Docker

Ferro's Gitbook
Github Docker Hub
Search…
Introduction
Docker
​Web UI​
​Scripts​
​Dockerfile code snippets​
​CMD and ENTRYPOINT​
​apt​
​alpine​
​tini​
​S6 - a process supervisor​
​badger​
​Storage​
​btrfs issue​
​Commands​
​build​
​container/image operations​
​cp​
​run​
​X11 Forwarding​
​container update​
​Clean up​
​Detach​
​Config​
​Mirrors​
​Proxy​
​Swarm​
​OS​
​CoreOS​
​boot2docker​
​Windows/Mac​
Web UI
​https://documentation.portainer.io/v2.0/deploy/ceinstalldocker/​
Scripts
1
source /dev/stdin <<< "$(curl -sSL https://raw.githubusercontent.com/fzinfz/scripts/master/linux/docker.sh)"
Copied!
Dockerfile code snippets
CMD and ENTRYPOINT
​https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact​
1
ENTRYPOINT [“exec_entry”, “p1_entry”]
2
CMD [“exec_cmd”, “p1_cmd”]
3
=> exec_entry p1_entry exec_cmd p1_cmd
Copied!
apt
1
RUN apt update && apt install -y 
2
    --no-install-recommends && rm -r /var/lib/apt/lists/*
Copied!
alpine
1
# install pip3
2
RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.py
3
​
4
RUN apk add --no-cache --virtual .build-deps  \
5
    curl ca-certificates jq \
6
    && apk del .build-deps
Copied!
tini
​https://github.com/krallin/tini​
1
docker run --init
Copied!
S6 - a process supervisor
​https://github.com/just-containers/s6-overlay​
badger
​https://microbadger.com​
Storage
​https://docs.docker.com/storage/storagedriver/select-storage-driver/#docker-engine---community​
1
When possible, overlay2 is the recommended storage driver. 
2
Supported backing filesystems: xfs with ftype=1, ext4 ( where /var/lib/docker/ is located )
Copied!
​http://jpetazzo.github.io/assets/2015-06-04-deep-dive-into-docker-storage-drivers.html#80​
btrfs issue
​https://gist.github.com/hopeseekr/cd2058e71d01deca5bae9f4e5a555440​
Commands
build
​https://docs.docker.com/engine/reference/commandline/build/​
1
docker build [-f Dockerfile.custom] [--target multi-stage] Dockerfile-Root-Folder
2
​
3
docker build - < Dockerfile      # no context, local ADD not working
4
curl example.com/remote/Dockerfile | docker build -f - .
5
Get-Content Dockerfile | docker build - # Powershell
6
​
7
docker build -f ctx/Dockerfile http://server/ctx.tar.gz
8
docker build https://github.com/user/repo.git
Copied!
Build Syntax Suffix
Commit Used
Build Context Used
myrepo.git#mytag:myfolder
refs/tags/mytag
/myfolder
myrepo.git#mybranch:myfolder
refs/heads/mybranch
/myfolder
Squashing does not destroy any existing image, rather it creates a new image.
container/image operations
1
docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
2
​
3
docker export container_name > container.tar
4
docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
5
​
6
docker save image_name > image.tar
7
docker load < image.tar[.gz]
8
​
9
docker save python | ssh -C 192.168.88.72 docker load
Copied!
cp
​https://docs.docker.com/engine/reference/commandline/cp/​
1
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
2
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
Copied!
run
​https://docs.docker.com/engine/reference/run/
https://docs.docker.com/engine/admin/resource_constraints/​
1
--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
2
​
3
-m, --memory=""
4
-c, --cpu-shares=0    CPU shares (relative weight)
5
--dns=[]           : Set custom dns servers for the container
6
--network="bridge" : Connect a container to a network
7
                      'bridge': create a network stack on the default Docker bridge
8
                      'none': no networking
9
                      'container:<name|id>': reuse another container's network stack
10
                      'host': use the Docker host network stack
11
                      '<network-name>|<network-id>': connect to a user-defined network
12
--network-alias=[] : Add network-scoped alias for the container
13
--add-host=""      : Add a line to /etc/hosts (host:IP)
14
--mac-address=""   : Sets the container's Ethernet device's MAC address
15
--ip=""            : Sets the container's Ethernet device's IPv4 address
16
--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
17
--read-only        ：prohibiting writes to locations other than the specified volumes
18
​
19
Volume labels  
20
`:z` => shared  
21
`:Z` => private
22
​
23
`--entrypoint` will clear out `CMD`
24
​
25
echo test | docker run --rm -i alpine cat
26
docker run --security-opt seccomp:unconfined  # may fix chromium start error
Copied!
