hochun836/[docker] cmd

## [docker] cmd
# docker desktop
docker toolbox // win7
docker desktop for windows // win10 (include linux container & window container)
docker desktop for mac
=> ref: https://skychang.github.io/2017/01/06/Docker-Docker_for_Windows_10_First/

Q: can windows containers be hosted on linux?
A: no
=> ref: https://stackoverflow.com/questions/42158596/can-windows-containers-be-hosted-on-linux

# docker desktop for windows
hyper-v
wsl2 // windows subsystem for linux
=> ref: https://docs.docker.com/desktop/windows/install/
=> ref: https://adersaytech.com/windowsos-tutorial/hyper-v-virtual-machine.html
=> ref: https://kknews.cc/zh-tw/tech/44k2yvx.html

Q: how to install wsl2 in win10 ?
TEST SUCCESSFULLY
  win10 ver 10.0.19042.1165
  cpu intel core i7-9700
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
download https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi
wsl --set-default-version 2
install linux distribution from microsoft store
wsl -l // -l <=> --list
wsl -l -v // -v <=> --verbose
wsl -l -q // -q <=> --quiet
=> ref: https://docs.microsoft.com/zh-tw/windows/wsl/install-win10#manual-installation-steps
=> ref: https://github.com/microsoft/WSL/issues/4280

Q: can wsl2 and vmware be installed together in win10 ?
A: yes
TEST SUCCESSFULLY
  win10 ver 10.0.19042.1165
  cpu intel core i7-9700
  vmware ver 15.5.7
=> ref: https://stackoverflow.com/questions/39858200/vmware-workstation-and-device-credential-guard-are-not-compatible
=> ref: https://blogs.vmware.com/workstation/2020/05/vmware-workstation-now-supports-hyper-v-mode.html

Q: how to install docker desktop for windows in win10 in vmware ?
A: <win10-vm> | Settings | Processors | Virtualization engine | v "Virtualize Intel VT-x/EPT or AMD-V/RVI"
=> ref: https://dotblogs.com.tw/maduka/2014/07/07/145853

Q: how to migrate asp.net mvc applications to windows container
=> ref: https://dotblogs.com.tw/rainmaker/2017/01/05/181153
=> ref: https://docs.microsoft.com/en-us/aspnet/mvc/overview/deployment/docker-aspnetmvc
=> ref: https://docs.microsoft.com/en-us/archive/msdn-magazine/2017/april/containers-modernizing-traditional-net-apps-with-docker

Q: how to move docker images from C: to D:
docker info
Storage Driver: windowsfilter
Docker Root Dir: C:\ProgramData\Docker
=> ref: https://marcus116.blogspot.com/2019/03/change-download-docker-image-path.html

# base
a container is a process // use 'docker ps' to see running containers

# info
docker version
docker info
docker --help
docker <command> --help

# image
docker images
docker images -aq // a: all, q: quiet (only display image id)
docker images -f <filter> // f: filter
docker images -f "dangling=true"
docker images --format <format>
docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
docker images --no-trunc // don't truncate output
docker images --digests // show digests
docker search <term> // search the docker hub for images
docker pull <image>[:tag]
docker run <image> // run the image to create a container
docker run -d <image> // d: detach (run container in background and print container id)
docker run -p <local-port>:<container-port> <image> // p: port
docker run -P <image> // P: publish all exposed ports to random ports
docker run -v <local-path>:<container-path>[ro|rw] <image> // v: volume, ro: read-only, rw: read-write
docker run -v <container-path> <image> // <local-path> is using anonymous volume
docker run -v <volume-name>:<container-path> <image> // <local-path> is using named volume
docker run --volumes-from <container-id> [<container-id> ...] <image> // mount volumes from the specified container(s)
docker run --link <container-id> [<container-id> ...] <image> // add link to another container
docker run --network <network-name> <image> // connect a container to a network
docker run --hostname <hostname> <image> // change hostname in the container (ps. --hostname and --name are two things)
docker run --rm <image> // rm: automatically remove the container when it exits
docker run -e <image> // set environment variables
docker run --name <name> -it <image> [command] // i: interactive, t: tty, command like /bin/bash
docker cp <local-src-path> <container-id>:<dest-path>
docker cp <container-id>:<src-path> <local-dest-path>
docker rmi [-f] <image-id> [<image-id> ...]// remove image, f: force
docker rmi $(docker images -aq) // remove all images
docker rmi $(docker images -aq -f dangling=true) // remove all dangling images
=> ref: https://docs.docker.com/engine/reference/commandline/images/

