Skip to content

Instantly share code, notes, and snippets.

@siwka

siwka/Docker.md

Last active August 19, 2019 23:47
Show Gist options
  • Save siwka/61fdb8f5f44bf1846e7192ae9fd4f46e to your computer and use it in GitHub Desktop.
Save siwka/61fdb8f5f44bf1846e7192ae9fd4f46e to your computer and use it in GitHub Desktop.
Download ZIP
Basic Docker Commands
Raw
Docker.md

Notes from Docker Deep Dive, Nigel Poulton & dockercom & my stuff

Working with Images

Basic commands

docker version
docker info
rpm -qif /usr/bin/docker

Looking for Storage Driver & Docker Root Dir

docker system info

Docker Image

docker image pull
docker image push
docker image inspect
dokcer image rm

docker image pull img_name [-a]
docker image ls
docker image ls --digests

Enter underlaying Linux VM:

screen ~/Library/Containers/com.docker.docker/Data/vms/0/tty

ls -l [DockerRootDir]/[StorageDriver]/{diff}
ls -l /var/lib/docker/overlay2/{layer_num/dir_?}/{diff}

Size <> 0B are layers & others added to create .config file

docker history img_name

Image config file = image manifest file

docker image inspect img_name

Delete image

docker image rm img_name

Registries

DTR - Docker Trusted Registry

registry / repo / image (tag)

hub.docker.com/ {repo} / latest //defaults; Docker Hub

docker image pull hub.docker.com/redis:4.0.1

content hashes -> compression -> distribution hashes

Containerizing an App

Dockerfile

In root add Dockerfile File edited from https://docs.docker.com/get-started/part2/

# base image
FROM python:2.7-slim

LABEL maintainer="[email protected]"

# Set the working directory to /app
WORKDIR /app

# Copy the current directory contents into the container at /app
COPY . /app

# Install any needed packages specified in requirements.txt
RUN pip install --trusted-host pypi.python.org -r requirements.txt

# Make port 80 available to the world outside this container
EXPOSE 80

# Define environment variable
ENV NAME World

# Run app.py when the container launches
CMD ["python", "app.py"]

Containerizing an App

Build an image, tagged as name, current directory where code is a contex

docker image build -t name .

docker image build -t name https://github.com/my_acc/reponame.git

Multi-stage Builds

Dockerfile:

FROM .. AS build-stage-0
WORKDIR ..
COPY ..
RUN ..

FROM .. AS build-stage-1
WORKDIR ..
COPY ..
RUN ..
COPY ..
RUN ..

FROM .. AS production-stage
WORKDIR ..
COPY --from=build-stage-0 /usr/scr/... .
WORKDIR ..
COPY --from=build-stage-1 /usr/scr/... .
ENTRYPOINT ..
CMD [..]

.

docker image build -t multistage .

Working with Containers

Interactive terminal

docker container run -it alpine sh
ps -elf

<Ctr+P+Q> - exit container without teminating its main process (closing container)

docker container run -d alpine sleep 1d

.

In runnning container (should not do?)

docker exec -it risk_app /bin/sh                  // CLI
docker exec -it risk_app bundle exec rails c      // rails c
docker exec risk_app ls -l

Removing quitely all containers

docker container rm $(docker ps -aq) -f

Logging

engine / daemon

Mac / Linux / Windows

container / app

STDOUT / STDERR

Secure Swarm

Security & Orchestration

docker swarm init
docker swarm join

docker swarm join-token [manager | worker]
docker node ls                             // if you want to seenot only mgrs but also workers, check on manager CLI
docker swarm join-token rotate [manager | worker]   // run o mgr
sudo openssl x509 in [..] -text            // see clients ceritifcates;
                                           // Subject: O organization, OU org unit, CN Cannonical Name

Lock Swarm with Autolock

new Swarm:

docker swarm init --autolock

existing Swarm

docker swarm update --autolock=true

service docker restart
docker node ls  // does not work on locked
docker swarm unlock
{enter unlock key given when locking}

docker swarm update --cert-expiry 48h
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment