bc02:cfd8:db68:ea1f:277c                                                                  
registry-1.docker.io has IPv6 address 2600:1f18:2148:bc01:a3b0:6734:c617:7c5c

What exactly caused the issue didn’t reveal but resetting Docker Desktop to factory defaults fixed the problem. You can find this on the top right corner of the window behind the small bug icon -> “Reset to factory defaults” button.

Start PostgreSQL correctly with docker-compose.yml

Manuel Bogner — Thu, 24 Aug 2023 20:56:44 +0000

I’m using PostgreSQL in a lot of projects and in my dev environments I always run it with docker-compose. But configuring it properly isn’t so clear if you want to use proper time zone and a health check. Attached the config with a custom database name “db” and an admin user. With this pg_isready is used in the healthcheck section with proper parameters based on the config. Works perfect for me like this. If you have improvements, please let me know.

version: "3.9"
services:

  postgres:
    image: postgres:15-alpine
    container_name: postgres
    hostname: postgres
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - postgres:/var/lib/postgresql/data/pgdata:rw
    ports:
      - "127.0.0.1:5432:5432"
    environment:
      POSTGRES_DB: db
      POSTGRES_USER: admin
      POSTGRES_PASSWORD: admin
      PGDATA: /var/lib/postgresql/data/pgdata
      TZ: UTC
      PGTZ: UTC
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U admin -d db" ]
      interval: 1s
      timeout: 5s
      retries: 10

volumes:
  postgres:

How to create docker containers for multiple platforms / architectures

Manuel Bogner — Mon, 17 Apr 2023 11:07:56 +0000

First you need to choose a base image that is available for the target platforms as well. Create your Dockerfile as usual and then build the container for different platforms.

This example would create an amd64 and a aarch64 (arm64/v8) image:

# ARM
docker build --platform=linux/aarch64 -t /:-aarch64 .
docker push -t /:-aarch64

# AMD
docker build --platform=linux/amd64 -t /:-amd64 .
docker push -t /:-amd64

Based on these you can create a manifest and upload it:

docker manifest create /: \
  --amend /:-aarch64 \
  --amend /:-amd64
docker manifest push /:

This would already provide an image /: available for amd64 and aarch64 platform on docker hub. But for convenience we also want a latest tag for that manifest:

docker manifest create /:latest \
  --amend /:-aarch64 \
  --amend /:-amd64
docker manifest push /:latest

This uses the same hashes as the version uploaded before.

I am not sure if this is the correct or best way, but at least it works. On my M1 mac buildx didn’t work so I fell back to manifests that aren’t that complicated anyway.

Here an example image that was created and uploaded like this: https://registry.hub.docker.com/r/mbopm/cyberchef.

Replace docker with podman on MacOS

Manuel Bogner — Sat, 03 Dec 2022 12:20:31 +0000

Docker wants to bill companies for Docker Desktop. In my opinion it’s not worth it because there are multiple options how to replace it without the need to really change habits. Here the statement taken from Docker FAQ regarding payment for Docker Desktop:

Who’s required to pay for Docker Desktop?

Docker Desktop requires a paid, per-user subscription for organizations with more than 250 employees or more than $10 million in annual revenue per our terms of service.
https://www.docker.com/pricing/faq/, 2022-12-03

Podman is an open source and free replacement licensed under Apache-2.0. Here the description of it taken from the homepage:

Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine.
https://docs.podman.io/en/latest/, 2022-12-03

To install it I simply followed these steps on my Mac:

brew install podman
podman machine init # create a qemu virtual machine
podman machine start # start it
export DOCKER_HOST='unix:///Users/manuel/.local/share/containers/podman/machine/podman-machine-default/podman.sock'

With this in place you can continue running docker commands as usual and for most users a simple alias will do the trick if you don’t want to write podman instead of docker.

In IntelliJ you need to configure the TCP socket instead of Docker for Mac in the settings. Then also IntelliJ continues talking to the podman instance as it were a Docker Desktop. I named my host “Podman” instead of “Docker” and right-clicking the compose file and selecting “Run on Podman” worked like a charm. No difference to Docker Desktop before.

When you don’t need docker / podman you can stop it by running

podman machine stop

To restart it simply write “start” instead of stop.

Here is what I added to my .zshrc file:

alias docker='podman'
export DOCKER_HOST='unix:///Users/manuel/.local/share/containers/podman/machine/podman-machine-default/podman.sock'