Docker Containers Basic Notes

Table of contents
- Docker Introduction
- Docker Basic Commands
- Basic command usages
- Show information
- Managing Containers
- Managing Images
- Defference between image and container
- List images
- List containers
- Pulling/Downloading Images from dockerhub
- starting the nginx server
- Creating container within image file directly
- Running container Background
- Automatically start container at startup
- Delete/Rename Container
- Deleteing all container at once
- Delete/Rename images
- Getting a Bash shell on running container
- Mapping local directory into running container's directory
- Pushing docker image into dockerhub
- Creating docker image from an Updated/Customized Container (known as commiting)
- Trasnfering Images offline from one machine to another
- Inspecting Docker Container Steps
- Some Docker Internals
- Docker Mounts
- Docker inspect and logs
- Docker Mounts
- Docker inspect and logs
- Docker networking

Docker Introduction
Docker
Docker is an open-source containerization platform, used for building, deploying, and running applications, using lightweight, portable containers.
Containers
A container is a standard unit of software bundled with dependencies so that applications can be deployed fast and reliably between different computing platforms.
Features of containers :
- Docker containers consist of applications and all their dependencies.
- They share the kernel and system resources with other containers and run as isolated systems in the host operating system.
- The main aim of docker containers is to get rid of the infrastructure dependency while deploying and running applications. This means that any containerized application can run on any platform irrespective of the infrastructure being used beneath.
- Applications are safer in containers and Docker provides the strongest default isolation capabilities in the industry.
- Technically, they are just the runtime instances of docker images.
Containerization
- Containerization is a type of Virtualization which brings virtualization to the operating system level.
- While Virtualization brings abstraction to the hardware, Containerization brings abstraction to the operating system.
Docker Architecture
Docker Architecture consists of a Docker Engine which is a client-server application with three major components:
- Docker Daemon: A persistent background process that manages Docker images, containers, networks, and storage volumes. The Docker daemon constantly listens for Docker API requests and processes them.
- Docker Engine REST API: An API used by applications to interact with the Docker daemon; it can be accessed by an HTTP client.
- Docker CLI: A CLI client for interacting with the Docker daemon. It greatly simplifies how you manage container instances and is one of the key reasons why developers love using Docker.
Docker Image
- They are executable packages bundled with application code & dependencies, software packages etc. for the purpose of creating containers.
- Docker images can be deployed to any docker environment and the containers can be spun up there to run the application.
DockerFile
It is a text file that contains all commands which needs to be run to build an image.
Docker Basic Commands
Basic command usages
docker images
: Lists images locallydocker run
: command to create a new containerdocker ps
: Lists running containerdocker ps -a
: Lists all the containersdocker exec
: executes commands on containersdocker start/stop/restart/rm
docker rmi
: Removes docker imagesdocker inspect
: Details of container and image
Show information
$ docker info
or
$ docker info | less
Managing Containers
$ docker container <command>
Managing Images
$ docker image <command>
Defference between image and container
Docker Image is a set of files which has no state, whereas Docker Container is the instantiation of Docker Image. In other words, Docker Container is the run time instance of images.
or
In other words by using an object-oriented programming analogy, the difference between a Docker image and a Docker container is the same as that of the difference between a class and an object. An object is the runtime instance of a class. Similarly, a container is the runtime instance of an image.
List images
$ docker image ls
or
$ docker image ls -a
List containers
List only running containers
$ docker container ls
or
$ docker ps
List all containers
$ docker container ls -a
Pulling/Downloading Images from dockerhub
dockerhub is like github repository for docker images
$ docker pull <image_name>
Example : we are going to download nginx image
$ docker pull php
starting the nginx server
$ docker run -it -p 80:80 nginx
The above command first create a container of nginx image and run it. The options are :
- run : to run the image
- -it : In interactive mode
- -p 80:80 : where first port 80 means the nginx serve on port 80 at local system and second port 80 containers port 80 in whcih nginx run. We can access nginx server on
http://localhost:80
To stop it press Ctrl + C and it will stop.
