Skip to content

Latest commit

 

History

History
140 lines (104 loc) · 3.97 KB

docker.adoc

File metadata and controls

140 lines (104 loc) · 3.97 KB

docker Docker cheat sheet

Table of Contents

1. Cheat

1.1. build

Some examples

#             PATH                                  Options       ==> IMAGE   repository    , tag
docker build  .                                    -t hello-world:1.0.1     # hello-world   , 1.0.1
docker build  git://github.com/naver/kapture                                # <none>        , <none>
docker build  git://github.com/naver/kapture#1.0.9 -t naver/kapture:1.0.9   # naver/kapture , 1.0.9

1.2. run

docker run hello-world

1.3. clean

docker system prune    # stopped containers, dangling images, dangling build cache
docker system prune -a # unused images not just dangling ones

2. Terminology

  1. image is a saved and archived machine state (like an .img of an SD card).

  2. IMAGE ID uniquely identified an image. It is 64 digit hex code truncated to 12 digits (e.g. 91c95931e552).

  3. repository is a collection of images. 'ubuntu' is a repository.

  4. repository:tag (I 'll call it image alias) is human-friendly alias to an IMAGE ID. The tag part usually refer to a version name, as such as 'hello-world:latest'

  5. registry is a server that stores and lets you distribute images.

  6. container is a running instance based (and possibly modified) on an image.

  7. CONTAINER ID uniquely identified a container.

  8. NAME is an alias to CONTAINER ID.

3. format

You can customize the default formatting of docker ps command by setting the .docker/config.json

mkdir ~/.docker && nano ~/.docker/config.json

For example:

.docker/config.json
{
  "psFormat": "table {{.Names}}\\t{{.Status}}\\t{{.RunningFor}}\\t{{.Image}}"
}
Table 1. format placeholders
Placeholder Description

.ID

Container ID

.Image

Image ID

.Command

Quoted command

.CreatedAt

Time when the container was created.

.RunningFor

Elapsed time since the container was started.

.Ports

Exposed ports.

.State

Container status (for example; “created”, “running”, “exited”).

.Status

Container status with details about duration and health-status.

.Size

Container disk size.

.Names

Container names.

.Labels

All labels assigned to the container.

.Label

Value of a specific label for this container. For example '{{.Label "com.docker.swarm.cpu"}}'

.Mounts

Names of the volumes mounted in this container.

.Networks

Names of the networks attached to this container.

4. CMD VS ENTRYPOINT

  • CMD is an instruction that is best to use if you need a default command which users can easily override.

  • ENTRYPOINT is preferred when you want to define a container with a specific executable.

Prefer exec form (["echo", "Hello World"]) to prevent potential performance issues.

5. PORT VS EXPOSE

  • port: map the port from inside to outside the container.

  • expose: don’t publish to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.

6. Run as a non-root user

For Debian-based images, removing root from container can be done like this:

RUN   groupadd -g 10001 dotnet \
&&    useradd -u 10000 -g dotnet dotnet \
&&    chown -R dotnet:dotnet /app

USER  dotnet:dotnet
Note
 UIDs below 10000 are a security risk on several systems.

7. Compose

Note
 Work in progress
compose.yaml
services:
  hello:
    build: .
    ports:
      - "8000:5000"
$> docker compose up