Wednesday, 22 May 2024
Docker summary
https://github.com/eon01/DockerCheatSheet ---> docker cheat sheet
https://forums.docker.com/t/an-error-while-setting-up-container/140117 ---> docker forum for troubleshooting issues
container hold the entire package that is needed to run the application
u can make changes in containder not in image
docker hub, docker engine, host,image
docker naitvely runs in linux and any os
go language
docker is os level virtualisation
docker is paas
cross platform doesnt support
images will run when both os are same
docker daemon
AMI-- amazon machine
container will take all dependencies will take from docker hub
container will take image from docker hub
container image will be shared to testiong for testing purpose
container will not hv os of its own
container will use os resources
continer is like a vm
docker (docker engine) is tool which create this vm
vertical scaling -- cpu and ram increase or decrease
horizontal scaling -- vm scaling
kubernetes will support horizontal scaling
docker file-- instruction file
publish image on docker hub
docker terminology
docker file,image,container,repository,engine
docker image will have app code+software+env+libraries
docker registry -- u can share images
docker hub -- u can store images
as soon as container requires ram it will take from host and will release when task is done
3 ways to create image
take image from docker hub
create image from docker file
create image from existing container
docker file--image--container
daemon will put image locally
docker commands
FROM
RUN
MAINTAINER
COPY
ADD
EXPOSE
WORKDIR
ENTRYPOINT
ENV
CMD
DOCKER COMMANDS PUT IN CAPS
DOCKER -- OPEN SOURCE CENTRALISED PLATFORM desinged to create deploy and run applications
advantages of docker
no pre allocation of ram
less cost
ci efficiency
light weight
it can run on physical hw,virtual hw and cloud
it takes less time to create container
hyper-v enable
virtualization -- enabled
disadv
doesnt hv rich gui
difficult to manage large no.of containers
doesnt provide cross platform compatibility
docker eco system
docker client,hub,image,doemon,engine,
components of docker
doemon,client,host,hub/registry.
-----------------------------------------------------------
Table of Contents
Installation
Docker Registries & Repositories
Running Containers
Starting & Stopping Containers
Getting Information about Containers
Networking
Security
Cleaning Docker
Docker Swarm
Notes
The Ultimate Docker Cheat Sheet
Installation
Linux
For more information, see here
curl -sSL https://get.docker.com/ | sh
Mac
For more information, see here
Use this link to download the dmg.
https://download.docker.com/mac/stable/Docker.dmg
Open the downloaded file and follow the installation instructions.
Windows
For more information, see here
Use the msi installer:
https://download.docker.com/win/stable/InstallDocker.msi
Open the downloaded file and follow the installation instructions.
Docker Registries & Repositories
Login to a Registry
docker login
docker login localhost:8080
Logout from a Registry.
docker logout
docker logout localhost:8080
Searching an Image
docker search nginx
docker search --filter stars=3 --no-trunc nginx
Pulling an Image
docker image pull nginx
docker image pull eon01/nginx localhost:5000/myadmin/nginx
Pushing an Image
docker image push eon01/nginx
docker image push eon01/nginx localhost:5000/myadmin/nginx
Running Containers
Create and Run a Simple Container
-Start an ubuntu:latest image
Bind the port 80 from the CONTAINER to port 3000 on the HOST
Mount the current directory to /data on the CONTAINER
Note: on windows you have to change -v ${PWD}:/data to -v "C:\Data":/data
docker container run --name infinite -it -p 3000:80 -v ${PWD}:/data ubuntu:latest
Creating a Container
docker container create -t -i eon01/infinite --name infinite
Running a Container
docker container run -it --name infinite -d eon01/infinite
Renaming a Container
docker container rename infinite infinity
Removing a Container
docker container rm infinite
A container can be removed only after stopping it using docker stop command. To avoid this, add the --rm flag while running the container.
