Skip to content

Instantly share code, notes, and snippets.

@cramhead

cramhead/Building Docker Images.md

Last active February 16, 2024 09:17
Show Gist options
  • Save cramhead/33e3ddb4f2967321beaee9da2cf0cbc4 to your computer and use it in GitHub Desktop.
Save cramhead/33e3ddb4f2967321beaee9da2cf0cbc4 to your computer and use it in GitHub Desktop.
Download ZIP
Docker commands with comments
Raw
Building Docker Images.md

Building Docker Images

Dockerfiles describe how to build docker images

docker build -t tagName . build an image from the dockerfile in the current folder and call is tagName

Each line make a new image that is used in the subsequent step. So if your program downloads a big file then the next line only uses a small bit of it the image will include the big image. Otherwise, if your program downloaded a big image and used a small bit of it on the same line the image only includes the small bit. Much better

Previous image is not modified. So if there is no change that step is not rerun. Put the parts of the code that change the most at the end of the docker file so you can leverage this feature. Note, if you want to redo an part of the code, where things didn't change, you must tell docker as it will otherwise skip it

Dockerfiles are NOT shell scripts

Processes started on one line will not be running on the next line. Each line is it's own call to docker run and then docker commit.

Environment variables are available on subsquent lines and in the docker image

Commands

  • ADD adds files to the points in the file system in many different ways
  • CMD specifies a whole command to run when a container is started. User provided args replace CMD
  • FROM must be the first command in the Dockerfile. Specifies images to start from
  • ENTRYPOINT specifies the start of a command to run when an image is run, i.e. user args will be args to the entrypoint defined command. It make the image act like a program, otherwise use cmd
  • EXPOSE maps a port into a container, like the -p flag
  • MAINTAINER specifies the image maintainer
  • RUN runs a command, waits for it to finish and saves the result
  • VOLUME create shared or ephemeral volumes. You don't want to use shared volumes as they can't be shared as they depend upon a specific folder on your machine
  • WORKDIR sets the working directory for remainder of the dockerfile and the resulting container when you run it. Like running cd before every expression USER specifies the username or number

Shell vs Exec Form

nano notes.txt # runs bash that runs the shell command

["/bin/nano", "notes.txt"] # Exec form is slightly faster as the shell is not involved

Raw
Docker Best Practices.md

Docker Best Practices

Make containers include their dependencies themselve, i.e. don't fetch them on start; think removed npm packages bringing down the your entire process cloud

Don't leave important things in unnamed stopped containers

Cleanup your images regularly, so that you realize what dependencies you have

Be aware of how much trust you have in the images of others

Don't include passwords in an image

Avoid Gold Images

Include the installers in your project Have a canonical build that builds everything from scratch Tag your builds with the git hash of the code that built it Use small base images, such as Alpine Build images you share publically from Dockerfiles, always

Raw
Docker commands.md

Docker Flow

Run an image to make a container docker run -ti ubuntu bash # run in terminal interactive mode the ubuntu image and run the bash command

Change the container, e.g. touch a file, and exit the container exit or crtl-d

docker ps -l # to get the last container exited

docker commit generated_name image_name # docker commit make a container into an image from the exited container and names it image_name

Normal Commands

docker stop $(docker ps -a -q) # stop containers

docker run --rm # --rm removes the container immediately after it's main process is exited

docker run -d -ti ubuntu bash # -d detaches

docker attach container_name # attaches to a running container

crtl-p crtl-q # detaches from a running container, i.e. container is still running

docker exec -ti container_name bash # attaches and runs a new command in a running container

docker log container_name # shows logs for a container. Keeps the logs as long as it keeps the container

docker run -p outside-port:inside-port/protocol # outside port is the host's port

docker run --rm -ti -p 45678:45678 -p 45679:45679 --name echo-server ubuntu:14.04 bash

docker run -ti --rm ubuntu:14.04 bash # has netcat, i.e. nc 192.168.1.110 45678

docker run --rm -ti -p 45678 -p 45679 --name echo-server ubuntu:14.04 bash # specify only ports in the containers

docker port echo-server # get the ports specified by the containers

docker cp # allows copying to and from docker containers. Must be root in the container. Use container name, not tag

Links

docker run --rm -ti --name server ubuntu:14.04 bash # docker names the container server

docker run --rm -ti --link server --name client ubuntu:14.04 bash # links to the docker container called server

Private Network

docker network create example # Create the network

docker run --rm -ti --net=example --name server ubuntu:14.04 bash # add something to the network

docker run --rm -ti --link server --network=example --name client ubuntu:14.04 bash # add something else to the network. Can find it by name again if it dies and comes back

Set bind address 0.0.0.0 if you want to have the container listen from the host docker run -p 127.0.0.1:1234:1234/tcp # listen only to tcp traffic from the local machine on port 1234

Tagging Images

naming structure: registry.example.com:port/organization/image-name:version-tag

Volumes

Persistent or Ephemeral

Mount a specific folder or file. Ensure the file or folder exists when you start the container or docker will assume it will be a folder docker run --rm -ti -v /Users/d0c/Downloads/Ex_Files_Learning_Docker:/shared-folder ubuntu:14.04 bash

You can use volumes from other containers with the volume-from param docker run --rm -ti -v /shared-folder ubuntu:14.04 bash creates a container with a shared-folder.docker ps -l can list that container to get it's name. The next container can use that volume with docker run -ti --volumes-from thePreviousContainerName ubuntu bash. It can read or write to that volume. When the last container that references that volume exits the volume is deleted

Save and load

docker save -o my-images.tar.gz debian:sid nanoer

docker images

docker rmi debian:sid nanoer

docker images

docker load -i my-images.tar.gz

docker images

Docker Compose

  • Single machine coordination
  • Is meant for testing and development

Kubernetes

  • Containers run programs
  • Pod group containers together
  • Services make pods available to others
  • Labels are used for advance service discovery
  • kubectl makes scripting possible
  • Very flexible overlay networking
  • Runs well on your own hardware or a cloud
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment