Docker

🌐 Resources 🔗

Docker Docs
Building best practices - Docker Docs
Intro Guide to Dockerfile Best Practices | Docker
Docker Hub - Container Image Library
Docker Engine
Docker Network
Beginner's Guide to Docker Networking
The Container Network Model
Docker Compose
Dockerfile
Top 8 container registries - Octopus Deploy
Docker Volumes
Docker security - Penetration Testing Tools, ML and Linux Tutorials
Docker Kubernetes Lab Handbook
Docker The Hands-On Way ROADMAP - iximiuz Labs
Intro The DevOps - Containers - NotHarshhaa Github
container.training - Github
TryHackMe - Intro to Docker
containerd
cri-o

Docker Architecture

Container - a way to package application will all the necessary dependencies and configuration

portable standardized artifact for efficient development and deployment
- Devs & Ops work together to package the app in a container
- No environment config needed on server (only Container Runtime)
layers of images
- Linux base image
- other layers
- Application image

Container repositories

private
public - DockerHub

Docker - open source containerization platform

package applications into containers
there are other alternatives (but it made containers popular)
- The differences between Docker, containerd, CRI-O and runc - Tutorial Works

Docker image - the actual package file, artifact, consisting of layers

Docker container - started application, a running environment, virtual file system, port binding

What is a Container? | Docker

Virtual machines - virtualize the OS Kernel and the Application layer - full copy of the OS, abstraction of physical hardware

Containers - multiple containers share the OS Kernel - abstraction of the app layer

Docker Engine

Docker Engine acts as a client-server application with:

Server - dockerd, managing images & containers
- Container Runtime
- Volumes
- Network
- build images
API - interact with Docker Server
CLI - docker client

Libnetwork implements Container Network Model (CNM) which formalizes the steps required to provide networking for containers while providing an abstraction that can be used to support multiple network drivers.

docker network ls
    NETWORK ID     NAME      DRIVER    SCOPE
    964fd24a27a1   bridge    bridge    local
    446ad1bfc60e   host      host      local
    d1be7e105231   none      null      local

Docker Compose

Docker Compose - define and run multiple docker containers applications

yaml file to configure application's services
easy maintenance and config

Dockerfile

Dockerfile - text file with instructions to build Docker images

each instruction results in an image layer
used in CI/CD to build the docker image artifact, pushed to Docker (remote or local) repositories
each image is based on another base image (FROM <image>)

Dockerfile

FROM <image>

# Comment
INSTRUCTION arguments

# e.g.
ENV SOME_ENV=value

# run commands inside the container
RUN mkdir -p /home/app

RUN ...

# copy files from host to container
COPY . /home/app

# entrypoint command
CMD ["command","arguments"]

Docker Repositories

Public repositories

DockerHub

Public repositories (container registries)

Image naming in Docker - registryDomain/imageName:tag

# e.g. DockerHub
docker pull docker.io/library/ubuntu # default
# same as
docker pull ubuntu

# e.g. Push image to private my-repo
# Login to private my-repo
docker tag <my-repo/my-app:version>
docker push <my-repo/my-app:version>

Docker Volumes

Volumes - persist container generated and used data, by mounting a folder from the physical host file system into the Docker virtual file system

databases
stateful applications
data automatically replicated
Host, Anonymous, Named volumes

Host Path - /var/lib/docker/volumes

Docker Engine Install - Ubuntu Linux

# Install Docker Engine via APT repository

sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-compose-v2 docker-doc podman-docker containerd runc | cut -f1)

# Add Docker's official GPG key:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Signed-By: /etc/apt/keyrings/docker.asc
EOF

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Add the current user to the "docker" group to let it run Docker
sudo groupadd docker
sudo gpasswd -a "${USER}" docker

# Enable the services at boot
sudo systemctl enable --now docker.service containerd.service
sudo systemctl status docker

# OR Disable the services at boot
sudo systemctl disable docker.service containerd.service
# still has docker.socket active to start the Docker service only when necessary

# Reboot and Test
reboot
docker run hello-world

Commands

docker pull <image>

# e.g.
docker pull postgres
docker pull ubuntu
docker pull alpine
docker pull redis
# without tag, the latest version is downloaded

docker run <image>
# detached mode
docker run -d <image> 

# use containers
docker start <container_id>
docker stop <container_id>

docker images
docker ps
# list running and exited containers
docker ps -a

# e.g. with image:tag
docker run redis:4.0

# Map a free port on HOST machine
docker run -p6000:6379 -d redis
docker run -p6001:6379 -d redis:4.0

# fetch logs
docker logs <container_id>
docker logs <container_id> -f
docker logs <container_name>

# name a container
docker run -p6000:6379 -d --name redis-latest redis

# new bash session in the container
docker exec -it <container_id> /bin/bash
docker exec -it <container_id> /bin/sh

docker network ls

# e.g.
docker network create test-network

docker compose -f docker-compose.yaml up
docker compose -f docker-compose.yaml down

# Build Dockerfile
docker build -t my-app:1.0 .

# Remove containers and images
docker rm <container_id>
docker rmi <image_id>

# Push to container registry

docker login
- reponame
- username
- password

docker tag <repo-name>:<image-version>
docker push <tagged-image>

docker pull <repo-name>:<image-version>
# registryDomain/imageName:tag

# Named Volumes
docker run -v name:/var/lib/mysql/data

# Host Volumes
docker run -v /home/mount/data:/var/lib/mysql/data

# Anonymous Volumes
docker run -v /var/lib/mysql/data

Labs

Developing with Docker - TechWorld with Nana

mkdir -p $HOME/repo/techworld
cd $HOME/repo/techworld
git clone https://gitlab.com/nanuchi/developing-with-docker.git

PreviousAnsible NextGit

Last updated 9 days ago

Was this helpful?