Updating a Container
docker container update --cpu-shares 512 -m 300M infinite
Running a command within a running container
docker exec -it infinite sh
In the example above, bash can replace sh as an alternative (if the above is giving an error).
Starting & Stopping Containers
Starting
docker container start nginx
Stopping
docker container stop nginx
Restarting
docker container restart nginx
Pausing
docker container pause nginx
Unpausing
docker container unpause nginx
Blocking a Container
docker container wait nginx
Sending a SIGKILL
docker container kill nginx
Sending another signal
docker container kill -s HUP nginx
Connecting to an Existing Container
docker container attach nginx
Getting Information about Containers
From Running Containers
Shortest way:
docker ps
Alternative:
docker container ls
From All containers.
docker ps -a
docker container ls -a
Container Logs
docker logs infinite
'tail -f' Containers' Logs
docker container logs infinite -f
Inspecting Containers
docker container inspect infinite
docker container inspect --format '{{ .NetworkSettings.IPAddress }}' $(docker ps -q)
Containers Events
docker system events infinite
Public Ports
docker container port infinite
Running Processes
docker container top infinite
Container Resource Usage
docker container stats infinite
Inspecting changes to files or directories on a container’s filesystem
docker container diff infinite
Managing Images
Listing Images
docker image ls
Building Images
From a Dockerfile in the Current Directory
docker build .
From a Remote GIT Repository
docker build github.com/creack/docker-firefox
Instead of Specifying a Context, You Can Pass a Single Dockerfile in the URL or Pipe the File in via STDIN
docker build - < Dockerfile
docker build - < context.tar.gz
Building and Tagging
docker build -t eon/infinite .
Building a Dockerfile while Specifying the Build Context
docker build -f myOtherDockerfile .
Building from a Remote Dockerfile URI
curl example.com/remote/Dockerfile | docker build -f - .
Removing an Image
docker image rm nginx
Loading a Tarred Repository from a File or the Standard Input Stream
docker image load < ubuntu.tar.gz
docker image load --input ubuntu.tar
Saving an Image to a Tar Archive
docker image save busybox > ubuntu.tar
Showing the History of an Image
docker image history
Creating an Image From a Container
docker container commit nginx
Tagging an Image
docker image tag nginx eon01/nginx
Pushing an Image
docker image push eon01/nginx
Networking
Creating Networks
Creating an Overlay Network
docker network create -d overlay MyOverlayNetwork
Creating a Bridge Network
docker network create -d bridge MyBridgeNetwork
Creating a Customized Overlay Network
docker network create -d overlay \
--subnet=192.168.0.0/16 \
--subnet=192.170.0.0/16 \
--gateway=192.168.0.100 \
--gateway=192.170.0.100 \
--ip-range=192.168.1.0/24 \
--aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
--aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
MyOverlayNetwork
Removing a Network
docker network rm MyOverlayNetwork
Listing Networks
docker network ls
Getting Information About a Network
docker network inspect MyOverlayNetwork
Connecting a Running Container to a Network
docker network connect MyOverlayNetwork nginx
Connecting a Container to a Network When it Starts
docker container run -it -d --network=MyOverlayNetwork nginx
Disconnecting a Container from a Network
docker network disconnect MyOverlayNetwork nginx
Exposing Ports
Using Dockerfile, you can expose a port on the container using:
EXPOSE
You can also map the container port to a host port using:
docker run -p $HOST_PORT:$CONTAINER_PORT --name -t
e.g.
docker run -p $HOST_PORT:$CONTAINER_PORT --name infinite -t infinite
Security
Guidelines for building secure Docker images
Prefer minimal base images
Dedicated user on the image as the least privileged user
Sign and verify images to mitigate MITM attacks
Find, fix and monitor for open source vulnerabilities
Don’t leak sensitive information to docker images
Use fixed tags for immutability
Use COPY instead of ADD
Use labels for metadata
Use multi-stage builds for small secure images
Use a linter
You can find more nformation on Snyk's 10 Docker Image Security Best Practices blog post.
