Docker

Home / Tools and services / Docker edit

Try Documentalist, my app that offers fast, offline access to 190+ programmer API docs.

Cheatsheet: https://github.com/wsargent/docker-cheat-sheet

docker commands

run

docker run --rm -it --name=name -p <host>:<container> -v <host>:<container> <image> <cmd>

Options:

—rm : delete when finished running
-it : interactive and allocate tty (needed when running interactive commands like bash)
-d : run in background
-p : expose port inside container to host e.g. -p 3333:80 exposes port 80 inside the container as port 3333 in the host
-v : mount a host directory inside the container e.g. -v $(pwd)/..:/opt/script:ro
- ro stands for read-only; can also be rw for read-write
--privileged=true : run as root

Notes:

—rm and -it are often used to run ad-hoc commands
-d is used for running long-lived containers (e.g. a database). those can be stopped with docker stop <container>

start

docker start ${containerId} : start a container that exited/is stopped

stop

docker stop ${containerId} : stops a container

exec

docker exec -it <container> /bin/bash

-t : allocate tty (needed for interactive programs like bash)
-i : interactive mode

images

docker images : list images

-a : include intermediary containers

build

docker build : build an image from Dockerfile description

-f : name of docker file (Dockerfile by default)
-t : tag with ${repository}:${tag}, ${tag} is optional

docker ps : list containers

-a : list exited containers

docker rm ${containerId} : remove a container

rmi

docker rmi ${image} : remove an image

inspect

docker inspect ${containerId} : list info about a container as json

docker concepts

image

is built from description in Dockerfile, e.g.: docker build -t ${imageTag} -f Dockerfile .
if specified by name and not present locally, will be downloaded from docker store e.g. docker run ubuntu:18:04 will download ubuntu image from https://store.docker.com/images/ubuntu
list local images: docker images
delete with docker rmi ${imageTag}
delete untagged (likely stale) images: docker rmi $(docker images | grep none | awk '{print $3}')

interesting images

golang:1.4.2 : for building go programs, https://store.docker.com/images/golang
ubuntu:16:04
debian:latest
buildpack-deps :https://store.docker.com/images/buildpack-deps

container

an image that is running

multi-stage builds for smaller images

https://medium.com/travis-on-docker/multi-stage-docker-builds-for-creating-tiny-go-images-e0e1867efe5a

Basically a single docker file can have stages, first stage builds the thing, second stage copies only needed files to a fresh image. Available since 17.05.0 (currently requires beta channel on Mac)

# build stage
FROM golang:alpine AS build-env
ADD . /src
RUN cd /src && go build -o goapp

# final stage
FROM alpine
WORKDIR /app
COPY --from=build-env /src/goapp /app/
EXPOSE 80
ENTRYPOINT ./goapp

http://pliutau.com/multi-stage-dockerfile-for-golang-application/

Example multi-stage docker for Go program that uses cgo: https://github.com/h2non/imaginary/blob/master/Dockerfile

smallest image for Go (scratch)

https://github.com/OpenBazaar/openbazaar-go/blob/98c9ac8ff6ad4b84674134398e890d3dc8912bb6/Dockerfile is an example of using 2 stage to build in golang image and run in scratch image

https://ops.tips/blog/dockerfile-golang/

https://weberc2.bitbucket.io/posts/golang-docker-scratch-app.html

networking

https://scene-si.org/2016/03/12/networking-basics-with-docker/

https://codability.in/docker-networking-explained/

articles

https://www.wezm.net/technical/2019/02/alpine-linux-docker-infrastructure/ : an example of using docker-compose to run multiple things

https://fn.lc/post/docker-scratch/ : Running Untrusted Code in a Secure Docker Container from Scratch

http://hakunin.com/docker-in-dev

http://jonathan.bergknoff.com/journal/building-better-docker-images

https://advancedweb.hu/2018/07/03/supervisor_docker/

https://formapi.io/blog/posts/fast-docker-builds-for-rails-and-webpack/

https://medium.com/lucjuggery/running-a-container-with-a-non-root-user-e35830d1f42a

delete untagged images

docker rmi $(docker images | grep none | awk '{print $3}')

remove stopped containers

docker rm $(docker ps -a | awk '{print $1}')

tips

https://github.com/docker-slim/docker-slim : tool to take a docker image and drastically reduce its size
To keep docker running if desired process goes into background, add && tail -f /dev/null. That will keep container alive
my docker store account: kjksf, https://store.docker.com/profiles/kjksf/content

allowing 2 containers to communicate i.e. networking

Scenario: container-2 needs to talk to a port exposed by container-1

Version 1:

container-1: expose its port to host with -p ${port}:${port}
container-2: docker run --network="host" which shares
http://www.dasblinkenlichten.com/docker-networking-101-host-mode/

Version 2:

container-1: expose the port with --expose ${port}
container-2: docker run --link="container-1" . This adds /etc/hosts entry for container-1 with the right ip address so that container-2 can use container1:${port} as ip address

Version 3:

container-1: docker run --expose ${port} --net-alias="container-1". This exposes container ip under name container-1 in the network so container-2 can use it. Only valid in

Written on Sep 11 2016.

home

Found a mistake, have a comment? Let me know.