Docker Notes

docker-notes.md

🐋 Docker Notes

Author: Kevin Chhay

📑 Table of Contents

1. Introduction
2. Installation
3. Public Registries
4. Docker CLI Command Reference
5. Dockerfile

ℹ️ Introduction

https://docs.docker.com/get-started/overview/

🛠️ Installation

1. Docker Desktop. Mac | Apple Silicon | Windows | Linux
2. Docker for Visual Studio Code

Docker Desktop WSL 2 backend (Optional)

https://docs.docker.com/desktop/windows/wsl/

📦 Public Registries

Find base images here

• Docker Hub
  • AWS Lambda base images for NodeJS
• Amazon ECR Public Gallery
  • AWS Lambda base images for NodeJS

💻 Docker CLI Command Reference

docker help

Use docker help or docker --help to get an overview of available commands.

docker attach

https://docs.docker.com/engine/reference/commandline/attach/

Attach local standard input, output, and error streams to a running container

docker attach [OPTIONS] CONTAINER

docker build

https://docs.docker.com/engine/reference/commandline/build/

Build an image from a Dockerfile

docker build [OPTIONS] PATH | URL | -

Options

https://docs.docker.com/engine/reference/commandline/build/#options

Name, shorthand	Default	Description
--tag, -t		Name and optionally a tag in the 'name:tag' format

Example

# First navigate to directory with a Dockerfile
docker build .

Add a tag

docker build -t name:tagname .

docker cp

https://docs.docker.com/engine/reference/commandline/cp/

Copy files/folders between a container and the local filesystem

docker cp [options] CONTAINER:SRC_PATH DEST_PATH|-

Example

Copy a local file into container

docker cp ./file.txt CONTAINER:/dir

Copy files from container to local path

docker cp CONTAINER:/var/logs/ /tmp/app_logs

docker image prune

https://docs.docker.com/engine/reference/commandline/image_prune/

Remove unused images

docker image prune [OPTIONS]

Options

https://docs.docker.com/engine/reference/commandline/image_prune/#options

Name, shorthand	Default	Description
--all, -a		Remove all unused images, not just dangling ones

docker login

https://docs.docker.com/engine/reference/commandline/login/

Log in to a Docker registry

docker login [OPTIONS] [SERVER]

Example

docker login

docker ps

https://docs.docker.com/engine/reference/commandline/ps/

List containers

docker ps [options]

Options

https://docs.docker.com/engine/reference/commandline/ps/#options

Name, shorthand	Default	Description
--all, -a		Show all containers (default shows just running)

Example

Show both running and stopped containers

docker ps -a
# CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

docker pull

https://docs.docker.com/engine/reference/commandline/pull/

Pull an image or a repository from a registry

docker pull [OPTIONS] NAME[:TAG|@DIGEST]

docker push

https://docs.docker.com/engine/reference/commandline/push/

Push an image or a repository to a registry

docker push [OPTIONS] NAME[:TAG]

Example

Pushing a Docker container image to Docker Hub

Make sure you're login first. See docker login.

⚠️ Note: To push an image to Docker Hub, you must first name your local image using your Docker Hub username and the repository name that you created through Docker Hub on the web.

Name your local images using one of these methods:

• When you build them, using docker build -t <hub-user>/<repo-name>[:<tag>]
• By re-tagging an existing local image docker tag <existing-image> <hub-user>/<repo-name>[:<tag>]
• By using docker commit <existing-container> <hub-user>/<repo-name>[:<tag>] to commit changes

Now you can push this repository to the registry designated by its name or tag.

docker push <hub-user>/<repo-name>:<tag>

Example

docker push kevinc/hello-world:latest

docker rm

https://docs.docker.com/engine/reference/commandline/rm/

Remove one or more containers

docker rm [OPTIONS] CONTAINER [CONTAINER...]