Cleaning Docker
Removing a Running Container
docker container rm nginx
Removing a Container and its Volume
docker container rm -v nginx
Removing all Exited Containers
docker container rm $(docker container ls -a -f status=exited -q)
Removing All Stopped Containers
docker container rm `docker container ls -a -q`
Removing a Docker Image
docker image rm nginx
Removing Dangling Images
docker image rm $(docker image ls -f dangling=true -q)
Removing all Images
docker image rm $(docker image ls -a -q)
Removing all Untagged Images
docker image rm -f $(docker image ls | grep "^" | awk "{print $3}")
Stopping & Removing all Containers
docker container stop $(docker container ls -a -q) && docker container rm $(docker container ls -a -q)
Removing Dangling Volumes
docker volume rm $(docker volume ls -f dangling=true -q)
Removing all unused (containers, images, networks and volumes)
docker system prune -f
Clean all
docker system prune -a
Docker Swarm
Installing Docker Swarm
curl -ssl https://get.docker.com | bash
Initializing the Swarm
docker swarm init --advertise-addr 192.168.10.1
Getting a Worker to Join the Swarm
docker swarm join-token worker
Getting a Manager to Join the Swarm
docker swarm join-token manager
Listing Services
docker service ls
Listing nodes
docker node ls
Creating a Service
docker service create --name vote -p 8080:80 instavote/vote
Listing Swarm Tasks
docker service ps
Scaling a Service
docker service scale vote=3
Updating a Service
docker service update --image instavote/vote:movies vote
docker service update --force --update-parallelism 1 --update-delay 30s nginx
docker service update --update-parallelism 5--update-delay 2s --image instavote/vote:indent vote
docker service update --limit-cpu 2 nginx
docker service update --replicas=5 nginx
---------------------------------------------------------------------------------------------------------------------
https://www.linkedin.com/pulse/navigating-docker-troubleshooting-tips-techniques-victor-mwenda-3un0f ----> important
https://www.linkedin.com/today/author/vmwenda?trk=article-ssr-frontend-pulse_more-articles
**********************************************
can not open docker #14065
Restart your computer > Go to BIOS and Enable virtualization
*********************************************************
Docker cannot run container, returns socket error 99 #8838
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale
https://blog.packagecloud.io/top-five-most-common-issues-with-docker-and-how-to-solve-them/
Table of Contents
Installation
Docker Registries & Repositories
Running Containers
Starting & Stopping Containers
Getting Information about Containers
Networking
Security
Cleaning Docker
Docker Swarm
Notes
The Ultimate Docker Cheat Sheet
Installation
Linux
For more information, see here
curl -sSL https://get.docker.com/ | sh
Mac
For more information, see here
Use this link to download the dmg.
https://download.docker.com/mac/stable/Docker.dmg
Open the downloaded file and follow the installation instructions.
Windows
For more information, see here
Use the msi installer:
https://download.docker.com/win/stable/InstallDocker.msi
Open the downloaded file and follow the installation instructions.
Docker Registries & Repositories
Login to a Registry
docker login
docker login localhost:8080
Logout from a Registry.
docker logout
docker logout localhost:8080
Searching an Image
docker search nginx
docker search --filter stars=3 --no-trunc nginx
Pulling an Image
docker image pull nginx
docker image pull eon01/nginx localhost:5000/myadmin/nginx
Pushing an Image
docker image push eon01/nginx
docker image push eon01/nginx localhost:5000/myadmin/nginx
Running Containers
Create and Run a Simple Container
-Start an ubuntu:latest image
Bind the port 80 from the CONTAINER to port 3000 on the HOST
Mount the current directory to /data on the CONTAINER
Note: on windows you have to change -v ${PWD}:/data to -v "C:\Data":/data
docker container run --name infinite -it -p 3000:80 -v ${PWD}:/data ubuntu:latest
Creating a Container
docker container create -t -i eon01/infinite --name infinite
Running a Container
docker container run -it --name infinite -d eon01/infinite
Renaming a Container
docker container rename infinite infinity
Removing a Container
docker container rm infinite
A container can be removed only after stopping it using docker stop command. To avoid this, add the --rm flag while running the container.