# image (advanced)
docker image --help // here is image, not images
docker image inspect <image-id> // detail information ex. RootFS
docker commit -a <author> -m <message> <container-id>[:tag]
docker build --help
docker build -f <file> -t <name>[:tag] . // f: name of the dockerfile, t: name and optionally a tag in the 'name:tag' format
docker history <image-id> // show the dockerfile build phase of the image
docker tag <src-image>[:tag] <dest-image>[:tag]

# container
docker ps
docker ps -aq // a: all, q: quiet (only display container id)
docker start <container-id> // also can use container name
docker stop <container-id> // also can use container name
docker restart <container-id> // also can use container name
docker rm [-f] <container-id> [<container-id> ...] // remove container, f: force (force the removal of a running container)
docker rm $(docker ps -aq) // remove all containers
docker exec <container-id> [command] // run a command in a running container
docker exec -it <container-id> [command] // i: interactive, t: tty, command like /bin/bash
docker attach <container-id> // attach local standard input, output, and error streams to a running container

# info.
docker logs <container-id>
docker logs -f -t <container-id> // f: follow log output, t: show timestamps
docker logs -ft --tail <number> <container-id> // tail: number of lines to show from the end of the logs (default "all")
docker top <container-id> // show processes in the container
docker inspect <container-id> // detail information ex. HostConfig, Mounts, NetworkSettings, ...
docker stats // display a live stream of container(s) resource usage statistics

# volume
docker volume --help
docker volume create --help
docker volume create // create anonymous volume
docker volume create --name <name> // create named volume (ls -al /var/lib/docker/volumes/<name>/_data)
docker volume ls // show driver & volume name
docker volume inspect <volume-name>
docker volume rm <volume-name> // rm <=> remove
docker volume rm $(docker volume ls -q)

# network
docker network --help
docker network create --help
docker network create <network-name>
docker network create --subnet <subnet> --gateway <gateway> <network-name>
docker network ls // show network id & name & driver & scope
docker network inspect <network-name>
docker network rm <network-name> [<network-name> ...] // rm <=> remove
docker network connect --help
docker network connect <network-name> <container-id> // connect a container to a network

# dockerfile (one line one layer)
FROM
MAINTAINER
RUN

WORKDIR
COPY
ADD

EXPOSE
VOLUME
ENV

ENTRYPOINT
CMD

# docker hub
docker login -u <user> // prompt key in password
docker push <image>[:tag] // default tag: lastest
docker push -a -q <image> // a: all tags, q: quiet
docker tag <image>[:tag] <user>/<image>[:tag] // IMPORTANT: before push, tag image by using self account
docker logout

# docker compose (docker not builtin, need install)
docker-compose version
docker-compose --help
docker-compose config // validate and view the compose file
docker-compose build // build or rebuild services (see: docker images)
docker-compose pull // pull service images (see: docker images)
docker-compose create // create services
docker-compose up // create and start containers (see: docker ps, docker network ls)
docker-compose -f <file> up // f: specify an alternate compose file (default: docker-compose.yml)
docker-compose -p <project-name> up // p: specify an alternate project name (default: directory name)
docker-compose up --help
docker-compose up -d // d: detached mode
docker-compose start // start services (see: docker-compose ps, where state: up)
docker-compose stop // stop services (see: docker-compose ps, where state: exit)
docker-compose restart
docker-compose pause // pause services (see: docker-compose ps, where state: paused)
docker-compose unpause // unpause services (see: docker-compose ps, where state: up)
docker-compose down // stop and remove resources
docker-compose images // list images
docker-compose ps // list containers

# docker-compose.yml
version: "3.9"
services:
  web: # called service
    build: .
    ports:
      - "5000:5000"
  redis: # called service
    image: "redis:alpine"
=> ref: https://docs.docker.com/compose/compose-file/compose-file-v3/
=> ref: https://docs.docker.com/samples/wordpress/

