Docker Cheatsheet

Cheatsheets

• Concepts:
  • container the word by itself does not mean anything precisely at all. It is used in a analogic way to refer to another process on your machine that has been isolated from all other processes on the host machine.
  • chroot an ability of an UNIX OS to change the root directory of the current running process and its children (since 1979). Nowadays chroot is not used by container runtimes any more and was replaced by pivot_root for some reason.
  • An appropriate root filesystem rootfs which contains all binaries, libraries, and the necessary file structure is obtained by some effort to make the jail useful.
  • linux namespaces are a linux kernel feature since 2002 to wrap certain global system resources in an abstraction layer. This makes it appear like the processes within a namespace have their own isolated instances of the resource. (i.e. a transparent resource reuse system.) Then many resources including processes, mount can be (partially) isolated.
  • uts (or UNIX Time-sharing System) can isolate domain- and hostname.
  • IPC namespaces isolate interprocess communication (also IPC) resources.
  • PID namespaces isolate process identifieres (also PIDs).
  • Network namespaces virtualize the network stack.
  • User and goup IDs was isolated via namespaces since 2012.
  • cgroup (or Control Group) is a tool supporting resource limiting, prioritization, accounting and controlling.
  • Docker can be viewed as a toolbox to make above capabilities approachable and easy to use.
  • container image means an image (copy) of the isolated filesystem of a container, it therefore contains every sort of dependencies needed to run target applications. The image also contains other configurations for the container, such as environment variables, an container entry program, and other metadata.
  • volume is a bucket of data that saved on host, is persistant and able to pass to other containers.
• Dockerfile
  • TODO
• docker build
  • -t name:tag dockerfile_dir most commonly command used to build a container and tag it with name and version.
• docker run [OPTIONS] name:tag [executable]
  • -d run the container in detached mode (in the background)
  • -p 80:80 map port 80 of the host to port 80 in the container
  • -w <working-dir>
• persistence of data
  • docker volume create <volume-name>
  • docker run -v <volume-name>:/container/path <container-name>
  • docker volume inspect <volume-name> will show every infomation including the mountpoint of the volume.
  • docker run -v /host/path:/container/path <container-name> controls the exact mountpoint on the host.
• remove a container (you probably need first find it and stop it)
  • docker ps
  • docker stop <the-container-id>
  • docker rm <the-container-id>
  • docker rm -f <the-container-id> (no need to stop)
  • auto restart the service by monitor file changes in volume and restart service, or trigger it mannually in a iterative terminal.
• share a container
  • register a dockerhub (hub.docker.com) project
  • docker image ls show local images.
  • docker tag <local-image-name> YOUR-USER-NAME/YOUR-PROJECT-NAME alias local images to the registered project. (of course you can name it correctly at the very first, but this leaves an afterhand.)
  • docker login -u <username> -p <password> hub.docker.com
  • docker push YOUR-USER-NAME/YOUR-PROJECT-NAME
• networking
• docker-compose
  • TODO
• GUI Application
  • docker-xpra
  • docker+x or ssh+x

References

• Docker101
• Demystifying Containers - Part I: Kernel Space