Docker Cheatsheet

Quick notes and command reference for running docker containers.

Image becomes container using docker run. Container with current state becomes new image when using docker commit.

Commands

docker run

  1. docker ps [-a -ti]: list docker processes
  2. docker run: Run the main process on a container
  3. docker run -rm: Run container and delete on end
  4. docker run -d: Run container in detached mode(bg). Use docker attach <containerId> to bring to fg. Ctrl + p , Ctrl + q to detach current container
  5. docker exec containername command: Run other commands in a running container

Debugging

  1. docker logs containername: Get logs for docker stdout

Networking

  1. docker run --rm -ri -p 4567:4567 -p 4568:4568 --name echo-server ubuntu:latest bash: Expose 2 ports explicitly
  2. docker run --rm -ri -p 4567 -p 4568 --name echo-server ubuntu:latest bash: Let docker expose ports automatically. Use docker port containername to see mapped ports.
  3. Change protocol as well, put /protocol after portnumber. Example: docker run --rm -ri -p 4567/udp
Networks

Container on same networks can connect to each other using container names. Containers can be on multiple networks.

  1. docker network ls: list all networks
  2. docker network create catnetwork: Create catnetwork
  3. docker run --rm -ti --net catnetwork --name catserver ubuntu:latest bash: Start container and link it to catnetwork
  4. docker network connect networkname containername: Connect container to network

These links are 2 way. There are also legacy options to do one way linking using --link containername instead of --net

Docker also helps in network translation when configured correctly. It changes destination and source address based on which way a packet is going.

Exposing ports in docker == Port forwarding at networking level

Network naming and attaching containers to them is the same as creating namespaces and using them to isolate container networks from others. Private networks are bridged into a shared network to talk to rest of containers. Networking stack within a container is isolated, each one manages its own, unless otherwise specified with privileged attrs.

Docker Images

  1. docker images: List all images on local machine.
  2. docker commit containername tagname: Create image using other container
  3. docker pull: Cache images locally from registry
  4. docker push: Push image to registry

Volumes

Persistent: Still present after container dies Ephemeral: Deleted with container

  1. docker run -ti -v <volumepath>:/path-on-container ubuntu bash: Run container and link its path-on-container to local volume.
  2. docker run -ti -v /shared-data ubuntu bash on container 1.
    docker run -ti --volumes-from container1 ubuntu bash on container 2.
    Both containers have that volume on same path. If both these containers are exited, this volume will cease to exist.

Registry

Git hosting server for docker images.

Dockerfiles

They’re not shell scripts.

Dockerfile:

FROM busybox
RUN echo "building image"
CMD echo "hello container"

To build it:

docker build -t imagename directory

Run this container:

docker run containerIdFromPrevStep

Another example:

FROM debian:sid
RUN apt-get -y update
RUN apt-get install nano
CMD ["/bin/nano", "/tmp/notes"]

This will create an image with nano installed and opened. Build and run it:

docker build -t example/nanoer .
docker run --rm -ti example/nanoer

Using prev image, create a new image:

FROM example/nanoer
ADD notes.txt /notes.txt
CMD ["/bin/nano", "/notes.txt"]

docker build -t example/nanoer .
docker run --rm -ti example/nanoer

Some Imp Commands within Dockerfiles

  • FROM: base image
  • RUN: Run the command line and wait for it to finish and save the result
  • ADD: Add local files to image at given location, add tar archives to directories, download and add file from URL to directory
  • ENV: Add environment variables for lifetime of the image/container.
  • CMD/ENTRYPOINT: Commands to use to start the container
  • EXPOSE: Map ports from container to local
  • VOLUME: Create either type of volumes
  • WORKDIR: Set working directory for the container
  • USER: Set this as user of the container when starting it

Processes within Docker

  • In Docker, container starts with init process, exits when this process terminates. Doesn’t wait for any other process
  • Container starts with a set memory and CPU, no matter the number of processes within the container, it cannot exceed the allocated memory and CPU consumption.

Docker Compose

  • Used for single machine coordination
  • Designed for testing and dev
  • Use case: Bring up full ecosystem, multiple containers, bind volumes, create networks, etc with single command
Written on September 10, 2022