Skip to content

vanHeemstraSystems/learning-idp-containerization

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
README.md
README.md
Β 
Β 
REFERENCES.md
REFERENCES.md
Β 
Β 

Repository files navigation

Learning IDP: Containerization

This repository focuses on mastering containerization technologies using Docker, Kubernetes, and related tools to build, manage, and automate container infrastructure for Internal Development Platform (IDP) development.

🎯 Learning Objectives

By working through this repository, you will:

  1. Master Docker container creation and management
  2. Implement multi-stage builds and optimization
  3. Work with Docker Compose for multi-container applications
  4. Understand Kubernetes architecture and concepts
  5. Deploy and manage applications on Kubernetes
  6. Implement container security best practices
  7. Build CI/CD pipelines for containerized applications

πŸ“š Prerequisites

  • Python 3.11 or higher
  • Docker Desktop installed
  • kubectl installed
  • Basic understanding of Linux and networking
  • Completed learning-idp-python-azure-sdk
  • Git and GitHub account

πŸ—‚οΈ Directory Structure

learning-idp-containerization/ β”œβ”€β”€ README.md # This file β”œβ”€β”€ REFERENCES.md # Links to resources and related repos β”œβ”€β”€ pyproject.toml # Python project configuration β”œβ”€β”€ requirements.txt # Python dependencies β”œβ”€β”€ requirements-dev.txt # Development dependencies β”œβ”€β”€ .python-version # Python version for pyenv β”œβ”€β”€ .gitignore # Git ignore patterns β”œβ”€β”€ .env.example # Environment variables template β”‚ β”œβ”€β”€ docs/ β”‚ β”œβ”€β”€ concepts/ β”‚ β”‚ β”œβ”€β”€ 01-containerization-overview.md β”‚ β”‚ β”œβ”€β”€ 02-docker-fundamentals.md β”‚ β”‚ β”œβ”€β”€ 03-kubernetes-architecture.md β”‚ β”‚ β”œβ”€β”€ 04-container-networking.md β”‚ β”‚ β”œβ”€β”€ 05-container-storage.md β”‚ β”‚ └── 06-container-security.md β”‚ β”œβ”€β”€ guides/ β”‚ β”‚ β”œβ”€β”€ getting-started.md β”‚ β”‚ β”œβ”€β”€ dockerfile-best-practices.md β”‚ β”‚ β”œβ”€β”€ kubernetes-deployment.md β”‚ β”‚ β”œβ”€β”€ helm-charts.md β”‚ β”‚ └── container-registry.md β”‚ └── examples/ β”‚ β”œβ”€β”€ simple-dockerfile.md β”‚ β”œβ”€β”€ multi-stage-build.md β”‚ β”œβ”€β”€ kubernetes-deployment.md β”‚ β”œβ”€β”€ stateful-application.md β”‚ └── microservices-architecture.md β”‚ β”œβ”€β”€ src/ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”‚ β”œβ”€β”€ core/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ authentication.py # Docker/K8s authentication β”‚ β”‚ β”œβ”€β”€ config.py # Configuration management β”‚ β”‚ β”œβ”€β”€ exceptions.py # Custom exceptions β”‚ β”‚ └── logging_config.py # Logging setup β”‚ β”‚ β”‚ β”œβ”€β”€ docker/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ docker_client.py # Docker API client β”‚ β”‚ β”œβ”€β”€ image_builder.py # Image building β”‚ β”‚ β”œβ”€β”€ container_manager.py # Container