Getting Started with Docker: A Beginner’s Guide to Docker Basics (Volume 1)
Docker is an open-source platform that allows developers to create, deploy, and run applications in containers. Docker containers provide an isolated and secure environment for running applications, making it easier to develop and deploy applications across different environments. Docker containers are lightweight and fast, which makes them an ideal choice for building microservices-based applications.
Use cases of Docker:
- Microservices-based applications: Docker is an ideal choice for building microservices-based applications. In a microservices architecture, an application is composed of multiple small services that can be independently deployed and managed. Docker containers provide an isolated environment for each microservice, making it easier to deploy and manage them.
- DevOps automation: Docker is a popular choice for DevOps automation. Docker containers provide a consistent environment for building, testing, and deploying applications, making it easier to automate the entire DevOps process.
- Continuous Integration/Continuous Deployment (CI/CD): Docker is an essential tool for implementing a CI/CD pipeline. Docker containers can be easily integrated into the CI/CD pipeline, making it easier to test, build, and deploy applications.
- Hybrid cloud environments: Docker containers can be deployed on any platform, making it easier to build hybrid cloud environments. Docker containers can be easily migrated between different environments, making it easier to scale applications across different cloud providers.
Docker Core Concepts:
- Docker Image: A read-only template that contains a set of instructions for creating a Docker container. Images are used to create containers.
- Docker Container: A runnable instance of a Docker image that runs in isolation on the host machine.
- Dockerfile: A text file that contains instructions for building a Docker image.
- Docker Registry: A repository for storing and sharing Docker images.
- Docker Network: A feature that allows containers to communicate with each other and with the host machine. Docker provides several network drivers for different use cases, including bridge, overlay, and macvlan.
- Docker Compose: A tool for defining and running multi-container Docker applications. Docker Compose uses a YAML file to configure the services that make up the application.
- Docker Swarm: A native clustering and orchestration solution for Docker. Docker Swarm allows you to create and manage a cluster of Docker nodes, and deploy services to the cluster.
- Docker Multistage: A feature that allows you to use multiple stages in a Docker file to optimize the size of the final image. Multistage builds can be used to reduce the size of images, as well as to speed up the build process.
Docker Commands with examples:
General Commands
docker version
: This command displays the version of Docker installed on the local machine, along with the version of other components such as the API and the client.docker info
: This command displays various information about the Docker installation, such as the number of containers, images, and volumes currently running, as well as details about the storage driver and networking configuration.docker daemon -v
: This command displays the version of the Docker daemon that is currently running.docker daemon --config-file <file>
: This command starts the Docker daemon with the specified configuration file. The<file>
argument specifies the path to the configuration file. If the argument is not specified, the default configuration file is used.docker config ls
: This command lists all the available Docker configs on the local machine.docker config inspect <config-name>
: This command displays the details of a specified Docker config. The<config-name>
argument specifies the name of the config to be inspected.
Docker Image Commands
docker images
: This command lists all the Docker images available on the host. This can be useful if you need to check which images are available and their sizes. For example, you might run:
docker images
And get a list of available images like this:
#REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest abcdef123456 2 hours ago 133MB
ubuntu latest xyz7890abcdef 3 days ago 72.8MB
-a
or --all
: List all the images including the intermediate ones.
docker images -a
-f
or --filter
: Filter images based on a condition.
docker images -f dangling=true
--filter since
: This option shows only images created after a specified date. You can use the date in any format recognized by Go's time.Parse() function.
Example:
docker images --filter since=2022-01-01
This command will list all images created on or after January 1st, 2022.
--filter before
: This option shows only images created before a specified date. You can use the date in any format recognized by Go's time.Parse() function.
Example:
docker images --filter before=2022-01-01
This command will list all images created before January 1st, 2022.
--digests
: Display the digests of the images.
docker images --digests
docker pull
: This command pulls a Docker image from a registry, such as Docker Hub. For example, if you want to pull the latest version of the "nginx" image, you might run:
docker pull nginx:latest
docker build
: This command builds a Docker image from a Dockerfile. For example, if you have a Dockerfile in the current directory that defines a custom image based on the "ubuntu" image, you might run:
docker build -t my-ubuntu-image
This would build a new image named “my-ubuntu-image” from the Dockerfile in the current directory.
docker tag
: This command tags a Docker image with a new name and/or tag. For example, if you have an image named "my-ubuntu-image" and you want to tag it with the name "my-registry/my-ubuntu-image:v1.0", you might run:
docker tag my-ubuntu-image my-registry/my-ubuntu-image:v1.0
docker push
: This command pushes a Docker image to a registry, such as Docker Hub. For example, if you have an image named "my-registry/my-ubuntu-image:v1.0" and you want to push it to Docker Hub, you might run:
docker push my-registry/my-ubuntu-image:v1.0
docker rmi
: This command removes a Docker image from the host. For example, if you no longer need the "my-ubuntu-image" image, you might run:
docker rmi my-ubuntu-image
docker inspect
: This command displays low-level information about a Docker image, such as its layers and metadata. For example, if you want to inspect the "nginx" image, you might run:
docker inspect nginx
This would display detailed information about the image on your terminal.
docker history
: This command displays the history of changes that have been made to a Docker image, such as its layers and commands. For example, if you want to see the history of the "nginx" image, you might run:
docker history nginx
This would display the history of the image on your terminal.
