Thursday, February 6, 2025

Docker and key Concepts


Double-click on the image to zoom-out ...Larger.

To return to Home page: Refresh Page or Take ESC Button on Keyboard

 Key Concepts 

Docker image Commands 

Docker provides several commands to manage images effectively. Here are the most commonly used Docker image commands:

1. Building Images

  • docker build -t <image_name>:<tag> .
    • Builds an image from a Dockerfile in the current directory (.).
    • Example:
      docker build -t myapp:latest .

2. Listing Images

  • docker images
    • Displays a list of locally available images.
    • Example output:
      # nginx

      REPOSITORY  TAG     IMAGE ID       CREATED        SIZE
ubuntu      20.04   d13c942271d6   2 weeks ago    72MB

3. Removing Images

  • docker rmi <image_id>

    • Deletes a specific image by its ID or name.
    • Example:
      docker rmi myapp:latest

  • docker rmi $(docker images -q)

    • Removes all images (use cautiously).

4. Tagging Images

  • docker tag <source_image> <new_image>:<tag>
    • Assigns a new name to an existing image.
    • Example:
      docker tag myapp:latest myrepo/myapp:v1.0

5. Pushing & Pulling Images

  • docker push <image>:<tag>

    • Uploads an image to a registry (e.g., Docker Hub).
    • Example:
      docker push myrepo/myapp:v1.0

  • docker pull <image>:<tag>

    • Downloads an image from a registry.
    • Example:

      docker pull nginx:latest

6. Inspecting Images

  • docker inspect <image>
    • Displays detailed metadata of an image.
    • Example:
      docker inspect myapp:latest

7. Saving & Loading Images

  • docker save -o <file>.tar <image>

    • Saves an image as a .tar file.
    • Example:
      docker save -o myapp.tar myapp:latest

  • docker load -i <file>.tar

    • Loads an image from a .tar file.
    • Example:
      docker load -i myapp.tar

8. Pruning Unused Images

  • docker image prune -a
    • Removes unused and dangling images to free space.
    • Example:
      docker image prune -a -f

Docker is a powerful containerization platform that simplifies application deployment. Here are the key concepts:

1. Containers

  • A container is a lightweight, standalone, and executable package that includes everything needed to run an application: code, runtime, system tools, libraries, and dependencies.
  • Containers isolate applications from the host system, making them portable and consistent across different environments.

 Example:

docker run -d -p 8080:80 twtech-webapp

This runs an Nginx container in detached mode and maps port 8080 (host) → 80 (container).

2. Images

  • A Docker image is a blueprint for containers. It includes the application code, dependencies, and environment settings.
  • Images are immutable (unchangeable after creation).
  • Images are stored in a registry like Docker Hub or private repositories.

 Example:

docker pull twtech-webapp

This downloads the latest devopspatemf2021/twtech:twtech-spring-boot-mongo  image.

3. Dockerfile

  • A Dockerfile is a script with instructions to build an image.

 Example Dockerfile:

# dockerfile

FROM node:18
WORKDIR /app
COPY . .
RUN npm install
CMD ["node", "server.js"]

To build an image from this file:

docker build -t twtecj-springapp .

4. Volumes (Persistent Storage)

  • Volumes allow containers to persist data beyond their lifecycle.
  • Stored in /var/lib/docker/volumes/.

 Example:

docker volume create twtech-data
docker run -d -v twtech-data:/app/data devopspatemf2021/twtech:twtech-spring-boot-mongo

5. Networking

Docker provides networking to allow communication between containers and external systems.

Network TypeDescription
Bridge (default)Isolated network for containers on the same host.
HostUses the host's networking directly.
OverlayUsed in Swarm mode for multi-host networking.
NoneNo networking, completely isolated.

 Example:

docker network create twtech-network
docker run -d --network=twtech-network devopspatemf2021/twtech:twtech-spring-boot-mongo

6. Container Lifecycle

CommandDescription
docker runCreates and starts a container.
docker startStarts an existing container.
docker stopStops a running container.
docker restartRestarts a container.
docker rmRemoves a container.

 Example:

docker run -d --name twtech-springapp devopspatemf2021/twtech:twtech-spring-boot-mongo
docker stop twtech-springapp
docker start twtech-springapp
docker rm twtech-springapp

7. Registries

Docker images are stored in registries, either public or private.

RegistryDescription
Docker HubThe default public registry.
AWS ECR, Azure ACR, Google GCRCloud-based private registries.

 Example: Pushing an image to Docker Hub:
# bash

docker login -u
password xyxyxyxyxxyxy
docker tag twtech-springapp devopspatemf2021/twtech-spring-boot-mongo:v1
docker push devopspatemf2021/twtech-spring-boot-mongo:v1

8. Docker Swarm & Kubernetes

  • Docker Swarm: Native clustering for managing multiple containers.
  • Kubernetes: A powerful orchestration tool for managing large-scale containerized applications.