Updating a Container
docker container update --cpu-shares 512 -m 300M infinite
Running a command within a running container
docker exec -it infinite sh
In the example above, bash can replace sh as an alternative (if the above is giving an error).
Starting & Stopping Containers
Starting
docker container start nginx
Stopping
docker container stop nginx
Restarting
docker container restart nginx
Pausing
docker container pause nginx
Unpausing
docker container unpause nginx
Blocking a Container
docker container wait nginx
Sending a SIGKILL
docker container kill nginx
Sending another signal
docker container kill -s HUP nginx
Connecting to an Existing Container
docker container attach nginx
Getting Information about Containers
From Running Containers
Shortest way:
docker ps
Alternative:
docker container ls
From All containers.
docker ps -a
docker container ls -a
Container Logs
docker logs infinite
'tail -f' Containers' Logs
docker container logs infinite -f
Inspecting Containers
docker container inspect infinite
docker container inspect --format '{{ .NetworkSettings.IPAddress }}' $(docker ps -q)
Containers Events
docker system events infinite
Public Ports
docker container port infinite
Running Processes
docker container top infinite
Container Resource Usage
docker container stats infinite
Inspecting changes to files or directories on a container’s filesystem
docker container diff infinite
Managing Images
Listing Images
docker image ls
Building Images
From a Dockerfile in the Current Directory
docker build .
From a Remote GIT Repository
docker build github.com/creack/docker-firefox
Instead of Specifying a Context, You Can Pass a Single Dockerfile in the URL or Pipe the File in via STDIN
docker build - < Dockerfile
docker build - < context.tar.gz
Building and Tagging
docker build -t eon/infinite .
Building a Dockerfile while Specifying the Build Context
docker build -f myOtherDockerfile .
Building from a Remote Dockerfile URI
curl example.com/remote/Dockerfile | docker build -f - .
Removing an Image
docker image rm nginx
Loading a Tarred Repository from a File or the Standard Input Stream
docker image load < ubuntu.tar.gz
docker image load --input ubuntu.tar
Saving an Image to a Tar Archive
docker image save busybox > ubuntu.tar
Showing the History of an Image
docker image history
Creating an Image From a Container
docker container commit nginx
Tagging an Image
docker image tag nginx eon01/nginx
Pushing an Image
docker image push eon01/nginx
Networking
Creating Networks
Creating an Overlay Network
docker network create -d overlay MyOverlayNetwork
Creating a Bridge Network
docker network create -d bridge MyBridgeNetwork
Creating a Customized Overlay Network
docker network create -d overlay \
--subnet=192.168.0.0/16 \
--subnet=192.170.0.0/16 \
--gateway=192.168.0.100 \
--gateway=192.170.0.100 \
--ip-range=192.168.1.0/24 \
--aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
--aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
MyOverlayNetwork
Removing a Network
docker network rm MyOverlayNetwork
Listing Networks
docker network ls
Getting Information About a Network
docker network inspect MyOverlayNetwork
Connecting a Running Container to a Network
docker network connect MyOverlayNetwork nginx
Connecting a Container to a Network When it Starts
docker container run -it -d --network=MyOverlayNetwork nginx
Disconnecting a Container from a Network
docker network disconnect MyOverlayNetwork nginx
Exposing Ports
Using Dockerfile, you can expose a port on the container using:
EXPOSE
You can also map the container port to a host port using:
docker run -p $HOST_PORT:$CONTAINER_PORT --name -t
e.g.
docker run -p $HOST_PORT:$CONTAINER_PORT --name infinite -t infinite
Security
Guidelines for building secure Docker images
Prefer minimal base images
Dedicated user on the image as the least privileged user
Sign and verify images to mitigate MITM attacks
Find, fix and monitor for open source vulnerabilities
Don’t leak sensitive information to docker images
Use fixed tags for immutability
Use COPY instead of ADD
Use labels for metadata
Use multi-stage builds for small secure images
Use a linter
You can find more nformation on Snyk's 10 Docker Image Security Best Practices blog post.
