Mastering Docker CLI and Dockerfile: A Comprehensive Guide

Table of Contents

1. What is docker?
2. Why docker?
3. Installation
4. Registries and Repositories
5. Create,Run,Update and Delete containers
6. Start and stop containers
7. Networking
8. Cleanup commands
9. Utility commands
10. Docker Hub
11. Dockerfile
12. Docker Compose
13. Docker Swarm
14. Docker exec with -it
15. Docker Volume

Docker is a tool designed to make it easier to create, deploy, and run applications by using containers.

Why docker?

Docker is useful to automate the deployment of applications inside a software containers, which makes the applications easy to ship and run virtually anywhere (i.e, platform independent). The Docker container processes run on the host kernel, unlike VM which runs processes in guest kernel.

Installation

The docker desktop downloads are available for windows, mac and linux distributions.

Windows

It supports for Windows 10 64-bit: Home, Pro, Enterprise, or Education, version 1903 (Build 18362 or higher). You need to follow the below steps for installation.

1. Download docker desktop for windows from https://docs.docker.com/docker-for-windows/install/
2. Double-click Docker Desktop Installer.exe to run the installer.
3. Make sure Enable Hyper-V Windows Features option is selected

Mac

1. Download docker desktop for mac from https://docs.docker.com/docker-for-mac/install/
2. Double-click Docker.dmg to open the installer and drag it to the Applications folder.
3. Double-click Docker.app in the Applications folder to start Docker.

Linux

You can install from a package easily

1. Go to https://download.docker.com/linux/ubuntu/dists/, choose your Ubuntu version and then go to pool/stable/ to get .deb file
2. Install Docker Engine by referring the downloaded location of the Docker package.

Registries and Repositories

Registry:

Docker Registry is a service that stores your docker images. It could be hosted by a third party, as public or private registry. Some of the examples are,

• Docker Hub,
• Quay,
• Google Container Registry,
• AWS Container Registry

Repository:

A Docker Repository is a collection of related images with same name which have different tags. These tags are an alphanumeric identifiers(like 1.0 or latest) attached to images within a repository.

For example, if you want to pull golang image using docker pull golang:latest command, it will download the image tagged latest within the golang repository from the Docker Hub registry. The tags appeared on dockerhub as below,

Login

Login to a registry

> docker login [OPTIONS] [SERVER]

[OPTIONS]:
-u/--username username
-p/--password password

Example:

1. docker login localhost:8080 // Login to a registry on your localhost
2. docker login        

Logout

Logout from a registry

> docker logout [SERVER]

Example:

docker logout localhost:8080 // Logout from a registry on your localhost        

Search image

Search for an image in registry

docker search [OPTIONS] TERM

Example:
docker search golang
docker search --filter stars=3 --no-trunc golang        

Pull image

This command pulls an image or a repository from a registry to local machine

docker image pull [OPTIONS] NAME[:TAG|@DIGEST]

Example:
docker image pull golang:latest        

Push image

This command pushes an image to the registry from local machine.

docker image push [OPTIONS] NAME[:TAG]
docker image push golang:latest        

Create,Run,Update and Delete containers

Create

Create a new container

docker container create [OPTIONS] IMAGE [COMMAND] [ARG...]

Example:
docker container create -t -i sudheerj/golang --name golang        

Rename

Rename a container

docker container rename CONTAINER NEW_NAME

Example:
docker container rename golang golanguage
docker container rename golanguage golang        

Run

docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]

Example:
docker container run -it --name golang -d sudheerj/golang        

You can also run a command inside container

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]

Example:
docker exec -it golang sh // Or use bash command if sh is failed        

Update

Update configuration of one or more containers

docker container update [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container update --memory "1g" --cpuset-cpu "1" golang // update the golang to use 1g of memory and only use cpu core 1        

Remove

Remove one or more containers

docker container rm [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container rm golang
docker rm $(docker ps -q -f status=exited) // Remove all the stopped containers        

Start and stop containers

Start

Start one or more stopped containers

docker container start [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container start golang        

Stop

Stop one or more running containers

docker container stop [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container stop golang
docker stop $(docker ps -a -q) // To stop all the containers        

Restart

Restart one or more containers and processes running inside the container/containers.

docker container restart [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container restart golang        

Pause

Pause all processes within one or more containers

docker container pause CONTAINER [CONTAINER...]

Example:
docker container pause golang        

Unpause/Resume

Unpause all processes within one or more containers

docker container unpause CONTAINER [CONTAINER...]

Example:
docker container unpause golang        

Kill

Kill one or more running containers

docker container kill [OPTIONS] CONTAINER [CONTAINER...]