# docker swarm (docker builtin)
docker swarm --help // manage swarm
docker swarm init --help // see: docker network ls, where name: 'docker_gwbridge' & 'ingress'
docker swarm init --advertise-addr <ip> // initialize a swarm
docker swarm join-token [worker|manager] // manage join tokens, this will display 'docker swarm join --token <token> <ip>:<port>'
docker swarm join --token <token> <ip>:<port> // join a swarm as a node and/or manager
docker swarm leave // leave the swarm (see: docker node ls, where state: down)
docker swarm leave -f // f: force
docker node --help // manage swarm nodes
docker node ls // show id & hostname & status & availability & manager status & engine version
docker node inspect [self|node-id]
docker service --help // manage services in swarm
docker service create --help // create a new service (depend on a swarm)
docker service create -p <local-port>:<service-port> --name <name> <image>
docker service create --mode <mode> <image> // service mode (replicated, global, replicated-job, or global-job) (default "replicated")
docker service ls // list services
docker service ps <service-name> // list the tasks of one or more services
docker service inspect <service-name>
docker service logs [service-name|task]
docker service update --replicas <num> <service-name>
docker service scale <service-name>=<replica-num> // <=> docker service update --replicas <num> <service-name>
docker service rm <service-name> // rm <=> remove
docker service rollback <service-name>
=> ref: https://docs.docker.com/engine/swarm/

# other
docker stack --help
docker secret --help
docker config --help

# [note] docker run <image>
step1. search image from local
step2. if not exist, download image from docker hub
ls -al /var/lib/docker/image/overlay2/imagedb/content/sha256/
ls -al /var/lib/docker/image/overlay2/layerdb/sha256/

# [note] customize network
docker network create --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet

# [note] containers communicate with each other
- under default network
by using container ip
- under non-default network (customized network)
by using container name
=> ref: https://stackoverflow.com/questions/74337646/fail-to-connect-to-mongodb-from-net-webapi-using-docker
=> ref: https://blog.maxkit.com.tw/2017/04/docker-network-alias_30.html

# [note] docker run --link vs. docker run --network
docker run -d --name tomcat01 tomcat
docker run -d --name tomcat02 --link tomcat01 tomcat
docker exec tomcat02 ping tomcat01 // ok
docker exec tomcat01 ping tomcat02 // not work
docker run -d --name tomcat03 --network mynet tomcat
docker run -d --name tomcat04 --network mynet tomcat
docker exec tomcat03 ping tomcat04 // ok
docker exec tomcat04 ping tomcat03 // ok

# [note] WARNING: IPv4 forwarding is disabled. Networking will not work.
systemctl status network
systemctl start network
iptables -L -v -n -t nat
systemctl restart docker // see: iptables -L

# [note] COPY vs. ADD
=> ref: https://www.cnblogs.com/sparkdev/p/9573248.html

# [note] ENTRYPOINT vs. CMD
ENTRYPOINT
  default: /bin/sh -c
  if multi, use the last one
  overrided by `docker run --entrypoint <ENTRYPOINT> <image>`
CMD
  if multi, use the last one
  overrided by `docker run <image> <CMD>`
IMPORTANT
  the ENTRYPOINT specifies a command that will always be executed when the container starts.
  the CMD specifies arguments that will be fed to the ENTRYPOINT.
=> ref: https://ithelp.ithome.com.tw/articles/10250988
=> ref: https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile

# [note] SHELL format vs. EXEC format
TODO:

# [note] multi stage build
prolicy: built image size is as small as possible
problem: when encountering languages which need to compile (ex. java, dotnet), how to write dockerfile ?
solution1: RUN install compiler and ADD compiled code in dockerfile // this makes image size larger
solution2: manually compile code, then ADD compiled code in dockerfile // inconvenient
solution3: dockerfile1 (RUN install compiler, RUN compile code)
           dockerfile2 (ADD compiled code) // inconvenient
solution4: use multi stage build
=> ref: https://blog.wu-boy.com/2017/04/build-minimal-docker-container-using-multi-stage-for-go-app/
=> ref: https://tachingchen.com/tw/blog/docker-multi-stage-builds/
=> ref: https://docs.docker.com/develop/develop-images/multistage-build/

# [note] scratch
FROM scratch
- when docker build
  see: No image was generated. Is your Dockerfile empty?

FROM scratch
ENTRYPOINT ["/bin/sh", "-c"]
- when docker build
  see: Successfully built
- when docker run
  see: (error) starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory"
=> ref: https://stackoverflow.com/questions/54820846/starting-container-process-caused-exec-bin-sh-stat-bin-sh-no-such-file/
=> ref: https://hub.docker.com/_/scratch

FROM debian:wheezy
- when docker build
  see: Successfully built
- when docker run
  see: no error

# [note] docker run --privileged
=> ref: https://mileslin.github.io/2019/05/%E5%9C%A8%E5%AE%B9%E5%99%A8%E4%B8%AD%E5%8F%96%E5%BE%97%E7%89%B9%E6%AC%8A%E5%AD%98%E5%8F%96%E6%AC%8A%E9%99%90/