Note : The above command will also create a container, now next time we can directly run the container by below command
$ docker container <start|stop|pause|kill> <Container_Name or Container_ID>
Note that at here we can not use 'run' command for already created container, (it is only used to run image file {which create container})
Creating container within image file directly
$ docker container run -it -p 80:80 --name Mynginx nginx
where '--name' followed with 'Mynginx' create a container named 'Mynginx' by using image 'nginx'
Running container Background
$ docker container run -d -p 8080:80 --name BKnginx nginx
- where '-d' option means detach
it can be accessble at
http://localhost:8080
Now to stop of pause container we can use the command :
$ docker container stop|pause BKnginx
where BKnginx is nothing but name of the container.
Automatically start container at startup
Do it when creating container
$ docker container run -d -p 8080:80 --name BKnginx nginx --restart=always
Do it on a alreay created container
$ docker update --restart=always 0576df221c0b
Delete/Rename Container
$ docker container rm <Container_ID/Container_Name>
$ docker container rename <Container_ID/Container_Name>
to remove a running container use '-f' option
$ docker container rm <Container_ID/Container_Name> -f
Deleteing all container at once
$ docker rm $(docker ps -aq) -f
Delete/Rename images
$ docker image rm <Image_ID/Image_Name>
$ docker image rename <Image_ID/Image_Name>
Getting a Bash shell on running container
$ docker container exec -it <Container_NAME_or_ID> bash
Mapping local directory into running container's directory
for example the Document root directory of nginx server is '/usr/share/nginx/html'. Now we can map our local directory into nginx Document root directory. But we have to do that at the time of creation of container
$ docker container run -d -p 8080:80 -v <local_directory>:<container_directory> <image_name_or_id>
Example
$ docker container run -d -p 8080:80 -v $(pwd):/usr/share/nginx/html --name nginx-website nginx
Now if we create any file in current directory '$(pwd)', then we can access it with nginx server
For exmaple :
http://localhost:8080/test.html
Pushing docker image into dockerhub
first login to your docker account by below command and give your username and password
$ docker login
then run below command :
$ docker push <image_name>
Creating docker image from an Updated/Customized Container (known as commiting)
$ docker commit <Container_Name> [NEW_IMAGE_NAME[:TAG]]
Example :
$ docker commit ubuntu101 ajay/ubuntu-updated:version1
Above command will create a new image named 'ajay/ubuntu-updated:version1' and to create a container from that image use :
$ docker run -it --name=UpdatedUbuntu ajay/ubuntu-updated:version1
Note we have to put the full name of image with tag otherwise docker will not recognize it.
More OPTIONS related to commit command can be found here : LINK
Trasnfering Images offline from one machine to another
Creating an Image file :
$ docker save -o image_file_name.docker ubuntu
After transfering the file offline from one machine to another, run below command on the destination machine :
$ docker load -i image_file_name.docker
Inspecting Docker Container Steps
Inspecting exposed ports of a docker container
docker inspect --format="{{json .}}" Container_Name | jq '.Config.ExposedPorts'
Some Docker Internals
- The running containers internals can be found at
/var/lib/docker/containers/
Docker Mounts
Docker has two options for containers to store files in the hosy machine
- Bind Mounts : Stored anywhere on the host system, example :
-v HostDIR:DockerDIR
$ mkdir mysqlData
$ docker pull mysql
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v /home/centos/mysqlData:/var/lib/mysql mysql
- Volumes :
- Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is
/var/lib/docker/volumes
on linux. - Volumes are created on the host machine and managed by Docker. Containers can read and write data to the volume, and the data will persist even if the container is deleted or recreated.
- Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is
difference between docker mounts and volumes :
- Volumes are more portable and scalable than mounts, as they can be used to share data between containers running on different hosts or cloud providers. Volumes can also be backed up and managed more easily by Docker.
- Docker mounts are simpler and faster to set up, but are less portable and scalable than volumes.
