Docker

Question 1

Virtual Machines

Answer 1

• Use the hypervisor to emulate real hardware
• Can take up a lot of space
• Require you to install/configure operating system
• Can run multiple apps simultaneously
• Cannot interact with their hosts

Question 2

Containers

Answer 2

• Do not emulate any hardware
• Do not need to boot up
• Do not require operating system installation
• Take up much less space
• Can run only one app at a time (by design)
• Can interact with their hosts

Question 3

Namespaces

Answer 3

• Provide different views of your system

Question 4

USERNS Namespace

Answer 4

• User lists

Question 5

MOUNT Namespace

Answer 5

• Access to file systems

Question 6

NET Namespace

Answer 6

• Network communication

Question 7

IPC Namespace

Answer 7

• Interprocess communication

Question 8

TIME Namespace

Answer 8

• Ability to change time (not supported by Docker)

Question 9

PID Namespace

Answer 9

• Process ID management

Question 10

CGROUP Namespace

Answer 10

• Create control groups

Question 11

UTC Namespace

Answer 11

• Create/host domain names

Question 12

Control Group Uses

Answer 12

• Monitor and restrict CPU usage
• Monitor and restrict network and disk bandwidth
• Monitor and restrict memory consumption
• Assign disk quotas (not supported by Docker)

Question 13

Docker Limitations

Answer 13

• Natively only runs on Linux
• Container images are bound to their parent operating systems

Question 14

Docker Machine

Answer 14

• Uses VirtualBox to create VMs that only run Docker
• VirtualBox, VM, and VBoxManage knowledge required
• Slower than Docker on Linux

Question 15

Docker Desktop

Answer 15

• Smaller and more tightly integrated VMs
• Automatically handles volume and network port mapping
• Comes with a nice GUI

Question 16

Create a Docker Container (Long Way)

Answer 16

• Run “docker container create <NAME>"</NAME>
• Run “docker ps” to see running containers and “docker ps –all” to see all of them
• Run “docker logs <ID>" to see the container log messages</ID>
• Run “docker container start –attach” to link the log to the terminal

Question 17

Create a Docker Container (Short Way)

Answer 17

• Run “docker run <NAME>" to create a container, start it, and attach its output to the terminal</NAME>
• Use “docker ps” to get the container ID

Question 18

Create a Docker Container from Dockerfiles

Answer 18

• Run “docker built -t <BUILDNAME> to build a container from the Dockerfile</BUILDNAME>
• Add the “–file <FILENAME> flag if the file is named differently</FILENAME>
• Docker creates intermediate images after each command and squashes them into a final image at the end

Question 19

Dockerfile Keywords (FROM)

Answer 19

• FROM: which existing image to base your image from

Question 20

Dockerfile Keywords (LABEL)

Answer 20

• LABEL: additional image data

Question 21

Dockerfile Keywords (USER)

Answer 21

• USER: specifies which user to use for subsequent commands

Question 22

Dockerfile Keywords (COPY)

Answer 22

• COPY: copies files from the “context” directory to the container image

Question 23

Dockerfile Keywords (RUN)

Answer 23

• RUN: command statements to customize the container image

Question 24

Dockerfile Keywords (ENTRYPOINT)

Answer 24

• ENTRYPOINT: specifies what command containers from the image should run

Question 25

Interact with your Container

Answer 25

• Run “docker kill <ID>" to forcefully stop a container</ID>
• Run “docker run -d <NAME>" to start the container without attaching it to the terminal</NAME>
• Run “docker exec <ID> <CMD>" to run additional commands within a container</CMD></ID>
• Run “docker exec –interactive –tty <ID> <SHELL>" to start a new terminal session within a container</SHELL></ID>

Question 26

Stopping and Removing the Container

Answer 26

• By default Docker does not stop and remove a container
• Run “docker stop <ID>" to stop a container</ID>
• Run “docker stop -t 0 <ID>" to forcefully stop a container</ID>
• Run “docker rm <ID>" to remove a container</ID>
• Run “docker rm -f <ID>" to remove a container that is running</ID>
• Run “docker ps -aq l xargs docker rm” to remove all containers
• Run “docker rmi <NAME>" to remove an image</NAME>