X11 Forwarding
​http://wiki.ros.org/docker/Tutorials/GUI
https://people.ece.cornell.edu/skand/post/x-forwarding-on-docker/​
1
--env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw"
Copied!
container update
​https://docs.docker.com/engine/reference/commandline/container_update/​
docker container update [OPTIONS] CONTAINER [CONTAINER...] --cpus="1.5" # one and a half of the CPUs --cpu-shares , -c --memory , -m Memory limit --memory-reservation Memory soft limit --restart
Clean up
1
docker container prune
2
docker system prune  # Remove unused data
Copied!
Detach
1
Ctrl+p & Ctrl+q
Copied!
Config
​https://docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file​
1
/etc/docker/daemon.json     # delete `,` & `#...`
2
# `dockerd` for debugging: https://docs.docker.com/engine/admin/
3
{
4
    "live-restore": true,   # containers remain running if daemon unavailable
5
    "graph": "/data/docker-fs",
6
    "storage-driver": "overlay2",
7
}
Copied!
Mirrors
CN: https://yeasy.gitbook.io/docker_practice/install/mirror LAN: https://docs.docker.com/registry/configuration/#proxy​
Proxy
​https://docs.docker.com/network/proxy/#configure-the-docker-client
~/.docker/config.json
​https://docs.docker.com/engine/admin/systemd/#httphttps-proxy​
1
mkdir -p /etc/systemd/system/docker.service.d
2
​
3
cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
4
[Service]
5
Environment="HTTP_PROXY=http://192.168.88.20:1080/" "NO_PROXY=localhost,127.0.0.1,192.168.*.*.172.16.*.*"
6
EOF
7
​
8
sudo systemctl daemon-reload
9
systemctl restart docker
10
​
11
systemctl show --property=Environment docker
Copied!
Swarm
TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes TCP and UDP port 4789 for overlay network traffic --opt encrypted => protocol 50 (ESP) is open
​https://docs.docker.com/engine/swarm/admin_guide/#/add-manager-nodes-for-fault-tolerance​
1
docker swarm init --advertise-addr 10.2.0.1
2
docker swarm join-token manager
3
docker swarm join-token worker
4
docker swarm init --force-new-cluster # without losing data
5
​
6
docker node ls
7
docker node update --label-add server=s1 st
8
​
9
netstat -lntup | egrep '2377|7946|4789|50'
10
​
11
docker service create --name nginx -p 8080:80 --replicas 3 nginx
12
docker service create --name nginx -p 80:80  -p 443:443 --network web --mode global nginx
13
​
14
docker service ls
15
docker service ps nginx
16
docker inspect <ID> | grep Err
Copied!
​https://docs.docker.com/engine/reference/commandline/service_create/​
1
docker network create \
2
    --driver overlay \
3
    --subnet 10.66.3.0/24 \
4
    --opt encrypted \
5
    web
6
​
7
docker network ls
8
​
9
# node IP
10
ip addr | grep -P -o '\d+\.\d+\.\d+\.\d+(?=/24)'
11
​
12
# service VIP
13
ip addr | grep -P -o '\d+\.(?!255)\d+\.\d+\.\d+(?=/32)'
Copied!
OS
CoreOS
​https://coreos.com/releases/​
1
vi /etc/coreos/update.conf
2
update_engine_client -update
Copied!
boot2docker
​https://github.com/boot2docker/boot2docker
Lightweight Linux for Docker
1
echo EXTRA_ARGS="--foo=bar"  >>  /var/lib/boot2docker/profile
Copied!
Windows/Mac
​https://docs.docker.com/engine/installation/windows/
https://docs.docker.com/machine/drivers/
https://forums.docker.com/t/how-can-i-ssh-into-the-betas-mobylinuxvm/10991/​
IBM_Websphere
Kubernetes
Last modified 1yr ago