docker

Containerization technology that packages an application and its dependencies into a portable container so that it can run in different environments

Supplementary instructions

Docker containers are fast to deploy, portable, scalable, and can run on different platforms. Docker helps developers and operators build, publish, and manage applications more easily.

Install

Enter the following command to install Docker in Linux.

# CentOS reference: https://blog.csdn.net/zhaoyuanh/article/details/126610347
#If there is an old version of docker in the system, it needs to be deleted first:
sudo yum remove docker \
                   docker-client\
                   docker-client-latest \
                   docker-common\
                   docker-latest \
                   docker-latest-logrotate \
                   docker-logrotate \
                   docker-engine

#Set up warehouse:
yum install -y yum-utils

#Add Docker repository:
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

#Install Docker engine (latest by default):
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

#Start docker:
sudo systemctl start docker

grammar

docker create [options] IMAGE

##Option parameters

attach Attach local standard input, output, and error streams to a running container
build builds the image from the Dockerfile
commit creates a new image from changes to the container
cp copies files/folders between the container and the local file system
create creates a new container
diff checks for changes to a file or directory on the container's file system
events Get real-time events from the server
exec runs a command in a running container
export Exports the container's file system as a tar archive
history displays the history of the image
images list images
import Imports content from a tarball to create a file system image
info displays system-wide information
inspect returns low-level information about a Docker object
kill kills one or more running containers
load loads an image from a tar archive or STDIN
login Log in to the Docker registry
logout Log out of the Docker registry
logs Get the logs of the container
pause pauses all processes within one or more containers
port lists port mappings or specific mappings for a container
ps list containers
pull pulls an image or repository from the registry
push Push an image or repository to the registry
rename rename container
restart restart one or more containers
rm removes one or more containers
rmi removes one or more images
run runs the command in a new container
save saves one or more images to a tar archive (default streams to STDOUT)
search Search for images in Docker Hub
start starts one or more stopped containers
stats displays a real-time stream of container resource usage statistics
stop stops one or more running containers
tag creates a tag TARGET_IMAGE that references SOURCE_IMAGE
top displays the running processes of the container
unpause unpauses all processes in one or more containers
update updates the configuration of one or more containers
version displays Docker version information
wait blocks until one or more containers are stopped, then prints their exit codes

<environmental parameters>
     --add-host list # Add custom host to IP mapping (host:ip)
-a, --attach list # Attach to STDIN, STDOUT or STDERR
     --blkio-weight uint16 # Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
     --blkio-weight-device list # Block IO weight (relative device weight) (default [])
     --cap-add list # Add Linux functionality
     --cap-drop list # Drop Linux functionality
     --cgroup-parent string # Optional parent cgroup of the container
     --cgroupns string # Cgroup namespace to use (host|private)
                         # 'host': Run the container in the cgroup namespace of the Docker host
                         # 'private': Run the container in its own private cgroup namespace
                         # '': Used by the daemon process
                         # cgroup namespace configured with default-cgroupns-mode option (default)
     --cidfile string #Write container ID to file
     --cpu-period int # Limit CPU CFS (completely fair scheduler) period
     --cpu-quota int # Limit CPU CFS (completely fair scheduler) quota
     --cpu-rt-period int # Limit CPU real-time period in microseconds
     --cpu-rt-runtime int # Limit CPU real-time running time in microseconds
-c, --cpu-shares int # CPU shares (relative weight)
     --cpus decimal # Number of CPUs
     --cpuset-cpus string # CPU allowed to execute (0-3, 0,1)
     --cpuset-mems string # MEMs allowed to execute (0-3, 0,1)
     --device list # Add host device to container
     --device-cgroup-rule list # Add rules to the cgroup allowed device list
     --device-read-bps list # Limit device read rate (bytes per second) (default [])
     --device-read-iops list # Limit device read rate (IO per second) (default [])
     --device-write-bps list # Limit device write rate (bytes per second) (default [])
     --device-write-iops list # Limit device write rate (IO per second) (default [])
     --disable-content-trust # Skip image verification (default is true)
     --dns list # Set up custom DNS servers
     --dns-option list # Set DNS options
     --dns-search list # Set custom DNS search domain
     --domainname string # Container NIS domain name
     --entrypoint string # Override the default entry point of the image
-e, --env list # Set environment variables
     --env-file list # Read environment variable files
     --expose list # Expose a port or a series of ports
     --gpus gpu-request # GPU devices to add to the container ("all" to pass all GPUs)
     --group-add list #Add other groups to join
     --health-cmd string # Command to run to check health
     --health-interval duration # Time between running checks (ms|s|m|h) (default 0s)
     --health-retries int # Need to report unhealthy consecutive failures
     --health-start-period duration # Start time of container initialization before starting health retry countdown (ms|s|m|h) (default 0s)
     --health-timeout duration # Maximum time allowed to run a check (ms|s|m|h) (default 0s)
     --help # print usage
-h, --hostname string # Container host name
     --init #Run an init inside the container to forward signals and harvest processes
-i, --interactive # Keep STDIN open even if there is no connection
     --ip string # IPv4 address (e.g. 172.30.100.104)
     --ip6 string # IPv6 address (for example, 2001:db8::33)
     --ipc string # IPC mode to use
     --isolation string # Container isolation technology
     --kernel-memory bytes # Kernel memory limit
-l, --label list # Set metadata on the container
     --label-file list # Read in line-delimited label files
     --link list # Add links to another container
     --link-local-ip list # Container IPv4/IPv6 link local address
     --log-driver string # Container logging driver
     --log-opt list # Log driver options
     --mac-address string # Container MAC address (e.g. 92:d0:c6:0a:29:33)
-m, --memory bytes # Memory limit
     --memory-reservation bytes # Memory soft limit
     --memory-swap bytes # Swap limit equals memory plus swap: '-1' enables unlimited swap
     --memory-swappiness int # Adjust container memory swap (0 to 100) (default - 1)
     --mount mount # Attach a file system mount to the container
     --name string # Assign a name to the container
     --network network # Connect the container to the network
     --network-alias list # Add network-wide aliases to the container
     --no-healthcheck # Disable any container-specific HEALTHCHECK
     --oom-kill-disable # Disable OOM killer
     --oom-score-adj int # Adjust the host's OOM preferences (-1000 to 1000)
     --pid string # PID namespace to use
     --pids-limit int #Adjust container pids limit (setting -1 means no limit)
     --platform string # If the server supports multiple platforms, set the platform
     --privileged #Grant extended permissions to this container
-p, --publish list # Publish the container's port to the host
-P, --publish-all # Publish all exposed ports to random ports
     --pull string # Pull the image before creation ("always"|"missing"|"never") (default "missing")
     --read-only # Mount the container's root file system as read-only
     --restart string # Restart policy to apply when the container exits (default "no")
     --rm # Automatically remove when container exits
     --runtime string # The runtime to use for this container
     --security-opt list # Security options
     --shm-size bytes # The size of /dev/shm
     --stop-signal string #Signal to stop the container (default "SIGTERM")
     --stop-timeout int # Timeout for stopping the container (in seconds)
     --storage-opt list # Storage driver options for containers
     --sysctl map # Sysctl options (default map[])
     --tmpfs list # Mount tmpfs directory
-t, --tty # Allocate a pseudo TTY
     --ulimit ulimit # ulimit option (default [])
-u, --user string # User name or UID (format: <name|uid>[:<group|gid>])
     --userns string # User namespace to use
     --uts string # UTS namespace to use
-v, --volume list # Bind mounted volumes
     --volume-driver string # Optional volume driver for the container
     --volumes-from list # Mount volumes from the specified container
-w, --workdir string # Working directory within the container

