Docker Containers Basic Notes

Docker Introduction

Docker

Docker is an open-source containerization platform, used for building, deploying, and running applications, using lightweight, portable containers.

Containers

A container is a standard unit of software bundled with dependencies so that applications can be deployed fast and reliably between different computing platforms.

Features of containers :

• Docker containers consist of applications and all their dependencies.
• They share the kernel and system resources with other containers and run as isolated systems in the host operating system.
• The main aim of docker containers is to get rid of the infrastructure dependency while deploying and running applications. This means that any containerized application can run on any platform irrespective of the infrastructure being used beneath.
• Applications are safer in containers and Docker provides the strongest default isolation capabilities in the industry.
• Technically, they are just the runtime instances of docker images.

Containerization

• Containerization is a type of Virtualization which brings virtualization to the operating system level.
• While Virtualization brings abstraction to the hardware, Containerization brings abstraction to the operating system.

Docker Architecture

Docker Architecture consists of a Docker Engine which is a client-server application with three major components:

• Docker Daemon: A persistent background process that manages Docker images, containers, networks, and storage volumes. The Docker daemon constantly listens for Docker API requests and processes them.
• Docker Engine REST API: An API used by applications to interact with the Docker daemon; it can be accessed by an HTTP client.
• Docker CLI: A CLI client for interacting with the Docker daemon. It greatly simplifies how you manage container instances and is one of the key reasons why developers love using Docker.

Docker Image

• They are executable packages bundled with application code & dependencies, software packages etc. for the purpose of creating containers.
• Docker images can be deployed to any docker environment and the containers can be spun up there to run the application.

DockerFile

It is a text file that contains all commands which needs to be run to build an image.

Docker Basic Commands

Basic command usages

• docker images : Lists images locally
• docker run : command to create a new container
• docker ps : Lists running container
• docker ps -a : Lists all the containers
• docker exec : executes commands on containers
• docker start/stop/restart/rm
• docker rmi : Removes docker images
• docker inspect : Details of container and image

Show information

$ docker info

or

$ docker info | less

Managing Containers

$ docker container <command>

Managing Images

$ docker image <command>

Defference between image and container

Docker Image is a set of files which has no state, whereas Docker Container is the instantiation of Docker Image. In other words, Docker Container is the run time instance of images.

or

In other words by using an object-oriented programming analogy, the difference between a Docker image and a Docker container is the same as that of the difference between a class and an object. An object is the runtime instance of a class. Similarly, a container is the runtime instance of an image.

List images

$ docker image ls

or

$ docker image ls -a

List containers

List only running containers

$ docker container ls

or

$ docker ps

List all containers

$ docker container ls -a

Pulling/Downloading Images from dockerhub

dockerhub is like github repository for docker images

$ docker pull <image_name>

Example : we are going to download nginx image

$ docker pull php

starting the nginx server

$ docker run -it -p 80:80 nginx

The above command first create a container of nginx image and run it. The options are :

• run : to run the image
• -it : In interactive mode
• -p 80:80 : where first port 80 means the nginx serve on port 80 at local system and second port 80 containers port 80 in whcih nginx run. We can access nginx server on

http://localhost:80

To stop it press Ctrl + C and it will stop.

Note : The above command will also create a container, now next time we can directly run the container by below command

$ docker container <start|stop|pause|kill> <Container_Name or Container_ID>

Note that at here we can not use 'run' command for already created container, (it is only used to run image file {which create container})

Creating container within image file directly

$ docker container run -it -p 80:80 --name Mynginx nginx

where '--name' followed with 'Mynginx' create a container named 'Mynginx' by using image 'nginx'

Running container Background

$ docker container run -d -p 8080:80 --name BKnginx nginx

• where '-d' option means detach

it can be accessble at

http://localhost:8080

Now to stop of pause container we can use the command :

$ docker container stop|pause BKnginx

where BKnginx is nothing but name of the container.

Automatically start container at startup

Do it when creating container

$ docker container run -d -p 8080:80 --name BKnginx nginx --restart=always

Do it on a alreay created container

$ docker update --restart=always 0576df221c0b

Delete/Rename Container

$ docker container rm <Container_ID/Container_Name>

$ docker container rename <Container_ID/Container_Name>

to remove a running container use '-f' option

$ docker container rm <Container_ID/Container_Name> -f

Deleteing all container at once

$ docker rm $(docker ps -aq) -f

Delete/Rename images

$ docker image rm <Image_ID/Image_Name>

$ docker image rename <Image_ID/Image_Name>

Getting a Bash shell on running container

$ docker container exec -it <Container_NAME_or_ID> bash

Mapping local directory into running container's directory

for example the Document root directory of nginx server is '/usr/share/nginx/html'. Now we can map our local directory into nginx Document root directory. But we have to do that at the time of creation of container

$ docker container run -d -p 8080:80 -v <local_directory>:<container_directory> <image_name_or_id>

Example

$ docker container run -d -p 8080:80 -v $(pwd):/usr/share/nginx/html --name nginx-website nginx

Now if we create any file in current directory '$(pwd)', then we can access it with nginx server

For exmaple :

http://localhost:8080/test.html

Pushing docker image into dockerhub

first login to your docker account by below command and give your username and password

$ docker login

then run below command :

$ docker push <image_name>

Creating docker image from an Updated/Customized Container (known as commiting)

$ docker commit <Container_Name> [NEW_IMAGE_NAME[:TAG]]

Example :

$ docker commit ubuntu101 ajay/ubuntu-updated:version1

Above command will create a new image named 'ajay/ubuntu-updated:version1' and to create a container from that image use :

$ docker run -it --name=UpdatedUbuntu ajay/ubuntu-updated:version1

Note we have to put the full name of image with tag otherwise docker will not recognize it.