Question 27

Binding Ports to your Container

Answer 27

• Add the “–name <CONTAINER>" flag to the docker run command to name a container</CONTAINER>
• Add the “-p <LOCAL>:<CONTAINER>" flag to map a port</CONTAINER></LOCAL>
• “docker run -d –name <CONTAINER> -p <LOCALPORT>:<CONTAINER> <IMAGE>"S</IMAGE></CONTAINER></LOCALPORT></CONTAINER>

Question 28

Saving Data from Containers

Answer 28

• Add the “–volume <LOCAL>:<CONTAINER> to map the container</CONTAINER></LOCAL>
• If you map a non-existing file, Docker will create a new directory on your machine

Question 29

Pushing Images to Docker Hub

Answer 29

• Run “docker tag <NAME> <USERNAME>/<NAME>:<VERSION> to rename the image</VERSION></NAME></USERNAME></NAME>
• Run “docker push <USERNAME>/<NAME>:<VERSION> to push to Docker Hub</VERSION></NAME></USERNAME>

Question 30

“I can’t create more containers”

Answer 30

• Run “docker images” to list images and “docker rmi <ID>" to remove images</ID>
• Run “docker system prune” to remove unused data

Question 31

“My container is really slow”

Answer 31

• Run “docker stats <ID>" to see container stats</ID>
• Run “docker top <ID>" to see what is running inside the container</ID>
• Run “docker inspect <ID>" to see advanced information in JSON format</ID>

Question 32

Docker Best Practices

Answer 32

• Use verified images
• Use a container image scanner if necessary
• Avoid using the “latest” tag
• Use non-root users

Question 33

Writing a Dockerfile (FROM)

Answer 33

• FROM <IMAGE>: specifies which base image to use</IMAGE>

Question 34

Writing a Dockerfile (WORKDIR)

Answer 34

• WORKDIR <DIR>: sets the working directory</DIR>

Question 35

Writing a Dockerfile (COPY)

Answer 35

• COPY <CWD> <DIR>: copies current directory contents into the container</DIR></CWD>

Question 36

Writing a Dockerfile (RUN)

Answer 36

• RUN pip install –no-cache-dir -r requirements.txt

Question 37

Writing a Dockerfile (ENV)

Answer 37

• FLASK_APP=app.py: sets env variable for Flask

Question 38

Writing a Dockerfile (CMD)

Answer 38

• CMD [“flask”, “run”, “–host=0.0.0.0”]: starts the Flask application

Question 39

Searching for Images in the Docker Hub

Answer 39

Run “docker search <IMAGE>"</IMAGE>

Question 40

Other Docker Hub Image Search Flags

Answer 40

• ”–limit x”: limits to x results
• ”–no-trunc”: returns full image descriptions
• ”–format”: formats results using Go template

Question 41

Docker Hub Image Search Filters

Answer 41

• ”–filter is_official=true”: filters by official images
• ”–filter stars=x”: filters by minimum stars
• ”–filter is_automated=true”: filters by images that can be built automatically

Question 42

Working with Custom Images

Answer 42

• Run “docker images ls” to see local images
• ”–all” flag to see intermediate images
• ”–quiet” flag to only return image IDs
• ”–filter before=<IMAGE>" to filter images before <IMAGE></IMAGE></IMAGE>
• ”–filter after=<IMAGE>" to filter images after <IMAGE></IMAGE></IMAGE>
• ”–filter dangling=true” to filter unused images
• ”–filter label=<label>” to filter by image label</label>

Question 43

Tagging and Labeling Images

Answer 43

• Tags specify the version of an image
• Run “docker build -t <NAME>:<TAG>" to add a tag</TAG></NAME>
• Run “docker tag <source></source>:<TAG> <TARGET>:<TAG>" to add a tag</TAG></TARGET></TAG>

Question 44

Working with a Private Image Repository

Answer 44

• Run “docker login”
• Tag the local repository using the name of the repository: “docker tag <NAME>:<VERSION> <USERNAME>/<REPO>:<NAME>"</NAME></REPO></USERNAME></VERSION></NAME>
• Run “docker push <USERNAME>/<REPO>:<IMAGE></IMAGE></REPO></USERNAME>