# [note] microsoft docker hub
FROM microsoft/* // deprecate
FROM mcr.microsoft.com/* // now
=> ref: https://techcommunity.microsoft.com/t5/azure-developer-community-blog/deprecating-the-distribution-of-microsoft-container-images-via/ba-p/2366861

# [note] learn
=> ref: https://www.bilibili.com/video/BV1og4y1q7M4?p=1

# [observe] docker pull mysql
Using default tag: latest // default tag: latest
latest: Pulling from library/mysql
b4d181a07f80: Already exists
a462b60610f5: Pull complete // download image layer
578fafb77ab8: Pull complete
524046006037: Pull complete
d0cbe54c8855: Pull complete
aa18e05cc46d: Pull complete
32ca814c833f: Pull complete
9ecc8abdb7f5: Pull complete
ad042b682e0f: Pull complete
71d327c6bb78: Pull complete
165d1d10a3fa: Pull complete
2f40c47d0626: Pull complete
Digest: sha256:52b8406e4c32b8cf0557f1b74517e14c5393aff5cf0384eff62d9e81f4985d4b
Status: Downloaded newer image for mysql:latest // status: download
docker.io/library/mysql:latest // real address

# [observe] docker pull docker.io/library/mysql:latest
latest: Pulling from library/mysql
Digest: sha256:52b8406e4c32b8cf0557f1b74517e14c5393aff5cf0384eff62d9e81f4985d4b
Status: Image is up to date for mysql:latest // status: up to date
docker.io/library/mysql:latest

# [observe] docker pull mysql:5.7
5.7: Pulling from library/mysql
b4d181a07f80: Already exists // if exist, no necessary to download
a462b60610f5: Already exists
578fafb77ab8: Already exists
524046006037: Already exists
d0cbe54c8855: Already exists
aa18e05cc46d: Already exists
32ca814c833f: Already exists
52645b4af634: Pull complete // if not exist, download
bca6a5b14385: Pull complete
309f36297c75: Pull complete
7d75cacde0f8: Pull complete
Digest: sha256:1a2f9cd257e75cc80e9118b303d1648366bc2049101449bf2c8d82b022ea86b7
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7

# [observe] docker run --name centos01 -i centos
pwd
/
id
uid=0(root) gid=0(root) groups=0(root)
exit // work

# [observe] docker run --name centos02 -t centos
[root@5d78fa7ca6e0 /]# pwd // not work
id // not work
exit // not work

# [observe] docker run --name centos03 -it centos
[root@4f61616a44b2 /]# pwd // 4f61616a44b2 is the container id
/
[root@4f61616a44b2 /]# id
uid=0(root) gid=0(root) groups=0(root)
[root@4f61616a44b2 /]# exit
exit
[root@centos99 hadoop]# docker ps -a
CONTAINER ID   IMAGE     COMMAND       CREATED              STATUS                     PORTS     NAMES
4c6632270209   centos    "/bin/bash"   7 seconds ago        Exited (0) 4 seconds ago             centos03

# [observe] docker run --name centos04 -it centos
[root@67701342f172 /]# ctrl + p + q // different from exit
[root@centos99 hadoop]# docker ps -a
CONTAINER ID   IMAGE     COMMAND       CREATED         STATUS         PORTS     NAMES
96690bca74c0   centos    "/bin/bash"   6 seconds ago   Up 5 seconds             centos04
[root@centos99 hadoop]# docker logs centos04
[root@centos99 hadoop]#

# [observe] docker run --name centos05 -d centos /bin/bash -c 'while true; do echo 100; sleep 1; done'
[root@centos99 hadoop]# docker logs -ft centos05
2021-07-06T05:44:34.180442142Z 100
2021-07-06T05:44:35.182660679Z 100
2021-07-06T05:44:36.185160479Z 100
2021-07-06T05:44:37.187594590Z 100
2021-07-06T05:44:38.191985329Z 100
2021-07-06T05:44:39.194236768Z 100
2021-07-06T05:44:40.196883498Z 100
2021-07-06T05:44:41.201843446Z 100
2021-07-06T05:44:42.204546036Z 100
2021-07-06T05:44:43.208671976Z 100
^C
[root@centos99 hadoop]#
	# docker desktop
	docker toolbox // win7
	docker desktop for windows // win10 (include linux container & window container)
	docker desktop for mac
	=> ref: https://skychang.github.io/2017/01/06/Docker-Docker_for_Windows_10_First/

	Q: can windows containers be hosted on linux?
	A: no
	=> ref: https://stackoverflow.com/questions/42158596/can-windows-containers-be-hosted-on-linux

	# docker desktop for windows
	hyper-v
	wsl2 // windows subsystem for linux
	=> ref: https://docs.docker.com/desktop/windows/install/
	=> ref: https://adersaytech.com/windowsos-tutorial/hyper-v-virtual-machine.html
	=> ref: https://kknews.cc/zh-tw/tech/44k2yvx.html

	Q: how to install wsl2 in win10 ?
	TEST SUCCESSFULLY
	win10 ver 10.0.19042.1165
	cpu intel core i7-9700
	dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
	dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
	download https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi
	wsl --set-default-version 2
	install linux distribution from microsoft store
	wsl -l // -l <=> --list
	wsl -l -v // -v <=> --verbose
	wsl -l -q // -q <=> --quiet
	=> ref: https://docs.microsoft.com/zh-tw/windows/wsl/install-win10#manual-installation-steps
	=> ref: https://github.com/microsoft/WSL/issues/4280

	Q: can wsl2 and vmware be installed together in win10 ?
	A: yes
	TEST SUCCESSFULLY
	win10 ver 10.0.19042.1165
	cpu intel core i7-9700
	vmware ver 15.5.7
	=> ref: https://stackoverflow.com/questions/39858200/vmware-workstation-and-device-credential-guard-are-not-compatible
	=> ref: https://blogs.vmware.com/workstation/2020/05/vmware-workstation-now-supports-hyper-v-mode.html

	Q: how to install docker desktop for windows in win10 in vmware ?
	A: <win10-vm> \| Settings \| Processors \| Virtualization engine \| v "Virtualize Intel VT-x/EPT or AMD-V/RVI"
	=> ref: https://dotblogs.com.tw/maduka/2014/07/07/145853

	Q: how to migrate asp.net mvc applications to windows container
	=> ref: https://dotblogs.com.tw/rainmaker/2017/01/05/181153
	=> ref: https://docs.microsoft.com/en-us/aspnet/mvc/overview/deployment/docker-aspnetmvc
	=> ref: https://docs.microsoft.com/en-us/archive/msdn-magazine/2017/april/containers-modernizing-traditional-net-apps-with-docker

	Q: how to move docker images from C: to D:
	docker info
	Storage Driver: windowsfilter
	Docker Root Dir: C:\ProgramData\Docker
	=> ref: https://marcus116.blogspot.com/2019/03/change-download-docker-image-path.html

	# base
	a container is a process // use 'docker ps' to see running containers

	# info
	docker version
	docker info
	docker --help
	docker <command> --help

	# image
	docker images
	docker images -aq // a: all, q: quiet (only display image id)
	docker images -f <filter> // f: filter
	docker images -f "dangling=true"
	docker images --format <format>
	docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"
	docker images --no-trunc // don't truncate output
	docker images --digests // show digests
	docker search <term> // search the docker hub for images
	docker pull <image>[:tag]
	docker run <image> // run the image to create a container
	docker run -d <image> // d: detach (run container in background and print container id)
	docker run -p <local-port>:<container-port> <image> // p: port
	docker run -P <image> // P: publish all exposed ports to random ports
	docker run -v <local-path>:<container-path>[ro\|rw] <image> // v: volume, ro: read-only, rw: read-write
	docker run -v <container-path> <image> // <local-path> is using anonymous volume
	docker run -v <volume-name>:<container-path> <image> // <local-path> is using named volume
	docker run --volumes-from <container-id> [<container-id> ...] <image> // mount volumes from the specified container(s)
	docker run --link <container-id> [<container-id> ...] <image> // add link to another container
	docker run --network <network-name> <image> // connect a container to a network
	docker run --hostname <hostname> <image> // change hostname in the container (ps. --hostname and --name are two things)
	docker run --rm <image> // rm: automatically remove the container when it exits
	docker run -e <image> // set environment variables
	docker run --name <name> -it <image> [command] // i: interactive, t: tty, command like /bin/bash
	docker cp <local-src-path> <container-id>:<dest-path>
	docker cp <container-id>:<src-path> <local-dest-path>
	docker rmi [-f] <image-id> [<image-id> ...]// remove image, f: force
	docker rmi $(docker images -aq) // remove all images
	docker rmi $(docker images -aq -f dangling=true) // remove all dangling images
	=> ref: https://docs.docker.com/engine/reference/commandline/images/

