Try Documentalist,
my app that offers fast, offline access to 190+ programmer API docs.
Cheatsheet: https://github.com/wsargent/docker-cheat-sheet
docker commands
run
docker run --rm -it --name=name -p <host>:<container> -v <host>:<container> <image> <cmd>
Options:
—rm
: delete when finished running-it
: interactive and allocate tty (needed when running interactive commands like bash)-d
: run in background-p
: expose port inside container to host e.g.-p 3333:80
exposes port 80 inside the container as port 3333 in the host-v
: mount a host directory inside the container e.g.-v $(pwd)/..:/opt/script:ro
ro
stands for read-only; can also berw
for read-write
--privileged=true
: run as root
Notes:
—rm
and-it
are often used to run ad-hoc commands-d
is used for running long-lived containers (e.g. a database). those can be stopped withdocker stop <container>
start
docker start ${containerId}
: start a container that exited/is stopped
stop
docker stop ${containerId}
: stops a container
exec
docker exec -it <container> /bin/bash
-t
: allocate tty (needed for interactive programs like bash)-i
: interactive mode
images
docker images
: list images
-a
: include intermediary containers
build
docker build
: build an image from Dockerfile description
-f
: name of docker file (Dockerfile by default)-t
: tag with ${repository}:${tag}, ${tag} is optional
ps
docker ps
: list containers
-a
: list exited containers
rm
docker rm ${containerId}
: remove a container
rmi
docker rmi ${image}
: remove an image
inspect
docker inspect ${containerId}
: list info about a container as json
docker concepts
image
- is built from description in Dockerfile, e.g.:
docker build -t ${imageTag} -f Dockerfile .
- if specified by name and not present locally, will be downloaded from docker store e.g.
docker run ubuntu:18:04
will download ubuntu image from https://store.docker.com/images/ubuntu - list local images:
docker images
- delete with
docker rmi ${imageTag}
- delete untagged (likely stale) images:
docker rmi $(docker images | grep none | awk '{print $3}')
interesting images
- golang:1.4.2 : for building go programs, https://store.docker.com/images/golang
- ubuntu:16:04
- debian:latest
- buildpack-deps :https://store.docker.com/images/buildpack-deps
container
- an image that is running
multi-stage builds for smaller images
Basically a single docker file can have stages, first stage builds the thing, second stage copies only needed files to a fresh image. Available since 17.05.0 (currently requires beta channel on Mac)
# build stage
FROM golang:alpine AS build-env
ADD . /src
RUN cd /src && go build -o goapp
# final stage
FROM alpine
WORKDIR /app
COPY --from=build-env /src/goapp /app/
EXPOSE 80
ENTRYPOINT ./goapp
Example multi-stage docker for Go program that uses cgo: https://github.com/h2non/imaginary/blob/master/Dockerfile
smallest image for Go (scratch)
https://github.com/OpenBazaar/openbazaar-go/blob/98c9ac8ff6ad4b84674134398e890d3dc8912bb6/Dockerfile is an example of using 2 stage to build in golang image and run in scratch image
networking
articles
https://www.wezm.net/technical/2019/02/alpine-linux-docker-infrastructure/ : an example of using docker-compose to run multiple things
https://fn.lc/post/docker-scratch/ : Running Untrusted Code in a Secure Docker Container from Scratch
delete untagged images
docker rmi $(docker images | grep none | awk '{print $3}')
remove stopped containers
docker rm $(docker ps -a | awk '{print $1}')
tips
- https://github.com/docker-slim/docker-slim : tool to take a docker image and drastically reduce its size
- To keep docker running if desired process goes into background, add
&& tail -f /dev/null
. That will keep container alive - my docker store account: kjksf, https://store.docker.com/profiles/kjksf/content
allowing 2 containers to communicate i.e. networking
Scenario: container-2 needs to talk to a port exposed by container-1
Version 1:
- container-1: expose its port to host with
-p ${port}:${port}
- container-2:
docker run --network="host"
which shares - http://www.dasblinkenlichten.com/docker-networking-101-host-mode/
Version 2:
- container-1: expose the port with
--expose ${port}
- container-2:
docker run --link="container-1"
. This adds/etc/hosts
entry forcontainer-1
with the right ip address so that container-2 can usecontainer1:${port}
as ip address
Version 3:
- container-1:
docker run --expose ${port} --net-alias="container-1"
. This exposes container ip under namecontainer-1
in the network so container-2 can use it. Only valid in