Use docker¶
In this tutorial, we will list the useful commands of the docker
1. docker daemon management commands¶
# Start the docker daemon
docker -d
# Get help with Docker. Can also use help on all subcommands
docker --help
# Display system-wide information
docker info
# show docker version
docker version
2. Images gestion¶
2.1 Build image from docker file¶
docker build command can build a docker image by using a docker file.
The -t option is recommended, it ensures that your images are tagged properly.
# general form
docker build -t <image-name>:<tag-name> <docker-file-path>
# Build an Image from a Dockerfile, the current directory must contain a docker file
docker build -t <image_name>:<version> .
# Build an Image from a Dockerfile without the cache
docker build -t <image_name>:<version> . no-cache
Below is an example
# create a folder to host docker file and related config file
mkdir test_image
# Put a docker file and config file in test_image
test_image/
├── config.sh
└── Dockerfile
The content of the Dockerfile
FROM busybox:latest
LABEL MAINTAINER=pengfei.liu@casd.eu
LABEL version="1.0"
COPY config.sh /etc/spark/config.sh
RUN cat /etc/spark/config.sh
The content of the config.sh
export JAVA_HOME=/opt/java/java_8
Check the result
# build an image with the given dockerfile
docker build -t my-img:0.0.1 ./test_image
# check the image
docker image ls
# output example
REPOSITORY TAG IMAGE ID CREATED SIZE
my-img 0.0.1 b4ecf828f680 27 seconds ago 1.24MB
# convert a container to image
docker commit <container_name/id> <image_name>
# List local images
docker images
# Delete an Image
docker rmi <image_name>
# Remove all unused images
docker image prune
2.2 Tag and push the local image to remote image repo¶
The commands to tag and push images to remote repo may be different base on the remote repo. The below example shows how to tag and push images to: - docker hub - harbor
2.2.1 Tag an image¶
Before pushing the image to remote repo, we need to tag it properly.
# general form
docker tag old_name[:TAG] new_name[:TAG]
2.2.2 Tag and push to docker hub¶
The general form for the docker hub tag is my-img:0.0.1 to dockerhub liupengfei99/test:v2
The repo
testmust be created before push
# change the tag for docker hub
docker tag my-img:0.0.1 liupengfei99/test:v2
# check the result
docker images
# output
REPOSITORY TAG IMAGE ID CREATED SIZE
my-img 0.0.1 b4ecf828f680 13 minutes ago 1.24MB
liupengfei99/test v2 b4ecf828f680 13 minutes ago 1.24MB
# login to docker hub
docker login
# push the image
docker push liupengfei99/test:v2
In your docker hub web ui, you should see the newly pushed image
2.2.3 Tag and push the local image to Harbor¶
In below example, we will push the local image my-img:0.0.1 to harbor reg.casd.local/test/test-img:v1
The general form for the harbor tag is # change the tag for harbor
docker tag my-img:0.0.1 reg.casd.local/test/test-img
# check the new tag
docker images
# output
REPOSITORY TAG IMAGE ID CREATED SIZE
my-img 0.0.1 b4ecf828f680 25 minutes ago 1.24MB
liupengfei99/test v2 b4ecf828f680 25 minutes ago 1.24MB
reg.casd.local/test/test-img latest b4ecf828f680 25 minutes ago 1.24MB
# login to harbor
docker login reg.casd.local
# push the image
docker push reg.casd.local/test/test-img
Now you can check your harbor web UI, in the project test, you should see the image test-img.
# login to docker public registry (docker hub)
docker login
# tag the image
docker tag <local-image-name> <username>/repository:tag
# for example, here pengfei99 is my docker hub account name, test is a repo of this account
docker tag pythondemo pengfei99/test:v1
# check the tagged image
# You can notice there is a new row liupengfei99/test which shares the same image id as pythondemo
docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
pythondemo latest 3ea6dc02e4a6 24 minutes ago 131MB
liupengfei99/test v1 3ea6dc02e4a6 24 minutes ago 131MB
python 2.7-slim ca96bab3e2aa 2 weeks ago 120MB
# push the image to docker hub
docker push username/repository:tag
# example
docker push liupengfei99/test:v1
# pull and run the image from the remote repository
docker run -p 4000:80 liupengfei99/test:v1
3. Containers management¶
# Create and run a container from an image, with a custom name:
docker run --name <container_name> <image_name>
# Run a container with and publish a container’s port(s) to the host.
docker run -p <host_port>:<container_port> <image_name>
# Run a container in the background
# -d option means run container in the detach mode
docker run -d <image_name>
# Run a container in interactive mode
# you can add -rm option to remove the container after stop
docker run -it <image_name> <shell_path>
# Start or stop an existing container:
docker start|stop <container_name> (or <container-id>)
# Remove a stopped container:
docker rm <container_name>
# Fetch and follow the logs of a container:
docker logs -f <container_name>
# To inspect a running container:
docker inspect <container_name> (or <container_id>)
# To list currently running containers:
docker ps
# List all docker containers (running and stopped):
docker ps --all/-a
# View resource usage stats
docker container stats
# copy data from container to local
docker cp <container-name/id>:<data-path> <local-path>
# un example copy folder /apache-atlas/conf/ from container to /tmp/conf on local
docker cp atlas:/apache-atlas/conf/ /tmp/conf/
3.1 Debug a container¶
To debug a container, you can show the logs, get a shell, etc.
# Open a shell inside a running container:
# in the shell_path, you need to put the path of which shell you want to use.
# It also depends on the base image, for example, for the debian base image, you can use /bin/bash
docker exec -it <container_name> <shell_path>
# show the live logs of a running daemon container
docker logs -f <container_name>
# show the exposed ports of a container
docker port <container_name>
3.2 Mount volume on container¶
Docker containers are immutable by nature. This means that restarting a container erases all your stored data in the container. To persist data, Docker provides two mechanisms: - docker volumes (The docker volume is a directory created by docker and host at the docker storage directory) - bind mounts (local directory which is created and managed by user.)
3.3 Local directory binding¶
docker run --name mysql-db -v $(pwd)/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:8.0.28-debian
4. docker volume¶
# create the volume
docker volume create <volume-name>
# list existing volume
docker volume list
# mount volume on the container
docker run --name <container-name> -v <volume-name>:<container-mount-path> <image-name>
# remove volume
docker volume remove <volume-name>
5. Docker container network¶
Container networking refers to the ability for containers to communicate with other containers and/or host services.
Containers have networking enabled by default. A container has no information about what kind of network
it's attached to, or whether their peers are also Docker workloads or not. A container only sees a network
interface with an IP address, a gateway, a routing table, DNS services, and other networking details.
5.1 User define networks¶
You can create user-defined networks, and connect multiple containers to the same network. Once connected to a
user-defined network, containers can communicate with each other using container IP addresses or container names.
The following example creates a network using the bridge network driver and running a container in the created network:
# create a docker network
docker network create -d bridge my-network
# create a container which uses the custom network
docker run --network=my-network -itd --name=container3 busybox
You can notice, when we create a network, we need to specify the network driver type.
The following network drivers are available by default:
| Driver | Description |
|---|---|
| bridge | The default network driver. |
| host | Remove network isolation between the container and the Docker host. |
| none | Completely isolate a container from the host and other containers. |
| overlay | Overlay networks connect multiple Docker daemons together. |
| ipvlan | IPvlan networks provide full control over both IPv4 and IPv6 addressing. |
| macvlan | Assign a MAC address to a container. |
5.2 Attach to other container network¶
In addition to user-defined networks, you can attach a container to another container's networking stack directly,
using the --network container:
The following flags aren't supported for containers using the container: networking mode:
- --add-host
- --hostname
- --dns
- --dns-search
- --dns-option
- --mac-address
- --publish
- --publish-all
- --expose
The following example runs a Redis container, with Redis binding to localhost, then running the redis-cli command and connecting to the Redis server over the localhost interface.
