There are different ways to deploy Docker services:
- Using an official Docker image
- Using a public (unofficial) Docker image
- Building an image using any other Docker image. You can find an example in the article about creating a Varnish using a debian image
- Building your own Docker image on DockerHub/other Docker Registry. Will be in a separate post.
Creating Docker service¶
At first, you need to open or create any project and click New service. You can also use Create button in the menu and choose Service. You will see a list of services which can be deployed with D2C:
- For official repositories specify just its name.
- For public (unofficial) repositories published in DockerHub specify accountname/repositoryname.
- For public (unofficial) repositories published anywhere on the Internet specify a link to a Docker image.
Specify a version of a Docker image using tag names.
The name should start with a letter and contain up to 16 characters (Latin letters, numbers, hyphen).
Each service has its unique name. Services can communicate with each other by service names (or alias-names, e.g.
servicename). Moreover, we use them to create public domains like: [servicename]-[www].[accountID].[at].d2c.io for your services which are served by NGINX or HAProxy.
By default, application containers are started inside a private network and have dynamically assigned local IP addresses. Apps can reference each other by service name. It does not matter on which host the app is running – all private network intercommunication is transparent for all services in your account.
Access from the Internet is disabled by default (except edge services). You can enable access from the Internet while creating or editing service. For example, if you publish your application on port 3000, you can access it at ip_address_of_a_host:3000.
You can set an interface your container should listen.
By default all the containers are running in Weave network. You can also set
Host network for standalone containers. It removes network isolation between the container and the Docker host, and use the host’s networking directly. You can find more info in Docker documentation.
By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all devices.
|SYS_MODULE||Load and unload kernel modules.|
|SYS_RAWIO||Perform I/O port operations (iopl(2) and ioperm(2)).|
|SYS_PACCT||Use acct(2), switch process accounting on or off.|
|SYS_ADMIN||Perform a range of system administration operations.|
|SYS_NICE||Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.|
|SYS_RESOURCE||Override resource Limits.|
|SYS_TIME||Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.|
|SYS_TTY_CONFIG||Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.|
|AUDIT_CONTROL||Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.|
|MAC_ADMIN||Allow MAC configuration or state changes. Implemented for the Smack LSM.|
|MAC_OVERRIDE||Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).|
|NET_ADMIN||Perform various network-related operations.|
|SYSLOG||Perform privileged syslog(2) operations.|
|DAC_READ_SEARCH||Bypass file read permission checks and directory read and execute permission checks.|
|LINUX_IMMUTABLE||Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.|
|NET_BROADCAST||Make socket broadcasts, and listen to multicasts.|
|IPC_LOCK||Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).|
|IPC_OWNER||Bypass permission checks for operations on System V IPC objects.|
|SYS_PTRACE||Trace arbitrary processes using ptrace(2).|
|SYS_BOOT||Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.|
|LEASE||Establish leases on arbitrary files (see fcntl(2)).|
|WAKE_ALARM||Trigger something that will wake up the system.|
|BLOCK_SUSPEND||Employ features that can block system suspend.|
Devices which should be mount in a container.
Kernel parameters (sysctls)¶
Sets namespaced kernel parameters (sysctls) in the container.
Currently supported SYSCTLS:
- Sysctls beginning with
- Sysctls beginning with
Container metadata (labels)¶
A label is a
key=value pair that applies metadata to a container.
You can find more information about Docker security configuration in Docker docs.
You can choose what to use for getting application sources.
Make sure that your application is listening on 0.0.0.0 (not 127.0.0.1) when deploying an application service
The most recommended method. Specify an URL to your repository and a branch you want to use.
If you use a private repository you should add an SSH key to your account. Here are manuals about adding SSH keys into your GitHub, BitBucket, GitLab accounts. Another way is to use Login/Password, but the best practice is to use SSH keys.
Download (URL to your archive)¶
Another method is to specify a link to sources.
ftp (for closed ftp you should specify login/password).
Moreover, you can upload from your machine.
Maximum size: 50MB
Commands which are executed only once on the first container after the first deploying a service. You can use it for populate a database or migration, run an install of WordPress, etc.
Commands for installing global dependencies¶
Commands for installing global dependencies and modifying Docker image of your service. For modifying source code use Local dependencies.
npm install -g
Local dependencies and code’s preparation¶
Commands for installing local dependencies and making your code ready to work.
bower install, etc. or do some for preparation:
grunt build, etc.
Command to start¶
Start command for your application
If your container is stuck in restarting phase after deploying you can set start command to
sleep 1d. After that, you can connect to a container via the terminal and check what went wrong.
You can specify environment variables for your application. They can be edited after creating a service.
Persistent data volumes¶
D2C separates the application itself from its data. Docker volumes are used to store persistent data. Data is stored locally on the hosts. Any data which is generated by an application should be added to Persistent data volumes. All modifications outside of these directories will be deleted after restart/rebuild/redeploy of a container/service (Docker restores the original state of a container).
You can create new volumes using Add volume button. The host path by default is created automatically. You can change it but be careful. It can break the whole host.
UID for volumes can be added in this block.
We recommend storing user generated content in cloud storage like Amazon S3 or CDN. Sometimes there is a need to support old technologies when data stores at hosts. For such cases you can use synchronization volumes between all containers. Simply check the volumes which you want to sync when creating or editing service. D2C uses Lsync for synchronization.
You can add your additional config files. These files do not change after restart/rebuild/redeploy of your applications.
Specify a full path where a config should be stored and press Enter.
You can choose one or several hosts where the similar containers will be deployed. It’s not necessary at the start, and you can scale your services after deployment. Also, at this step you can create new hosts and choose them even they are not online yet (creating status). The containers will be deployed when they are ready.