Docker controls a group of processes in one namespace, and make them think they are on a different machine.
Docker is so-called kernel containerization, in contrary to user-space containerization such as rkt. Docker stores images in a central base on your machine
Docker is used to isolate processes, but is it too aggressive to isolate every process in the OS?
Container is a running instance of image, each time you run an image, a new container is created. You can commit a container back as an image, however, it's a little controversial
Image name format: user/image:tag
docker run OPTIONS IMAGE COMMANDto generate a container based on given image and start it.
docker start CONTAINER_IDto restart stopped container, note that this will reuse the options and command when
docker runis issued
docker attach CONTAINER_IDto reattach to the given container
docker exec OPTIONS CONTAINER COMMANDto run an extra command in container
Note, docker is all about stdio, and if you would like to read something, read it from stdin, if you would like to output something, write to stdout
two ways: * commit each change * using dockerfiles
docker commit $(docker ps -lq) IMAGE_NAME
Docker has an unusual mechanism for specifying which registry to push to. You have to tag an image with the private registry's location in order to push to it. Let's tag our image to our private registry:
docker tag IMAGE_NAME DOCKER_REGISTRY/IMAGE_NAME
then push it to our private repository
docker push DOCKER_REGISTRY/IMAGE_NAME
each time you typed
docker run, you created a new container based on the image you use, you can use
docker start or
docker attach to reconnect to that container.
docker run [options] [image name] [command]
docker exec -it [container] bash can be used as a ssh equivalent
-d detach the container and runs in background
-p set ports [host:container]
--name set the name
--rm clean the container after running
--net sets the network connected to
-w sets working dir
-e sets env variable
-u sets user
-v sets volume host_file:container_file:options
docker ps -a shows which container is running
docker build docker build -t user/image [dir]
docker network ls ls the network interfaces docker network inspect inspect the network for details docker network create/rm create network interface docker network connect/disconnect [net] [container] connect a container to a network
by setting network, docker automatically create /etc/hosts file inside the image, and you can use the name of the container to access the others.
You could use
docker logs [contianer] to view stdout logs. But the logs sent to /var/logs/*.log are by default inside the container.
Remove stopped images docker rm $(docker ps -aq)