management β”‚ β”‚ β”œβ”€β”€ network_manager.py # Network operations β”‚ β”‚ └── volume_manager.py # Volume operations β”‚ β”‚ β”‚ β”œβ”€β”€ compose/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ compose_manager.py # Docker Compose operations β”‚ β”‚ β”œβ”€β”€ service_scaler.py # Service scaling β”‚ β”‚ └── health_checker.py # Health monitoring β”‚ β”‚ β”‚ β”œβ”€β”€ kubernetes/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ k8s_client.py # Kubernetes client β”‚ β”‚ β”œβ”€β”€ deployment_manager.py # Deployment operations β”‚ β”‚ β”œβ”€β”€ service_manager.py # Service management β”‚ β”‚ β”œβ”€β”€ pod_manager.py # Pod operations β”‚ β”‚ └── namespace_manager.py # Namespace management β”‚ β”‚ β”‚ β”œβ”€β”€ helm/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ helm_client.py # Helm operations β”‚ β”‚ β”œβ”€β”€ chart_manager.py # Chart management β”‚ β”‚ └── release_manager.py # Release operations β”‚ β”‚ β”‚ β”œβ”€β”€ registry/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ acr_manager.py # Azure Container Registry β”‚ β”‚ β”œβ”€β”€ dockerhub_manager.py # Docker Hub operations β”‚ β”‚ └── registry_scanner.py # Security scanning β”‚ β”‚ β”‚ β”œβ”€β”€ security/ β”‚ β”‚ β”œβ”€β”€ __init__.py β”‚ β”‚ β”œβ”€β”€ image_scanner.py # Image security scanning β”‚ β”‚ β”œβ”€β”€ secret_manager.py # Secret management β”‚ β”‚ β”œβ”€β”€ policy_enforcer.py # Security policies β”‚ β”‚ └── rbac_manager.py # RBAC configuration β”‚ β”‚ β”‚ └── monitoring/ β”‚ β”œβ”€β”€ __init__.py β”‚ β”œβ”€β”€ metrics_collector.py # Container metrics β”‚ β”œβ”€β”€ log_aggregator.py # Log collection β”‚ └── health_monitor.py # Health checks β”‚ β”œβ”€β”€ examples/ β”‚ β”œβ”€β”€ 01_docker_basics/ β”‚ β”‚ β”œβ”€β”€ 01_simple_dockerfile/ β”‚ β”‚ β”‚ β”œβ”€β”€ Dockerfile β”‚ β”‚ β”‚ β”œβ”€β”€ app.py β”‚ β”‚ β”‚ └── requirements.txt β”‚ β”‚ β”œβ”€β”€ 02_multi_stage_build/ β”‚ β”‚ β”‚ β”œβ”€β”€ Dockerfile β”‚ β”‚ β”‚ └── app.py β”‚ β”‚ β”œβ”€β”€ 03_docker_compose/ β”‚ β”‚ β”‚ β”œβ”€β”€ docker-compose.yml β”‚ β”‚ β”‚ β”œβ”€β”€ web/Dockerfile β”‚ β”‚ β”‚ └── db/init.sql β”‚ β”‚ β”œβ”€β”€ 04_networking/ β”‚ β”‚ β”‚ └── docker-compose.yml β”‚ β”‚ └── 05_volumes/ β”‚ β”‚ └── docker-compose.yml β”‚ β”‚ β”‚ β”œβ”€β”€ 02_docker_python/ β”‚ β”‚ β”œβ”€β”€ 01_flask_app/ β”‚ β”‚ β”‚ β”œβ”€β”€ Dockerfile β”‚ β”‚ β”‚ β”œβ”€β”€ app.py β”‚ β”‚ β”‚ └── requirements.txt β”‚ β”‚ β”œβ”€β”€ 02_fastapi_app/ β”‚ β”‚ β”‚ β”œβ”€β”€ Dockerfile β”‚ β”‚ β”‚ β”œβ”€β”€ main.py β”‚ β”‚ β”‚ └── requirements.txt β”‚ β”‚ β”œβ”€β”€ 03_celery_worker/ β”‚ β”‚ β”‚ β”œβ”€β”€ docker-compose.yml β”‚ β”‚ β”‚ β”œβ”€β”€ worker/Dockerfile β”‚ β”‚ β”‚ └── tasks.py β”‚ β”‚ └── 04_ml_model/ β”‚ β”‚ β”œβ”€β”€ Dockerfile β”‚ β”‚ └── model.py β”‚ β”‚ β”‚ β”œβ”€β”€ 03_kubernetes_basics/ β”‚ β”‚ β”œβ”€β”€ 01_pod.yaml β”‚ β”‚ β”œβ”€β”€ 02_deployment.yaml β”‚ β”‚ β”œβ”€β”€ 03_service.yaml β”‚ β”‚ β”œβ”€β”€ 04_configmap.yaml β”‚ β”‚ β”œβ”€β”€ 05_secret.yaml β”‚ β”‚ └── 06_ingress.