Cleaning Docker
Removing a Running Container
docker container rm nginx
Removing a Container and its Volume
docker container rm -v nginx
Removing all Exited Containers
docker container rm $(docker container ls -a -f status=exited -q)
Removing All Stopped Containers
docker container rm `docker container ls -a -q`
Removing a Docker Image
docker image rm nginx
Removing Dangling Images
docker image rm $(docker image ls -f dangling=true -q)
Removing all Images
docker image rm $(docker image ls -a -q)
Removing all Untagged Images
docker image rm -f $(docker image ls | grep "^" | awk "{print $3}")
Stopping & Removing all Containers
docker container stop $(docker container ls -a -q) && docker container rm $(docker container ls -a -q)
Removing Dangling Volumes
docker volume rm $(docker volume ls -f dangling=true -q)
Removing all unused (containers, images, networks and volumes)
docker system prune -f
Clean all
docker system prune -a
Docker Swarm
Installing Docker Swarm
curl -ssl https://get.docker.com | bash
Initializing the Swarm
docker swarm init --advertise-addr 192.168.10.1
Getting a Worker to Join the Swarm
docker swarm join-token worker
Getting a Manager to Join the Swarm
docker swarm join-token manager
Listing Services
docker service ls
Listing nodes
docker node ls
Creating a Service
docker service create --name vote -p 8080:80 instavote/vote
Listing Swarm Tasks
docker service ps
Scaling a Service
docker service scale vote=3
Updating a Service
docker service update --image instavote/vote:movies vote
docker service update --force --update-parallelism 1 --update-delay 30s nginx
docker service update --update-parallelism 5--update-delay 2s --image instavote/vote:indent vote
docker service update --limit-cpu 2 nginx
docker service update --replicas=5 nginx
Inspect volume
Docker networking is a fascinating topic. When one knows how to use Docker, then knowing it's networking and other internals helps even more.
In this document, I have explained:
different networking modes available in docker,
the mechanisms of service discovery,
and procedure to join containers to each other for troubleshooting.
Note: The examples are from a docker host running Fedora Linux 31, and Docker Engine 19.03.8 .
The following networks are available to you by default, when you install docker on your computer.
Bridge - NAT - docker0
Host - Uses host network
None - Isolated / no networking
Other Docker networks available to you are the following, but are not covered in this document.
Overlay - Swarm mode
Macvlan - Legacy applications needing direct connection to physical network
3rd party network plugins
Note: In case you are wondering, in very simple terms, a software bridge is just another name for a (software) network switch!
At the highest level, Docker networking comprises three major components:
The Container Network Model (CNM)
libnetwork
Drivers
at a high level, it defines three major building blocks:
Sandboxes
Endpoints
Networks
A network sandbox, an isolated networking stack inside the container which may support multiple individual networks through endpoints. It includes; Ethernet interfaces, ports, routing tables, and DNS config.
A container endpoint, specified by the CNM and attached to the network sandbox, is an interface paired with an interface on a network, allowing the container to connect to that particular network. Endpoints are virtual network interfaces (E.g. veth). Like normal network interfaces, they’re responsible for making connections. In the case of the CNM, it’s the job of the endpoint to connect a sandbox to a network.
Bridge
A Bridge is a default Docker network that is present on any Linux host which runs a Docker Engine.
Understanding correlated terms:
A bridge is a Docker network
A bridge is also a Docker network driver/template, which creates a bridge network
docker0 is the kernel building block that is used in implementing the bridge network
Advantages:
Optimizes the performance.