Example:
docker container kill golang        

Wait

Block until one or more containers stop and print their exit codes after that

docker container wait CONTAINER [CONTAINER...]

Example:
docker container wait golang        

Networks

Docker provides network commands connect containers to each other and to other non-Docker workloads. The usage of network commands would be docker network COMMAND

List networks

List down available networks

docker network ls        

Connect a container to network

You can connect a container by name or by ID to any network. Once it connected, the container can communicate with other containers in the same network.

docker network connect [OPTIONS] NETWORK CONTAINER

Example:
docker network connect multi-host-network container1        

Disconnect a container from a network

You can disconnect a container by name or by ID from any network.

docker network disconnect [OPTIONS] NETWORK CONTAINER

Example:
docker network disconnect multi-host-network container1        

Remove one or more networks

Removes one or more networks by name or identifier. Remember, you must first disconnect any containers connected to it before removing it.

docker network rm NETWORK [NETWORK...]

Example:
docker network rm my-network        

Create network

It is possible to create a network in Docker before launching containers

docker network create [OPTIONS] NETWORK

Example:
sudo docker network create –-driver bridge some_network        

The above command will output the long ID for the new network.

Inspect network

You can see more details on the network associated with Docker using network inspect command.

docker network inspect networkname

Example:
docker network inspect bridge        

Additional Docker CLI commands for Networking :-

• Existing list of network created for Docker Container
• Find out a specific network
• Delete all the Network in Docker
• Delete a specific Docker network

$ docker network ls
$ docker network ls | grep "bridge"
$ docker network rm $(docker network ls | grep "bridge" | awk '/ / { print $1 }')
$(docker network ls | grep "bridge" | awk '/ / { print $1 }')        

Types of Networking:-

Bridge Network

$ docker network create -d bridge my-net
$ docker run --network=my-net -itd --name=container1 busybox
        

User Defined Bridge Network

$ docker network create --driver=bridge --subnet=172.25.0.0/16 my-bridge-net
$ docker run --network=my-bridge-net -itd --name=container2 busybox
        

Host Network

$ docker run --network=host -itd --name=container3 busybox
        

Overlay Network

$ docker swarm init
$ docker network create -d overlay my-overlay-net
$ docker service create --name my-service --network my-overlay-net --replicas 3 busybox ping docker.com
        

Macvlan/Ipvlan Network

$ docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 my-macvlan-net
$ docker run --network=my-macvlan-net -itd --name=container4 busybox        

Cleanup commands

You may need to cleanup resources (containers, volumes, images, networks) regularly.

Remove all unused resources

docker system prune        

Images

$ docker images
$ docker rmi $(docker images --filter "dangling=true" -q --no-trunc)

$ docker images | grep "none"
$ docker rmi $(docker images | grep "none" | awk '/ / { print $3 }')        

Containers

$ docker ps
$ docker ps -a
$ docker rm $(docker ps -qa --no-trunc --filter "status=exited")        

Volumes

$ docker volume rm $(docker volume ls -qf dangling=true)
$ docker volume ls -qf dangling=true | xargs -r docker volume rm        

Utility commands

Docker Hub

Docker Hub is a cloud-based repository provided by Docker to test, store and distribute container images which can be accessed either privately or publicly.

From

It initializes a new image and sets the Base Image for subsequent instructions. It must be a first non-comment instruction in the Dockerfile.

FROM <image>
FROM <image>:<tag>
FROM <image>@<digest>        

Note: Both tag and digest are optional. If you omit either of them, the builder assumes a latest by default.

Dockerfile

Dockerfile is a text document that contains set of commands and instructions which will be executed in a sequence in the docker environment for building a new docker image.

FROM

This command Sets the Base Image for subsequent instructions

FROM <image>
FROM <image>:<tag>
FROM <image>@<digest>

Example:
FROM ubuntu:18.04        

RUN

RUN instruction allows you to install your application and packages required for it. It executes any commands on top of the current image and creates a new layer by committing the results. It is quite common to have multiple RUN instructions in a Dockerfile.

It has two forms

1. Shell Form: RUN

RUN npm start        

1. Exec form RUN ["", "", ""]

RUN [ "npm", "start" ]        

CMD and ENTRYPOINT are two Dockerfile instructions that work together to define the command that runs when your container starts. ENTRYPOINT sets the process to run, while CMD supplies default arguments to that process.

Here’s an example: suppose you have a Dockerfile that looks like this:

FROM ubuntu
ENTRYPOINT ["/usr/bin/my-app"]
CMD ["help"]
        

In this example, the ENTRYPOINT instruction sets the process to run, which is /usr/bin/my-app. The CMD instruction sets the default arguments that are passed to the ENTRYPOINT process, which is help. When you run a container from this image, the command that will be executed is /usr/bin/my-app help.

