lucasacchi/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(06-03): create infrastructure for Lab 05 Database & RDS

Browse Source 
Infrastructure:
- docker-compose.yml: PostgreSQL in private network (RDS simulation)
- Dockerfile: Alpine-based test image with postgresql-client

Services:
- app: nginx for testing database connection (multi-homed)
- db: PostgreSQL 16 in private network (simulates RDS)
- test-public: Alpine for isolation testing

Key Features:
- Private network with --internal flag (INF-02 compliant)
- Named volume for data persistence (INF-04)
- Resource limits: 2 vCPU, 4GB RAM (INF-03)
- Non-root execution (INF-01)
- NO ports exposed from database

Parallels:
- PostgreSQL container → RDS Instance
- Private network → VPC Private Subnet
- Named volume → EBS volume
- Resource limits → DB instance class

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Luca Sacchi Ricciardi
2026-04-03 17:40:15 +02:00
parent cfbdb1efc8
commit 62723a01cb
2 changed files with 149 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
labs/lab-05-database/Dockerfile Normal file
View File

@@ -0,0 +1,26 @@
# Dockerfile per Lab 05 - Database & RDS
# Nota: Lab 05 usa immagini ufficiali (PostgreSQL, Nginx, Alpine)
# Questo Dockerfile è fornito come reference per customizzazioni future
FROM alpine:3.19
# Creare utente non-root per sicurezza (INF-01 compliance)
RUN addgroup -g 1000 appgroup && \
adduser -D -u 1000 -G appgroup appuser
# Installare strumenti di test database
RUN apk add --no-cache \
postgresql-client \
curl \
netcat-openbsd \
bind-tools \
&& rm -rf /var/cache/apk/*
# Passare all'utente non-root
USER appuser
# Set working directory
WORKDIR /home/appuser
# Comando di default - container in attesa per testing
CMD ["sh", "-c", "sleep 3600"]

123
labs/lab-05-database/docker-compose.yml Normal file
View File

@@ -0,0 +1,123 @@
# Lab 05: Database & RDS - Docker Compose Configuration
# Simula RDS in VPC privata usando PostgreSQL in Docker private network
version: "3.8"
services:
# Application Server - per testare connessione al database
app:
image: nginx:alpine
container_name: lab05-app
hostname: app
deploy:
resources:
limits:
cpus: '1'
memory: 1G
networks:
vpc-public:
ipv4_address: 10.0.1.10
vpc-private:
ipv4_address: 10.0.2.10
ports:
- "127.0.0.1:8080:80"
depends_on:
db:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
interval: 10s
timeout: 5s
retries: 3
# PostgreSQL Database - simula RDS in VPC privata
db:
image: postgres:16-alpine
container_name: lab05-db
hostname: db
environment:
POSTGRES_DB: lab05_db
POSTGRES_USER: lab05_user
POSTGRES_PASSWORD: lab05_password
POSTGRES_INITDB_ARGS: "-E UTF8"
deploy:
resources:
limits:
cpus: '2'
memory: 4G
networks:
vpc-private:
ipv4_address: 10.0.2.20
# NESSUNA PORTA ESPOSTA - completamente privato (INF-02)
# RDS in VPC privata non è accessibile dall'host
volumes:
- db-data:/var/lib/postgresql/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U lab05_user -d lab05_db || exit 1"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
# Test Container - per verificare isolamento
test-public:
image: alpine:3.19
container_name: lab05-test-public
hostname: test-public
command: ["sh", "-c", "sleep 3600"]
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
networks:
vpc-public:
ipv4_address: 10.0.1.30
restart: unless-stopped
# Networks simula VPC con subnet pubbliche/private
networks:
# Public Subnet - simula subnet con accesso internet
vpc-public:
name: lab05-vpc-public
driver: bridge
ipam:
driver: default
config:
- subnet: 10.0.1.0/24
gateway: 10.0.1.1
# Private Subnet - isolata, simula subnet privata VPC
vpc-private:
name: lab05-vpc-private
driver: bridge
internal: true # Isola da internet (simula private subnet)
ipam:
driver: default
config:
- subnet: 10.0.2.0/24
gateway: 10.0.2.1
# Persistent Volumes
volumes:
db-data:
driver: local