Example

Introducing several common scenarios: Docker Hub image market related, image warehouse commands.

1. Download the image from the docker hub image market.

docker pull user/image

2. Search for the image in docker hub.

# Note that you need to download the image to use it
docker search search_word

3. Authenticate to docker hub.

docker login

4. Upload the image to docker hub.

docker push user/image

docker network

grammar

docker network [COMMAND]

COMMAND

docker network connect

Connect the container to the network. You can connect containers by name or ID. Once connected, a container can communicate with other containers on the same network.

docker network connect [OPTIONS] NETWORK CONTAINER

Options parameters

--alias Add a network-wide alias to the container
--driver-opt driver options for network
--ip IPv4 address (e.g. 172.30.100.104)
--ip6 IPv6 address (e.g. 2001:db8::33)
--link Add the link to another container (not recommended, it will be deleted later)
--link-local-ip adds a local link address to the container

docker network disconnect

Disconnect the container from the network

docker network disconnect [OPTIONS] NETWORK CONTAINER

Options parameters

-f,--force force the container to disconnect from the network

docker network create

Create a new network

docker network create [OPTIONS] NETWORK

Options parameters

--attachable API 1.25+ enables manual container attachment
--aux-address Auxiliary IPv4 or IPv6 address used by the network driver
--config-from API 1.30+ network to copy configuration from
--config-only API 1.30+ creates a configuration-only network
-d,--driver bridge driver to manage the network
--gateway IPv4 or IPv6 gateway for the main subnet
--ingress API 1.29+ creates a cluster routed mesh network
--internal restricts external access to the network
--ip-range assign container ip from subrange
--ipam-driver IP address management driver
--ipam-opt Set IPAM driver specific options
--ipv6 Enable IPv6 network
--label Set metadata on the network
-o,--opt Set driver specific options
--scope API 1.30+ control network scope
--subnet represents the subnet in CIDR format of the network segment

docker network inspect

Returns information about one or more networks. By default, this command renders all results in a JSON object.

docker network inspect [OPTIONS] NETWORK [NETWORK...]

Options parameters

-f, --format Format output using the given Go template
-v,--verbose Verbose output for diagnostics

docker network ls

List all networks known to the engine daemon. This includes networking across multiple hosts in the cluster

docker network ls [OPTIONS]

Options parameters

-f,--filter provide filter value (e.g. "driver = bridge")
--format Pretty printing network using Go templates
--no-trunc Do not truncate output
-q,--quiet Show only network IDs

docker network prune

Delete all unused networks. An unused network is a network that is not referenced by any container in use ().

docker network prune [OPTIONS]

Options parameters

--filter provide a filter value (e.g. 'until=')
-f,--force do not prompt for confirmation

docker network rm

Delete one or more networks by name or identifier. To delete a network, you must first disconnect all containers connected to it.

docker network rm NETWORKID [NETWORKID...]

Official website

For more installation and usage methods, you can visit: https://wangchujiang.com/reference/docs/docker.html Written by Shanghai Tu Tianyu