Question 45

Inspecting Images

Answer 45

• Run “docker image inspect <ID>"</ID>
• Run “docker image inspect –format=’{{json.Config.Labels}}’ <IMAGE>" to return a specific section in json format</IMAGE>

Question 46

Inspecting Images (RepoTags)

Answer 46

• List all tags associated with the image ID

Question 47

Inspecting Images (ContainerConfig)

Answer 47

• Container information

Question 48

Inspecting Images (Config)

Answer 48

• Environment settings

Question 49

Inspecting Images (Cmd)

Answer 49

• Command run when starting a container based on the image (configured in Dockerfile)

Question 50

Inspecting Images (Labels)

Answer 50

• Image labels

Question 51

Removing Images

Answer 51

• Run “docker rmi <NAME> to remove an image"</NAME>
• Add the “-f” flag to remove an image attached to a running container
• Run “docker rmi <ID>" to remove all tags from an image</ID>

Question 52

Start an Existing Container

Answer 52

• Run “docker start”

Question 53

Create and Start a Container

Answer 53

• Run “docker run”

Question 54

Gracefully Stop a Container

Answer 54

• Run “docker stop”

Question 55

Forcefully Stop a Container

Answer 55

• Run “docker kill”

Question 56

List all Running Containers

Answer 56

• Run “docker ps”
• The “-a” flag includes stopped containers
• The “-n” flag returns the last x created containers
• The “-q” flag displays only container IDs
• The “-s” flag displays the total file size of all containers
• The “-l” flag shows the last created container

Question 57

Inspecting Containers

Answer 57

• Run “docker inspect <ID>"</ID>
• Can return a specific section in json format similar to inspect image

Question 58

Inspecting Containers (ID)

Answer 58

• Container ID

Question 59

Inspecting Containers (State)

Answer 59

• Status flags and PID

Question 60

Inspecting Containers (Image)

Answer 60

• The image that the container is running

Question 61

Inspecting Containers (LogPath)

Answer 61

• Path to the container log

Question 62

Inspecting Containers (Name)

Answer 62

• Name of the container

Question 63

Inspecting Containers (RestartCount)

Answer 63

• The number of times a container has restarted

Question 64

Inspecting Containers (HostConfig)

Answer 64

• How the container will interact with the host system

Question 65

Inspecting Containers (Config)

Answer 65

• Runtime configuration options

Question 66

Reviewing Container Log Files

Answer 66

• Run “docker logs <ID>" to view container logs</ID>
• The “tail” option specifies last x lines to show
• The “f” option continues streaming new output
• The “details” option shows extra log details
• The “since” option shows logs after a specified time
• The “until” option shows logs until a timestamp
• The “timestamps” option shows timestamps in logs

Question 67

Working with Volumes

Answer 67

• A volume is a directory on the host machine that is accessible by a container

Question 68

Create a Volume

Answer 68

• Run “docker volume create”

Question 69

View Existing Volumes

Answer 69

• Run “docker volume ls”

Question 70

Inspect a Volume

Answer 70

• Run “docker volume inspect <NAME>"</NAME>

Question 71

Attach a Volume to a Container

Answer 71

• Add “-v <HOST>:<CONTAINER>"</CONTAINER></HOST>

Question 72

Remove an Unused Volume

Answer 72

• Run “volume rm <NAME>"</NAME>

Question 73

Working with Mounts

Answer 73

• Use “-v” or “–mount” to bind a host directory to a container directory
• “-v” will create a new directory if it doesn’t exist on the host, while “–mount” will return an error
• Run “docker exec -it <ID> sh" to open a shell in the container and verify the mount binding worked</ID>

Question 74

Daily Docker Workflow

Answer 74

• Run “docker image prune” to remove untagged and unreferenced images
• Add “-a” flag to remove all unused images
• Run “docker container prune” and “docker volumes prune” in similar ways
• Run “docker system prune” to remove unused images, containers, and networks
• Add “–volume” flag to prune volumes