Options

https://docs.docker.com/engine/reference/commandline/rm/#options

Name, shorthand	Default	Description
--volumes, -v		Remove anonymous volumes associated with the container

docker rmi

https://docs.docker.com/engine/reference/commandline/rmi/

Remove one or more images

docker rmi [OPTIONS] IMAGE [IMAGE...]

docker run

https://docs.docker.com/engine/reference/commandline/run/

Run a command in a new container

⚠️ Note: Defaults to attached mode.

docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]

Options

https://docs.docker.com/engine/reference/commandline/run/#options

Name, shorthand	Default	Description
--detach, -d		Run container in background and print container ID
--interactive, -i		Keep STDIN open even if not attached
--name		Assign a name to the container
--publish list, -p		Publish a container's port(s) to the host
--rm		Automatically remove the container when it exits
--tty, -t		Allocate a pseudo-TTY

Examples

Publish port

# This binds port 80 of the container to TCP port 3000 of the host machine.
docker run -p 3000:80 image

Allocate pseudo-TTY; Interactive mode

# The -it instructs Docker to allocate a pseudo-TTY connected to the container’s stdin; creating an interactive bash shell in the container.
docker run -it image

docker start

https://docs.docker.com/engine/reference/commandline/start/

Start one or more stopped containers

⚠️ Note: Defaults to detached mode.

docker start [OPTIONS] CONTAINER [CONTAINER...]

Options

https://docs.docker.com/engine/reference/commandline/start/#options

Name, shorthand	Default	Description
--attach, -a		Attach STDOUT/STDERR and forward signals
--interactive, -i		Attach container's STDIN

Example

docker start my_container

Start container in interactive mode

docker start -ai my_container

docker stop

https://docs.docker.com/engine/reference/commandline/stop/

Stop one or more running containers

docker stop [OPTIONS] CONTAINER [CONTAINER...]

Example

docker stop my_container

docker tag

https://docs.docker.com/engine/reference/commandline/tag/

Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE

docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

Example

Tag an image referenced by Name and Tag

docker tag demo-app:latest kevinc/hello-world

📝 Dockerfile

FROM

https://docs.docker.com/engine/reference/builder/#from

The FROM instruction initializes a new build stage and sets the Base Image for subsequent instructions. As such, a valid Dockerfile must start with a FROM instruction. The image can be any valid image – it is especially easy to start by pulling an image from the Public Repositories.

FROM [--platform=<platform>] <image> [AS <name>]

or

FROM [--platform=<platform>] <image>[:<tag>] [AS <name>]

or

FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]

Example

# Creates a layer from the lambda/nodejs:14 AWS Lambda base image for NodeJS
FROM public.ecr.aws/lambda/nodejs:14

WORKDIR

https://docs.docker.com/engine/reference/builder/#workdir

The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile. If the WORKDIR doesn’t exist, it will be created even if it’s not used in any subsequent Dockerfile instruction.

WORKDIR /path/to/workdir

Example

WORKDIR /app

COPY

https://docs.docker.com/engine/reference/builder/#copy

The COPY instruction copies new files or directories from and adds them to the filesystem of the container at the path .

Multiple resources may be specified but the paths of files and directories will be interpreted as relative to the source of the context of the build.

⚠️ Note: The --chown feature is only supported on Dockerfiles used to build Linux containers, and will not work on Windows containers. Since user and group ownership concepts do not translate between Linux and Windows, the use of /etc/passwd and /etc/group for translating user and group names to IDs restricts this feature to only be viable for Linux OS-based containers.

COPY [--chown=<user>:<group>] <src>... <dest>

or

COPY [--chown=<user>:<group>] ["<src>",... "<dest>"]

Example

# Assumes there is a package.json file in the app directory. 
# The AWS base images provide the following environment variables:
# LAMBDA_TASK_ROOT=/var/task
# LAMBDA_RUNTIME_DIR=/var/runtime
COPY . ${LAMBDA_TASK_ROOT}

RUN

https://docs.docker.com/engine/reference/builder/#run

The RUN instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be used for the next step in the Dockerfile.

Layering RUN instructions and generating commits conforms to the core concepts of Docker where commits are cheap and containers can be created from any point in an image’s history, much like source control.

RUN <command>

Example

Install NPM dependencies

RUN npm install

EXPOSE

https://docs.docker.com/engine/reference/builder/#expose

The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.

⚠️ Note: The EXPOSE instruction does not actually publish the port. It functions as a type of documentation between the person who builds the image and the person who runs the container, about which ports are intended to be published. To actually publish the port when running the container, use the -p flag on docker run to publish and map one or more ports, or the -P flag to publish all exposed ports and map them to high-order ports.

EXPOSE <port> [<port>/<protocol>...]

Example

# EXPOSE instruction does not actually publish the port.  See note above.
EXPOSE 80

CMD

https://docs.docker.com/engine/reference/builder/#cmd

There can only be one CMD instruction in a Dockerfile. If you list more than one CMD then only the last CMD will take effect.

The main purpose of a CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well.

CMD ["executable","param1","param2"]

Example

# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
CMD [ "index.handler" ]