More OPTIONS related to commit command can be found here : LINK

Trasnfering Images offline from one machine to another

Creating an Image file :

$ docker save -o image_file_name.docker ubuntu

After transfering the file offline from one machine to another, run below command on the destination machine :

$ docker load -i image_file_name.docker

Inspecting Docker Container Steps

Inspecting exposed ports of a docker container

docker inspect --format="{{json .}}" Container_Name | jq '.Config.ExposedPorts'

Some Docker Internals

• The running containers internals can be found at /var/lib/docker/containers/

Docker Mounts

Docker has two options for containers to store files in the hosy machine

• Bind Mounts : Stored anywhere on the host system, example :

-v HostDIR:DockerDIR

$ mkdir mysqlData   
$ docker pull mysql   
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v /home/centos/mysqlData:/var/lib/mysql mysql

• Volumes :
  • Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is /var/lib/docker/volumes on linux.
  • Volumes are created on the host machine and managed by Docker. Containers can read and write data to the volume, and the data will persist even if the container is deleted or recreated.

difference between docker mounts and volumes :

• Volumes are more portable and scalable than mounts, as they can be used to share data between containers running on different hosts or cloud providers. Volumes can also be backed up and managed more easily by Docker.
• Docker mounts are simpler and faster to set up, but are less portable and scalable than volumes.

Usage:  docker volume COMMAND

Manage volumes

Commands:
  create      Create a volume
  inspect     Display detailed information on one or more volumes
  ls          List volumes
  prune       Remove all unused local volumes
  rm          Remove one or more volumes

Example :

docker volume create MYSQL 
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v MYSQL:/var/lib/mysql mysql

Another way to mount volumes

$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v --mount source=MYSQL,target=/var/lib/mysql mysql

inspect docker volume

$ docker volume inspect MYSQL

[
    {
        "CreatedAt": "2022-12-10T08:42:48Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/MYSQL/_data",
        "Name": "MYSQL",
        "Options": {},
        "Scope": "local"
    }
]

Docker inspect and logs

inspect: Docker inspect command returns all the details about an image or a container.

docker inspect <image/container_name_or_id>

logs : Shows logs of a container.

docker logs containe_name__OR_id

Some Docker Internals

• The running containers internals can be found at /var/lib/docker/containers/

Docker Mounts

Docker has two options for containers to store files in the hosy machine

• Bind Mounts : Stored anywhere on the host system, example :

-v HostDIR:DockerDIR

$ mkdir mysqlData   
$ docker pull mysql   
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v /home/centos/mysqlData:/var/lib/mysql mysql

• Volumes :
  • Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is /var/lib/docker/volumes on linux.
  • Volumes are created on the host machine and managed by Docker. Containers can read and write data to the volume, and the data will persist even if the container is deleted or recreated.

Usage:  docker volume COMMAND

Manage volumes

Commands:
  create      Create a volume
  inspect     Display detailed information on one or more volumes
  ls          List volumes
  prune       Remove all unused local volumes
  rm          Remove one or more volumes

Example :

docker volume create MYSQL 
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v MYSQL:/var/lib/mysql mysql

Another way to mount volumes

$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v --mount source=MYSQL,target=/var/lib/mysql mysql

inspect docker volume

$ docker volume inspect MYSQL

[
    {
        "CreatedAt": "2022-12-10T08:42:48Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/MYSQL/_data",
        "Name": "MYSQL",
        "Options": {},
        "Scope": "local"
    }
]

Difference between docker mounts and volumes

• Volumes are more portable and scalable than mounts, as they can be used to share data between containers running on different hosts or cloud providers. Volumes can also be backed up and managed more easily by Docker.
• Docker mounts are simpler and faster to set up, but are less portable and scalable than volumes.

Docker inspect and logs

inspect: Docker inspect command returns all the details about an image or a container.

docker inspect <image/container_name_or_id>

logs : Shows logs of a container.

docker logs containe_name__OR_id

Docker networking

• By default docker container used bridge network mode docker0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:2c:1f:cc:7e  txqueuelen 0  (Ethernet)
        RX packets 158  bytes 8943 (8.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 148  bytes 715325 (715.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

• List docker network

$ docker network ls

You can also create another network to isolate containers from each other for example creating a new network driver for another container

Command: docker network create <network-interface>

$ docker network create secure-network 
// create a new container with the new network driver/interface
$ docker run --rm -d -p 8082:80 --name=webserver03 --network=secure-network nginx/v1

Now if we check the ip of newly created container the it is different

$ docker exec -it webserver03 bash

root@98fd5aa4281b:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.2  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:ac:12:00:02  txqueuelen 0  (Ethernet)
        RX packets 83  bytes 586507 (572.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 86  bytes 5756 (5.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

In the host system

br-bec48c6e1751: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:d0:b6:85:b4  txqueuelen 0  (Ethernet)
        RX packets 86  bytes 4552 (4.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 83  bytes 586507 (586.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The container created with secure-network (br-bec48c6e1751) network interface is not able to accessible from container with docker0 interface.

More detailed video on docker networking : https://www.youtube.com/watch?v=OU6xOM0SE4o