Run Always Free Docker Container on Oracle Cloud Infrastructure

Run Always Free Docker Container on Oracle Cloud Infrastructure

In this article, I want to show how you can very quickly run a Docker container for free on Oracle Cloud Infrastructure – using a VM in the Always Free Tier of OCI. As an example, I will run an NGINX container image and access that from a client over the public internet
image
A few reminders: the workload of container has to fit in the shape of this always free VM: VM.Standard.E2.1.Micro, 1/8 OCPU, 1 GB RAM and up to 480 Mbps network bandwidth (see docs). The boot volume offers just over 45GB of disk storage . In order for the container to be accessible, the ports mapped on the VM to container also have to be configured in ingress rules in the security list. We need to install Docker ourselves in the VM; it is provisioned with just an Oracle Linux image.
This article leans heavily on this article by Todd Sharp: Getting Started With RabbitMQ In The Oracle Cloud.
Steps:
  1. Get yourself an OCI Tenancy (could be a free trial); login to the console
  2. Generate an SSH Key Pair
  3. Create a Compute instance with an always free shape; configure the SSH key and write down the public IP assigned to the VM
  4. Setup Ingress Rules in Security List for VM to open up the ports required for whatever container you want to run
  5. SSH into the VM, install Docker
  6. Run Docker Container Image
  7. Access the service provided by the container image at the public IP address of the VM
This article describes these steps as manual steps. In a next iteration, I hope to automate this process and make it part of the OCI Online Handson Labs that the Red Expert Alliance is producing on Katacoda.

1. Get yourself a tenancy – and make sure you can create instances of the Always Free VM shape

Once you have access to an OCI tenancy – either a free trial or a paid for account – you should ne able to create two free VM instances of shape VM.Standard.E2.1.Micro. However, I discovered that in several of my Ashburn tenancies, the service limit was set at 0 for the always free shape.
image
I assume this is a glitch, something that you should not and perhaps will not run into. However, if you do, you can decide to create a non-free VM instance or to ask the limit to be raised. You can do so quite easily – although it will take some time to be processed – right from the console:
image

2. Generate the SSH Key Pair

Generate the SSH Key Pair using a tool such as ssh-keygen on Linux or PuTTY Key Generator on Windows. See the OCI Docs for details.
Here is what I did on Linux:
1
ssh-keygen -t rsa -N "" -b 2048 -C "<var>docker-vm-key</var>" -f <var>./docker-vm-key</var>
imageTwo files are generated:
image
The file docker-vm-key contains the private key (not passphrase protected) and the file docker-vm-key.pub contains the public key that we will paste into the VM definition on OCI.

3. Create the Compute Instance

In the OCI Console Menu, navigate to Compute | Instances:
image


Click on Create Instance:
image

I have accepted mostly default values. I defined the name for the instance : free-docker-runner and selected a pre-existing compartment. I have selected an existing virtual network and a public subnet within that network. I have also indicated that I want a Public IP address to be assigned.
image
Finally, paste in the SSH Public Key and press Create.

SNAGHTML3d2f696f

The VM will now be provisioned – as is indicated:
image

After a little while, the VM is up and running – and has a public IP address assigned to it:
image
The situation at this point can  be visualized as is shown in the next figure:
image

    4. Setup Ingress Rules in Security List for VM to open up the ports required for whatever container you want to run

    The VM is associated with a public subnet in a Virtual Cloud Network. In my case this is the Public Subnet-vcn-lab in the vcn-lab VCN. (one of) the security list(s) for this subnet should be configured with ingress rules that make the required traffic possible to the port(s) that will be mapped to the container image. Open the details page for the public subnet. Click on the security list (or create a new one)
    image

    Let’s assume we will run the NGINX container image. The port we will map in the VM to the NGINX container is one we can choose ourselves. Let’s pick 3456 and 3457 – with no very good reason. If we want ports 3456 and 3457 on the VM to be able to receive requests from the public internet, we need to configure an ingress rule accordingly:
    image
    Source CIDR is set to 0.0.0.0/0; along with Source Port Range left blank (i.e. All) this means that this rule applies to any client.

    5. SSH into the VM, install Docker

    At this point, we have a running VM instance. It has a fresh Oracle Linux 7.7 Operating System. But not yet Docker. Let’s open a terminal window into the VM using SSH (or using PuTTY on Windows), using this command:
    1
    ssh opc@public-id-address -i rsa-private-key-file
    Replace the public-id-address with the public IP assigned to the VM. Replace rsa-private-key-file with a reference to the file that contains the SSH private key:
    image
    To install Docker, execute these commands:
    1
    2
    3
    4
    sudo yum-config-manager --enable ol7_addons
    sudo yum install docker-engine -y
    sudo systemctl start docker
    sudo systemctl enable docker
    image
    To run Docker as non-root user, read these instructions.

    6. Run Docker Container Image

    With Docker installed, we can now run the container image of our choice. For this article, I have picked nginx – because it is so simple. It could have been any other image as well.
    Run the nginx container image with this command:
    1
    2
    3
    4
    5
    6
    7
    sudo docker run -d \
    --restart always \
    --hostname nginx.lucasjellema.com \
    -p 3456:443 \
    -p 3457:80 \
    --name my-nginx \
    nginx
    SNAGHTMLc568fc
    use sudo docker ps to verify if the container is running. As you can tell, it is running.
    and try out to get a response from the nginx container, mapped to port 3457 (and 3456) in the VM:
    image

    7. Access the service provided by the container image at the public IP address of the free VM

    Open a browser and open it at the Public IP assigned to the container at port 3457. The welcome page of nginx should appear in the browser.
    image
    At this point, a Docker container is running in an always free VM on OCI, serving HTTP requests from anywhere on the public internet.
    image
    Instead of nginx, we could of course run any container image (if its fit in the free VM shape).

    Comments

    Popular posts from this blog

    Flutter for Single-Page Scrollable Websites with Navigator 2.0

    A Data Science Portfolio is More Valuable than a Resume

    Better File Storage in Oracle Cloud