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ 04_kubernetes_advanced/ β”‚ β”‚ β”œβ”€β”€ 01_statefulset.yaml β”‚ β”‚ β”œβ”€β”€ 02_daemonset.yaml β”‚ β”‚ β”œβ”€β”€ 03_job.yaml β”‚ β”‚ β”œβ”€β”€ 04_cronjob.yaml β”‚ β”‚ β”œβ”€β”€ 05_hpa.yaml β”‚ β”‚ └── 06_network_policy.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ 05_helm_charts/ β”‚ β”‚ β”œβ”€β”€ simple-app/ β”‚ β”‚ β”‚ β”œβ”€β”€ Chart.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ values.yaml β”‚ β”‚ β”‚ └── templates/ β”‚ β”‚ β”‚ β”œβ”€β”€ deployment.yaml β”‚ β”‚ β”‚ β”œβ”€β”€ service.yaml β”‚ β”‚ β”‚ └── ingress.yaml β”‚ β”‚ └── microservices/ β”‚ β”‚ β”œβ”€β”€ Chart.yaml β”‚ β”‚ β”œβ”€β”€ values.yaml β”‚ β”‚ └── templates/ β”‚ β”‚ β”‚ β”œβ”€β”€ 06_container_registry/ β”‚ β”‚ β”œβ”€β”€ 01_push_to_acr.py β”‚ β”‚ β”œβ”€β”€ 02_scan_image.py β”‚ β”‚ β”œβ”€β”€ 03_manage_tags.py β”‚ β”‚ └── 04_cleanup_old_images.py β”‚ β”‚ β”‚ β”œβ”€β”€ 07_security/ β”‚ β”‚ β”œβ”€β”€ 01_image_scanning.py β”‚ β”‚ β”œβ”€β”€ 02_secret_management.py β”‚ β”‚ β”œβ”€β”€ 03_network_policies.yaml β”‚ β”‚ β”œβ”€β”€ 04_pod_security.yaml β”‚ β”‚ └── 05_rbac_setup.yaml β”‚ β”‚ β”‚ └── 08_cicd/ β”‚ β”œβ”€β”€ 01_github_actions/ β”‚ β”‚ └── docker-build.yml β”‚ β”œβ”€β”€ 02_azure_devops/ β”‚ β”‚ └── azure-pipelines.yml β”‚ └── 03_gitops/ β”‚ └── argocd-application.yaml β”‚ β”œβ”€β”€ templates/ β”‚ β”œβ”€β”€ dockerfiles/ β”‚ β”‚ β”œβ”€β”€ python-base.Dockerfile β”‚ β”‚ β”œβ”€β”€ python-alpine.Dockerfile β”‚ β”‚ β”œβ”€β”€ nodejs-base.Dockerfile β”‚ β”‚ └── multi-stage.Dockerfile β”‚ β”œβ”€β”€ compose/ β”‚ β”‚ β”œβ”€β”€ web-db-redis.yml β”‚ β”‚ β”œβ”€β”€ microservices.yml β”‚ β”‚ └── monitoring-stack.yml β”‚ β”œβ”€β”€ kubernetes/ β”‚ β”‚ β”œβ”€β”€ deployment-template.yaml β”‚ β”‚ β”œβ”€β”€ service-template.yaml β”‚ β”‚ └── ingress-template.yaml β”‚ └── helm/ β”‚ └── chart-skeleton/ β”‚ β”œβ”€β”€ notebooks/ β”‚ β”œβ”€β”€ 01_docker_basics.ipynb β”‚ β”œβ”€β”€ 02_kubernetes_intro.ipynb β”‚ β”œβ”€β”€ 03_helm_charts.ipynb β”‚ β”œβ”€β”€ 04_security_practices.ipynb β”‚ └── 05_monitoring_containers.ipynb β”‚ β”œβ”€β”€ scripts/ β”‚ β”œβ”€β”€ setup_docker.sh # Docker setup script β”‚ β”œβ”€β”€ setup_kubernetes.sh # Kubernetes setup β”‚ β”œβ”€β”€ build_images.sh # Build all images β”‚ β”œβ”€β”€ deploy_to_k8s.sh # Deploy to Kubernetes β”‚ └── cleanup.sh # Resource cleanup β”‚ β”œβ”€β”€ tests/ β”‚ β”œβ”€β”€ __init__.py β”‚ β”œβ”€β”€ conftest.py β”‚ β”œβ”€β”€ unit/ β”‚ β”‚ β”œβ”€β”€ test_docker_client.py β”‚ β”‚ β”œβ”€β”€ test_k8s_client.py β”‚ β”‚ └── test_helm_client.py β”‚ └── integration/ β”‚ β”œβ”€β”€ test_container_lifecycle.py β”‚ β”œβ”€β”€ test_deployment.py β”‚ └── test_networking.py β”‚ └── .github/ └── workflows/ β”œβ”€β”€ docker-build.yml # Docker build workflow β”œβ”€β”€ k8s-deploy.yml # Kubernetes deployment └── security-scan.yml # Security scanning

