Docker - Core Skills

!!!!!!!!!

Which container is using the most resources ( CPU, Mem, IO, Disk ) How much is each container using?

!!!!!!

Excluding these sections:

Export / Import / Save / Load
Docker Hub / Registry
Overlay networks
Swarms

Docker Install

Ubuntu / Debian

Docker IO ( Debian/Ubuntu, older ):



apt update
apt install docker.io
docker -v
apt install docker-compose
docker-compose -v

Docker CE (official, newer):



sudo apt update
sudo apt install apt-transport-https ca-certificates curl gnupg
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin

Post install:



sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker ${USER}

RHEL / Fedora

Fedora install with DNF:



sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest \
                  docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine

sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

RHEL install with YUM:



sudo yum remove docker docker-client docker-client-latest docker-common docker-latest \
                  docker-latest-logrotate docker-logrotate docker-engine podman runc
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Basic commands



docker run -d ubuntu                            # start detatched
docker run -tid ubuntu                          # detatched, STDIN open, allocate pseudo-TTY
docker run -tid --name smelly-hippo ubuntu	    # name a container



docker ps	    show running containers
docker ps -a	show all containers



docker inspect smelly-hippo       inspect container
docker stats                      resourse stats for all containers
docker stats smelly-hippo         resource stats for one container
docker top smelly-hippo           shows processes in a container
docker logs smelly-hippo	                  container logs
docker events	                  watch events in real time
docker port smelly-hippo          shows public facing port of container
docker diff smelly-hippo          show changes to a container's file syste



docker attach test1
docker exec -it test1 /bin/bash



docker start smelly-hippo    start
docker stop smelly-hippo    stop
docker kill smelly-hippo	sends SIGKILL, faster than stop

docker rm smelly-hippo
docker rm -f smelly-hippo	                force remove
docker container rm -f $(docker ps -aq)    	Remove all containers, running or stopped



docker run -tid -c 512 ubuntu	50% cpu
docker run -tid --cpuset-cpus=0,4,6 ubuntu	use these cpus
docker run -tid -m 300M ubuntu	limit memory
docker create -ti --storage-opt size=120G ubuntu	limit storage, not on aufs



docker run -tid -c 512 ubuntu	50% cpu
docker run -tid --cpuset-cpus=0,4,6 ubuntu	use these cpus
docker run -tid -m 300M ubuntu	limit memory
docker create -ti --storage-opt size=120G ubuntu	limit storage, not on aufs



docker images      show images
docker history ubuntu    show history of image
docker image rm user1/funny-frog         remove image
docker image remove 113a43faa138         remove by id
docker image remove user1/funny-frog     remove image
docker rmi user1/funny-frog              remove image
docker rmi $(docker images -q)          remove all images

Commit container to an image:



docker commit smelly-hippo           no repo name
docker commit smelly-hippo test1     repo name
docker commit smelly-hippo loworbitflux/test1      repo name
docker commit smelly-hippo loworbitflux/test1:my-update    tagged
docker commit smelly-hippo loworbitflux/test1:v1.2.3       tagged

Volumes



docker info | grep -i storage      # check storage driver
docker inspect web                 # look for “Mounts”
docker volume ls                   # show voluems
docker volume create testvol1      # create a volume
docker volume inspect testvol1     # inspect a volume
docker volume ls -f dangling=true  # find dangling ( unused ) volumes
docker volume rm volume1           # remove volume

Running containers with volumes:



docker run -d --name test1 -v /data ubuntu	              # unamed volume mounted on /data
docker run -d --name test2 -v vol1:/data ubuntu	          # named volume
docker run -d --name test3 -v /src/data:/data ubuntu      # bind mount
docker run -d --name test4 -v /src/data:/data:ro ubuntu	  # RO
docker run -d --volumes-from test2 --name test5 ubuntu    # storage can be shared

docker rm -v test1	    # remove container and unnamed volume

Access and sharing parameters:

:ro	for read only
:z	shared all containers can read/write
:Z	private, unshared

/var/lib/docker/overlay2

Defalt volume storage location on Ubuntu Linux

Publish / Expose ports

expose port - set metadata showing this port is used by container ( done in Dockerfile )
publish / bind port - connect host port and container port

