What is Docker?
Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries, and configuration files; they can communicate with each other through well-defined channels.
Install Docker on Linux
sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io
Check installed Docker Version
docker version
Docker command line Structure
- Old command line structure(still works)
docker <command> options
- New command line Structure
docker <command> <sub-command> options
Docker Image vs Docker Container
- Image is the binaries, source code, libraries that make up the application we want to run.
- The container is an instance of that image running as a process.
- You can Have many containers of the same image.
- Docker’s default image “Registry” is called Docker Hub (hub.docker.com).
NOTE: We will be using the Nginx web server.
Starting Nginx Server on Docker
docker container run --publish 80:80 –detach nginx #Runs container in the background & gives unique id. docker container run --publish 80:80 nginx #Download image ‘nginx’ from docker hub #Started new container from that image #Open port 80 on host Ip #Route the traffic to the container ip,port 80 docker container run --publish 80:80 --name myhost nginx #We given name to docker container
Docker Container Commands
docker container logs <name of container> #It will shows logs of container docker container ls #List all containers, shows default containers docker container ls -a #List all containers, shows all containers docker container stop <id> #Stop container by proving unique id to command docker container logs <id> #Shows logs of container. docker container top #Shows processes within container docker container rm <id1>...<idn> #Remove containers. Use -f if required. docker container top #Process list in 1 container docker container stats #Performer status of all container. #No SSH needed for containers: Cocker CLI is great substitute for adding ssh to container. Docker container run -t # -t pseudo -tty : simulates a real terminal, line what ssh does. # -i interactive : keep session open to receive terminal input #bash shell: # if run with -it, it will give you terminal inside the running container. docker container start -ai ubantu #Start container in bash shell. docker container exec #Run additional process in running container. #See the shell inside running container. docker pull <image name> #Load latest image in docker docker image ls #List all images in docker
What happens in the ‘docker container run’ command
- look for the image in the image cache
- If it doesn’t find anything on cache then looks in the remote image repository(defaults to docker hub)
- Downloads the latest version (ngnc: latest version by default)
- Create a new container based on that image &prepares to start.
- And, gives them virtual IP on a private network in docker engine
- open port 80 on host & forwards to port 80 in containers.
- Starts container by using CMD in the image docker file.
Docker Inspect
shows metadata in JSON about container(startup,config,volumes,networking)
docker inspect #Old way to inspect docker container inspect <id>
Docker Network CLI Management
docker network ls #Show network docker network inspect #Inspect a network docker network create –driver #Create a network, Spawns a new virtual n/w for you to attach container to. docker network connect #Attach a network to container docker network disconnect #Detach a network from container
- – – bridge
- Default docker virtual network which is NAT’ed behind the host IP
- – – network host
- It gains a network by skipping virtual network but sacrifices security of container model
- – – network none
- Removes eth0 and only leaves you with localhost interface in container
- network driver
- built-in or 3rd party extension that gives you virtual n/w features
Docker Network: Default Security
- Create your app so the frontend/backend sits on the same docker network
- There is intercommunication never leaves the host
- All externally exposed ports are closed by default
- You must manually expose port vai -p, which is better default security
- This gets even better with Swarm and overlay network
What’s in a docker image (And What isn’t)
- Application binary & dependencies
- Metadata about the image data & how to run the image.
- Official definition :
- An image is an ordered collection of root filesystem changes & the corresponding execution parameters for use within a container runtime.
- Not complete os. No Kernel, no kernel modules(e.g. drivers)(host has kernel)
- Small as 1 file like a golang static binary
- big as ubuntu distro with apt, and apache, PHP, and more install
docker history <image name> #Shows us the container stack changes.
- Images are made up of file system changes and metadata
- each layer is uniquely identified & stored once on the host
- this saves storage space on the host & transfer time on pull/push
- A container is just a single read/write layer on top of the image.
- Official Repositories
- They live at the “root namespace” of the registry, so they don’t need an account name in front of the repo name.
- “latest” tag
- It’s just a default tag, but the image owners should assign it to the newest stable version
- package manager
- PM’s like apt & yum is one of the reasons to build containers from Debian, ubuntu, fedora, or centos
- Env. Variable
- one reason they were chosen as the preferred way to inject key/value is they work everywhere, on every os & config
- Build docker image
docker image build -t <tagname> . #(dot means build file in this folder)
-
- when changes are least keep it at the top of the docker file else at the bottom.
FROM node:6-alpine EXPOSE 3000 RUN apk add --update tini RUN mkdir -p /usr/src/app WORKDIR /usr/src/app COPY package.json package.json RUN npm install && npm cache clean --force COPY . . CMD [ "/sbin/tini", "--", "node", "./bin/www" ]
Docker system and image commands
Docker system df #Disk space usage Docker image purne #Clean up dangling image Docker image purne -a #Remove all images Docker system prune #Cleans up everything
Container lifetime & Persistent data
- The container is usually immutable & ephemeral
- “immutable infrastructure”: only re-deploy container, never change
- this is the ideal scenario, but what about databases or unique data.
- Docker gives us features to ensure these “Separation of concerns”
- this is known as “persistent data”
- Two ways: Volumes and bind mounts
- Volumes: Make special location outside of container UFS
- Bind Mounts: link container path to host path
- Persistent Data: Volumes
- Command: docker -rm -ls -purne
- Named Volumes’
- friendly ways to assign vols to container
- docker container run -d –name mysql -e MSQL_ALLOW_EMPTY_PASSWORD=true -v mysql-db:/var/lib/mysql mysql-v naming volume
- Volume need manual removal
- docker volume rm purne
- Volumes can be reused for database configuration for projects.
- Volumes can be created ahead of time.
- Docker Volume create
- Command: docker volume create
- required to use this before “docker run” to use custom drivers & labels
- Persistent Data: Bind Mounting
- Maps a host file or directory to a container file or directory
- Basically, 2 locations pointing to the same files.
- Again, Skips UFS, and host files overwrite any in the container.
- Can’t use in Dockerfile, must be at container run.
- … run -v /user/RG:/path/container (MAC/Linux)
- … run -v //user/RG:/path/container (windows)
- Command : docker container run -d –name nginx -p 80:80 -v $(pwd):/usr/share/nginx/html nginx
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
order lasuna for sale – buy lasuna tablets where can i buy himcolin
buy besivance without prescription – buy sildamax pills for sale oral sildamax
purchase gabapentin – buy neurontin 800mg online cheap buy sulfasalazine pills
probalan price – generic etodolac 600mg tegretol 400mg brand
buy colospa without a prescription – order etoricoxib pill cilostazol 100 mg over the counter
buy cheap celecoxib – indocin tablet indomethacin 50mg without prescription
order generic voltaren 100mg – buy generic aspirin for sale buy aspirin pills for sale
purchase rumalaya generic – buy shallaki medication buy endep 10mg generic
pyridostigmine 60 mg usa – sumatriptan 25mg drug azathioprine pills
buy generic voveran online – generic diclofenac order nimotop for sale
buy baclofen without a prescription – order lioresal purchase feldene for sale
buy meloxicam online cheap – order rizatriptan generic order toradol 10mg online cheap
order cyproheptadine 4mg for sale – buy generic tizanidine buy zanaflex pill
buy cheap artane – cheap trihexyphenidyl generic buy diclofenac gel online cheap
accutane pill – dapsone 100 mg pill buy deltasone
buy omnicef 300mg generic – order omnicef 300mg generic clindamycin drug
purchase prednisone sale – zovirax drug buy zovirax cheap
acticin price – buy permethrin cream for sale brand tretinoin cream