Docker - ghdrako/doc_snipets GitHub Wiki

Docker

In Docker, there are two sets of commands: the old and the new.

  • The old or the legacy set is only two levels. The first level is docker, and the second one is the subcommand, as docker pull <image name>.
  • The new and standard one is three levels. The first level is docker, the second is the object, and the third is the subcommand. Images, containers, networks, nodes, and volumes are examples of Docker objects. In this case, the command to pull an image is docker image pull <image name>

Info

docker --version
docker version  # more info
docker info     # more more info where is root directory and default registry

Images

docker images
docker images -q # quite display only id images
docker history <image> # lista polecen z Dockerfile ktore utworzyly image
docker history --format "{{.ID}} {{.CreatedBy}} {{.Size}}" ansible
docker rmi -f $(docker images -a -q)  # usuniecie wszystkich obrazow

Images search

docker search python
docker search --filter is-official=true python
docker search --help
wget -q https://registry.hub.docker.com/v1/repositories/debian/tags -O -  | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n'  | awk -F: '{print $3}'

Port

  • -p <container_port>: Publishes the container port to the unused host port
  • -p (--publish-all): Publishes all ports exposed by the container to the unused host ports
  • -p 8080:80 Map TCP port 80 in the container to port 8080 on the Docker host.
  • -p 192.168.1.100:8080:80 Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.100.
  • -p 8080:80/udp Map UDP port 80 in the container to port 8080 on the Docker host.
  • -p 8080:80/tcp -p 8080:80/udp Map TCP port 80 in the container to TCP port 8080 on the Docker host, and map UDP port 80 in the container to UDP port 8080 on the Docker host.

The EXPOSE instruction only informs users which ports they should publish (in dockerfile)

$ docker port <container>  # show port number assigment

Docker Flow

Pulling an Image

Repo/Host oper Client
image --- docker pull ---> image
  • IMAGE ID: Every image can have several tags but will have one unique 64–hex digit ID. The Docker engine autogenerates it. In the default display, Docker will show the first 12 digits only. To display all the 64 digits, type this at the shell: docker image ls --no-trunc.
docker image pull alpine
docker image ls
docker image rm alpine
docker image rm -f $(docker image ls -q) # remove all images you have localy

Crafting a Container

  • docker run - create and run container
  • docker create - create only container

Options:

  • -i starts an interactive session
  • -t emulates a tty
  • -d detach and run in the background/demonize
  • --rm remove continer after exit
  • --name <name> container name Combination implication:
  • When the ENTRYPOINT is bash or sh docker run -d ubuntu:14.04 will immediately stop, cause bash can't find any pseudo terminal to be allocated. You have to specify -it docker run -dit ubuntu:14.04 so that bash or sh can be allocated to a pseudo terminal.
  • If you want to use nano or vim with any container in the future, you have to specify -it when the image starts. Otherwise you'll get error.
Client oper Client
image --- docker run ---> container
  • CONTAINER ID: The unique ID that the engine autogenerated.
docker container run alpine echo "hello my first container"
docker container run alpine --name myfirstcontainer
docker container rm d99b153cf127
docker container rm xenodochial_stonebraker
docker container rm -f (docker container ls -aq) # remove all container you have on host

pull->build->run

escape sequence: Ctrl+P and then Ctrl+Q - exit the interactive mode but keep the container running in detached mode in the background without exiting it

