Docker: Running Containers, Images, and Best Practices

chapter 1

running docker containers

(some of the commands are the same as in linmux terminal)

the docker cli send instructions to the docker daemon

every command starts with docker

choosing docker container output

adding -it to docker run wilkl give us an interactive shell in the started container, exit to exit and stop the container.

detached container, by adding -d to docker run, it will run the container in the background giving us back control on the shell.

dockter ps shows us any running conteiner, stops to stop the container.

working with docker containers

if there is many containers.

named container, name flag for naming a container.

docker ps -f is a filter flagm “name=example”.

container logs to see the container output, for debugging.

docker logs -f for live logs.

dleaning and removing a conainer docker cntainer rm followed by the container id.

managing local docker images

docker hub is the worlds largest library for containers images

downloading an image is pulling an image. docker pull ubuntu for example, with ofcourse different version of the version followed by : and the verion.

listing images using docker images. and it will tell us where the image was created.

removing images using docker image rm followed by teh image name.

if we try to delete an image for which we still have a container in our image, we will get a warning inluding the container id.

it is commun to have multiple containers based on a single image, thus we will have to remove all cntainers one by one to remove the image, thus we can use docker container prune (removing all stopped containers) following by a docker image prune -a for all.

including dangling images, which are images that dont have a name

cleaning containers,

chapter 2

distributing docker images

private docker registries, no guarentee that they work or they are safe, the name starts witht the url of the private registry.

pushing to a registry using docker image push followed by the image name.

renameing an image using the docker tag.

authenticating against a registry, doker official image → no authentification needed

private docker repository → owner can choose.

docker login.

sending a docker image as files:

saving the image with the docker save which will create a minimize file, to load the file we use the docker load -i followed by the file name.

creating your own docker image

docker file (building) → docker images (run) → docker containers

text file with blueprint to create a running image

instructinons to container

create an image

a docker file always starts from another image, using the FROM instruction, building a dockerfile creates an image, using thecommand docker build. -t for tag flag followed by the name and a . for the current working directory.

customizing an image:

RUN <valid shell command> for example the apt-get for downloading all updates and software, or apt-get install python3.

-y to make sure it doesnt need any imput.

managing files in your image

copying files into an image using the COPY instructions we pass the path on the host followed by the destination.

we cannot copy files from a parent directory.(will lead to a failure)

downloading files instead from copying from loca directory, they are often downloaded in the image build.

download a file :

RUN curl followed by the file URL -o destination

unzip the file :

RUN unzip destination folder/file name .zip

a efficient way to download files is to do them in one signle commad using the / (for multiple lines) and &&(oneinst after another)

choosing a start command for your docker image

a start command is to execute any shell commnd when the image is running, usng the instruction CMD followed by the shell command.

it runs when the image is started, does not increase the size of the image, does not add any time to the build and if multiple exists only the last will have an effect.

typical uses is starting an application to run a workfow or that accepts outside cnnections.

it stops untill the shell command exists.

overriding the default start command, with the docker run followed by the imageand the shell command -it for interactivity

chapter 3

introduction to Docker caching

docker instructions are linked to the file system changes, each inst is linked to which changes it made in the inage file system.

all the changes for a single instructions are called docker layers, thus a docker image is all the layers created during a build.

docker reuses layers that havent changes.

sometimes images dont change after rebuild so docker caching can be very helpful.(not all layers need a rebuild)

changing users and working directory

FROM RUN and COPY instructions interact through the file system.

WORKDIR changes the working directory instead of the copy inst.

RUN in thecurrent working directory, set the workdir and then run ./path.

linux permissions, best practice is to create users with a specific permissions and stop using the root.

changing the user in an image, using the command USER followed by the user.

variables in Dockerfiles

ARG for setting varoables, to use the variable we prefix by $(linuxCLI).

use cases like the version of the packages, or the path of the wokring directory.

we can set them at the build time (the file).

ENV for creating variables, they are still accecble after the image build. for example a directory to be used at runtime.

no possible to overwrite them at build time. bbyy —env with the key and the value.

variables are shown in the bash history, we can get them in the docker history(they must be hidden well).

creating secure docker images

inherenet security.

additional security measures.

choosing the right image to start from:

docker official image.

verified publisher.

sponsored oss.

• keep imges minimal.
• uneseccary images

dont run apoplications as root.