*Author: [Vincent Lau](https://www.linkedin.com/in/vincent-lau-30435bb6/) Note: This material is intended for educational purposes only. All rights reserved. Any unauthorized sharing or copying of this material, in any form, to any individual or party, for any use without prior permission, is strictly prohibited.* # Docker Series - Docker Commands This chapter you will get to know basic **docker commands**, which can be used in **Docker CLI** to interact with Docker Daemon. ![](https://hackmd.io/_uploads/BJtMkm4un.png) **Docker Daemon** is the background service responsible for managing Docker containers, images, volumes, networks, and other Docker resources. **Docker CLI** provides a set of commands that allow you to control and manage Docker resources. ## Key operations of docker commands ![](https://hackmd.io/_uploads/BJllAzEdn.png) **Building Docker images from a Dockerfile**: The docker build command is used to build a Docker image based on the instructions specified in a Dockerfile. **Running containers**: The docker run command is used to create and start a new container from a Docker image. **Managing containers**: The Docker CLI provides commands to start, stop, restart, pause, or remove containers. For example, docker start, docker stop, docker restart, docker pause, and docker rm are some of the commands used for managing containers. **Managing images**: You can use the Docker CLI to pull Docker images from a registry using the docker pull command, as well as to list, tag, and remove images. Commands such as docker images, docker tag, and docker rmi are used for image management. **Managing volumes and networks**: Docker CLI commands are available for creating, listing, and deleting volumes and networks that are used by containers. For example, docker volume create, docker volume ls, docker network create, and docker network rm are used for managing volumes and networks. **Viewing container logs and executing commands within containers**: The Docker CLI allows you to view the logs generated by containers using docker logs, and to execute commands inside running containers using docker exec. ## The Docker CLI ### Manage images 1. `docker build` ``` dockerfile # Create an image from a Dockerfile. docker build [options] . -t "app/container_name" # image name ``` 2. `docker run` ``` dockerfile # Run a command in an image. docker run [options] IMAGE # see `docker create` for options ``` ### Manage containers 1. `docker create` ``` dockerfile docker create [options] IMAGE -a, --attach # attach stdout/err -i, --interactive # attach stdin (interactive) -t, --tty # pseudo-tty --name NAME # name your image -p, --publish 5000:5000 # port map --expose 5432 # expose a port to linked containers -P, --publish-all # publish all ports --link container:alias # linking -v, --volume `pwd`:/app # mount (absolute paths needed) -e, --env NAME=hello # env vars ``` Example ``` dockerfile # Create a container from an image $ docker create --name app_redis_1 \ --expose 6379 \ redis:3.0.2 ``` 2. `docker exec` ``` dockerfile docker exec [options] CONTAINER COMMAND -d, --detach # run in background -i, --interactive # stdin -t, --tty # interactive ``` **Example** ``` dockerfile # Run commands in a container. $ docker exec app_web_1 tail logs/development.log $ docker exec -t -i app_web_1 rails c ``` 3. `docker start` ``` dockerfile docker start [options] CONTAINER -a, --attach # attach stdout/err -i, --interactive # attach stdin ``` 4. `docker stop` ``` dockerfile # Start/stop a container. docker stop [options] CONTAINER` ``` 5. `docker ps` ``` dockerfile # Manage containers using ps/kill. $ docker ps $ docker ps -a $ docker kill $ID ``` ### Images Example 1. `docker images` ``` dockerfile # Manages images $ docker images REPOSITORY TAG ID ubuntu 12.10 b750fe78269d me/myapp latest 7b2431a8d968 $ docker images -a # also show intermediate ``` 2. `docker rmi` ``` dockerfile # Deletes images. docker rmi b750fe78269d ``` ### docker-compose #### docker-compose.yml ``` yaml version: '2' services: web: build: . # build from Dockerfile context: ./Path dockerfile: Dockerfile ports: - "5000:5000" volumes: - .:/code redis: image: redis ``` **docker-compose commands** ``` dockerfile docker-compose start docker-compose stop docker-compose pause docker-compose unpause docker-compose ps docker-compose up docker-compose down ``` ### sevices ``` dockerfile # To view list of all the services runnning in swarm docker service ls ``` ``` dockerfile # # To see all running services docker stack services stack_name ``` ``` dockerfile # to see all services logs docker service logs stack_name service_name ``` ``` dockerfile # To scale services quickly across qualified node docker service scale stack_name_service_name=replicas ``` ### clean up ``` dockerfile # To clean or prune unused (dangling) images docker image prune ``` ``` dockerfile # # To remove all images which are not in use containers , add - a docker image prune -a ``` ``` dockerfile # To prune your entire system docker system prune ``` ``` dockerfile # To leave swarm docker swarm leave ``` ``` dockerfile # To remove swarm ( deletes all volume data and database info) docker stack rm stack_name ``` ``` dockerfile # # To kill all running containers docker kill $(docekr ps -q ) ``` ### Docker Security ``` dockerfile # Command line tool for Docker Scout docker scout ``` ``` dockerfile # Analyzes a software artifact for vulnerabilities docker scout cves [OPTIONS] IMAGE|DIRECTORY|ARCHIVE ``` ``` dockerfile # Display vulnerabilities from a docker save tarball docker save redis > redis.tar ``` ``` dockerfile # Display vulnerabilities from an OCI directory skopeo copy --override-os linux docker://alpine oci:redis ``` ``` dockerfile # Export vulnerabilities to a SARIF JSON file docker scout cves --format sarif --output redis.sarif.json redis ``` ``` dockerfile # Comparing two images docker scout compare --to redis:6.0 redis:6-bullseye ``` ``` dockerfile # # Displaying the Quick Overview of an Image docker scout quickview redis:6.0 ``` ### Docker Commands Cheatsheet ![](https://hackmd.io/_uploads/HJmhCzEdh.png)