Source:
- Learning Docker (Book)
- Authors: Jeeva S. Chelladhurai, Vinod Singh, Pethuru Raj
Useful commands include: docker network connect
, docker network create
, docker network disconnect
, docker network inspect
, docker network ls
, and docker network rm
.
Default networks include:
- bridge
- This is the default network.
- Two interfaces are created here:
- The loopback interface (lo)
- The ethernet interface (eth0)
- This is the interface used for container-to-container and container-to-host communication.
- host
- The container gets attached to the host network configuration and shares its IP and ports.
- none
- In this mode, only a loopback interface is added to the container.
- Therefore, the container is kept isolated from other containers and the external world.
In addition to the none, host, and bridge networking modes, Docker also supports the
overlay
,macvlan
, andipvlan
network modes.
To attach a container to a user defined network, we need to pass the --net
option to the docker run
command.
We need to bind the container's port to the host interface. The -p
option of the docker run
commands gives us this option.
Syntax:
$ sudo docker run -d -p <host port>:<container port> <image name>
This option will bind port 80 on the host to port 80 on the container for all IP addresses on the host. If we want to define a specific IP address, we can use the following syntax:
$ sudo docker run -d -p <host IP>:<host port>:<container port> <image name>
Example:
$ sudo docker run -d -p 198.51.100.73:80:80 apache2
TIP!
If, instead, we use the following syntax:
$ sudo docker run -d -p <container port> <image name>
Docker will automatically handle any ports from the host to our containers. That's is pretty useful to run multiple containers for the same service and use load control and autoscalling. Careful though, since this option will map any IP and any port on the host to our containers. If we still want to map a predefined IP address, we need to use the following syntax:$ sudo docker run -d -p <host IP>::<container port> <image name>
The general norm of network communication is to expose any service through a predefined port number so that anybody knows the IP address, and the port number can easily access the offered service. Whereas, here the port numbers are autogenerated and as a result, the outside world cannot directly reach the offered service. So, the primary purpose of this method of container creation is to achieve autoscaling, and the container created in this fashion would be interfaced with a proxy or load balance service on a predefined port.
Furthermore, despite the -p
parameter, we can also configure the ports for our container using Dockerfile
and the EXPOSE
method.
Yet, the
EXPOSE
instruction by itself cannot create a port binding on the Docker host. In order to create a port binding for the port declared using the EXPOSE instruction, the Docker Engine provides a-P
option in the docker run subcommand.
The -P option of the docker run subcommand does not take any additional arguments, such as an IP address or a port number; consequently, fine-tuning of the port binding is not possible, such as the -p option of the docker run subcommand. You can always resort to the -p option of the docker run subcommand if fine-tuning of port binding is critical to you.
When a container is committed, it saves the filesystem of the container and deliberately does not save the filesystem of the data volumes. Therefore, any data stored in the data volume will be lost in this process. So, never use a data volume as a storage during the build process.
With docker-compose, you define your application's components (their containers, configuration, links, volumes, and so on) in a single file, and then, you can spin everything up with a single command, which does everything to get it up and running.
Main file: docker-compose.yml
Format:
version: "<version>"
services:
<service>:
<key>: <value>
<key>:
- <value>
- <value>
networks:
<network>:
<key>: <value>
volumes:
<volume>:
<key>: <value>
Keys supported by the docker-compose
file version 3.
- image: This is the tag or image ID.
- build: This is the path to a directory containing a Dockerfile.
- command: This key overrides the default command.
- deploy: This key has many subkeys and is used to specify deployment configuration. This is used only in the docker swarm mode.
- depends_on: This is used to specify the dependencies between services. It can be further extended to chain services based on their conditions.
- cap_add: This adds a capability to the container.
- cap_drop: This drops a capability of the container.
- dns: This sets custom DNS servers.
- dns_search: This sets custom DNS search servers.
- entrypoint: This key overrides the default entrypoint.
- env_file: This key lets you add environment variables through files.
- environment: This adds environment variables and uses either an array or a dictionary.
- expose: This key exposes ports without publishing them to the host machine.
- extends: This extends another service defined in the same or a different configuration file.
- extra_hosts: This enables you to add additional hosts to /etc/hosts inside the container.
- healthcheck: This allows us to configure the service health check.
- labels: This key lets you add metadata to your container.
- links: This key links to containers in another service. Usage of links is strongly discouraged.
- logging: This is used to configure the logging for the service.
- network: This is used to join the service to the network defined in the top-level networks key.
- pid: This enables the PID space sharing between the host and the containers.
- ports: This key exposes ports and specifies both the HOST_port:CONTAINER_port ports.
- volumes: This key mounts path or named volumes. The named volumes need to be defined in the top-level volumes key.
Syntax:
docker-compose [<options>] <command> [<args>...]
List of options:
- -f, --file : This specifies an alternate file for docker-compose (default is the docker-compose.yml file)
- -p, --project-name : This specifies an alternate project name (default is the directory name)
- --verbose: This shows more output
- -v, --version: This prints the version and exits
- -H, --host : This is to specify the daemon socket to connect to
- -tls, --tlscacert, --tlskey, and --skip-hostname-check: The docker-compose tool also supports these flags for Transport Layer Security (TLS)
List of commands:
- build: This command builds or rebuilds services.
- bundle: This is used to create a Docker bundle from the compose file, this is still an experimental feature on Docker 1.13.
- config: This is a command to validate and display the compose file.
- create: This creates the services defined in the compose file.
- down: This command is used to stop and remove containers and networks.
- events: This can be used to view the real-time container life cycle events.
- exec: This enables you to run a command in a running container. It is used predominantly for debugging purposes.
- kill: This command kills running containers.
- logs: This displays the output from the containers.
- pause: This command is used to pause services.
- port: This prints the public port for a port binding.
- ps: This lists the containers.
- pull: This command pulls the images from the repository.
- push: This command pushes the images to the repository.
- restart: This is used to restart the services defined in the compose file.
- rm: This removes the stopped containers.
- run: This runs a one-off command.
- scale: This sets a number of containers for a service.
- start: This command starts services defined in the compose file.
- stop: This stops services.
- unpause: This command is used to unpause services.
- up: This creates and starts containers.
- version: This prints the version of Docker Compose.
Source:
docker rmi -f $(docker images -q)