From 62723a01cb5f2d0b499a7b4e62ef0c84a103a98d Mon Sep 17 00:00:00 2001
From: Luca Sacchi Ricciardi <luca.sacchi@gmail.com>
Date: Fri, 3 Apr 2026 17:40:15 +0200
Subject: [PATCH] feat(06-03): create infrastructure for Lab 05 Database & RDS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Infrastructure:
- docker-compose.yml: PostgreSQL in private network (RDS simulation)
- Dockerfile: Alpine-based test image with postgresql-client

Services:
- app: nginx for testing database connection (multi-homed)
- db: PostgreSQL 16 in private network (simulates RDS)
- test-public: Alpine for isolation testing

Key Features:
- Private network with --internal flag (INF-02 compliant)
- Named volume for data persistence (INF-04)
- Resource limits: 2 vCPU, 4GB RAM (INF-03)
- Non-root execution (INF-01)
- NO ports exposed from database

Parallels:
- PostgreSQL container → RDS Instance
- Private network → VPC Private Subnet
- Named volume → EBS volume
- Resource limits → DB instance class

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 labs/lab-05-database/Dockerfile         |  26 +++++
 labs/lab-05-database/docker-compose.yml | 123 ++++++++++++++++++++++++
 2 files changed, 149 insertions(+)
 create mode 100644 labs/lab-05-database/Dockerfile
 create mode 100644 labs/lab-05-database/docker-compose.yml

diff --git a/labs/lab-05-database/Dockerfile b/labs/lab-05-database/Dockerfile
new file mode 100644
index 0000000..f1633c3
--- /dev/null
+++ b/labs/lab-05-database/Dockerfile
@@ -0,0 +1,26 @@
+# Dockerfile per Lab 05 - Database & RDS
+# Nota: Lab 05 usa immagini ufficiali (PostgreSQL, Nginx, Alpine)
+# Questo Dockerfile è fornito come reference per customizzazioni future
+
+FROM alpine:3.19
+
+# Creare utente non-root per sicurezza (INF-01 compliance)
+RUN addgroup -g 1000 appgroup && \
+    adduser -D -u 1000 -G appgroup appuser
+
+# Installare strumenti di test database
+RUN apk add --no-cache \
+    postgresql-client \
+    curl \
+    netcat-openbsd \
+    bind-tools \
+    && rm -rf /var/cache/apk/*
+
+# Passare all'utente non-root
+USER appuser
+
+# Set working directory
+WORKDIR /home/appuser
+
+# Comando di default - container in attesa per testing
+CMD ["sh", "-c", "sleep 3600"]
diff --git a/labs/lab-05-database/docker-compose.yml b/labs/lab-05-database/docker-compose.yml
new file mode 100644
index 0000000..b0b068a
--- /dev/null
+++ b/labs/lab-05-database/docker-compose.yml
@@ -0,0 +1,123 @@
+# Lab 05: Database & RDS - Docker Compose Configuration
+# Simula RDS in VPC privata usando PostgreSQL in Docker private network
+
+version: "3.8"
+
+services:
+  # Application Server - per testare connessione al database
+  app:
+    image: nginx:alpine
+    container_name: lab05-app
+    hostname: app
+
+    deploy:
+      resources:
+        limits:
+          cpus: '1'
+          memory: 1G
+
+    networks:
+      vpc-public:
+        ipv4_address: 10.0.1.10
+      vpc-private:
+        ipv4_address: 10.0.2.10
+
+    ports:
+      - "127.0.0.1:8080:80"
+
+    depends_on:
+      db:
+        condition: service_healthy
+
+    restart: unless-stopped
+
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+  # PostgreSQL Database - simula RDS in VPC privata
+  db:
+    image: postgres:16-alpine
+    container_name: lab05-db
+    hostname: db
+
+    environment:
+      POSTGRES_DB: lab05_db
+      POSTGRES_USER: lab05_user
+      POSTGRES_PASSWORD: lab05_password
+      POSTGRES_INITDB_ARGS: "-E UTF8"
+
+    deploy:
+      resources:
+        limits:
+          cpus: '2'
+          memory: 4G
+
+    networks:
+      vpc-private:
+        ipv4_address: 10.0.2.20
+
+    # NESSUNA PORTA ESPOSTA - completamente privato (INF-02)
+    # RDS in VPC privata non è accessibile dall'host
+
+    volumes:
+      - db-data:/var/lib/postgresql/data
+
+    restart: unless-stopped
+
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U lab05_user -d lab05_db || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+  # Test Container - per verificare isolamento
+  test-public:
+    image: alpine:3.19
+    container_name: lab05-test-public
+    hostname: test-public
+
+    command: ["sh", "-c", "sleep 3600"]
+
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+
+    networks:
+      vpc-public:
+        ipv4_address: 10.0.1.30
+
+    restart: unless-stopped
+
+# Networks simula VPC con subnet pubbliche/private
+networks:
+  # Public Subnet - simula subnet con accesso internet
+  vpc-public:
+    name: lab05-vpc-public
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.0.1.0/24
+          gateway: 10.0.1.1
+
+  # Private Subnet - isolata, simula subnet privata VPC
+  vpc-private:
+    name: lab05-vpc-private
+    driver: bridge
+    internal: true  # Isola da internet (simula private subnet)
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.0.2.0/24
+          gateway: 10.0.2.1
+
+# Persistent Volumes
+volumes:
+  db-data:
+    driver: local