Handles a large range of ports.
Does not require network address translation (NAT).
Does not require “userland-proxy” for each port.
Features:
An overlay network is used to manage swarm and service-related traffic.
The Docker daemon host network and ports are used to send data for individual swarm service.
network host: This is passed with command docker service create to use a host network for a swarm service.
https://github.com/kaan-keskin/introduction-to-docker/blob/main/ContainerNetworking.md
Image also don’t contain a kernel — all containers running on a Docker host share access to the host’s kernel. For these reasons, we sometimes say images contain just enough operating system (usually just OS-related files and filesystem objects).
Note: Hyper-V containers run a single container inside of a dedicated lightweight VM. The container leverages the kernel of the OS running inside the VM.
Windows-based Docker hosts this is C:\ProgramData\docker\windowsfilter
$ docker image ls
docker info
Image registries
The most common registry is Docker Hub (https://hub.Docker.com)
Image naming and tagging
$ docker image pull :
Filtering the output of docker image ls
The format of filter flag is a key-value pair. Docker provides the --filter flag to filter the list of images returned by docker image ls.
Filter option is used in docker images to filter:
Images that are not tagged.
Images that are labelled.
Images by time.
Images by reference.
The following example will only return dangling images.
$ docker image ls --filter dangling=true
You can delete all dangling images on a system with the docker image prune command. If you add the -a flag, Docker will also remove all unused images (those not in use by any containers).
Docker currently supports the following filters:
dangling: Accepts true or false, and returns only dangling images (true), or non-dangling images (false).
before: Requires an image name or ID as argument, and returns all images created before it.
since: Same as above, but returns images created after the specified image.
label: Filters images based on the presence of a label or label and value. The docker image ls command does not display labels in its output.
ou can also use the --format flag to format output using Go templates.
Format option is used in docker image to filter:
Image ID
Image repository
Image tag
Image digest
Image disk size
Time at which the image was created
Time elapsed since the creation of the image
$ docker image ls --format "{{.Size}}"
$ docker search alpine
The docker history command is another way of inspecting an image and seeing layer data. However, it shows the build history of an image and is not a strict list of layers in the final image. For example, some Dockerfile instructions (“ENV”, “EXPOSE”, “CMD”, and “ENTRYPOINT”) add metadata to the image and do not result in permanent layers being created.
All Docker images start with a base layer, and as changes are made and new content is added, new layers are added on top.
Good use cases for volumes
Volumes are the preferred way to persist data in Docker containers and services. Some use cases for volumes include:
Sharing data among multiple running containers. If you don't explicitly create it, a volume is created the first time it is mounted into a container. When that container stops or is removed, the volume still exists. Multiple containers can mount the same volume simultaneously, either read-write or read-only. Volumes are only removed when you explicitly remove them.
When the Docker host is not guaranteed to have a given directory or file structure. Volumes help you decouple the configuration of the Docker host from the container runtime.
When you want to store your container's data on a remote host or a cloud provider, rather than locally.
When you need to back up, restore, or migrate data from one Docker host to another, volumes are a better choice. You can stop containers using the volume, then back up the volume's directory (such as /var/lib/docker/volumes/).
When your application requires high-performance I/O on Docker Desktop. Volumes are stored in the Linux VM rather than the host, which means that the reads and writes have much lower latency and higher throughput.
When your application requires fully native file system behavior on Docker Desktop. For example, a database engine requires precise control over disk flushing to guarantee transaction durability. Volumes are stored in the Linux VM and can make these guarantees, whereas bind mounts are remoted to macOS or Windows, where the file systems behave slightly differently.
Good use cases for bind mounts
In general, you should use volumes where possible. Bind mounts are appropriate for the following types of use case:
Sharing configuration files from the host machine to containers. This is how Docker provides DNS resolution to containers by default, by mounting /etc/resolv.conf from the host machine into each container.