	# image (advanced)
	docker image --help // here is image, not images
	docker image inspect <image-id> // detail information ex. RootFS
	docker commit -a <author> -m <message> <container-id>[:tag]
	docker build --help
	docker build -f <file> -t <name>[:tag] . // f: name of the dockerfile, t: name and optionally a tag in the 'name:tag' format
	docker history <image-id> // show the dockerfile build phase of the image
	docker tag <src-image>[:tag] <dest-image>[:tag]

	# container
	docker ps
	docker ps -aq // a: all, q: quiet (only display container id)
	docker start <container-id> // also can use container name
	docker stop <container-id> // also can use container name
	docker restart <container-id> // also can use container name
	docker rm [-f] <container-id> [<container-id> ...] // remove container, f: force (force the removal of a running container)
	docker rm $(docker ps -aq) // remove all containers
	docker exec <container-id> [command] // run a command in a running container
	docker exec -it <container-id> [command] // i: interactive, t: tty, command like /bin/bash
	docker attach <container-id> // attach local standard input, output, and error streams to a running container

	# info.
	docker logs <container-id>
	docker logs -f -t <container-id> // f: follow log output, t: show timestamps
	docker logs -ft --tail <number> <container-id> // tail: number of lines to show from the end of the logs (default "all")
	docker top <container-id> // show processes in the container
	docker inspect <container-id> // detail information ex. HostConfig, Mounts, NetworkSettings, ...
	docker stats // display a live stream of container(s) resource usage statistics

	# volume
	docker volume --help
	docker volume create --help
	docker volume create // create anonymous volume
	docker volume create --name <name> // create named volume (ls -al /var/lib/docker/volumes/<name>/_data)
	docker volume ls // show driver & volume name
	docker volume inspect <volume-name>
	docker volume rm <volume-name> // rm <=> remove
	docker volume rm $(docker volume ls -q)

	# network
	docker network --help
	docker network create --help
	docker network create <network-name>
	docker network create --subnet <subnet> --gateway <gateway> <network-name>
	docker network ls // show network id & name & driver & scope
	docker network inspect <network-name>
	docker network rm <network-name> [<network-name> ...] // rm <=> remove
	docker network connect --help
	docker network connect <network-name> <container-id> // connect a container to a network

	# dockerfile (one line one layer)
	FROM
	MAINTAINER
	RUN

	WORKDIR
	COPY
	ADD

	EXPOSE
	VOLUME
	ENV

	ENTRYPOINT
	CMD

	# docker hub
	docker login -u <user> // prompt key in password
	docker push <image>[:tag] // default tag: lastest
	docker push -a -q <image> // a: all tags, q: quiet
	docker tag <image>[:tag] <user>/<image>[:tag] // IMPORTANT: before push, tag image by using self account
	docker logout

	# docker compose (docker not builtin, need install)
	docker-compose version
	docker-compose --help
	docker-compose config // validate and view the compose file
	docker-compose build // build or rebuild services (see: docker images)
	docker-compose pull // pull service images (see: docker images)
	docker-compose create // create services
	docker-compose up // create and start containers (see: docker ps, docker network ls)
	docker-compose -f <file> up // f: specify an alternate compose file (default: docker-compose.yml)
	docker-compose -p <project-name> up // p: specify an alternate project name (default: directory name)
	docker-compose up --help
	docker-compose up -d // d: detached mode
	docker-compose start // start services (see: docker-compose ps, where state: up)
	docker-compose stop // stop services (see: docker-compose ps, where state: exit)
	docker-compose restart
	docker-compose pause // pause services (see: docker-compose ps, where state: paused)
	docker-compose unpause // unpause services (see: docker-compose ps, where state: up)
	docker-compose down // stop and remove resources
	docker-compose images // list images
	docker-compose ps // list containers

	# docker-compose.yml
	version: "3.9"
	services:
	web: # called service
	build: .
	ports:
	- "5000:5000"
	redis: # called service
	image: "redis:alpine"
	=> ref: https://docs.docker.com/compose/compose-file/compose-file-v3/
	=> ref: https://docs.docker.com/samples/wordpress/

