Images are read-only templates, but you can diff and push them to save many versions. Containers are instances of images, that are also directories and usually a single running process.
Images can be layered, you start from a base and make changes. Containers are versioned so that you can make changes and save the filesystem state as a new Image.
You can poke around in a container before starting it running, and after it's died. You can attach or exec a shell into a container to find out what's going on.
Network is also virtualized so that several containers can communicate with each other, but this isn't visible outside unless configured to be.
# Dockerfile docker build -t $IMAGE docker images docker rm $IMAGE # find pre-made images docker search $TERM
docker run --name $CONTAINER -it $IMAGE docker ps # see history docker ps -a docker stop $CONTAINER docker container ls -a docker rm $CONTAINER
docker logs $CONTAINER docker attach $CONTAINER # warning control-C kill docker exec -it $CONTAINER /bin/bash # if running # quick little commands to inspect running container docker exec CONTAINER env docker exec CONTAINER ls docker exec CONTAINER ps fax docker exec CONTAINER ip addr show eth0 # if not running, starts a container and shells in # note entrypoint before image! docker run -it --entrypoint /bin/bash $CONTAINER # same but as root docker run -u root -it --entrypoint /bin/bash $IMAGE docker exec CONTAINER apt install net-tools # for netstat docker exec CONTAINER netstat -natp apt install -y binutils # shell stuff apt install -y busybox # same but lighter # others: procps, .. # check on a container's port mapping docker port $CONTAINER # entrypoints often end with exec "$@" so they can run whatever, eg. docker run -it $CONTAINER python manage.py migrate docker run -it $CONTAINER python manage.py /bin/bash # low-level details for many docker objects # eg. volume mounts docker inspect $CONTAINER # general: hack up entrypoint.sh for debugging
docker diff $CONTAINER docker commit $CONTAINER $IMAGE[:tag] docker images docker rmi $IMAGE
docker-compose build docker-compose create docker-compose start docker-compose ps docker-compose logs # or just docker-compose up docker-compose down
- Order of arguments is very important!
- On dev if you have a docker-compose with a "volume" you don't need a full rebuild for changes to our code.
- Warning: things have changed in docker and compose, so old tutorials are sometimes a bit wrong.
- Permissions and users can be super confusing, beware. |-
- Don't trust non-official pkgs, look closely
- nginx: needs to run as root, then switches user on it's own, so be careful to use sudo in entrypoint.sh
- CMD only runs the last one and silently ignores earlier. Also "CMD foo > out.bar" is "CMD ["sh", "-c", ..."
- Docker in 12 min video: https://www.youtube.com/watch?v=YFl2mCHdv24&list=FLhMiuJQ3n7PanRI62ibUkuQ&index=1&t=426s
- Dockerfile commands: https://docs.docker.com/engine/reference/builder/
- Docker Compose:
- Docker Compose in 12 min video: https://www.youtube.com/watch?v=Qw9zlE3t8Ko&t=271s
- Debugging: https://email@example.com/ten-tips-for-debugging-docker-containers-cde4da841a1d
- Future: Shipping Python Applications in Docker: https://orbifold.xyz/python-docker.html