Sharing source code or build artifacts between a development environment on the Docker host and a container. For instance, you may mount a Maven target/ directory into a container, and each time you build the Maven project on the Docker host, the container gets access to the rebuilt artifacts.
If you use Docker for development this way, your production Dockerfile would copy the production-ready artifacts directly into the image, rather than relying on a bind mount.
When the file or directory structure of the Docker host is guaranteed to be consistent with the bind mounts the containers require.
Good use cases for tmpfs mounts
tmpfs mounts are best used for cases when you do not want the data to persist either on the host machine or within the container. This may be for security reasons or to protect the performance of the container when your application needs to write a large volume of non-persistent state data.
Tips for using bind mounts or volumes
If you use either bind mounts or volumes, keep the following in mind:
If you mount an empty volume into a directory in the container in which files or directories exist, these files or directories are propagated (copied) into the volume. Similarly, if you start a container and specify a volume which does not already exist, an empty volume is created for you. This is a good way to pre-populate data that another container needs.
If you mount a bind mount or non-empty volume into a directory in the container in which some files or directories exist, these files or directories are obscured by the mount, just as if you saved files into /mnt on a Linux host and then mounted a USB drive into /mnt. The contents of /mnt would be obscured by the contents of the USB drive until the USB drive was unmounted. The obscured files are not removed or altered, but are not accessible while the bind mount or volume is mounted.
************************************************
Volumes
Volumes are the preferred mechanism for persisting data generated by and used by Docker containers. While bind mounts are dependent on the directory structure and OS of the host machine, volumes are completely managed by Docker. Volumes have several advantages over bind mounts:
Volumes are easier to back up or migrate than bind mounts.
You can manage volumes using Docker CLI commands or the Docker API.
Volumes work on both Linux and Windows containers.
Volumes can be more safely shared among multiple containers.
Volume drivers let you store volumes on remote hosts or cloud providers, encrypt the contents of volumes, or add other functionality.
New volumes can have their content pre-populated by a container.
Volumes on Docker Desktop have much higher performance than bind mounts from Mac and Windows hosts.
************************************************************
Bind mounts
Bind mounts have been around since the early days of Docker. Bind mounts have limited functionality compared to volumes. When you use a bind mount, a file or directory on the host machine is mounted into a container. The file or directory is referenced by its absolute path on the host machine. By contrast, when you use a volume, a new directory is created within Docker's storage directory on the host machine, and Docker manages that directory's contents.
The file or directory does not need to exist on the Docker host already. It is created on demand if it does not yet exist. Bind mounts are very performant, but they rely on the host machine's filesystem having a specific directory structure available. If you are developing new Docker applications, consider using named volumes instead. You can't use Docker CLI commands to directly manage bind mounts.
*******************************************************************************
Volumes and bind mounts let you share files between the host machine and container so that you can persist data even after the container is stopped.
tmpfs
If you're running Docker on Linux, you have a third option: tmpfs mounts. When you create a container with a tmpfs mount, the container can create files outside the container's writable layer.
This is useful to temporarily store sensitive files that you don't want to persist in either the host or the container writable layer
As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only persisted in the host memory. When the container stops, the tmpfs mount is removed, and files written there won't be persisted.
Limitations of tmpfs mounts
Unlike volumes and bind mounts, you can't share tmpfs mounts between containers.
This functionality is only available if you're running Docker on Linux.
Setting permissions on tmpfs may cause them to reset after container restart. In some cases setting the uid/gid can serve as a workaround.
*************************************************************************
Container size on disk
To view the approximate size of a running container, you can use the docker ps -s command. Two different columns relate to size.
https://docs.docker.com/storage/storagedriver/#storage-drivers-versus-docker-volumes
**********************************************************
I was able to solve this by making sure the docker daemon was running with real-time scheduler enabled:
failed to write to cpu.rt_runtime_us #3046
*****************************************************
docker should fail if config file is invalid #5075
error: docker info not found when we run docker info command
docker version
Client:
Version: 26.1.2
API version: 1.44 (downgraded from 1.45)
Go version: go1.21.10
Git commit: 211e74b
Built: Wed May 8 13:59:48 2024
OS/Arch: linux/arm64
Context: default
docker info
not relevant
mapping a container port to multiple host ports doesn't work in host mode #5020
solution
1.create a compose file foo.yml
2.deploy the services
docker stack deploy -c foo.yml foo
inspect the service
docker ps | grep foo
example output with the 7500 mapping missing
3.
