Docker

Basic usage

Get Image

docker pull <image name>

Build Image

docker build --rm --force-rm --no-cache . -t image-name

• --rm: Remove intermediate containers after a successful build (default true)
• --force-rm: Always remove intermediate containers
• --no-cache: Do not use cache when building the image
• --pull: Always attempt to pull a newer version of the image

Run Image as container

docker run -it --name="container-name" -v ~/Code:/Code <image name:imageversion> /bin/bash

Rerun same container

docker start -ai container-name

Stop container

docker rm container-name

Remove image with all tags ¹ docker images | grep <image-name> | tr -s ' ' | cut -d ' ' -f 2 | xargs -I {} docker rmi <repo-name>/<image-name>:{}

Push local image to Hub

Set environment variable

export DOCKER_ID_USER="username"

Login

docker login

Tag your image

docker tag local_image_name $DOCKER_ID_USER/hub_image_repo:tag_name

Push image

docker push $DOCKER_ID_USER/hub_image_repo:tag_name

Save image as tar file ²

docker save -o path_to/filename.tar image_name:tag_name

Load image from tar file

docker load -i path_to/filename.tar

Build image from scratch ³

# Create a folder for our new root structure
$ export centos_root='/centos_image/rootfs'
$ mkdir -p $centos_root
# initialize rpm database
$ rpm --root $centos_root --initdb
# download and install the centos-release package, it contains our repository sources
$ yum reinstall --downloadonly --downloaddir . centos-release
$ rpm --nodeps --root $centos_root -ivh centos-release*.rpm
$ rpm --root $centos_root --import  $centos_root/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
# install yum without docs and install only the english language files during the process
$ yum -y --installroot=$centos_root --setopt=tsflags='nodocs' --setopt=override_install_langs=en_US.utf8 install yum
# configure yum to avoid installing of docs and other language files than english generally
$ sed -i "/distroverpkg=centos-release/a override_install_langs=en_US.utf8\ntsflags=nodocs" $centos_root/etc/yum.conf
# chroot to the environment and install some additional tools
$ cp /etc/resolv.conf $centos_root/etc
$ chroot $centos_root /bin/bash <<EOF
yum install -y procps-ng iputils
yum clean all
EOF
$ rm -f $centos_root/etc/resolv.conf

# -C dir
# -c create
tar -C $centos_root -c . | docker import - centos

Docker image

Image to .tar

docker save -o file.tar imagename

tar to Image

docker load -i file.tar

Based image

• How do I create a CentOS Docker image?
• Create a base image
• Creating Docker BaseImage from ISO
• Example CentOS based image
• Build a CentOS 7 docker image.
• Alpine linux docker image docs
• Apline docker image git repo
• Apline release archive files

Clean up after building docker image

Alpine linux

apk del <package-name>
rm -rf /var/cache/apk/*

Centos

yum clean all
rm -rf /var/cache/yum

Other

pecl clear-cache 
rm -Rf /tmp/pear

Tools minimize size

You can also try to reduce the size of your images using 2 tools ⁴

https://github.com/mvanholsteijn/strip-docker-image

and

docker-slim/docker-slim ⁵

Docker network

ip -o -br -4 a

ip -o -4 a

docker network list

Docker security

• 5 Best Practices to Container Image Security
• Five Docker Security Best Practices
• Docker Security Best Practices: Part 3 – Securing Container Images
• 10 layers of Linux container security
• Docker Image 在 DevOps 流程中的应用
• 浅谈Docker安全性支持
• 从自身漏洞与架构缺陷，谈Docker安全建设
• 如何加固你的微服务容器——Part 1
• Best practices writing a Dockerfile
• Improve your Dockerfile, best practices
• Testing Strategies for Docker Driven Development ⁴
• Best practices for writing Dockerfiles
• 10 Docker Image Security Best Practices
• Best Practices for working with Dockerfiles

Docker Compose

• -f, --file FILE: Specify an alternate compose file (default: docker-compose.yml)

up

docker-compose up -f docker-compose.yml -d --force-recreate -V

• -f: docker-compose.yml file.
• -d: Detached mode: Run containers in the background, print new container names. Incompatible with --abort-on-container-exit.
• -V: --renew-anon-volumes, Recreate anonymous volumes instead of retrieving data from the previous containers.
• --force-recreate: Recreate containers even if their configuration and image haven’t changed.

down

docker-compose down -v

• -v, --volumes: Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers.
• --remove-orphans: Remove containers for services not defined in the Compose file

Dockerfile

CMD vs ENTRYPOINT

The main purpose of a CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well.

• CMD providers default execute file after container started.

Docker kernel with Go

• Namespace
• Control Group
• AUFS

# Docker tools

• dive : A tool for exploring a docker image, layer contents, and discovering ways to shrink your Docker image size.

# Docker Label Schema

Labels allow us to specify the metadata, but all it does is that. The next obvious step is to come up with some kind of a standard set of Labels that third party tools can look for in the Images. ⁶

Build-time labels ⁷

These are immutable, and can only have one sensible meaning that is defined at build time.

All labels are OPTIONAL, however if present MUST be prefixed with the namespace org.label-schema.

Docker Development API

• Docker SDK for Python

Docker Image Registry

• GitLab Container Registry
• GitLab Container Registry administration
• Container Registries You Might Have Missed
• Harbor self-hosed - github repo
• SELF-HOSTED DOCKER REGISTRIES SHOWDOWN - www.objectif-libre.com
  • Portus
• QUAY.IO

Docker client to a remote Docker host

• Connect your Docker client to a remote Docker host
• Docker Tip #73: Connecting to a Remote Docker Daemon