Publishing ports:



docker run -d -p 8080:80 nginx        # publish port  HOST_PORT:CONTAINER_PORT
docker run -d -p 80 nginx             # publish to random "ephemeral" host port
docker run -d -p 8000-9000:80 nginx   # publish to range of host ports

docker run -p 8080:80/tcp -p 8080:80/udp  nginx       # UDP and TCP

docker run -P nginx               # publish all exposed ports to ephemeral host ports

docker run -p 127.0.0.1:8080:80	 nginx                # bind to localhost
docker run -p 192.168.3.231:8080:80	 nginx            # specific IP
docker run -p 8080:80/udp  nginx                      # UDP

NOTE - Ports don’t need to be published for inter-container communication on the same network.

Networking



docker network ls                # show networks, bridge is default
docker network inspect bridge    # show network details and connected containers

Create Bridge Network, Specify Subnet and Gateway:



docker network create -d bridge my-network
docker network create -d bridge --subnet 172.25.0.0/16 my-network
docker network create --subnet 203.0.113.0/24 --gateway 203.0.113.254 my-network

Remove network:



docker network rm my-network

Run container, specify network and IP:



docker run -tid --net=my-network --ip=172.25.3.3 --name=test1 ubuntu

Connect container to network:



docker network connect net1 test1
docker network connect net1 test2 --ip 172.25.0.102

Disconnect container from network:



docker network disconnect net1 test1	    # Disconnect container from this network
docker network disconnect -f test1 test2	# Force disconnect

Find container’s IP address:



docker inspect -f '' container1
docker inspect -f '' container1

Dockerize Applications



mkdir mydockerbuild	Create build dir
cd mydockerbuild	cd into build dir
vi Dockerfile	Edit build instructions
docker build -t mydockerimage .	Build the image (note the dot "." )
docker images	Show images
docker run mydockerimage	Run the new image

Most basic docker file:



FROM ubuntu
RUN apt update
RUN apt install nginx -y
CMD ["/usr/sbin/nginx"]

Bigger docker file:



FROM ubuntu                        base image
RUN apt update                     run commands while building
RUN apt install nginx -y           run commands while building, new layer, commits results
WORKDIR ~/                         working dir that CMD is run from
CMD echo Hello World!              main command / default application
ENV SERVER_WORKS 4                 set env variable
EXPOSE 8080	                       expose a port, not published to the host
LABEL version="1.0"                add metadata
USER 751                           UID (or username) to run as
VOLUME ["/my_files"]                   sets up a volume
COPY test relativeDir/                 copies "test" to `WORKDIR`/relativeDir/
COPY test /absoluteDir/                copies "test" to /absoluteDir/
COPY ssh_config /etc/ssh/ssh_config          copy over a vile
COPY --chown=user1:group1 files* /data/           also changes ownership
ADD /dir1 /dir2                            like copy but does more ...

Shell vs Executable form:



CMD         echo test         # shell form, goes through shell, has env vars
CMD ["echo", "test"]          # executable form, executed directly, no env vars ( double quotes, not single )

Use ENTRYPOINT and CMD together:



ENTRYPOINT ["echo", "test one"]    # can't override this
CMD [“test two”]                   # can override this part

CMD

can be overridden
only used when command line args are missing
shell form or executable form

ENTRYPOINT

can’t be ignored or overridden ( with normal args )_
can still override with “–entrypoint”
command line args are appended to entry point as args
shell for or executable form
default entrypoint: “/bin/sh -c”

Docker Compose



docker compose ps              # show
docker compose up              # bring everything up
docker compose up -d           # detatched / background
docker compose stop            # just stops
docker compose down            # stop, remove containers
docker compose down --volumes  # stop, remove containers, remove data volumes
docker compose watch           # watch mode

can build app if Dockerfile is present


compose.yaml

services:
  app:
    image: nginx
    ports:
      - 8080:80



include:
   - infra.yaml
version: '2'
services:
  web:
    ports:
     - "5000:5000"
    volumes:
     - vol1:/data1
     - /opt/data:/deploy/data
     - /opt/data:/deploy/data:ro
    restart: unless-stopped
    environment:
      - TEST=1000
  redis:
    image: "redis:alpine"



version: '2'
services:
  web:
    build: .
    volumes:
     - .:/code
    develop:
      watch:
        - action: sync
          path: .
          target: /code