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
Example :
docker volume create MYSQL
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v MYSQL:/var/lib/mysql mysql
Another way to mount volumes
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v --mount source=MYSQL,target=/var/lib/mysql mysql
inspect docker volume
$ docker volume inspect MYSQL
[
{
"CreatedAt": "2022-12-10T08:42:48Z",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/MYSQL/_data",
"Name": "MYSQL",
"Options": {},
"Scope": "local"
}
]
Docker inspect and logs
inspect
: Docker inspect command returns all the details about an image or a container.
docker inspect <image/container_name_or_id>
logs
: Shows logs of a container.
docker logs containe_name__OR_id
Some Docker Internals
- The running containers internals can be found at
/var/lib/docker/containers/
Docker Mounts
Docker has two options for containers to store files in the hosy machine
- Bind Mounts : Stored anywhere on the host system, example :
-v HostDIR:DockerDIR
$ mkdir mysqlData
$ docker pull mysql
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v /home/centos/mysqlData:/var/lib/mysql mysql
- Volumes :
- Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is
/var/lib/docker/volumes
on linux. - Volumes are created on the host machine and managed by Docker. Containers can read and write data to the volume, and the data will persist even if the container is deleted or recreated.
- Docker volumes are file systems mounted on Docker containers to preserve data generated by the running container. The default location of volume is
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume
inspect Display detailed information on one or more volumes
ls List volumes
prune Remove all unused local volumes
rm Remove one or more volumes
Example :
docker volume create MYSQL
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v MYSQL:/var/lib/mysql mysql
Another way to mount volumes
$ docker run --rm -it --name mydb -p3306:3306 -e MYSQL_ROOT_PASSWORD=dbaccess -v --mount source=MYSQL,target=/var/lib/mysql mysql
inspect docker volume
$ docker volume inspect MYSQL
[
{
"CreatedAt": "2022-12-10T08:42:48Z",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/MYSQL/_data",
"Name": "MYSQL",
"Options": {},
"Scope": "local"
}
]
Difference between docker mounts and volumes
- Volumes are more portable and scalable than mounts, as they can be used to share data between containers running on different hosts or cloud providers. Volumes can also be backed up and managed more easily by Docker.
- Docker mounts are simpler and faster to set up, but are less portable and scalable than volumes.
Docker inspect and logs
inspect
: Docker inspect command returns all the details about an image or a container.
docker inspect <image/container_name_or_id>
logs
: Shows logs of a container.
docker logs containe_name__OR_id
Docker networking
- By default docker container used bridge network mode
docker0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:2c:1f:cc:7e txqueuelen 0 (Ethernet)
RX packets 158 bytes 8943 (8.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 148 bytes 715325 (715.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- List docker network
$ docker network ls
You can also create another network to isolate containers from each other for example creating a new network driver for another container
Command: docker network create <network-interface>
$ docker network create secure-network
// create a new container with the new network driver/interface
$ docker run --rm -d -p 8082:80 --name=webserver03 --network=secure-network nginx/v1
Now if we check the ip of newly created container the it is different
$ docker exec -it webserver03 bash
root@98fd5aa4281b:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.2 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:ac:12:00:02 txqueuelen 0 (Ethernet)
RX packets 83 bytes 586507 (572.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 86 bytes 5756 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
In the host system
br-bec48c6e1751: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:d0:b6:85:b4 txqueuelen 0 (Ethernet)
RX packets 86 bytes 4552 (4.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 83 bytes 586507 (586.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The container created with secure-network
(br-bec48c6e1751) network interface is not able to accessible from container with docker0 interface.
More detailed video on docker networking : https://www.youtube.com/watch?v=OU6xOM0SE4o
Subscribe to my newsletter
Read articles from Ajay Tekam directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Ajay Tekam
Ajay Tekam
I am working as a Cloud Engineer with experience in DevOps, automation, CICD, build pipelines, jenkins pipelines, version control, shell scripting, python automation, golang automation, cloud services (AWS, OCI, Azure), containers and microservices, terraform, ansible.