The Docker daemon binds to a Unix socket, not a TCP port. By default it’s the root user that owns the Unix socket, and other users can only access it using sudo. The Docker daemon always runs as the root user.
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group. On some Linux distributions, the system automatically creates this group when installing Docker Engine using a package manager. In that case, there is no need for you to manually create the group.
sudo usermod -aG docker $USER
Log out and log back in so that your group membership is re-evaluated.
Standard: Docker created the industry standard for containers, so they could be portable anywhere
Lightweight: Containers share the machine’s OS system kernel and therefore do not require an OS per application, driving higher server efficiencies and reducing server and licensing costs
Secure: Applications are safer in containers and Docker provides the strongest default isolation capabilities in the industry
Comparing Containers and Virtual Machines
Containers
An abstraction at the app layer that packages code and dependencies together.
Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.
Containers take up less space than VMs (container images are typically tens of MBs in size).
Virtual Machines (VMs)
An abstraction of physical hardware turning one server into many servers.
The hypervisor allows multiple VMs to run on a single machine.
Each VM includes a full copy of an operating system, the application, necessary binaries and libraries - taking up tens of GBs.
VMs can also be slow to boot.
Containers and VMs used together provide a great deal of flexibility in deploying and managing apps
Docker terminology
Layer
a set of read-only files to provision the system
Image
a read-only layer that is the base of your container. Might have a parent image
Tag
a label to identify different versions of the same image
Container
a runnable instance of the image
Registry / Hub
central place where images live
Dockerfile
a text file that contains instructions for how to build a Docker image
Docker Machine
a VM to run Docker containers (Linux does this natively)
Docker Compose
a utility to run multiple containers as a system
Orchestrator
a tool that simplifies management of clusters and Docker hosts (Docker Swarm)
Build
Build an image from the Dockerfile in the current directory and tag the image
docker build -t myapp:1.0 .
Run a command in the container
docker exec -it myapp:1.0 command.sh
Save a running container as an image
docker commit -m "commit message" -a "author" container_name myapp:1.0
List all images that are locally stored with the Docker engine
docker images
Delete an image from the local image store
docker rmi alpine:3.4
Ship
Pull an image from a registry
docker pull alpine:3.4
Retag a local image with a new image name and tag
docker tag alpine:3.4 myrepo/myalpine:3.4
Log in to a registry (the Docker Hub by default)
docker login my.registry.com:8000
Push an image to a registry
docker push myrepo/myalpine:3.4
Run
docker run
Argument
Description
—rm
remove container automatically after it exits
-it
connect the container to terminal
—name web
name the container
-p 5000:80
expose port 5000 externally and map to port 80
-v ~/dev:/code
create a host mapped volume inside the container
alpine:3.4
the image from which the container is instantiated