This command lists all the Docker images that are currently on the host machine.
- docker rmi: Remove a Docker image from the host machine.
docker rmi myimage:latest
This command removes the myimage:latest
Docker image from the host machine.
Docker Container Commands
docker run
: This command creates a new Docker container from an image and starts it. For example, if you want to create a new container based on the "nginx" image, you might run a command like this:
docker run -d --name my-nginx-container -p 80:80 nginx:latest
This would create a new container named “my-nginx-container” based on the latest version of the Nginx image and start it in detached mode (-d) with port 80 on the host mapped to port 80 in the container (-p).
docker ps
: This command lists all the running Docker containers on the host. This can be useful if you have multiple containers running and need to verify which ones are active. For example, you might run:
docker ps
And get a list of running containers like this:
#CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1234567890ab nginx:latest "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp my-nginx-container
docker stop
: This command stops the specified Docker container. For example, if you want to stop the "my-nginx-container" container, you might run:
docker stop my-nginx-container
docker start
: This command starts the specified stopped Docker container. For example, if you want to start the "my-nginx-container" container, you might run:
docker start my-nginx-container
docker restart
: This command stops and then starts the specified Docker container. For example, if you want to restart the "my-nginx-container" container, you might run:
docker restart my-nginx-container
docker pause
: This command pauses all processes in a running container.
docker pause my-nginx-container
docker unpause
: This command resumes all processes in a paused container.
docker unpause my-nginx-container
docker rm
: This command removes the specified stopped Docker container. For example, if you no longer need the "my-nginx-container" container, you might run:
docker rm my-nginx-container
docker exec
: This command runs a command inside the specified running Docker container. For example, if you want to run a shell inside the "my-nginx-container" container, you might run:
docker exec -it my-nginx-container /bin/bash
This would start a shell inside the running “my-nginx-container” container with an interactive (-it) terminal.
docker logs
: This command displays the logs from the specified Docker container. For example, if you want to see the logs from the "my-nginx-container" container, you might run:
docker logs my-nginx-container
This would display the logs from the container on your terminal.
Docker Network Commands
docker network create
: This command creates a new Docker network that multiple containers can use to communicate with each other. For example, if you want to create a network for a group of containers that are part of the same application, you might run a command like this:
docker network create --driver bridge --subnet 172.20.0.0/16 --gateway 172.20.0.1 mynetwork
docker network ls
: This command lists all the Docker networks available on the host. This can be useful if you have multiple networks and need to verify which ones are active. For example, you might run:
docker network ls
And get a list of networks like this:
#NETWORK ID NAME DRIVER SCOPE
1234567890ab bridge bridge local
0987654321ba my-app-network bridge local
docker network inspect
: This command provides detailed information about the specified Docker network. For example, if you want to inspect the network you just created, you might run:
docker network inspect my-app-network
And get information about the network’s configuration, connected containers, and more.
docker network connect
: This command connects the specified container to the specified Docker network. For example, if you have a container named "my-app-container" that needs to connect to the "my-app-network" network, you might run:
docker network connect my-app-network my-app-container
This would allow the container to communicate with other containers on the same network.
docker network disconnect
: This command disconnects the specified container from the specified Docker network. For example, if you want to remove "my-app-container" from the "my-app-network" network, you might run:
docker network disconnect my-app-network my-app-container
docker network rm
: This command removes the specified Docker network. For example, if you no longer need the "my-app-network" network, you might run:
docker network rm my-app-network
docker network prune
: This command removes all the unused Docker networks. For example, if you have several networks that are no longer being used, you might run:
docker network prune
This would remove any networks that are not currently connected to any containers.
Docker Volume Commands
docker volume create
: This command creates a new Docker volume that can be used by one or more containers to store persistent data. For example, if you want to create a volume for a database container, you might run a command like this:
docker volume create my-db-volume
docker volume ls
: This command lists all the Docker volumes available on the host. This can be useful if you have multiple volumes and need to verify which ones are active. For example, you might run:
docker volume ls
And get a list of volumes like this:
DRIVER VOLUME NAME
local my-db-volume
local my-other-volume
docker volume inspect
: This command provides detailed information about the specified Docker volume. For example, if you want to inspect the volume you just created, you might run:
docker volume inspect my-db-volume
And get information about the volume’s configuration, mount points, and more.
docker volume rm
: This command removes the specified Docker volume. For example, if you no longer need the "my-other-volume" volume, you might run:
docker volume rm my-other-volume
docker volume prune
: This command removes all the unused Docker volumes. For example, if you have several volumes that are no longer being used, you might run:
docker volume prune 2
This would remove any volumes that are not currently mounted by any containers.
docker run -v
: This command creates a container and mounts a Docker volume to it. For example, if you want to create a new container and mount the "my-db-volume" volume to it, you might run a command like this:
docker run -d --name my-db-container -v my-db-volume:/var/lib/mysql mysql:latest
This would create a new container named “my-db-container” based on the latest version of the MySQL image and mount the “my-db-volume” volume to the container’s “/var/lib/mysql” directory.
docker run --mount
: This command creates a container and mounts a Docker volume or bind mount to it using the new--mount
option. For example, if you want to create a new container and mount the "my-db-volume" volume to it using the new--mount
option, you might run a command like this:
docker run -d --name my-db-container --mount source=my-db-volume,target=/var/lib/mysql mysql:latest
This would create a new container named “my-db-container” based on the latest version of the MySQL image and mount the “my-db-volume” volume to the container’s “/var/lib/mysql” directory using the --mount
option.
Docker logs
-f
or--follow
: Follow the logs in real-time.
docker logs -f container-name
--since
and--until
: Display logs generated within a specific time range.
docker logs --since 2022-01-01T00:00:00 container-name 2docker logs --until 2022-01-01T00:00:00 container-name
--tail
: Display the last N lines of the logs.
docker logs --tail 100 container-name
To keep Docker containers running after a system restart or reboot, you can use the --restart
option when starting your container. This option tells Docker to automatically restart the container if it stops for any reason, including system restarts or reboots.
There are several restart policies you can use:
no
: Do not automatically restart the container. This is the default.on-failure
: Restart the container if it exits with a non-zero exit code.always
: Always restart the container, regardless of the exit code.unless-stopped
: Restart the container unless it was explicitly stopped by the user.
Here’s an example command to start a container with the always
restart policy:
docker run -d --restart always myimage
This will start the myimage
container in detached mode (-d
) with the always
restart policy.
If you want to apply this restart policy to an existing container, you can use the docker update
command:
docker update --restart always mycontainer
This will set the restart policy for the mycontainer
container to always
.
Note that if your container has dependencies on other containers or resources that need to be started in a specific order, you may want to use a tool like Docker Compose to manage the startup order of your containers.
Docker Stats is a built-in tool that provides real-time monitoring of container metrics. Here are some examples of Docker Stats commands:
- Display statistics for all running containers:
docker stats
- Display statistics for a specific container:
docker stats <container-name>
- Display statistics for multiple containers:
docker stats <container-name-1> <container-name-2> ...
- Display statistics for all running containers with a custom output format:
docker stats --format "{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"
This command will display the container name, CPU usage percentage, and memory usage for all running containers in a tab-separated format.
- Display statistics for all running containers with streaming updates:
docker stats --no-stream
This command will display the container statistics once, without streaming updates.
- Display statistics for all running containers, including system-level statistics:
docker stats --all
This command will display statistics for all running containers, including system-level statistics such as CPU and memory usage for the entire Docker host.
Docker Stats provides a wealth of information about container metrics, including CPU usage, memory usage, and network traffic. This information can be used to monitor the health and performance of Docker containers and make optimisations as needed.
Docker secrets are a way to securely store sensitive information such as passwords, certificates, and other data that needs to be accessed by containers. The secret data is stored on the Docker host and is only accessible to the container that needs it.
Here is an example of how to create and use a Docker secret:
- Create a secret file
First, create a file containing the secret data. For example, let’s create a secret file called db_password.txt
:
echo "mysecretpassword" | docker secret create db_password -
Note: The “-” at the end of the command tells Docker to read the data from standard input.
- Use the secret in a service
Next, you can use the secret in a service. Here’s an example of how to create a service that uses the db_password
secret:
docker service create --name db \
--secret db_password \
--env MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password \
mysql:latest
This command creates a new service called db
using the mysql:latest
image. The --secret
flag tells Docker to use the db_password
secret, and the --env
flag sets the MYSQL_ROOT_PASSWORD_FILE
environment variable to the path of the secret file.
- Verify the secret
You can verify that the secret is being used by checking the logs of the container:
docker logs <container_id>
You should see the password being used in the log output.
Stay tuned for any updates regarding the release of the Docker’s Beginners Guide — Volume 2, and consider checking out other resources to learn more about Docker in the meantime.
IOPSHub offers a range of DevSecOps advisory and implementation services, including security assessments, compliance reviews, and automation solutions.
Their team of experts can help you identify security vulnerabilities and implement solutions that align with your business objectives. With IOPSHub, you can ensure that your organization is secure and compliant, while also driving innovation and growth.
So, if you’re serious about DevSecOps and want to take your security to the next level, check out IOPSHub today. Their extensive services and expertise can help you stay ahead of the curve in the ever-changing world of cybersecurity.