go on

README.md

@@ -0,0 +1,6 @@
+## docker
+
+docker 和  kubernetes ，docker 项目一般通过 Dockerfile 或者 docker-compose.yml 编排。而 kubernetes controller.yaml 等编排
+
+
+

docker/django/Dockerfile

@@ -1,18 +1,20 @@
-FROM daocloud.io/library/django:1.7.4-python3
+FROM python:alpine
+LABEL Name=google/doo Version=v1.5
+# google/doo:v1.5
 
-RUN mkdir /usr/src/app
-ADD . /usr/src/app/
-WORKDIR /usr/src/app/
-RUN mkdir ~/.pip
-RUN cat > ~/.pip/pip.conf << EOF
-[global]
-trusted-host=mirrors.aliyun.com
-index-url=https://mirrors.aliyun.com/pypi/simple/
-EOF
+RUN mkdir -p /root/app
+# ADD . /root/app
+WORKDIR /root/app
 
-# RUN pip install -r requirements.txt
+RUN mkdir -p ~/.pip
+RUN echo -e '\n\
+    [global] \n\
+    trusted-host=mirrors.aliyun.com \n\
+    index-url=https://mirrors.aliyun.com/pypi/simple/ \n\
+    ' > ~/.pip/pip.conf
+
+RUN pip install Django==2.0.6
 
-LABEL Name=doo Version=0.0.1
 EXPOSE 3000
 
-CMD [ "python","./manage.py","runsesrver" ]
+CMD ["/bin/sh","-c","while true;do echo hello docker;sleep 1;done"]

docker/django/Dockerfile.1

@@ -0,0 +1,18 @@
+FROM python:alpine
+LABEL Name=google/doo Version=v1.4
+# google/doo:v1.4
+
+RUN mkdir -p /root/app
+ADD . /root/app
+WORKDIR /root/app
+
+RUN mkdir -p ~/.pip
+RUN echo -e '\n\
+    [global] \n\
+    trusted-host=mirrors.aliyun.com \n\
+    index-url=https://mirrors.aliyun.com/pypi/simple/ \n\
+    ' > ~/.pip/pip.conf
+
+RUN pip install -r requirements.txt
+EXPOSE 3000
+CMD [ "python","./manage.py","runsesrver","0.0.0.0:3000" ]

docker/django/docker-compose.debug.yml

@@ -8,3 +8,5 @@ services:
       dockerfile: Dockerfile
     ports:
         - 3000:3000
+    volumes:
+      - "./:/root/app"

docker/django/docker-compose.yml

@@ -2,7 +2,9 @@ version: '2.1'
 
 services:
   doo:
-    image: doo
+    image: google/doo:v1.5
     build: .
     ports:
-      - 3000:3000
+      - 3000:3000
+    volumes:
+      - "./:/root/app"

docker/django/manage.py

@@ -1,24 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-'''
-@Auther :liuyuqi.gov@msn.cn
-@date :2019/2/21
-'''
-__author__ = "liuyuqi"
-
-import os
-import sys
-
-
-if __name__ == "__main__":
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "djangoWechat.settings")
-    try:
-        from django.core.management import execute_from_command_line
-    except ImportError as exc:
-        raise ImportError(
-            "Couldn't import Django. Are you sure it's installed and "
-            "available on your PYTHONPATH environment variable? Did you "
-            "forget to activate a virtual environment?"
-        ) from exc
-    execute_from_command_line(sys.argv)
-

docker/django/requirements.txt

@@ -1,17 +1 @@
-asn1crypto==0.24.0
-certifi==2018.4.16
-cffi==1.11.5
-chardet==3.0.4
-cryptography==2.2.2
-Django==2.0.6
-djangorestframework==3.8.2
-idna==2.7
-optionaldict==0.1.1
-pycparser==2.18
-python-dateutil==2.7.3
-pytz==2018.4
-requests==2.19.1
-six==1.11.0
-urllib3==1.23
-wechatpy==1.7.0
-xmltodict==0.11.0
+Django==2.0.6

docker/sftp/Dockerfile

@@ -0,0 +1,13 @@
+FROM alpine:3.7
+
+LABEL maintainer="Amir Mofasser (@amimof)"
+
+COPY sshd_config /etc/ssh/sshd_config
+COPY server /
+
+RUN set -x \
+&&  apk add --no-cache --update openssh bash \
+&&  mkdir -p /var/run/sshd \
+&&  chmod +x /server
+
+CMD ["/server"]