9. Security Best Practices

 Use official and verified images.
 Avoid running containers as root (USER node).
 Use network segmentation (docker network).
Scan for vulnerabilities (docker scan myapp).
 Keep Docker updated.

twtech-Thoughts:

Images = Blueprints for containers
Containers = Running instances of images
Dockerfile = Automates(instructs) image creation
Docker Compose = Manages multi-container apps
Volumes = Persistent data storage
Networking = Container communication

Docker Commands to access containers.

To access and interact with running Docker containers, use the following commands:

1. List Running Containers

  • docker ps

    • Shows active containers.
    • Example output:
       
      CONTAINER ID   IMAGE            COMMAND       STATUS        PORTS   NAMES
1a2b3c4d5e6f   twt-springapp  "/bin/bash"   Up 10 mins  80/80tcp  twtech-springapp

  • docker ps -a

    • Lists all containers, including stopped ones.
2. Access a Running Container's Shell
  • docker exec -it <container_name_or_id> <command>
    • Runs a command inside a container.
    • Example (start an interactive Bash shell in a container):
      docker exec -it twtech-springapp bash
    • If the container has only sh:
      docker exec -it twtech-springapp sh
3. Attach to a Running Container
  • docker attach <container_name_or_id>
    • Connects your terminal directly to a running container’s output.
    • Example:
      docker attach twtech-springapp
    • Press Ctrl + P, Ctrl + Q to detach without stopping the container.
4. Start a Stopped Container and Access It
  • docker start -ai <container_name_or_id>
    • Starts a stopped container and attaches to it.
    • Example:
      docker start -ai twtech-springapp
5. Copy Files to and from a Container
  • Copy files from host to container:
    docker cp myfile.txt twtech-springapp:/app/
  • Copy files from container to host:
    docker cp twtech-springapp:/app/myfile.txt .
6. Inspect Container Details
  • docker inspect <container_name_or_id>
    • Shows detailed information about a container, including IP address.
    • Example:
      docker inspect twtech-springapp
7. Get Container Logs
  • docker logs <container_name_or_id>
    • Displays logs from a container.
    • Example:
      docker logs twtech-springapp
    • To follow logs in real time:
      docker logs -f twtech-springapp
8. Check Running Processes Inside a Container
  • docker top <container_name_or_id>
    • Lists active processes inside a container.
    • Example:
      docker top twtech-springapp
9. Open a New Shell Session in a Running Container
  • For Bash:
    docker exec -it twtech-springapp bash
  • For SH (if Bash is not available):
    docker exec -it twtech-springapp sh

Check list

Here’s a Docker Checklist to ensure best practices while working with Docker:

Basic Setup & Installation

 Install Docker Engine 
 Verify installation using:

docker --version
docker-compose --version

 Add your user to the Docker group (optional for non-root access):

sudo usermod -aG docker $USER
Dockerfile Best Practices

Start with a minimal base image (alpineubuntu, etc.)
Use multi-stage builds to reduce image size
Always specify a fixed image version when applicable(e.g., nginx:1.21.3, not nginx:latest)
Minimize the number of layers by chaining commands:

# dockerfile

RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

 Use COPY instead of ADD unless extracting tar files
 Set a non-root user for security:

# dockerfile

RUN useradd -m myuser
USER myuser
Container Management

 List running containers:

docker ps
docker ps -a
Start/stop a container:
docker start <container>
docker stop <container>

Remove unused containers:

docker rm <container>

Remove all stopped containers:

docker container prune -f
Image Management

Build an image:

docker build -t myapp:latest .

List local images:

docker images

Remove an image:

docker rmi <image_id>

 Remove unused images:

docker image prune -a -f
Volume & Network Management

 List volumes:

docker volume ls
Create a named volume:
docker volume create myvolume

Remove unused volumes:

docker volume prune -f

List networks:

docker network ls

Create a network:

docker network create mynetwork

Connect a container to a network:

docker network connect mynetwork mycontainer
Docker Compose Checklist
Use docker-compose.yml to define multi-container apps

Start services in detached mode:

docker-compose up -d

Stop and remove containers:

docker-compose down

Scale a service:

docker-compose up --scale web=3
Security Best Practices

Use non-root users inside containers
Limit container capabilities using security options
Scan images for vulnerabilities:

docker scan <image>
Enable resource limits in docker-compose.yml:
# yaml

deploy:
  resources:
    limits:
      memory: 512M
      cpus: "0.5"

Avoid exposing unnecessary ports (EXPOSE only required ports)

Performance & Debugging

View container logs:

docker logs -f <container>

View container resource usage:

docker stats

Run a shell inside a running container:

docker exec -it <container> bash

Check detailed container info:

docker inspect <container>
Cleanup & Maintenance

Remove all unused containers, images, and volumes:

docker system prune -a -f

Monitor disk usage:

docker system df

Enable Docker if needed:

systemctl enable docker

 Restart Docker if needed:

systemctl restart docker
 
Enable Docker if needed: 
systemctl status docker
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS DynamoDB | Integration With S3 Bucket.

  AWS DynamoDB ↔ S3 integration , View: What DynamoDB ↔ S3 integration is,   How to use DynamoDB ↔ S3 integration,   Why uses DynamoDB ↔  S3...