You can override the CMD instruction by passing arguments to the docker run command. For example, if you run the following command:

$ docker run my-image:latest version
        

The command that will be executed is /usr/bin/my-app versionThe path must be relative to the source directory that is being built. Whereas is an absolute path, or a path relative to WORKDIR.

• COPY: Copies files or directories from the source directory to the destination directory in the container. You can use it like this: COPY test.txt /absoluteDir/.
• ADD: Copies files, directories, or remote file URLs from the source to the destination in the container. You can use it like this: ADD source.file.tar.gz /temp.
• ENV: Sets environment variables in the container. You can use it like this: ENV name="John Doe" age=40.
• EXPOSE: Informs Docker that the container listens on the specified network ports at runtime. You can use it like this: EXPOSE 80.

You can place these components in a Dockerfile in any order you like. Here’s an example Dockerfile that uses all of these components:

FROM ubuntu

COPY test.txt /absoluteDir/
ADD source.file.tar.gz /temp

ENV name="John Doe" age=40

EXPOSE 80
        

This Dockerfile copies test.txt to the /absoluteDir/ directory in the container using COPY, and extracts source.file.tar.gz to the /temp directory in the container using ADD. It sets the environment variables name and age to the values "John Doe" and 40, respectively, using ENV. Finally, it informs Docker that the container listens on port 80 using EXPOSE.

Multiple Ports can be also exposed as follows :-

EXPOSE <port> [<port>/<protocol>...]

Example:
EXPOSE 80/udp
EXPOSE 80/tcp        

But if you want to bind the port of the container with the host machine on which the container is running, use -p option of docker run command.

docker run -p <HOST_PORT>:<CONTAINER:PORT> IMAGE_NAME

Example:
docker run -p 80:80/udp myDocker        

• WORKDIR: Defines the working directory of a Docker container at any given time for any RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it in the Dockerfile. You can use it like this: WORKDIR /path/to/workdir.
• LABEL: Adds metadata as key-value pairs to an image. Labels included in base or parent images (images in the FROM line) are inherited by your image. You can use it like this: LABEL version="1.0".
• MAINTAINER: Sets the author field of the generated images. This command is deprecated, and the recommended usage is with the LABEL command. You can use it like this: LABEL maintainer="John".
• VOLUME: Creates a mount point with the specified name and mounted volumes from native host or other containers. You can use it like this: VOLUME ["/data"].

You can place these components in a Dockerfile in any order you like. Here’s an example Dockerfile that uses all of these components:

FROM ubuntu

WORKDIR /app

LABEL version="1.0"

RUN mkdir /test
VOLUME /test
        

This Dockerfile sets the working directory to /app using WORKDIR, adds a label to the image with the version number 1.0 using LABEL, creates a directory named /test using RUN, and creates a volume named /test using VOLUME.

Docker Compose

Docker compose(or compose) is a tool for defining and running multi-container Docker applications.

Docker Swarm

Docker Swarm(or swarm) is an open-source tool used to cluster and orchestrate Docker containers.

The docker exec command is used to run commands inside a running Docker container. The -it flag is used to open an interactive terminal session inside the container. Here are some examples of using docker exec with -it:

• To open an interactive terminal session inside a running container:

$ docker exec -it container_name /bin/bash
        

• To run a command inside a running container:

$ docker exec -it container_name command
        

Here’s an example of using docker exec with -it to run a command inside a running container:

$ docker exec -it container_name ls -l        

To ping from one container to another container, you can use the ping command followed by the IP address or hostname of the target container. Here is an example command:

$ docker exec -it container1 ping container2        

Docker volumes and storage are essential for persisting data generated by and used by Docker containers. Volumes are the preferred mechanism for persisting data, while bind mounts are dependent on the directory structure and OS of the host machine.

• docker volume create my-volume: Creates a new volume named my-volume.
• docker volume ls: Lists all volumes on the host.
• docker volume inspect my-volume: Inspects the details of the volume named my-volume.
• docker volume rm my-volume: Removes the volume named my-volume.
• docker volume prune: Removes all unused volumes.
• docker run -itd --name=container1 -v my-volume:/app busybox: Runs a container named container1 using the busybox image and mounts the my-volume volume to the /app directory inside the container.
• docker run -itd --name=container2 --mount type=bind,source=/path/on/host,target=/app busybox: Runs a container named container2 using the busybox image and mounts the /path/on/host directory on the host machine to the /app directory inside the container.