docker/sftp/README.md

@@ -0,0 +1,83 @@
+# sftp
+
+A fast and secure [SFTP](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) server that runs in a container on [`Alpine Linux`](https://alpinelinux.org/), optimised for [`Kubernetes`](https://kubernetes.io/).
+
+## Usage
+Configuration parameters are passed in to the container through environment variables. All variables are optional so that you can run a container with minimum configuration. The simples way of running using `Docker` is by using the following command.
+```
+$ docker run -p 22:22 -e SSH_PASSWORD=notsecure amimof/sftp:latest
+```
+Note that even though the username defaults to `sftpuser`, we still need to specify a password. All though it's not required, but the container wont do you much good without one.
+
+### Environment Variables
+| Variable | Default Value | Description |
+| :------ | :------ | :------ |
+| `SSH_USERNAME` | `sftpuser` | Username of the sftp user |
+| `SSH_PASSWORD` | - | A password for the user. Setting this environment variable will allow `PasswordAuthentication`. |
+| `SSH_USERID` | `1337` | The Linux user id of the sftp user |
+| `SSH_DATADIR_NAME` | `data` | Name of the directory created under `/home/<username>/`. Defaults to `/home/<username>/data/` |
+| `SSH_GENERATE_HOSTKEYS` | `true` | Skips generation if host keys of set to false. Useful when providing your own set of host keys. |
+| `LOG_LEVEL` | `INFO` | Use this environment variable to set the `LogLevel` directive in `sshd_config` |
+| `DEBUG` | `false` | Set to `true` to start `sshd` in debug mode. `sshd -d` |
+
+## Examples
+
+### Username & password authentication
+```
+$ docker run \
+    -p 22:22 \
+    -e SSH_USERNAME=sftpuser \
+    -e SSH_PASSWORD=notsecure \
+    amimof/sftp:latest
+```
+
+### SSH key authentication
+```
+$ docker run \
+    -p 22:22 \
+    -e SSH_USERNAME=sftpuser \
+    -v ~/.ssh/id_rsa.pub:/home/sftpuser/.ssh/keys/id_rsa.pub \
+    amimof/sftp:latest
+```
+
+### Specify SSH host keys
+SSH host keys will be automatically generated and change between container restarts unless specified otherwise with the `SSH_GENERATE_HOSTKEYS` environment variable. To avoid `man-in-the-middle attack` warnings you can mount your own host keys into the container.
+```
+$ docker run \
+    -p 22:22 \
+    -e SSH_USERNAME=sftpuser \
+    -e SSH_PASSWORD=notsecure \
+    -e SSH_GENERATE_HOSTKEYS=false \
+    -v ~/ssh_host_ed25519_key:/etc/ssh/host_keys/ssh_host_ed25519_key \
+    -v ~/ssh_host_rsa_key:/etc/ssh/host_keys/ssh_host_rsa_key \
+    amimof/sftp:latest
+```
+
+**NOTE!** The host keys are placed in the non-default location of `/etc/ssh/host_keys/` so that you can mount your host keys using a `Kubernetes Secret`. If the secret is mounted on the host key's *default* location, `/etc/ssh/`, all other files in that directory would be overwritten, including `sshd_config` which would prevent the ssh server from starting correctly.
+
+### Specify SSH Host Keys and use key authentication
+```
+$ docker run \
+    -p 22:22 \
+    -e SSH_USERNAME=sftpuser \
+    -e SSH_GENERATE_HOSTKEYS=false \
+    -v ~/.ssh/id_rsa.pub:/home/sftpuser/.ssh/keys/id_rsa.pub \
+    -v ~/ssh_host_ed25519_key:/etc/ssh/host_keys/ssh_host_ed25519_key \
+    -v ~/ssh_host_rsa_key:/etc/ssh/host_keys/ssh_host_rsa_key \
+    amimof/sftp:latest
+```
+
+### Generating keys
+```bash
+# rsa
+ssh-keygen -t rsa -b 4096 -f ~/mykeys/ssh_host_rsa_key
+
+# dsa
+ssh-keygen -t dsa -f ~/mykeys/ssh_host_dsa_key
+
+# ecdsa
+ssh-keygen -t ecdsa -f ~/mykeys/ssh_host_ecdsa_key
+
+# ed25519
+ssh-keygen -t ed25519 -f ~/mykeys/ssh_host_ed25519_key
+```

docker/sftp/pod.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sftp
+spec:
+  containers:
+  - name: sftp
+    image: amimof/sftp
+    env:
+    - name: SSH_USERNAME
+      value: "beyonce"
+    - name: SSH_PASSWORD
+      value: "knowles"
+    ports:
+    - containerPort: 22

docker/sftp/server

@@ -0,0 +1,108 @@
+#!/bin/bash
+
+# Check if username is set
+if [ -z "$SSH_USERNAME" ]; then
+  echo "INFO: Username not set. Using default"
+  SSH_USERNAME="sftpuser"
+fi
+
+# Check if uid/guid is set
+if [ -z "$SSH_USERID" ]; then
+  echo "INFO: UID/GUID not set. Using default"
+  SSH_USERID=1337
+fi
+
+# Check if data directory is set
+if [ -z "$SSH_DATADIR_NAME" ]; then
+  echo "INFO: Data dir not set. Using default"
+  SSH_DATADIR_NAME="data"
+fi
+
+# Check if generate hostkeys is set
+if [ -z "$SSH_GENERATE_HOSTKEYS" ]; then
+  echo "INFO: Generate hostkeys not set. Using default"
+  SSH_GENERATE_HOSTKEYS="true"
+fi
+
+# Create group
+echo "INFO: Adding group ${SSH_USERNAME}"
+addgroup -g $SSH_USERID $SSH_USERNAME
+
+# Create user
+echo "INFO: Adding user ${SSH_USERNAME}"
+adduser -D -u $SSH_USERID -G $SSH_USERNAME $SSH_USERNAME
+
+# Set password if provided
+if [ -z "$SSH_PASSWORD" ]; then
+  echo "INFO: Password not provided for user ${SSH_USERNAME}"
+  passwd -u $SSH_USERNAME
+else
+  echo "INFO: Setting password for user ${SSH_USERNAME}"
+  echo $SSH_USERNAME:$SSH_PASSWORD | chpasswd > /dev/null
+  sed -i "s/PasswordAuthentication\s[^ ]*/PasswordAuthentication yes/g" /etc/ssh/sshd_config
+fi
+
+# Set Port to listen on
+if [ ! -z "$SSH_PORT" ]; then
+  echo "INFO: Setting Port to ${SSH_PORT}"
+  sed -i "s/Port\s[^ ]*/Port ${SSH_PORT}/g" /etc/ssh/sshd_config
+fi
+
+# Change ownership and permissions of users home root dir
+echo "INFO: Change ownership and permissions of home directory"
+chown root:root /home/$SSH_USERNAME
+chmod 755 /home/$SSH_USERNAME
+
+# Create data dir and set read/write permission for user
+echo "INFO: Create and set permissions on data dir"
+mkdir -p /home/$SSH_USERNAME/$SSH_DATADIR_NAME
+chown $SSH_USERNAME /home/$SSH_USERNAME/$SSH_DATADIR_NAME
+chmod 777 /home/$SSH_USERNAME/$SSH_DATADIR_NAME
+
+# Add SSH keys to authorized_keys with valid permissions
+if [ -d /home/$SSH_USERNAME/.ssh/keys ]; then
+  echo "INFO: Set ownership and permission of .ssh directory"
+  chown -R root:root /home/$SSH_USERNAME/.ssh
+  chmod 755 /home/$SSH_USERNAME/.ssh
+
+  echo "INFO: Add SSH keys to authorized_keys with valid permissions"
+  cat /home/$SSH_USERNAME/.ssh/keys/* >> /home/$SSH_USERNAME/.ssh/authorized_keys
+  chown $SSH_USERNAME:root /home/$SSH_USERNAME/.ssh/authorized_keys
+  chmod 644 /home/$SSH_USERNAME/.ssh/authorized_keys
+fi
+
+# Generate host keys by default
+if [ "${SSH_GENERATE_HOSTKEYS,,}" == "true" ]; then
+  echo "INFO: Generating host keys"
+
+  mkdir -p /etc/ssh/host_keys/
+
+  ssh-keygen -f /etc/ssh/host_keys/ssh_host_rsa_key -q -N '' -t rsa
+  ln -s /etc/ssh/host_keys/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key
+
+  ssh-keygen -f /etc/ssh/host_keys/ssh_host_dsa_key -q -N '' -t dsa
+  ln -s /etc/ssh/host_keys/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key
+
+  ssh-keygen -f /etc/ssh/host_keys/ssh_host_ecdsa_key -q -N '' -t ecdsa
+  ln -s /etc/ssh/host_keys/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key
+
+  ssh-keygen -f /etc/ssh/host_keys/ssh_host_ed25519_key -q -N '' -t ed25519
+  ln -s /etc/ssh/host_keys/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
+fi
+
+echo "INFO: Setting permissions on host keys"
+chmod 600 /etc/ssh/host_keys/*
+
+# Check for loglevel and replace line in sshd_config
+if [ -n "$LOGLEVEL" ]; then
+  echo "INFO: Setting LogLevel to ${LOGLEVEL}"
+  sed -i "s/LogLevel\s[^ ]*/LogLevel ${LOGLEVEL}/g" /etc/ssh/sshd_config
+fi
+
+# Run sshd in debug mode
+if [ -z "$DEBUG" ]; then
+        exec /usr/sbin/sshd -D -e
+else
+        echo "WARN: Debug mode enabled!"
+        exec /usr/sbin/sshd -D -e -d
+fi

docker/sftp/sshd_config

@@ -0,0 +1,15 @@
+Protocol 2
+Port 22
+UseDNS no
+PermitRootLogin no
+X11Forwarding no
+AllowTcpForwarding no
+PasswordAuthentication no
+PubkeyAuthentication yes
+Subsystem sftp internal-sftp
+ForceCommand internal-sftp
+ChrootDirectory %h
+HostKey /etc/ssh/host_keys/ssh_host_rsa_key
+HostKey /etc/ssh/host_keys/ssh_host_dsa_key
+HostKey /etc/ssh/host_keys/ssh_host_ecdsa_key
+HostKey /etc/ssh/host_keys/ssh_host_ed25519_key