	# docker swarm (docker builtin)
	docker swarm --help // manage swarm
	docker swarm init --help // see: docker network ls, where name: 'docker_gwbridge' & 'ingress'
	docker swarm init --advertise-addr <ip> // initialize a swarm
	docker swarm join-token [worker\|manager] // manage join tokens, this will display 'docker swarm join --token <token> <ip>:<port>'
	docker swarm join --token <token> <ip>:<port> // join a swarm as a node and/or manager
	docker swarm leave // leave the swarm (see: docker node ls, where state: down)
	docker swarm leave -f // f: force
	docker node --help // manage swarm nodes
	docker node ls // show id & hostname & status & availability & manager status & engine version
	docker node inspect [self\|node-id]
	docker service --help // manage services in swarm
	docker service create --help // create a new service (depend on a swarm)
	docker service create -p <local-port>:<service-port> --name <name> <image>
	docker service create --mode <mode> <image> // service mode (replicated, global, replicated-job, or global-job) (default "replicated")
	docker service ls // list services
	docker service ps <service-name> // list the tasks of one or more services
	docker service inspect <service-name>
	docker service logs [service-name\|task]
	docker service update --replicas <num> <service-name>
	docker service scale <service-name>=<replica-num> // <=> docker service update --replicas <num> <service-name>
	docker service rm <service-name> // rm <=> remove
	docker service rollback <service-name>
	=> ref: https://docs.docker.com/engine/swarm/

	# other
	docker stack --help
	docker secret --help
	docker config --help

	# [note] docker run <image>
	step1. search image from local
	step2. if not exist, download image from docker hub
	ls -al /var/lib/docker/image/overlay2/imagedb/content/sha256/
	ls -al /var/lib/docker/image/overlay2/layerdb/sha256/

	# [note] customize network
	docker network create --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet

	# [note] containers communicate with each other
	- under default network
	by using container ip
	- under non-default network (customized network)
	by using container name
	=> ref: https://stackoverflow.com/questions/74337646/fail-to-connect-to-mongodb-from-net-webapi-using-docker
	=> ref: https://blog.maxkit.com.tw/2017/04/docker-network-alias_30.html

	# [note] docker run --link vs. docker run --network
	docker run -d --name tomcat01 tomcat
	docker run -d --name tomcat02 --link tomcat01 tomcat
	docker exec tomcat02 ping tomcat01 // ok
	docker exec tomcat01 ping tomcat02 // not work
	docker run -d --name tomcat03 --network mynet tomcat
	docker run -d --name tomcat04 --network mynet tomcat
	docker exec tomcat03 ping tomcat04 // ok
	docker exec tomcat04 ping tomcat03 // ok

	# [note] WARNING: IPv4 forwarding is disabled. Networking will not work.
	systemctl status network
	systemctl start network
	iptables -L -v -n -t nat
	systemctl restart docker // see: iptables -L

	# [note] COPY vs. ADD
	=> ref: https://www.cnblogs.com/sparkdev/p/9573248.html

	# [note] ENTRYPOINT vs. CMD
	ENTRYPOINT
	default: /bin/sh -c
	if multi, use the last one
	overrided by `docker run --entrypoint <ENTRYPOINT> <image>`
	CMD
	if multi, use the last one
	overrided by `docker run <image> <CMD>`
	IMPORTANT
	the ENTRYPOINT specifies a command that will always be executed when the container starts.
	the CMD specifies arguments that will be fed to the ENTRYPOINT.
	=> ref: https://ithelp.ithome.com.tw/articles/10250988
	=> ref: https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile

	# [note] SHELL format vs. EXEC format
	TODO:

	# [note] multi stage build
	prolicy: built image size is as small as possible
	problem: when encountering languages which need to compile (ex. java, dotnet), how to write dockerfile ?
	solution1: RUN install compiler and ADD compiled code in dockerfile // this makes image size larger
	solution2: manually compile code, then ADD compiled code in dockerfile // inconvenient
	solution3: dockerfile1 (RUN install compiler, RUN compile code)
	dockerfile2 (ADD compiled code) // inconvenient
	solution4: use multi stage build
	=> ref: https://blog.wu-boy.com/2017/04/build-minimal-docker-container-using-multi-stage-for-go-app/
	=> ref: https://tachingchen.com/tw/blog/docker-multi-stage-builds/
	=> ref: https://docs.docker.com/develop/develop-images/multistage-build/

	# [note] scratch
	FROM scratch
	- when docker build
	see: No image was generated. Is your Dockerfile empty?

	FROM scratch
	ENTRYPOINT ["/bin/sh", "-c"]
	- when docker build
	see: Successfully built
	- when docker run
	see: (error) starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory"
	=> ref: https://stackoverflow.com/questions/54820846/starting-container-process-caused-exec-bin-sh-stat-bin-sh-no-such-file/
	=> ref: https://hub.docker.com/_/scratch

	FROM debian:wheezy
	- when docker build
	see: Successfully built
	- when docker run
	see: no error

