About Docker:
Docker helps developers build, share, run, and verify applications anywhere — without tedious environment configuration or management.
Docker Desktop: The #1 Containerization Tool for Developers | Docker
Docker History
Docker != Containers
•1979 (!) chroot was introduced (Unix V7
•2000 FreeBSD jails
•2001 Linux Vserver
•2005 Open VZ
•2006 Process Containers
•2008 LXC
•2013 Docker
•ChatGPT into Docker history
Docker Images:
- Read only templates for creating containers
- Includes all necessary files for running an application
- Build time structures, as opposed to the run time structure of containers
Containers == running images How you run you app
Images == stopped container (not 100% accurate) How you store you application
Examples:
Docker run hello world
Docker run ubuntu
Docker run nginx
Collection of images
• One registry can contain multiple repos
• Docker.io/galea01/example webserver:v3
Best practices:
• Use official repos
• Don’t trust the :latest
• Go small
• See alpine distribution
Docker CLI
docker <object> <
Examples:
docker container run
docker images ls
docker volume create
docker network rm
Options:
--
help with params : hostname=“abc.com”
arguments: f1 f2 f3
Tab completion
ORDER MATTERS!
docker version
docker system info
docker container ls q --> print only container ID
docker container inspect
docker image pull --> Images are automatically downloaded when running containers, as necessary
docker container run
- i : keep strin open
- t: pseudo TTY
- d: run detached
docker container run it Ubuntu:latest
CTR+D
CTRL+P CTRL+Q
docker container attach [###]
docker logs
docker container rm
docker image rm
docker rm f $(docker ps a q)
docker system prune all
Networking
“Network type" = Bridge
•The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are com monly used
when your application runs in a container that needs to communicate with other containers on the same host
• Outside communication:
• Containers can access outside resources
• Outside hosts cannot connect directly to a container
• Needs port forwarding
- Remove network isolation between the container and the Docker host, and use the host’s networking directly
- Less scalable
- Networking just like any app running directly but with other isolation types
- Overlay networks connect multiple Docker daemons together and enable Swarm services and containers to communicate across nodes. This strategy removes the need to do OS level routing
- The overlay extends across the Docker hosts… how do we talk to other machines?
“Network type Macvlan"
networks allow you to assign a MAC address to a container, making it appear as a physical device on your network. The Docker
daemon routes traffic to containers by their MAC addresses. Using the macvlan driver is sometimes the best choice when dealing with legacy
applications that expect to be directly connected to the physical network, rather than routed through the Docker host’s network stack
Working with networks
Expose <port> [/tcp | udp ]
dockerfile instruction
informs docker that container listens on specific port
Docker container run p <[ ext_port :] int_port
Maps an external port on the host IP address to an internal port on the container IP
Commands :
docker network ls
docker network inspect
docker network create [ d driver] name
certain network types require prerequisites (macvlan promiscuous mode, overlay swarm)
docker network rm
Persisting Data
- Keeps data that the container has modified
- Makes each container unique
- Sits on top of the union FS
- Linux: / var / docker
- Windows: C: ProgramData Docker windows filter
- Remember that union file systems use a copy on write mechanism
- Files are copied to this layer before being changed
- is tightly coupled to the container, and disappears when the container is deleted
- is tightly coupled to the host machine making it difficult to move the data somewhere else
- sits on a union FS, which is written to via a storage driver incurs a performance penalty
A volume can be mounted into multiple containers
What happens when the mount directory in the container already has data in it?
If the volume is not empty, its contents will obscure the existing data (similar to the Linux mount command). If the volume is empty, the data in the container is propagated (copied) into the volume
