Skip to main content
Yixian Wang
  1. Notes/

Docker

·8 mins·
Table of Contents

1. –help
# 

docker --help anything

2. install
# 

brew install docker --cask
docker run --rm hello-world

3. Create a docker container: long version
#

3.1 container
# 

docker container create ###
docker container create hello-world:linux # Does not start containers

3.2 list container we have created
# 

docker ps
docker ps --all

3.3 start container
# 

docker container start DockerID

3.4 log
#

3.4.1 Approach 1
# 

docker logs *** # with first three characters of DockerID

3.4.2 Approach 2: even if the container already started
# 

docker container start --attach ***

4. Create a docker container: short version
# 

docker run hello-world:linux

docker run = docker container create + docker container start + docker container attach

4.1 use ps to get IDs for containers started with the docker run
# 

docker ps --all

4.2 also can use log
# 

docker logs *** # with first three characters of DockerID

5. Create a Docker Container from Dockerfiles
#

5.1 Exercies Files > 03_05
# 

vim Dockerfile

5.1.1 FROM
#

Tells Docker which existing Docker image to base your Docker image off. This can be any existing image, either local or from the internet. By default, Docker will try to get this image from Docker Hub if it’s not already on your machine.

5.1.2 LABEL
#

Some images will contain a label adding additional data like the maintainer of this image.

5.1.3 USER
#

Tells Docker which user to use for any Docker file commands underneath it.

By default, Docker will use the root user to execute commands. Since most security teams do not like this, the USER keyword is useful in changing a user that your app runs as to one that is less powerful, like “nobody” for example USER nobody.

5.1.4 COPY
#

Copies files from a directory provided to the Docker build command to the container image. The directory provided to Docker build is called context. The context is usually your working directory, but it does not have to be.

5.1.5 RUN
#

Run statements are commands that customize our image. This is a great place to install additional software, or configure files needed by your application.

5.1.6 USER
#

Uses USER nobody to set the default users for containers created from this image to the powerless nobody user. This ensure that we cannot break out of the container, and potentialy change important files on our host.

5.1.7 ENTRYPOINT
#

Tells Docker what command containers created from this image should run. We can also use the CMD command to do this, though there are differences. CMD command can be used as well

5.2 Exercies Files > 03_05
#

5.2.1 turn Dockerfile into a Docker image, and start our container from it
# 

docker build --help
5.2.1.1 -t, –tag list
#

Just like containers, every Docker image has an ID. This option associates a convenient name with that ID. This way, we don’t have to remember the image ID whenever we use it.

docker build -t our-first-image
5.2.1.2 -f, –file string
#

Dockerfile looks for a file called Dockerfile by default. Since this is what our dockerfile is actually called, we don’t need to change anything. However, if our dockerfile were called something else, we need to provide -f, --file options as well.

docker build -t our-first-image --file app.Dockerfile
5.2.1.3 after providing options, we need to tell docker where its context is
#

context is simply the folder containing files that docker will include in our image. Since the ENTRYPOINT is in your working directory already, we can simply put a period here.

docker build -t our-first-image .

If we were located in another folder, like say path/to/app

docker build -t our-first-image /path/to/app
5.2.1.4 after image has been sucessfully built and tagged, we are ready to run a container from that image
# 
docker run our-first-image

5.3 Exercies Files > 03_06
#

We can also run containers that do not immediately exit after ENTRYPOINT command, like servers for example

5.3.1 server.Dockerfile
#

5.3.2 COPY
#

Copying a file called server.bash instead of entrypoint.bash

5.3.3 build and start a container
# 

docker build --file server.Dockerfile --tag our-first-server .

5.3.4 stop the container
# 

docker run our-first-server # not prefered
docker ps
docker kill ****

5.3.5 create a container from the image
#

Create and starts the container, but doesn’t attach my terminal to it.

docker run -d our-server # run in background
docker ps # to prove our docker is running

5.3.6 run additional commands
#

Use docker exec to run additional commands from this container. This can be helpful while troubleshooting problems or testing images created by your application’s Dockerfile. e.g. use date command to get the time from this container

docker exec *** date

5.3.7 docker terminal
# 

docker exec --interactive --tty *** bash

6. Stop and removing the container
# 

docker stop ID # quit
docker stop ID -t 0 # force quit
docker rm ID
docker ps -aq # only show IDs
docker ps -aq | xargs docker rm

7. Remove images
# 

docker images # list all images
docker rmi tagname1 tagname2 ...

8. Binding ports to our container
#

8.1 Exercise Files > 03_08
#

8.1.1 build image from dockerfile
# 

docker build -t our-web-server -f web-server.Dockerfile .

8.1.2 start a container with docker run and background it with -d
# 

docker run -d our-web-server
8.1.2.1 name container
# 
docker run -d --name our-web-server our-web-server

8.1.3 logs with name of container
# 

docker logs our-web-server

it doens’t work then we need to stop and remove the container at the same time

8.1.4 stop and remove container at the same time, with the name of container
# 

docker rm -f our-web-server

8.1.5 map some ports
# 

                                   outside : inside
docker run -d --name our-web-server -p 5001:5000 our-web-server

9. Saving data from containers
#

9.1 Exercise Files > 03_08
#

9.1.1 trivial example
# 

docker run --rm --entrypoint sh ubuntu -c "echo 'Hello there.' > /tmp/file && cat /tmp/file"

9.1.2 map folder(or map file, !!!file must be exist) with -v, –volume
# 

docker run --rm --entrypoint sh -v /tmp/container:/tmp ubuntu -c "echo 'Hello there.' > /tmp/file && cat /tmp/file"

10. Docker Hub
#

10.1 Exercise Files > 03_08
#

10.2 log in to Docker Hub form Docker CLI
# 

docker login

10.3 pushing our-web-server into Docker Hub
#

  • Tell docker that this image is going to be pushed into a registry: We need to rename the image, so that it contains our username.

docker tag renames docker images

docker tag our-web-server mrtutu/our-web-server:0.0.1
docker push mrtutu/our-web-server:0.0.1

11. Challenge & Solution: NGINX
#

Exercise Files > 03_14_before

  • Start an instance of NGINX in Docker with the included website
  • Name the container “website”
  • Website should be accessible at http://localhost:8080
  • Ensure that the container is removed when done
  • Map “$PWD/website” to “/user/share/nginx/html” if you volume mount
  • Hve fun!
docker run --name website -v "$PWD/website:/usr/share/nginx/html" -p 8080:80 --rm nginx
docker ps -a

12. Create more containers
#

  1. remove images
docker rmi tagname1 tagname2 ...
  1. remove useless
docker system prune

13. Make container faster
# 

docker run --name=alpine --entrypoint=sleep -d alpine infinity
# docker stats ID(or name of the container)
docker stats alpine

# Solve it, alpine here is also the name of the container
docker exec -i -t alpine sh

13.1 Docker top
#

  • shows what’s running inside of the container without having to exec into it
docker exec -d alpine sleep infinity
docker exec -d alpine sleep infinity
docker exec -d alpine sleep infinity

13.2 Docker inspect
#

  • show you advanced information about a container that’s running in JSON format
docker inspect alpine | less

14. Challenge & Solution: Fix broken container
#

Exercise File > 04_03_before

  • Fix the dockerfile and script provided

  • you will see the notice of application complete when the container is working properly.

  • Hint1: use the -it flag when runing our container

  • Hint2: use docker ps and docker rm in another terminal if ours hangs.

14.1 Solution:
# 

docker build -t app .
  • Then change xeniall to xenial then it can build
docker build -t app .
docker run -it --name=app_container app
  • when the container is running we run
docker stats app_container # we will see cpu is high
docker top app_contianer # we will see there is timeout and yes
  • This means we need to modify the app that’s used by this dockerfile and rebuild this image
docker build -t app .
docker run -it --name=app_container app
docker rm app_container
docker run -it --name=app_container app

15. Best Practice
#

  1. Use: verifeid image or image scanner(Clair, Trivy, Dagda)
  2. Avoid latest: use v1.0.1
  3. Use non-root users: –user flag: docker run --rm --it --user somebody-else suspect-image:v1.0.1

16. Docker Compose
#

  • Docker Compose makes starting and connecting multiple containers as easy as docker-compose up
  • Docker Compose Doc

17. Kubernetes
#

It’s a popular container orchestrator capable of managing very large numbers of containers.

  • Kubernetes uses a distributed architecture to run and connect hundreds of thousands of containers with minimal hardware.
  • Kubernetes also makes grouping, scaling, and connecting containers with the outside world really easy.
  • Load balancing and securing container traffic to/from the outside world are much easier with Kubernetes.
  • The Kubernetes ecosystem makes it possible to build your own developer experience.