	# [note] docker run --privileged
	=> ref: https://mileslin.github.io/2019/05/%E5%9C%A8%E5%AE%B9%E5%99%A8%E4%B8%AD%E5%8F%96%E5%BE%97%E7%89%B9%E6%AC%8A%E5%AD%98%E5%8F%96%E6%AC%8A%E9%99%90/

	# [note] microsoft docker hub
	FROM microsoft/* // deprecate
	FROM mcr.microsoft.com/* // now
	=> ref: https://techcommunity.microsoft.com/t5/azure-developer-community-blog/deprecating-the-distribution-of-microsoft-container-images-via/ba-p/2366861

	# [note] learn
	=> ref: https://www.bilibili.com/video/BV1og4y1q7M4?p=1

	# [observe] docker pull mysql
	Using default tag: latest // default tag: latest
	latest: Pulling from library/mysql
	b4d181a07f80: Already exists
	a462b60610f5: Pull complete // download image layer
	578fafb77ab8: Pull complete
	524046006037: Pull complete
	d0cbe54c8855: Pull complete
	aa18e05cc46d: Pull complete
	32ca814c833f: Pull complete
	9ecc8abdb7f5: Pull complete
	ad042b682e0f: Pull complete
	71d327c6bb78: Pull complete
	165d1d10a3fa: Pull complete
	2f40c47d0626: Pull complete
	Digest: sha256:52b8406e4c32b8cf0557f1b74517e14c5393aff5cf0384eff62d9e81f4985d4b
	Status: Downloaded newer image for mysql:latest // status: download
	docker.io/library/mysql:latest // real address

	# [observe] docker pull docker.io/library/mysql:latest
	latest: Pulling from library/mysql
	Digest: sha256:52b8406e4c32b8cf0557f1b74517e14c5393aff5cf0384eff62d9e81f4985d4b
	Status: Image is up to date for mysql:latest // status: up to date
	docker.io/library/mysql:latest

	# [observe] docker pull mysql:5.7
	5.7: Pulling from library/mysql
	b4d181a07f80: Already exists // if exist, no necessary to download
	a462b60610f5: Already exists
	578fafb77ab8: Already exists
	524046006037: Already exists
	d0cbe54c8855: Already exists
	aa18e05cc46d: Already exists
	32ca814c833f: Already exists
	52645b4af634: Pull complete // if not exist, download
	bca6a5b14385: Pull complete
	309f36297c75: Pull complete
	7d75cacde0f8: Pull complete
	Digest: sha256:1a2f9cd257e75cc80e9118b303d1648366bc2049101449bf2c8d82b022ea86b7
	Status: Downloaded newer image for mysql:5.7
	docker.io/library/mysql:5.7

	# [observe] docker run --name centos01 -i centos
	pwd
	/
	id
	uid=0(root) gid=0(root) groups=0(root)
	exit // work

	# [observe] docker run --name centos02 -t centos
	[root@5d78fa7ca6e0 /]# pwd // not work
	id // not work
	exit // not work

	# [observe] docker run --name centos03 -it centos
	[root@4f61616a44b2 /]# pwd // 4f61616a44b2 is the container id
	/
	[root@4f61616a44b2 /]# id
	uid=0(root) gid=0(root) groups=0(root)
	[root@4f61616a44b2 /]# exit
	exit
	[root@centos99 hadoop]# docker ps -a
	CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
	4c6632270209 centos "/bin/bash" 7 seconds ago Exited (0) 4 seconds ago centos03

	# [observe] docker run --name centos04 -it centos
	[root@67701342f172 /]# ctrl + p + q // different from exit
	[root@centos99 hadoop]# docker ps -a
	CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
	96690bca74c0 centos "/bin/bash" 6 seconds ago Up 5 seconds centos04
	[root@centos99 hadoop]# docker logs centos04
	[root@centos99 hadoop]#

	# [observe] docker run --name centos05 -d centos /bin/bash -c 'while true; do echo 100; sleep 1; done'
	[root@centos99 hadoop]# docker logs -ft centos05
	2021-07-06T05:44:34.180442142Z 100
	2021-07-06T05:44:35.182660679Z 100
	2021-07-06T05:44:36.185160479Z 100
	2021-07-06T05:44:37.187594590Z 100
	2021-07-06T05:44:38.191985329Z 100
	2021-07-06T05:44:39.194236768Z 100
	2021-07-06T05:44:40.196883498Z 100
	2021-07-06T05:44:41.201843446Z 100
	2021-07-06T05:44:42.204546036Z 100
	2021-07-06T05:44:43.208671976Z 100
	^C
	[root@centos99 hadoop]#