Run Always Free Docker Container on Oracle Cloud Infrastructure
Run Always Free Docker Container on Oracle Cloud Infrastructure
In this article, I want to show how you can very quickly run a Docker container for free on Oracle Cloud Infrastructure – using a VM in the Always Free Tier of OCI. As an example, I will run an NGINX container image and access that from a client over the public internet
A few reminders: the workload of container has to fit in the shape of this always free VM: VM.Standard.E2.1.Micro, 1/8 OCPU, 1 GB RAM and up to 480 Mbps network bandwidth (see docs). The boot volume offers just over 45GB of disk storage . In order for the container to be accessible, the ports mapped on the VM to container also have to be configured in ingress rules in the security list. We need to install Docker ourselves in the VM; it is provisioned with just an Oracle Linux image.
This article leans heavily on this article by Todd Sharp: Getting Started With RabbitMQ In The Oracle Cloud.
Steps:
- Get yourself an OCI Tenancy (could be a free trial); login to the console
- Generate an SSH Key Pair
- Create a Compute instance with an always free shape; configure the SSH key and write down the public IP assigned to the VM
- Setup Ingress Rules in Security List for VM to open up the ports required for whatever container you want to run
- SSH into the VM, install Docker
- Run Docker Container Image
- Access the service provided by the container image at the public IP address of the VM
This article describes these steps as manual steps. In a next iteration, I hope to automate this process and make it part of the OCI Online Handson Labs that the Red Expert Alliance is producing on Katacoda.
1. Get yourself a tenancy – and make sure you can create instances of the Always Free VM shape
Once you have access to an OCI tenancy – either a free trial or a paid for account – you should ne able to create two free VM instances of shape VM.Standard.E2.1.Micro. However, I discovered that in several of my Ashburn tenancies, the service limit was set at 0 for the always free shape.
I assume this is a glitch, something that you should not and perhaps will not run into. However, if you do, you can decide to create a non-free VM instance or to ask the limit to be raised. You can do so quite easily – although it will take some time to be processed – right from the console:
2. Generate the SSH Key Pair
Generate the SSH Key Pair using a tool such as ssh-keygen on Linux or PuTTY Key Generator on Windows. See the OCI Docs for details.
Here is what I did on Linux:
1
| ssh-keygen -t rsa -N "" -b 2048 -C "<var>docker-vm-key</var>" -f <var>./docker-vm-key</var> |
The file docker-vm-key contains the private key (not passphrase protected) and the file docker-vm-key.pub contains the public key that we will paste into the VM definition on OCI.
3. Create the Compute Instance
In the OCI Console Menu, navigate to Compute | Instances:
Click on Create Instance:
I have accepted mostly default values. I defined the name for the instance : free-docker-runner and selected a pre-existing compartment. I have selected an existing virtual network and a public subnet within that network. I have also indicated that I want a Public IP address to be assigned.
Finally, paste in the SSH Public Key and press Create.
The VM will now be provisioned – as is indicated:
After a little while, the VM is up and running – and has a public IP address assigned to it:
The situation at this point can be visualized as is shown in the next figure:
4. Setup Ingress Rules in Security List for VM to open up the ports required for whatever container you want to run
The VM is associated with a public subnet in a Virtual Cloud Network. In my case this is the Public Subnet-vcn-lab in the vcn-lab VCN. (one of) the security list(s) for this subnet should be configured with ingress rules that make the required traffic possible to the port(s) that will be mapped to the container image. Open the details page for the public subnet. Click on the security list (or create a new one)
Let’s assume we will run the NGINX container image. The port we will map in the VM to the NGINX container is one we can choose ourselves. Let’s pick 3456 and 3457 – with no very good reason. If we want ports 3456 and 3457 on the VM to be able to receive requests from the public internet, we need to configure an ingress rule accordingly:
Source CIDR is set to 0.0.0.0/0; along with Source Port Range left blank (i.e. All) this means that this rule applies to any client.
5. SSH into the VM, install Docker
At this point, we have a running VM instance. It has a fresh Oracle Linux 7.7 Operating System. But not yet Docker. Let’s open a terminal window into the VM using SSH (or using PuTTY on Windows), using this command:
1
| ssh opc@public-id-address -i rsa-private-key-file |
Replace the public-id-address with the public IP assigned to the VM. Replace rsa-private-key-file with a reference to the file that contains the SSH private key:
To install Docker, execute these commands:
1
2
3
4
| sudo yum-config-manager --enable ol7_addons sudo yum install docker-engine -y sudo systemctl start docker sudo systemctl enable docker |
To run Docker as non-root user, read these instructions.
6. Run Docker Container Image
With Docker installed, we can now run the container image of our choice. For this article, I have picked nginx – because it is so simple. It could have been any other image as well.
Run the nginx container image with this command:
1
2
3
4
5
6
7
| sudo docker run -d \ --restart always \ --hostname nginx.lucasjellema.com \ -p 3456:443 \ -p 3457:80 \ --name my-nginx \ nginx |
use sudo docker ps to verify if the container is running. As you can tell, it is running.
and try out to get a response from the nginx container, mapped to port 3457 (and 3456) in the VM:
1
|
7. Access the service provided by the container image at the public IP address of the free VM
Open a browser and open it at the Public IP assigned to the container at port 3457. The welcome page of nginx should appear in the browser.
At this point, a Docker container is running in an always free VM on OCI, serving HTTP requests from anywhere on the public internet.
Instead of nginx, we could of course run any container image (if its fit in the free VM shape).
Comments