πŸš€ Getting Started

1. Clone the Repository

git clone https://github.com/vanHeemstraSystems/learning-idp-containerization.git cd learning-idp-containerization

2. Install Prerequisites

# Install Docker Desktop # Download from: https://www.docker.com/products/docker-desktop # Install kubectl curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Install Helm curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash # Set up Python environment python3 -m venv venv source venv/bin/activate pip install -r requirements.txt

3. Run Your First Container

# Build a simple Docker image cd examples/01_docker_basics/01_simple_dockerfile docker build -t my-first-app . # Run the container docker run -p 8000:8000 my-first-app # Test it curl http://localhost:8000

4. Deploy to Local Kubernetes

# Enable Kubernetes in Docker Desktop or use Minikube minikube start # Deploy a simple application kubectl apply -f examples/03_kubernetes_basics/02_deployment.yaml kubectl apply -f examples/03_kubernetes_basics/03_service.yaml # Check the deployment kubectl get pods kubectl get services

πŸ“– Learning Path

Follow this recommended sequence:

Week 1: Docker Fundamentals

Day 1-2: Docker Basics

  1. Read docs/concepts/02-docker-fundamentals.md
  2. Work through examples/01_docker_basics/
  3. Practice building and running containers

Day 3-4: Dockerfile Best Practices

  1. Study docs/guides/dockerfile-best-practices.md
  2. Complete examples in examples/02_docker_python/
  3. Implement multi-stage builds

Day 5-7: Docker Compose

  1. Work through Docker Compose examples
  2. Build multi-container applications
  3. Practice service networking

Week 2: Kubernetes Fundamentals

Day 1-3: Kubernetes Architecture

  1. Read docs/concepts/03-kubernetes-architecture.md
  2. Complete examples in examples/03_kubernetes_basics/
  3. Deploy applications to Kubernetes

Day 4-7: Advanced Kubernetes

  1. Work through examples/04_kubernetes_advanced/
  2. Implement StatefulSets and DaemonSets
  3. Configure autoscaling

Week 3: Container Registry & Security

Day 1-3: Container Registry

  1. Complete examples in examples/06_container_registry/
  2. Push images to Azure Container Registry
  3. Implement image scanning

Day 4-7: Security Best Practices

  1. Study docs/concepts/06-container-security.md
  2. Work through examples/07_security/
  3. Implement security policies

Week 4: Helm & CI/CD

Day 1-3: Helm Charts

  1. Read docs/guides/helm-charts.md
  2. Create custom Helm charts
  3. Deploy with Helm

Day 4-7: CI/CD Integration

  1. Work through examples/08_cicd/
  2. Build container CI/CD pipelines
  3. Implement GitOps workflows

πŸ”‘ Key Tools & Libraries

Container Tools

# Docker docker>=24.0.0 # Kubernetes kubectl>=1.28.0 # Helm helm>=3.13.0 # Python Libraries docker>=7.0.0 # Docker SDK for Python kubernetes>=28.1.0 # Kubernetes Python client

πŸ’‘ Common Operations Examples

Build Optimized Docker Image

# Multi-stage build for Python application FROM python:3.11-slim as builder WORKDIR /app # Install dependencies COPY requirements.txt . RUN pip install --user --no-cache-dir -r requirements.txt # Final stage FROM python:3.11-slim WORKDIR /app # Copy dependencies from builder COPY --from=builder /root/.local /root/.local # Copy application code COPY . . # Make sure scripts in .local are usable ENV PATH=/root/.local/bin:$PATH # Non-root user RUN useradd -m appuser && chown -R appuser:appuser /app USER appuser EXPOSE 8000 CMD ["python", "app.py"]

Docker Compose for Microservices

version: '3.8' services: web: build: ./web ports: - "8000:8000" environment: - DATABASE_URL=postgresql://db:5432/myapp - REDIS_URL=redis://redis:6379 depends_on: - db - redis networks: - app-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8000/health"] interval: 30s timeout: 10s retries: 3 db: image: postgres:16-alpine environment: - POSTGRES_DB=myapp - POSTGRES_PASSWORD=secretpassword volumes: - postgres-data:/var/lib/postgresql/data networks: - app-network redis: image: redis:7-alpine volumes: - redis-data:/data networks: - app-network volumes: postgres-data: redis-data: networks: app-network: driver: bridge