Expected behavior
Both ports 7500 and 7501 should have been mapped, but only the last one was.
Reproduce
create a compose file foo.yml
version: "3.4"
services:
nginx:
image: nginx
ports:
- target: 80
published: 7500
protocol: tcp
mode: host
- target: 80
published: 7501
protocol: tcp
mode: host
- target: 90
published: 7502
protocol: tcp
mode: host
deploy the services
docker stack deploy -c foo.yml foo
inspect the service
docker ps | grep foo
example output with the 7500 mapping missing
e52e785d43ab nginx:latest "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:7501->80/tcp, :::7501->80/tcp, 0.0.0.0:7502->90/tcp, :::7502->90/tcp foo_nginx.1.ynapf1jho2sg2jib4391j1tej
Expected behavior
Both ports 7500 and 7501 should have been mapped, but only the last one was.
docker version
Client: Docker Engine - Community
Version: 26.0.0
API version: 1.45
Go version: go1.21.8
Git commit: 2ae903e
Built: Wed Mar 20 15:18:12 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.0.0
API version: 1.45 (minimum version 1.24)
Go version: go1.21.8
Git commit: 8b79278
Built: Wed Mar 20 15:18:12 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.28
GitCommit: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 26.0.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.13.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.25.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
scan: Docker Scan (Docker Inc.)
Version: v0.23.0
Path: /usr/libexec/docker/cli-plugins/docker-scan
Server:
Containers: 97
Running: 39
Paused: 0
Stopped: 58
Images: 55
Server Version: 26.0.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: active
NodeID: rnkuw1h18qfave5s02qrpil4g
Is Manager: true
ClusterID: ibv4nqt659hdxmqv32gkk7a49
Managers: 1
Nodes: 1
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 172.20.3.61
Manager Addresses:
172.20.3.61:2377
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.10.0-28-amd64
Operating System: Debian GNU/Linux 11 (bullseye)
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 15.53GiB
Name: cldev10
ID: TRKH:KEBO:ESTR:OKOG:NACA:LTD6:RN34:5TFK:TJCM:WE44:LDXK:A6HY
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
aadocker01.as-i.com:5000
127.0.0.0/8
Live Restore Enabled: false
**********************************************
can not open docker #14065
Restart your computer > Go to BIOS and Enable virtualization
*********************************************************
Docker cannot run container, returns socket error 99 #8838
Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale
https://blog.packagecloud.io/top-five-most-common-issues-with-docker-and-how-to-solve-them/
***********************************************************************************
https://www.linkedin.com/pulse/navigating-docker-troubleshooting-tips-techniques-victor-mwenda-3un0f ----> important
https://www.linkedin.com/today/author/vmwenda?trk=article-ssr-frontend-pulse_more-articles
******************************************************************
azure billing,subscription
Log Analytics
Azure Monitor.
scale set
av set
av zone
load balancer
auto scaling
networking
deployment
https://refine.dev/blog/docker-volumes/#brief-introduction-to-docker
Subscribe to:
Post Comments (Atom)
-
Migrate virtual machine: The vMotion failed because the destination host did not receive data from the source host on the vMotion network....
-
ESXi host disconnects intermittently from vCenter Server (1005757) Document Id 1005757 Symptoms ESX/ESXi hosts disconnect fre...
-
Check and make sure that the process is actually stuck and not just taking a very long time. To do this, follow these steps: 1. Make sur...
No comments:
Post a Comment