docker run -d --name redis redis --bind 127.0.0.1
docker run --rm -it --network container:redis redis-cli -h 127.0.0.1
5.3 Published ports¶
By default, when you create or run a container using docker create or docker run, the container doesn't expose any of its ports to the outside world. Use the --publish or -p flag to make a port available to services outside of Docker. This creates a firewall rule in the host, mapping a container port to a port on the Docker host to the outside world. Here are some examples:
| Flag value | Description |
|---|---|
| -p 8080:80 | Map port 8080 on the Docker host to TCP port 80 in the container. |
| -p 192.168.1.100:8080:80 | Map port 8080 on the Docker host IP 192.168.1.100 to TCP port 80 in the container. |
| -p 8080:80/udp | Map port 8080 on the Docker host to UDP port 80 in the container. |
| -p 8080:80/tcp -p 8080:80/udp | Map TCP port 8080 on the Docker host to TCP port 80 in the container, and map UDP port 8080 on the Docker host to UDP port 80 in the container. |
Publishing container ports is insecure by default. Meaning, when you publish a container's ports it becomes available not only to the Docker host, but to the outside world as well.
If you include the localhost IP address (127.0.0.1) with the publish flag, only the Docker host can access the published container port.
docker run -p 127.0.0.1:8080:80 nginx
6. ## Delete docker objects¶
After we created docker image, container, volume, network, we may need to delete them to clear the working space
6.1 Purging all unused or dangling resources¶
The first command is system prune, which will delete all unused Docker objects:
- containers
- images
- networks
- volumes
Below are some command example
# remove all unused objects
docker system prune
# with the --filter option, we can filter which objects we want to delete.
# the below example deletes containers that have been stopped for more than 24 hours.
# -a option can clear the build cache and the intermediate image.
docker system prune -a --filter "until = 24h"
6.2 Deleting container¶
Below commands only delete containers
# remove a single container
docker rm <container_id/name>
# remove multiple containers
docker rm container_id1 container_id2
# remove all stopped containers
docker container prune
# when you run a container, you can add option -rm to delete the container when it exists.
docker run -rm image_id/name
# show all container id as a list
docker ps -a -q
# stop all container
docker stop $(docker ps -a -q)
# remove all container
docker rm $(docker ps -a -q)
6.3 Delete container image¶
# delete a docker image
docker rmi image_name/id
# delete multiple docker image
docker rmi image_id1 image_id2
# remove image by using tag
docker rmi -f tag_name
# remove all dangling image
docker image prune
# remove all unused images(not linked to an existing container)
docerk image prune -a
# remove all image
docker rmi $(docker images -a -q)
A dangling image just means that you've created the new build of the image, but it wasn't given a new name. So the old images you have becomes the "dangling image". Those old image are the ones that are untagged and displays "
" on its name when you run docker images.
6.4 Delete container volume¶
# delete one volume by using its name
docker volume rm volume_name
# delete multiple volume
docker volume rm vol1 vol2
# remove all unused volume
docker volume prune
# add filter to remove
docker volume prune --filter "label=test"
6.5 Delete docker networks¶
docker network rm network_name/id
docker network rm net1 net2
# remove all unused network
docker network prune
# add a filter
docker network prune --filter "until=24h"
6.6 Remove docker compose deployment¶
The below command example removes containers, images, volumes, networks, and undefined containers.
# --rmi all Remove all images
# -v Remove the named volumes declared in the volumes section of docker-compose.yml and the anonymous volumes attached to the container
# --remove-orphans Remove containers not defined in docker-compose.yml
docker-compose down --rmi all -v --remove-orphans
You can not a delete a volume in use, if you try to delete, an error message
volume is in usewill be printed