Docker
docker run hello-world
1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (only when image not found locally) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. docker run -it alpine sh alpine is very light linux kernel
ENTRYPOINT
Allow you execute scripts upon docker starts, it does not add image layer. Default ENTRYPOINT: /bin/sh -c ENV variables let you configure it. COPY docker-entrypoint.sh / RUN chmod +x /docker-entrypoint.sh ENTRYPOINT["/docker-entrypoint.sh"] Last line of entry point script is: exec "$@" means after execute the entry point script, it would then execute the rest of the argument in the line as a single command.
Dockerfile - LABEL
Attach metadata to docker image that you may retrieve later on. bunch of name-value pairs, define multiple LABELs separate by space(s) to avoid extra layers of image. LABEL name="whoever" \ version="1.0"
Dockerfile
Blueprint or recipe book for creating docker image. Dockerfile has build steps for your application Always put the part does less change at the top of the docker file, such as dependencies, once docker detect step is changed, then it would rebuild the rest of the steps
Docker CE
CE (Community Edition) has everything you need, is production ready. Edge - release every month Stable - release every 3 months
dangling images
Dangling images are images which do not have a tag pointing to them , and do not have a child image. They may have had a tag pointing to them before and that tag later changed. Or they may have never had a tag (e.g. the output of a docker build without including the tag option). These are typically safe to remove as long as no containers are still running that reference the old image id. The main reason to keep them around is for build caching purposes.
ENTRYPOINT Use Cases
Database migration Modify nginx config
Docker Daemon
Docker daemon is the docker server, only running on Linux It expose REST API docker CLI talks to docker daemon
Billing Plan
Docker is free for using public repositories, but allow only 1 private repository on free-tier. http://hob.docker.com/billing-plans/
Docker EE
EE(Enterprise Edition) add following: Certified images and plugins Docker DataCenter Vulnerability scans on docker image. Official support
.env
Environment Variable set up to be used by docker compose
Dockerfile - FROM
FROM python:27-alpine base image name and version tag
Dockerfile - CMD
Last step of the Dockerfile. Run command when docker image is started
Container
Protected resources to isolating a process from all resources except where explicitly allowed. Think of containers as isolated processes You may launch many containers from one single image. Containers are immutable, any changes you made while it is running will be lost when it stops
Dockerfile - COPY
RUN mkdir /app WORKDIR /app COPY . . This will copy everything in the folder contents Dockerfile (include sub-folder) into docker image /app
Dockerfile - RUN
Run command in image linux when image is build
Docker vs VM
VM isolate systems Docker isolate applications
Docker Volume Advantages
Volumes are easier to back up or migrate than bind mounts. You can manage volumes using Docker CLI commands or the Docker API. Volumes work on both Linux and Windows containers. Volumes can be more safely shared among multiple containers. Volume drivers allow you to store volumes on remote hosts or cloud providers, to encrypt the contents of volumes, or to add other functionality. A new volume's contents can be pre-populated by a container.
Docker Volume
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers. While bind mounts are dependent on the directory structure of the host machine, volumes are completely managed by Docker. Dockers that share the volume must be running on the same host.
Docker Image
a bundled snapshot of all the files that should be available to a program running inside a container.
Docker
a command-line program, a background daemon, and a set of remote services that take a logistical approach to solving common software problems and simplifying your experience installing, running, publishing, and removing software. It accomplishes this using a UNIX technology called containers.
Docker image commands
cd to the directory contains Dockerfile docker image --help docker image build -t image-tag-name . docker image inspect image-tag-name image-tag-name could be xxx:1.0 with version 1.0 docker image ls docker image rm image-tag-name
Management Commands
checkpoint Manage checkpoints config Manage Docker configs container Manage containers image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker volume Manage volumes
Detached Container
container running in background, without being attached to any input or output stream. use flag --detach or -d, container would run as daemon docker run --detach --name web nginx:latest docker run -d --name mailer
Docker debug
docker container exec -it container-id bash --user "$(id -u):$(id - g)" login user user name and group name
Clean up
docker container ls docker system df docker system info docker image ls docker system prune docker system prune -a remove all unused images docker container stop $(docker container ls -a -q) stops all containers
Docker container commands
docker container run -it -p 5000:8000 -it enables interaction with docker container, should always have it -p publish a container's port(s) to the host, separated by :, first port is bind port on docker host, second port is bind port within the docker container -e for environment variables using by CMD --rm remove container when it is stoped --name container name -d container running in detach mode(background) --restart on-failure restart container when it failed, cannot use with "--rm" -v $PWD:/app mount current dir to container /app --net network-name (default is bridge) --volumes-from volume-name docker container ls docker container ls -a list stopped containers too docker container rm first-4-char-of-container-id docker container logs first-4-char-of-container-id docker container logs -f first-4-char-of-container-id like unix tail -f, running in foreground. docker container stop container-id
Start Language Environment
docker container run -it -rm --name pythonplaygroud pyth:2.7-alpine python
Remove Docker images
docker image rm -f 4402 just first 4 char of image ID
Upload docker to Docker Hub
docker image tag image-tag-name docker-hub-user-name/repo-name:latest docker image ls docker image push docker-hub-user-name/repo-name:latest
Change docker image tag name
docker image tag old-tag-name new-tag-name docker image rm old-tag-name
Docker login
docker login name password ls -al ~/.docker
Docker network commands
docker network ls bridge is docker default network docker network inspect bridge docker network create --driver bridge network-name
Docker pull
docker pull docker-hub-user-name/repo-name:latest
Interactive Container
docker run --interactive --tty \ --link web:web \ --name web_test \ busybox:latest /bin/sh --interactive(-i): keep the standard input stream (stdin) open for the container even if no terminal is attached. --tty(-t): allocate a virtual terminal for the container, which will allow you to pass signals to the container.
Docker volume command
docker volume create volume-name docker volume inspect volume-name
Docker Compose
docker-compose.yml docker-compose build docker-compose pull docker-compose up docker-compose up --build -d do all above three commands together and run in daemon mode docker-compose stop
docker pull
for official images(library is the name space for official dockers), no name space needed docker pull python docker pull library/python docker pull docker.io/library/python are the same for public image, need namespace docker pull mydocker/docker1
Docker Hub
https://hub.docker.com Official Repositories Public Repositories (you may get 1 private repository for free) a public docker registry provided by Docker Inc. A place to store docker images Tags tab contains information about image vulnerabilities. docker pull ...
Docker Store
https://store.docker.com It is next generation of Docker Hub Official image Paid trusted images Keep track on paid content(images)
.dockerignore
works similar to git .ignore file, example content: .dockerignore .git/ .foo/* **/*.swp **/*.txt !special.txt