docker build -f Dockerfile1 -t api:v1 .
```
```
docker container run -d -it --name test1 ubuntu /bin/bash #  -d option - to run the container in the background as daemon or detached mode
docker run -i -t ubuntu:20.04 /bin/bash  # Run a container and connect it to its command line
docker run -d -t ubuntu:20.04  # run container in background but not attach console to it
docker run -itd -p 9090:8080 api:v1
docker run -itd --rm -p 9090:8080 api:v1  # -rm remove continer after exit
docker run -itd --rm --name <container_name> -p 9090:8080 api:v1  # -name <container_name> assign name - by defaut random name 
docker run -d --name container-name alpine watch "date >> /var/log/date.log" #
```
```
docker exec -it <container hash/name> sh   # start in container another process - in examle comman line sh
docker exec -it <container hash/name> /bin/bash # wystartowanie i uruchomienie powloki w kontenerze -t otwarcie teminala -i interaktywne wprowadzanie polecen
docker exec container-name tail /var/log/date.log  # running no interactive command on container
docker exec --workdir /tmp container-name pwd # Running Commands in an Alternate Directory in a Docker Container
docker exec --user guest container-name whoami # Running Commands as a Different User in a Docker Container
docker exec -e TEST=sammy container-name env # Passing Environment Variables into a Docker Container
docker exec -e TEST=sammy -e ENVIRONMENT=prod container-name env
docker exec --env-file .env container-name env
```
```
docker attach <container hash/name> # attach to container pocess
CTRL-p CTRL-q #  detach from container and leave it running
```
```
docker run <image> python -c 'print("Hello")'
docker run --restart=always redis #  restart policy of always so that if the container exits, Docker will restart it.

curl -k http://localhost:9090/encode?input=test

Crafting image - manual

docker container run -d -it --name test1 ubuntu /bin/bash
docker container ls
docker container attach test1
$> apt-get update
$> apt-get install curl
$> exit
docker container commit test1 testimage # create image from modified container
docker image ls

Crafting image by Dockerfile

  • Write the Dockerfile
Dockerfile:
FROM ubuntu:latest
RUN apt-get update && apt-get install curl -y
  • Build the Dockerfile
docker image build -t testimagedockerfile .
docker image ls
docker container run -it testimagedockerfile
$> which curl
$> exit

If you build the image without specifying a tag to it by using docker image build ., the image will be an unnamed image, which is called a dangled image. you can later name it by using docker image tag <image ID> <image name>. to remove all the dangled images, use docker image prune.

Push Your Images

To push your images successfully, they must contain your username at Docker Hub We need to rename your image using the docker image tag testimagedockerfile <your username>/testimagedockerfile

docker image tag testimagedockerfile <DH user>/testimagedockerfile
docker image ls
docker login
docker image push <DH user>/testimagedockerfile


docker rename <container id> ansible  # zmiana 
docker inspect
docker inspect | jq keys
docker inspect | jq .[0] | jq keys
docker inspect ansible| jq .[0].ResolvConfPath

Filtering

-q | --quite |show only id container -l | | last -f | | filter -a | | all

docker rm $(docker ps -a -l -q -f status=exited) # usun ostatni wylaczony kontener
                                name=python       # kontenery o nazwie python
                                ancestor=python   # kontenery pochodace od image python

docker rm $(docker ps -a -q --filter before=$(docker ps -a -l --format {{.Name}})) # usun wszystkie poza ostatnim

docker ps -a  to to samo co docker container ls -a

Force

-f  # force
docker rmi -f $(docker images -q)  # remove all images

$ docker rm  $(docker ps -a -q -f status=exited)

$ docker rm -f <container_name> # remove a container even if it run (uses SIGKILL)

$ docker volume create data
$ docker run --name test123 -v data:/data -d busybox  ping google.com
$ docker attach --detach_keys="ctrl-a"  test123
```
#### inspect
* --format option
* --filter option
```
docker image ls --filter dangling=true #  filter the dangled images only
```

```
docker image inspect –format='{{.Architecture}} {{.Os}}' <image-id> #  get the architecture and operating system an image
docker inspect $(docker ps -a -q --filter ancestor=busybox) |jq .[0].NetworkSettings.IPAddress # show container ip
docker inspect -f '{{.NetworkSettings.IPAddress}}' $(docker ps -a -q --filter ancestor=busybox)
pid =$(docker inspect -f '{{.State.Pid}} <contener>)
strace -p $(pgrep -P $pid)
#aby bylo mozliwe sledzenie wywolan systemowych kontenera z hosta, kontener musi byc urchomiony z opcja --pid=host

docker inspect -f {{.nazwa}} <kontener>  # wyswietlic okreslone pole

Monitoring

Docker przechowuje strumien standardowego wyjscia i bledow w plikach json /var/lib/docker//_json.log

docker logs [OPTIONS] CONTAINER
docker logs 7d6ac83a89a0
docker logs -f 7d6ac83a89a0 # continue streaming the new output from the container’s 
docker logs -t 7d6ac83a89a0 # show timestamps
docker logs -n 10 -n 7d6ac83a89a0 # Number of lines to show from the end of the logs
# docker logs = docker container logs 
docker container logs --since 2020-03-28T15:52:00 nginx-test

docker top nginx-test
docker stats nginx-test

Endpoint /containers/<id kontenera>/stats # dostarcza dane statystyczne o działajacym kontenerze
docker run --name running -d busybox /bin/sh -c 'while true; do echo hello && sleep 1; done'
docker stats running

Resource limitation

docker container run -d --name nginx-test --cpu-shares 512 --memory 128M -p 8080:80 nginx
docker container update --cpu-shares 512 --memory 128M nginx-test  # modify to running container
docker run -it --memory="1g" -cpus="1.0" ubuntu # run ubuntu container set limit memory 1GB and acces to 1 CPU

Container Lifecycle

for i in {1..5}; do docker container run -d --name nginx$(printf "$i") nginx; done

docker container run -it --name test ubuntu /bin/bash  # -it  interactive terminal to interact with the container and run
commands inside it

docker container ls # list running containers
docker container ls -a # list all container , exited too


docker container pause nginx1
docker container unpause nginx1

docker container stop nginx2  # terminate container status=exited
docker container stop -t 60 nginx3 # send SIGTERM wait 60s send SIGKILL
docker container start nginx2 # resume terminated container
docker container restart nginx2 # combine two command stop and start Jest opcja  -t 60 
docker container kill nginx5 # send SIGKILL

docker container rm nginx4 # remove specific container

docker container create --name nginx-test -p 8080:80 nginx # prepare container but not start
docker container port nginx-test # display port maping in container

docker container diff nginx-test # lista plikow zmienianych(C, dodanych(A)

docker export <id contenera> > /home/docker/myimage.tar   # nie jest zapisywana historia warstw i to odchudza kontener
docker export <id contenera> | docer import slim_container

Pruning

docker system prune #  clean all unused objects in one go
docker system prune  --volumes #  clean all unused objects in one go include the volumes

The system prune command will remove the following:

  • All dangling images (by default): Image layers not referenced by any container image.
  • All unused images (using the --all argument): Images not referenced by any container (running or stopped in our system).
  • All stopped containers (by default): By default, all stopped containers will be removed (those with an exited status). This will remove the containers’ layers.
  • All unused volumes (using --volumes): Volumes are not used by any container.
  • All unused networks (by default): Networks with no containers attached.
  • All dangling cache layers (by default): All layers that are not referenced in any build process.

For each category of objects, we can execute these pruning processes:

docker container prune
docker image prune
docker buildx prune
docker network prune

All pruning options can be filtered using the appropriate --filter argument. These are some of the most common filters:

  • until: We use a timestamp argument to only remove containers that were created before a date.
  • label: This will help us filter which objects from a category will only be removed. Multiple labels can be used, separated by commas. Labels can be filtered by their existence or absence and we can use keys and values for fine-grained selections.

Configuring container runtime logging

By default, the Docker daemon will use the json-file logging driver, but we can change this behavior in Docker’s daemon.json file. This driver uses more disk space than others and that’s why it is recommended to use the local logging driver for local development. We can use our host’s system logs in Linux environments by configuring syslog or journald drivers, but if we need to send our containers logs to an external application, we will probably use gelf (a commonly used standard) or splunk drivers, although there are also some drivers specific for cloud environments.

Example

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "20m",
    "max-file": "10",
  }
}

Enviroment variable

If an environment variable is defined both in the Dockerfile and as a flag, then the flag takes precedence.

hello.py:
import os
print "Hello World from %s !" % os.environ['NAME']

docker build -t hello_world_python_name .

docker run -e NAME=Rafal hello_world_python_name

Dockerfile
...
ENV NAME Rafal
...

Warstwy - AUFS limit 42 warstwy

obraz

cat /home/docker/myimage.tar | docker import - <image name>

Zapisywanie zmian w kontenerze jako obraz

docker commit <id-contenera> <image-name>

URI {adres rejestru}/{przestrzen nazw}/{nazwa repozytorium}:{tag}

⚠️ **GitHub.com Fallback** ⚠️