Docker

FAQ

ps stands for process status and ls is just the commonplace, Unix list. This is why it suddenly makes sense for docker network ls , but not ps - the networks aren't processes that need statuses; they're just labels.

If listening for requests using PHP or node, be sure to specify the host as 0.0.0.0 rather than localhost. Running a PHP or node server listening on localhost:8080, for example, will only accept requests originating from within the Docker container itself. 0.0.0.0:8080 would accept a request from anywhere on port 8080

Docker caches every command in a Dockerfile when building it into an image. To reduce the size of a docker image: combine as many commands into single lines as possible (usually by use of the && bash operator.

Prefer COPY. COPY simply copies a file from the build context/image to the container. Docker's ADD command is a more robust version of COPY in that it supports fetching from URLs and will automatically untar compressed archives.

WLS mounts the Windows host to /mnt, eg: C:\ is the equivalent of /mnt/c/. However, Docker Desktop (for Windows) expects mounts to originate with /c. The best solution is to leverage WLS' mount capabilities to just bind /mnt/c to /c with sudo mkdir /c && mount --bind /mnt/c /c . Alternatively, you can manually, explicitly bind mount paths so that the host path begins at /c rather than using shortcuts like pwd which may originate with /mnt. This is caused by the fact Docker doesn't have access to the WLS filesystem, so any work you do should be in the Windows host file system available through /mnt/c and its sub-directories.

  • Docker is containerization software: it allows developers to specify the necessary OPS to run their application(s) which can then be virtualized or emulated by the host.
  • Virtualization is the process of binding the underlying hosts' native capabilities to the expected interfaces specified by docker.
  • Emulation is the process of booting up a small instance of the necessary interfaces.
  • image is the cached and tagged set of instructions for booting some virtualized software.
  • container is the built and configured instance of an image.

helpful

docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine sh -c "chroot /host df -h | grep docker"
  • chroot sets the root directory to /host for the df command which prints disk usage in a -h human readable format.
  • Because this command is actually introspecting the host (everything docker uses, rather than a single container), the --net, --ipc, and --pid all get set to host.
  • --privileged gives access to all docker devices on the host.
docker system df
  • df is a command which describes exactly how much disk space is being used by docker images, containers, volumes, and caches.
docker rm $(docker ps -qa)
  • ps lists containers and rm removes containers.
  • Specifying the -aq options causes all stopped containers to be removed.
docker run --rm -i imega/jq -C path
  • jq is a JSON parsing app.
  • The output of docker inspect can be piped into the above for easy querying.
  • path is a dot-notation series of nested key paths to traverse the input JSON.

inventory

  • ps lists all running docker containers.
  • -a is optional and flag includes stopped containers.
  • -q is optional and limits the output to only the container ids.
  • images lists all locally available images.
  • volume ls lists all locally created volumes.

introspection

  • inspect prints a JSON blob describing low-level information about the given container.
  • container may refer to either the container id or name (partial matches on id are accepted).
  • container is the management command (or sub-section) from which the port command can be accessed.
  • port is a command which prints the exposed port(s) for the specified container.
  • id specifies the container you're trying to introspect; it can be the container name or id (partial matches accepted).
example output: 

80/tcp -> 0.0.0.0:8081
80/tcp -> 0.0.0.0:8080

cleanup

  • rm deletes stopped containers.
  • -v is optional and deletes any volumes associated with the container.
  • container can be one or more (space-delimited) container ids (partial matches are accepted).
  • rmi deletes locally available images.
  • tag is optional and defaults to latest.
  • system is the management command specifying this is a system-wide command.
  • prune is a command which will remove docker networks, images, containers, etc.
  • -a is optional and specifies that all unused images should be removed.
  • --volumes is optional and specifies that all unused volumes should be removed.

interaction

  • run spawns a container running the given image with the specified tag, the tag defaults to latest.
  • --name is optional and allows you to specify a custom label for the container, the default being a randomly generated name.
  • --rm is optional and deletes the container when it stops.
  • -it are optional and make the container interactive via a tty connection.
  • --link is optional and allows you to bind a running container with the label service so this new container can interact with it.
  • --network is optional and attaches the container to the specified network, auto-linking any other containers running in that network.
  • -p is optional and binds a host port to a container port (specifying 0 will assign a random, available port).
  • -v is optional and binds a host directory (or docker volume) to a container directory.
  • cmd is optional (the image may specify a default) and will be run when the container boots.
  • commit creates an image from a run container.
  • -a is optional and allows you to specify the commit's author in the format "First_Name Last_Name <email@host.tld>"
  • -m is optional and allows you to specify a commit message describing what has changed.
  • container references a local container id or name.
  • image is the repository used to store the image and tag is optional, defaulting to latest.