Deploy to Kubernetes

from kubernetes import client, config # Load kubeconfig config.load_kube_config() # Create API clients apps_v1 = client.AppsV1Api() core_v1 = client.CoreV1Api() # Define deployment deployment = client.V1Deployment( metadata=client.V1ObjectMeta(name="my-app"), spec=client.V1DeploymentSpec( replicas=3, selector=client.V1LabelSelector( match_labels={"app": "my-app"} ), template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta( labels={"app": "my-app"} ), spec=client.V1PodSpec( containers=[ client.V1Container( name="my-app", image="myregistry.azurecr.io/my-app:latest", ports=[client.V1ContainerPort(container_port=8000)], resources=client.V1ResourceRequirements( requests={"cpu": "100m", "memory": "128Mi"}, limits={"cpu": "500m", "memory": "512Mi"} ), liveness_probe=client.V1Probe( http_get=client.V1HTTPGetAction( path="/health", port=8000 ), initial_delay_seconds=10, period_seconds=10 ) ) ] ) ) ) ) # Create deployment apps_v1.create_namespaced_deployment( namespace="default", body=deployment ) # Create service service = client.V1Service( metadata=client.V1ObjectMeta(name="my-app"), spec=client.V1ServiceSpec( selector={"app": "my-app"}, ports=[client.V1ServicePort(port=80, target_port=8000)], type="LoadBalancer" ) ) core_v1.create_namespaced_service( namespace="default", body=service ) print("Deployment and service created successfully")

Create Helm Chart

import os from pathlib import Path def create_helm_chart(chart_name: str, output_dir: str): """Create a basic Helm chart structure""" chart_path = Path(output_dir) / chart_name # Create directory structure (chart_path / "templates").mkdir(parents=True, exist_ok=True) # Chart.yaml chart_yaml = f"""apiVersion: v2 name: {chart_name} description: A Helm chart for {chart_name} type: application version: 0.1.0 appVersion: "1.0" """ # values.yaml values_yaml = """replicaCount: 3  image:  repository: myregistry.azurecr.io/my-app  tag: latest  pullPolicy: IfNotPresent  service:  type: ClusterIP  port: 80  ingress:  enabled: false   resources:  limits:  cpu: 500m  memory: 512Mi  requests:  cpu: 100m  memory: 128Mi  autoscaling:  enabled: true  minReplicas: 2  maxReplicas: 10  targetCPUUtilizationPercentage: 80 """ # Write files (chart_path / "Chart.yaml").write_text(chart_yaml) (chart_path / "values.yaml").write_text(values_yaml) print(f"Helm chart created at: {chart_path}") # Create chart create_helm_chart("my-app", "./helm-charts")

Scan Container Image

import docker import json def scan_image(image_name: str): """Scan Docker image for vulnerabilities using Trivy""" client = docker.from_env() # Pull image if not exists try: client.images.get(image_name) except docker.errors.ImageNotFound: print(f"Pulling image: {image_name}") client.images.pull(image_name) # Run Trivy scan result = client.containers.run( "aquasec/trivy:latest", f"image --format json {image_name}", remove=True, volumes={ "/var/run/docker.sock": { "bind": "/var/run/docker.sock", "mode": "ro" } } ) # Parse results scan_results = json.loads(result) # Count vulnerabilities vulnerabilities = { "CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "LOW": 0 } for target in scan_results.get("Results", []): for vuln in target.get("Vulnerabilities", []): severity = vuln.get("Severity", "UNKNOWN") if severity in vulnerabilities: vulnerabilities[severity] += 1 print(f"\nVulnerability Scan Results for {image_name}:") print(f"CRITICAL: {vulnerabilities['CRITICAL']}") print(f"HIGH: {vulnerabilities['HIGH']}") print(f"MEDIUM: {vulnerabilities['MEDIUM']}") print(f"LOW: {vulnerabilities['LOW']}") return vulnerabilities # Scan image scan_image("python:3.11-slim")

🎯 Best Practices

1. Dockerfile Optimization

# Use specific version tags FROM python:3.11-slim # Set working directory WORKDIR /app # Copy only requirements first (layer caching) COPY requirements.txt . # Install dependencies RUN pip install --no-cache-dir -r requirements.txt # Copy application code COPY . . # Use non-root user RUN useradd -m appuser && chown -R appuser:appuser /app USER appuser # Document exposed ports EXPOSE 8000 # Use exec form for CMD CMD ["python", "app.py"]

2. Resource Limits

resources: requests: cpu: "100m" memory: "128Mi" limits: cpu: "500m" memory: "512Mi"

3. Health Checks

livenessProbe: httpGet: path: /health port: 8000 initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8000 initialDelaySeconds: 5 periodSeconds: 5

4. Security Hardening

# Run as non-root USER 1000:1000 # Read-only root filesystem securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000

πŸ”— Related Repositories

🀝 Contributing

This is a personal learning repository, but suggestions and improvements are welcome!

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes with tests
  4. Ensure all tests pass
  5. Submit a pull request

πŸ“„ License

This project is for educational purposes. See LICENSE file for details.

πŸ“§ Contact

Willem van Heemstra

Last updated: December 18, 2025 Part of the learning-internal-development-platform series

About

Learning IDP Containerization

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published