Posted on: July 22, 2021 Posted by: rahulgite Comments: 20

What is Docker?

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries, and configuration files; they can communicate with each other through well-defined channels.

Install Docker on Linux

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

Check installed Docker Version

docker version

Docker command line Structure

  • Old command line structure(still works)
docker <command> options
  • New command line Structure
docker <command> <sub-command> options

Docker Image vs Docker Container

  • Image is the binaries, source code, libraries that make up the application we want to run.
  • The container is an instance of that image running as a process.
  • You can Have many containers of the same image.
  • Docker’s default image “Registry” is called Docker Hub (hub.docker.com).

NOTE: We will be using the Nginx web server.

Starting Nginx Server on Docker

docker container run --publish 80:80 –detach nginx
#Runs container in the background & gives unique id.

docker container run --publish 80:80 nginx
#Download image ‘nginx’ from docker hub
#Started new container from that image
#Open port 80 on host Ip
#Route the traffic to the container ip,port 80

docker container run --publish 80:80 --name myhost nginx
#We given name to docker container

Docker Container Commands

docker container logs <name of container>
#It will shows logs of container

docker container ls 
#List all containers, shows default containers 

docker container ls -a 
#List all containers, shows all containers 

docker container stop <id> 
#Stop container by proving unique id to command 

docker container logs <id> 
#Shows logs of container. 

docker container top 
#Shows processes within container 

docker container rm <id1>...<idn> 
#Remove containers. Use -f if required.

docker container top 
#Process list in 1 container

docker container stats
#Performer status of all container.
#No SSH needed for containers: Cocker CLI is great substitute for adding ssh to container.

Docker container run -t
# -t pseudo -tty : simulates a real terminal, line what ssh does.
# -i interactive : keep session open to receive terminal input
#bash shell:
#        if run with -it, it will give you terminal inside the running container.

docker container start -ai ubantu
#Start container in bash shell.

docker container exec
#Run additional process in running container.
#See the shell inside running container.

docker pull <image name>
#Load latest image in docker

docker image ls
#List all images in docker

 

What happens in the ‘docker container run’ command

  1. look for the image in the image cache
  2. If it doesn’t find anything on cache then looks in the remote image repository(defaults to docker hub)
  3. Downloads the latest version (ngnc: latest version by default)
  4. Create a new container based on that image &prepares to start.
  5. And, gives them virtual IP on a private network in docker engine
  6. open port 80 on host & forwards to port 80 in containers.
  7. Starts container by using CMD in the image docker file.

Docker Inspect

shows metadata in JSON about container(startup,config,volumes,networking)

docker inspect
#Old way to inspect 

docker container inspect <id>	

Docker Network CLI Management

docker network ls
#Show network

docker network inspect
#Inspect a network

docker network create –driver
#Create a network, Spawns a new virtual n/w for you to attach container to.

docker network connect
#Attach a network to container

docker network disconnect
#Detach a network from container
  • – – bridge
    • Default docker virtual network which is NAT’ed behind the host IP
  • – – network host
    • It gains a network by skipping virtual network but sacrifices security of container model
  • – – network none
    • Removes eth0 and only leaves you with localhost interface in container
  • network driver
    • built-in or 3rd party extension that gives you virtual n/w features

Docker Network: Default Security

  • Create your app so the frontend/backend sits on the same docker network
  • There is intercommunication never leaves the host
  • All externally exposed ports are closed by default
  • You must manually expose port vai -p, which is better default security
  • This gets even better with Swarm and overlay network

 

What’s in a docker image (And What isn’t)

  • Application binary & dependencies
  • Metadata about the image data & how to run the image.
  • Official definition :
    • An image is an ordered collection of root filesystem changes & the corresponding execution parameters for use within a container runtime.
  • Not complete os. No Kernel, no kernel modules(e.g. drivers)(host has kernel)
  • Small as 1 file like a golang static binary
  • big as ubuntu distro with apt, and apache, PHP, and more install
docker history <image name>
#Shows us the container stack changes.
  • Images are made up of file system changes and metadata
  • each layer is uniquely identified & stored once on the host
  • this saves storage space on the host & transfer time on pull/push
  • A container is just a single read/write layer on top of the image.
  • Official Repositories
    • They live at the “root namespace” of the registry, so they don’t need an account name in front of the repo name.
  • “latest” tag
    • It’s just a default tag, but the image owners should assign it to the newest stable version
  • package manager
    • PM’s like apt & yum is one of the reasons to build containers from Debian, ubuntu, fedora, or centos
  • Env. Variable
    • one reason they were chosen as the preferred way to inject key/value is they work everywhere, on every os & config
  • Build docker image
docker image build -t <tagname> .
#(dot means build file in this folder)
    • when changes are least keep it at the top of the docker file else at the bottom.
FROM node:6-alpine
EXPOSE 3000

RUN apk add --update tini
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

COPY package.json package.json
RUN npm install && npm cache clean --force
COPY . .
CMD [ "/sbin/tini", "--", "node", "./bin/www" ]

Docker system and image commands

Docker system df
#Disk space usage

Docker image purne
#Clean up dangling image

Docker image purne -a
#Remove all images
    
Docker system prune
#Cleans up everything

Container lifetime & Persistent data

  • The container is usually immutable & ephemeral
  • “immutable infrastructure”: only re-deploy container, never change
  • this is the ideal scenario, but what about databases or unique data.
  • Docker gives us features to ensure these “Separation of concerns”
  • this is known as “persistent data”
  • Two ways: Volumes and bind mounts
  • Volumes: Make special location outside of container UFS
  • Bind Mounts: link container path to host path
  • Persistent Data: Volumes
  • Command: docker -rm -ls -purne
  • Named Volumes’
  • friendly ways to assign vols to container
  • docker container run -d –name mysql -e MSQL_ALLOW_EMPTY_PASSWORD=true -v mysql-db:/var/lib/mysql mysql-v naming volume
  • Volume need manual removal
  • docker volume rm purne
  • Volumes can be reused for database configuration for projects.
  • Volumes can be created ahead of time.
  • Docker Volume create
  • Command: docker volume create
    • required to use this before “docker run” to use custom drivers & labels
  • Persistent Data: Bind Mounting
    • Maps a host file or directory to a container file or directory
    • Basically, 2 locations pointing to the same files.
    • Again, Skips UFS, and host files overwrite any in the container.
    • Can’t use in Dockerfile, must be at container run.
    • … run -v /user/RG:/path/container (MAC/Linux)
    • … run -v //user/RG:/path/container (windows)
    • Command : docker container run -d –name nginx -p 80:80 -v $(pwd):/usr/share/nginx/html nginx

 

 

Loading

20 People reacted on this

Leave a Comment