🪴 Adithya Jayasankar

Search

SearchSearch

Docker

Jan 12, 20256 min read

f:: CLI

Install

sudo su
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
rm get-docker.sh
# Executing docker install script, commit: 0221adedb4bcde0f3d18bddda023544fc56c29d1
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
+ sh -c curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" | gpg --dearmor --yes -o /usr/share/keyrings/docker-archive-keyring.gpg
+ sh -c chmod a+r /usr/share/keyrings/docker-archive-keyring.gpg
+ sh -c echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu focal stable" > /etc/apt/sources.list.d/docker.list
+ sh -c apt-get update -qq >/dev/null
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends docker-ce docker-ce-cli docker-compose-plugin docker-scan-plugin >/dev/null
+ version_gte 20.10
+ [ -z  ]
+ return 0
+ sh -c DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras >/dev/null
+ sh -c docker version
Client: Docker Engine - Community
 Version:           20.10.15
 API version:       1.41
 Go version:        go1.17.9
 Git commit:        fd82621
 Built:             Thu May  5 13:19:23 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true
 
Server: Docker Engine - Community
 Engine:
  Version:          20.10.15
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.9
  Git commit:       4433bf6
  Built:            Thu May  5 13:17:28 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.4
  GitCommit:        212e8b6fa2f44b9c21b2798135fc6fb7c53efc16
 runc:
  Version:          1.1.1
  GitCommit:        v1.1.1-0-g52de29d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 
================================================================================
 
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
 
    dockerd-rootless-setuptool.sh install
 
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
 
 
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
 
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
         to root access on the host. Refer to the 'Docker daemon attack surface'
         documentation for details: https://docs.docker.com/go/attack-surface/
 
================================================================================

Manage Docker as a non-root user

The Docker daemon binds to a Unix socket, not a TCP port. By default it’s the root user that owns the Unix socket, and other users can only access it using sudo. The Docker daemon always runs as the root user.

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group. On some Linux distributions, the system automatically creates this group when installing Docker Engine using a package manager. In that case, there is no need for you to manually create the group.

sudo usermod -aG docker $USER

Log out and log back in so that your group membership is re-evaluated.

Tagging Docker images the right way

Spoiler alerts: use the commit hash as the image tag

To get the latest commit of your repository

git log -1 --pretty=%H
Link to original

Container

A standardized unit of software

Standard: Docker created the industry standard for containers, so they could be portable anywhere

Lightweight: Containers share the machine’s OS system kernel and therefore do not require an OS per application, driving higher server efficiencies and reducing server and licensing costs

Secure: Applications are safer in containers and Docker provides the strongest default isolation capabilities in the industry

Comparing Containers and Virtual Machines

Containers

  • An abstraction at the app layer that packages code and dependencies together.
  • Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.
  • Containers take up less space than VMs (container images are typically tens of MBs in size).

Virtual Machines (VMs)

  • An abstraction of physical hardware turning one server into many servers.
  • The hypervisor allows multiple VMs to run on a single machine.
  • Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs.
  • VMs can also be slow to boot.

Containers and VMs used together provide a great deal of flexibility in deploying and managing apps

Docker terminology

Layera set of read-only files to provision the system
Imagea read-only layer that is the base of your container. Might have a parent image
Taga label to identify different versions of the same image
Containera runnable instance of the image
Registry / Hubcentral place where images live
Dockerfilea text file that contains instructions for how to build a Docker image
Docker Machinea VM to run Docker containers (Linux does this natively)
Docker Composea utility to run multiple containers as a system
Orchestratora tool that simplifies management of clusters and Docker hosts (Docker Swarm)

Build

Build an image from the Dockerfile in the current directory and tag the image

docker build -t myapp:1.0 .

Run a command in the container

docker exec -it myapp:1.0 command.sh

Save a running container as an image

docker commit -m "commit message" -a "author" container_name myapp:1.0

List all images that are locally stored with the Docker engine

docker images

Delete an image from the local image store

docker rmi alpine:3.4

Ship

Pull an image from a registry

docker pull alpine:3.4

Retag a local image with a new image name and tag

docker tag alpine:3.4 myrepo/myalpine:3.4

Log in to a registry (the Docker Hub by default)

docker login my.registry.com:8000

Push an image to a registry

docker push myrepo/myalpine:3.4

Run

docker run
ArgumentDescription
—rmremove container automatically after it exits
-itconnect the container to terminal
—name webname the container
-p 5000:80expose port 5000 externally and map to port 80
-v ~/dev:/codecreate a host mapped volume inside the container
alpine:3.4the image from which the container is instantiated
/bin/shthe command to run inside the container

Stop a running container through SIGTERM

docker stop web

Stop a running container through SIGKILL

docker kill web

Create an overlay network and specify a subnet

docker network create --subnet 10.1.0.0/24 --gateway 10.1.0.1 -d overlay mynet

List the networks

docker network ls

List the running containers

docker ps

Delete all running and stopped containers

docker rm -f $(docker ps -aq)

Create a new bash process inside the container and connect it to the terminal

docker exec -it web bash

Print the last 100 lines of a container’s logs

docker logs --tail 100 web

Orchestrate

  • Swarm: a Docker-native clustering system

Initialize swarm mode and listen on a specific interface

docker swarm init --advertise-addr 10.1.0.2

Join an existing swarm as a manager node

docker swarm join --token <manager-token> 10.1.0.2:2377

List the nodes participating in a swarm

docker node ls

Create a service from an image exposed on a specific port and deploy 3 instances

docker service create --replicas 3 -p 80:80 --name web nginx

List the services running in a swarm

docker service ls

Scale a service

docker service scale web=5

List the tasks of a service

docker service ps web

Docker Compose

Define and run multi-container applications with Docker

  1. Define your app’s environment with a Dockerfile so it can be reproduced anywhere.
  2. Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment.
  3. Run docker-compose up and Compose will start and run your entire app.

docker-compose.yml

version: '3'
services:
  web:
    build: .
    ports:
    - "5000:5000"
    volumes:
    - .:/code
    - logvolume01:/var/log
    links:
    - redis
  redis:
    image: redis
volumes:
  logvolume01: {}
docker-compose up

Graph View

Backlinks