Docker notes

Terms and definitions

  • Image – particular set of layers
  • Repository – set if images, fully identified by <host name>/<user name>/<repository name>
  • Tag – particular image name (docker tag command)
  • Index/registry – catalog of repositories

Docker architecture

  • Docker daemon – does all work, has REST interface (can be exposed out from PC)
  • Docker client – connects docker-daemon
  • Each container has its own PIDs’ tree
  • Possible state of container: running, paused, restarting, exited

Create an image

  1. Altering manually some running container and committing the changes
  2. Docker-file
  3. Docker-file and some external configuration tool
  4. Docker-file and TAR-file (that contains all files from existing PC) enrolled over zero-image


  • “docker run” command
    • docker run -it <image name> – run container interactively, with connected console
    • docker run -d <image name> – run detached
    • Giving name to container –name <name>
    • –read-only – filesystem of container can be read only
    • –restart =<policy: always, no, on-failure>
    • –link <imagename:containername> binds containers via exposed port
    • –device – maps hosts devices into container
    • –ipc – shares ipc items between containers
    • –cpuset-cpus – limits CPU cores used by container
    • -c/–cpu-shares – percentage of CPU allowed for container
    • -m/–memory – limits amount of memory, accessible for container
  • Port mapping -p <host port number:container port number> <image name>, or -P – map all exposed ports
    • –icc=false – disables network communication between containers
    • –expose <port number>
    • –hostname <name>
    • –dns <ip addresses’ array>
    • –add-host <host name>:<ip address>
    • –link – connects containers by name, since before container starts, no ip address are known
  • Docker network archetypes:
    • closed (only loopback), –net none
    • bridged (can communicate one to another, but have to be explicitly configured to access external network), –net bridge
    • joined (different containers shares the same network stack), –net container
    • opened (connected directly to external network), –net host
  • Adding environment variable —env/-e <name>=<value>
  • Restarting containers –restart with options: never (default), always, on failure (with optional delay)
  • Volumes mapping – map host file system to container’s file system. Mapped folders are not committed, mapped folders hides existing container’s folder with the same name
    • -v/–volume <host path>:<container path> – for mounted host’s paths, can be mounted as read-only
    • -v/–volume <container path> – for docker-managed volume
    • Data only container (no need to run ever), can map some host folder and other containers can just reference it, to obtain the mapped folder
    • –volumes-from <container name>
  • –rm – removes container after it is exited
  • “docker inspect” – Return metadata about some image, it is JSON formatted, fancy filtering syntax
  • “docker kill” – kills container
  • “docker stop” – stops container (gracefully)
  • “docker build” – creates new image from docker-file, –no-cache – build all commands, otherwise only changed docker file instructions will be built, non-changed will be taken from store cached at previous build
  • “docker tag” – gives a name to particular image
  • “docker commit” – creates an image from running container, only filesystem’s changes are preserved.
  • “docker exec” – execute a command over running container (basic- synchronously, daemon- background, interactive)
  • “docker search” – search image at registry
  • “docker history” – lists commands executed in order to build the image specified
  • “docker help” <command name>
  • “docker ps” – list containers run
  • “docker logs” <container name> – shows an output (stdout stderr), -f option allows autoscroll output logs
  • “docker restart” <container name> – restarts container
  • “docker rename” <new container name> <old container name>
  • “docker ps” (-a) – list of running (and other states) containers
  • “docker create” – creates, but doesn’t starts container (exited state)
  • “docker start” <container name> – start exited container
  • “docker top” <container name> – lists all processes running inside container
  • “docker rm” <container name> – remove exited container
  • “docker login/logout” – access a registry
  • “docker rmi” <repository name> – remove local repository
  • “docker rm” <container name> – remove container, -v – remove/decrement reference on docker managed volumes
  • “docker save” – saves an image as a file
  • “docker load” – loads image from file
  • “docker diff” <container name> – shows filesystem differences between container and its image
  • “docker export” – saves a container as a tar-archive
  • “docker import” – loads a container from a tar-archive
  • Docker machine – turns some PC (virtual or real) into host for running containers, runs instance of “machine” – the process is a platform for running containers. It is command line utility with a several commands: create, ls, stop, start, restart, rm, kill, inspect, config, ip, url, upgrade.

Docker-file – script that adjust an image before running its as a container

  • FROM – existing image tag
  • MAINTAINER – author’s mail
  • ONBUILD – executes a command specified at build step
  • RUN – command to run
  • USER – sets user and group
  • WORKDIR – sets current directory
  • EXPOSE – port erxposed
  • ADD – add files into container from some host, unpacks a tar-file
  • COPY – like ADD, but with no unpacking
  • CMD – commands that executed as container’s main process
  • ENTRYPOINT – like CMD but with no parameters (expected provided via run commnad)

Compose – run an application, represented by a set of containers, represented by yaml-file

  • “docker-compose up” – run a dicker yaml file with definitions
  • “docker-compose ps” – all containers run by yaml-file
  • “docker-compose rm” – remove all containers represented by yaml-file
  • “docker-compose stop/kill” – like “docker”
  • “docker-compose logs” – like “docker”
  • “docker-compose build” – like “docker”
  • “docker-compose scale” – alter a number of instances of containers

Docker-machine – represents driver that allows to run a docker-daemon on different hosts

docker-swarm – cluster of machines to run a container, it can balance on basis of accessible resources (Spread algorithm) as well as on basis of custom filters (affinity, health, constraint, port, dependency), with builtin service discovery