docker - ghdrako/doc_snipets GitHub Wiki
In Docker, there are two sets of commands: the old and the new.
-
The old or the legacy set is only two levels. The first level is docker, and the second one is the subcommand, as
docker pull <image name>
. -
The new and standard one is three levels. The first level is docker, the second is the object, and the third is the subcommand. Images, containers, networks, nodes, and volumes are examples of Docker objects. In this case, the command to pull an image is
docker image pull <image name>
docker --version
docker version # more info
docker info # more more info where is root directory and default registry
docker images
docker images -q # quite display only id images
docker history <image> # lista polecen z Dockerfile ktore utworzyly image
docker history --format "{{.ID}} {{.CreatedBy}} {{.Size}}" ansible
docker rmi -f $(docker images -a -q) # usuniecie wszystkich obrazow
docker search python
docker search --filter is-official=true python
docker search --help
wget -q https://registry.hub.docker.com/v1/repositories/debian/tags -O - | sed -e 's/[][]//g' -e 's/"//g' -e 's/ //g' | tr '}' '\n' | awk -F: '{print $3}'
-
-p <container_port>
: Publishes the container port to the unused host port -
-p (--publish-all)
: Publishes all ports exposed by the container to the unused host ports -
-p 8080:80
Map TCP port 80 in the container to port 8080 on the Docker host. -
-p 192.168.1.100:8080:80
Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.100. -
-p 8080:80/udp
Map UDP port 80 in the container to port 8080 on the Docker host. -
-p 8080:80/tcp -p 8080:80/udp
Map TCP port 80 in the container to TCP port 8080 on the Docker host, and map UDP port 80 in the container to UDP port 8080 on the Docker host.
The EXPOSE instruction only informs users which ports they should publish (in dockerfile)
$ docker port <container> # show port number assigment
Repo/Host | oper | Client |
---|---|---|
image | --- docker pull ---> | image |
- IMAGE ID: Every image can have several tags but will have one unique 64–hex digit ID. The Docker engine autogenerates it. In the default display, Docker will show the first 12 digits only. To display all the 64 digits, type this at the shell: docker image ls --no-trunc.
docker image pull alpine
docker image ls
docker image rm alpine
docker image rm -f $(docker image ls -q) # remove all images you have localy
-
docker run
- create and run container -
docker create
- create only container
Options:
-
-i
starts an interactive session -
-t
emulates a tty -
-d
detach and run in the background/demonize -
--rm
remove continer after exit -
--name <name>
container name Combination implication: - When the ENTRYPOINT is bash or sh
docker run -d ubuntu:14.04
will immediately stop, cause bash can't find any pseudo terminal to be allocated. You have to specify -itdocker run -dit ubuntu:14.04
so that bash or sh can be allocated to a pseudo terminal. - If you want to use nano or vim with any container in the future, you have to specify -it when the image starts. Otherwise you'll get error.
Client | oper | Client |
---|---|---|
image | --- docker run ---> | container |
- CONTAINER ID: The unique ID that the engine autogenerated.
docker container run alpine echo "hello my first container"
docker container run alpine --name myfirstcontainer
docker container rm d99b153cf127
docker container rm xenodochial_stonebraker
docker container rm -f (docker container ls -aq) # remove all container you have on host
pull->build->run
escape sequence: Ctrl+P and then Ctrl+Q - exit the interactive mode but keep the container running in detached mode in the background without exiting it
docker build -f Dockerfile1 -t api:v1 .
