Docker - HackMD

# Docker ## Core Concepts Docker provides virtualization/isolation at the process level: * vs Virtual machine at the OS level: whole the OS, Docker is much more lightweight, resource efficiency * allow users to pack application and all dependencies into a single package (image), distribute, run consistenly accross host systems (Linux, Windows, ect.) and environments (local, dev, prod, etc.) ![Screenshot 2024-11-29 at 14-37-12 What is Docker Docker Docs](https://hackmd.io/_uploads/BJWrkxP71e.png) [https://docs.docker.com/get-started/images/docker-architecture.webp](https://) ## Commands * Pull an image: ``` docker pull postgres:15 docker pull quay.io/wildfly/wildfly ``` * Build an image: `docker build -t my-app:latest -f Dockerfile .` * Write a Dockerfile ``` FROM apache/airflow:2.9.3 USER root RUN apt-get update && apt-get install -y git USER airflow RUN pip install dbt-core==1.7.1 dbt-redshift==1.7.0 ``` * Run a container, stop, start: ``` docker run -d --name my-app ... docker stop my-app docker start my-app ``` * Mount a volume (e.g. shared data folder), map ports from host to container: ``` docker run -d --name my-app -p 8081:8080 -v /home/ubuntu/appdata/:/opt/myapp/data/ ... ``` * Pass env vars to containers: ``` docker run -d --name my-app -e MYVAR=myvalue \ --env-file=/home/ubuntu/myapp.env my-app ``` * Restart policy (e.g. auto start containers on host restarts) ``` docker run -d --name my-app --restart unless-stopped my-app ... ``` * Run with a specific user (usually set in the Dockerfile): ``` docker run -d --name my-app --user=airflow ``` * Limit resources for a container (e.g. for performance test): ``` docker run --cpus=0.5 --memory=1g my-app ... ``` * Exec into a running container(e.g. for debug): ``` docker exec -it my-app /bin/bash` ``` * List images, containers on host: ``` docker container list --all docker image list --all ``` * Create a network and assign containers to it: ``` docker network create my_network Containers on the same network can see each other by name: docker run -d --name my-app --network my-network docker run -d --name postgres_db --network my-network ``` * Monitoring processes, resources: ``` Show running containers: docker ps Show resouces usage (mem, cpu) by containers: docker stats Show running processes inside a container: docker top my-app ``` # Distribute images * Save and load images from files (especially when internet access is blocked) ``` docker save -o my-app.tar my-app:latest copy my-app.tar to host, then load docker load < my-app.tar docker image list => images should be available on host ``` * Push/pull from public Docker-Hub: ``` docker login ... docker push ... docker pull ... More on: https://docs.docker.com/get-started/introduction/build-and-push-first-image/ ``` * Push/pull from a private Docker registry: https://earthly.dev/blog/private-docker-registry/ # Docker-compose Allow users to define and bring-up multi-container app/services: `docker compose -f my-services-compose.yaml up -d` More on: https://docs.docker.com/compose/ # Deployment K8s DockerSwarm # Other topics https://images.chainguard.dev/directory/image/go/versions https://medium.com/@faruk13/alpine-slim-bullseye-bookworm-noble-differences-in-docker-images-explained-d9aa6efa23ec