```
```
docker container run -d -it --name test1 ubuntu /bin/bash # -d option - to run the container in the background as daemon or detached mode
docker run -i -t ubuntu:20.04 /bin/bash # Run a container and connect it to its command line
docker run -d -t ubuntu:20.04 # run container in background but not attach console to it
docker run -itd -p 9090:8080 api:v1
docker run -itd --rm -p 9090:8080 api:v1 # -rm remove continer after exit
docker run -itd --rm --name <container_name> -p 9090:8080 api:v1 # -name <container_name> assign name - by defaut random name
docker run -d --name container-name alpine watch "date >> /var/log/date.log" #
```
```
docker exec -it <container hash/name> sh # start in container another process - in examle comman line sh
docker exec -it <container hash/name> /bin/bash # wystartowanie i uruchomienie powloki w kontenerze -t otwarcie teminala -i interaktywne wprowadzanie polecen
docker exec container-name tail /var/log/date.log # running no interactive command on container
docker exec --workdir /tmp container-name pwd # Running Commands in an Alternate Directory in a Docker Container
docker exec --user guest container-name whoami # Running Commands as a Different User in a Docker Container
docker exec -e TEST=sammy container-name env # Passing Environment Variables into a Docker Container
docker exec -e TEST=sammy -e ENVIRONMENT=prod container-name env
docker exec --env-file .env container-name env
```
```
docker attach <container hash/name> # attach to container pocess
CTRL-p CTRL-q # detach from container and leave it running
```
```
docker run <image> python -c 'print("Hello")'
docker run --restart=always redis # restart policy of always so that if the container exits, Docker will restart it.
curl -k http://localhost:9090/encode?input=test
docker container run -d -it --name test1 ubuntu /bin/bash
docker container ls
docker container attach test1
$> apt-get update
$> apt-get install curl
$> exit
docker container commit test1 testimage # create image from modified container
docker image ls
- Write the Dockerfile
Dockerfile:
FROM ubuntu:latest
RUN apt-get update && apt-get install curl -y
- Build the Dockerfile
docker image build -t testimagedockerfile .
docker image ls
docker container run -it testimagedockerfile
$> which curl
$> exit
If you build the image without specifying a tag to it by using docker image build .
, the image will be an unnamed image, which is called a dangled
image. you can later name it by using docker image tag <image ID> <image name>
. to remove all the dangled images, use docker image prune
.
To push your images successfully, they must contain your username at Docker
Hub We need to rename your image using the docker image tag testimagedockerfile <your username>/testimagedockerfile
docker image tag testimagedockerfile <DH user>/testimagedockerfile
docker image ls
docker login
docker image push <DH user>/testimagedockerfile
docker rename <container id> ansible # zmiana
docker inspect
docker inspect | jq keys
docker inspect | jq .[0] | jq keys
docker inspect ansible| jq .[0].ResolvConfPath
-q | --quite |show only id container -l | | last -f | | filter -a | | all
docker rm $(docker ps -a -l -q -f status=exited) # usun ostatni wylaczony kontener
name=python # kontenery o nazwie python
ancestor=python # kontenery pochodace od image python
docker rm $(docker ps -a -q --filter before=$(docker ps -a -l --format {{.Name}})) # usun wszystkie poza ostatnim
docker ps -a to to samo co docker container ls -a
-f # force
docker rmi -f $(docker images -q) # remove all images
$ docker rm $(docker ps -a -q -f status=exited)
$ docker rm -f <container_name> # remove a container even if it run (uses SIGKILL)
$ docker volume create data
$ docker run --name test123 -v data:/data -d busybox ping google.com
$ docker attach --detach_keys="ctrl-a" test123
```
#### inspect
* --format option
* --filter option
```
docker image ls --filter dangling=true # filter the dangled images only
```
```
docker image inspect –format='{{.Architecture}} {{.Os}}' <image-id> # get the architecture and operating system an image
docker inspect $(docker ps -a -q --filter ancestor=busybox) |jq .[0].NetworkSettings.IPAddress # show container ip
docker inspect -f '{{.NetworkSettings.IPAddress}}' $(docker ps -a -q --filter ancestor=busybox)
pid =$(docker inspect -f '{{.State.Pid}} <contener>)
strace -p $(pgrep -P $pid)
#aby bylo mozliwe sledzenie wywolan systemowych kontenera z hosta, kontener musi byc urchomiony z opcja --pid=host
docker inspect -f {{.nazwa}} <kontener> # wyswietlic okreslone pole
Docker przechowuje strumien standardowego wyjscia i bledow w plikach json /var/lib/docker//_json.log
docker logs [OPTIONS] CONTAINER
docker logs 7d6ac83a89a0
docker logs -f 7d6ac83a89a0 # continue streaming the new output from the container’s
docker logs -t 7d6ac83a89a0 # show timestamps
docker logs -n 10 -n 7d6ac83a89a0 # Number of lines to show from the end of the logs
# docker logs = docker container logs
docker container logs --since 2020-03-28T15:52:00 nginx-test
docker top nginx-test
docker stats nginx-test
Endpoint /containers/<id kontenera>/stats # dostarcza dane statystyczne o działajacym kontenerze
docker run --name running -d busybox /bin/sh -c 'while true; do echo hello && sleep 1; done'
docker stats running
docker container run -d --name nginx-test --cpu-shares 512 --memory 128M -p 8080:80 nginx
docker container update --cpu-shares 512 --memory 128M nginx-test # modify to running container
docker run -it --memory="1g" -cpus="1.0" ubuntu # run ubuntu container set limit memory 1GB and acces to 1 CPU
for i in {1..5}; do docker container run -d --name nginx$(printf "$i") nginx; done
docker container run -it --name test ubuntu /bin/bash # -it interactive terminal to interact with the container and run
commands inside it
docker container ls # list running containers
docker container ls -a # list all container , exited too
docker container pause nginx1
docker container unpause nginx1
docker container stop nginx2 # terminate container status=exited
docker container stop -t 60 nginx3 # send SIGTERM wait 60s send SIGKILL
docker container start nginx2 # resume terminated container
docker container restart nginx2 # combine two command stop and start Jest opcja -t 60
docker container kill nginx5 # send SIGKILL
docker container rm nginx4 # remove specific container
docker container create --name nginx-test -p 8080:80 nginx # prepare container but not start
docker container port nginx-test # display port maping in container
docker container diff nginx-test # lista plikow zmienianych(C, dodanych(A)
docker export <id contenera> > /home/docker/myimage.tar # nie jest zapisywana historia warstw i to odchudza kontener
docker export <id contenera> | docer import slim_container
docker system prune # clean all unused objects in one go
docker system prune --volumes # clean all unused objects in one go include the volumes
The system prune command will remove the following:
- All dangling images (by default): Image layers not referenced by any container image.
- All unused images (using the --all argument): Images not referenced by any container (running or stopped in our system).
- All stopped containers (by default): By default, all stopped containers will be removed (those with an exited status). This will remove the containers’ layers.
- All unused volumes (using --volumes): Volumes are not used by any container.
- All unused networks (by default): Networks with no containers attached.
- All dangling cache layers (by default): All layers that are not referenced in any build process.
For each category of objects, we can execute these pruning processes:
docker container prune
docker image prune
docker buildx prune
docker network prune
All pruning options can be filtered using the appropriate --filter argument. These are some of the most common filters:
-
until
: We use a timestamp argument to only remove containers that were created before a date. -
label
: This will help us filter which objects from a category will only be removed. Multiple labels can be used, separated by commas. Labels can be filtered by their existence or absence and we can use keys and values for fine-grained selections.
By default, the Docker daemon will use the json-file
logging driver, but we can change this
behavior in Docker’s daemon.json
file. This driver uses more disk space than others and that’s
why it is recommended to use the local logging driver for local development. We can use our host’s
system logs in Linux environments by configuring syslog or journald drivers, but if we need
to send our containers logs to an external application, we will probably use gelf (a commonly used
standard) or splunk drivers, although there are also some drivers specific for cloud environments.
Example
{
"log-driver": "json-file",
"log-opts": {
"max-size": "20m",
"max-file": "10",
}
}
If an environment variable is defined both in the Dockerfile and as a flag, then the flag takes precedence.
hello.py:
import os
print "Hello World from %s !" % os.environ['NAME']
docker build -t hello_world_python_name .
docker run -e NAME=Rafal hello_world_python_name
Dockerfile
...
ENV NAME Rafal
...
cat /home/docker/myimage.tar | docker import - <image name>
Zapisywanie zmian w kontenerze jako obraz
docker commit <id-contenera> <image-name>
URI {adres rejestru}/{przestrzen nazw}/{nazwa repozytorium}:{tag}