Skip to content
/ docker-cheat-sheet Public

🐳 Aggregation of my personal notes collected during daily work with the Docker

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

slydeveloper/docker-cheat-sheet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8 Commits
images
images
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Docker Cheat Sheet

Aggregation of my personal notes collected during daily work with the Docker

Glossary

Based on official Docker glossary

  • container is a runtime instance of a docker image. Containers are isolated processes, not virtual machines. A Docker container consists of a Docker image, an execution environment and, a standard set of instructions.
  • cgroups is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Docker relies on cgroups to control and isolate resource limits.
  • Docker project as a whole, which is a platform for developers and sysadmins to develop, ship, and run apps. Docker is an open-source utility that automates the deployment and management of programs inside software containers. The docker daemon process running on the host which manages images and containers (also called Docker Engine).
  • Docker Compose is a tool for defining and running complex applications with Docker.
  • Docker Hub is a centralized resource for working with Docker and its components.
  • Dockerfile is a text document that contains all the commands you would normally execute manually in order to build a Docker image. Docker can build images automatically by reading the instructions from a Dockerfile.
  • Docker Swarm is the name of a standalone native clustering tool for Docker. Docker Swarm pools together several Docker hosts and exposes them as a single virtual Docker host. It serves the standard Docker API, so any tool that already works with Docker can now transparently scale up to multiple hosts.
  • image Docker images are the basis of containers. An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. An image typically contains a union of layered filesystems stacked on top of each other. An image does not have state and it never changes.
  • layer In an image, a layer is modification to the image, represented by an instruction in the Dockerfile. Layers are applied in sequence to the base image to create the final image. When an image is updated or rebuilt, only layers that change need to be updated, and unchanged layers are cached locally. This is part of why Docker images are so fast and lightweight. The sizes of each layer add up to equal the size of the final image.
  • namespace A Linux namespace is a Linux kernel feature that isolates and virtualizes system resources. Processes which restricted to a namespace can only interact with resources or processes that are part of the same namespace. Namespaces are an important part of Docker’s isolation model. Namespaces exist for each type of resource, including net (networking), mnt (storage), pid (processes), uts (hostname control), and user (UID mapping). For more information about namespaces, see Docker run reference and Introduction to user namespaces.
  • node is a physical or virtual machine running an instance of the Docker Engine in swarm mode.
  • registry is a hosted service containing repositories of images which responds to the Registry API. The default registry can be accessed using a browser at Docker Hub or using the docker search command.
  • repository is a set of Docker images. A repository can be shared by pushing it to a registry server. The different images in the repository can be labeled using tags.
  • swarm is a cluster of one or more Docker Engines running in swarm mode.
  • Swarm mode refers to cluster management and orchestration features embedded in Docker Engine. When you initialize a new swarm (cluster) or join nodes to a swarm, the Docker Engine runs in swarm mode.
  • tag is a label applied to a Docker image in a repository. Tags are how various images in a repository are distinguished from each other.
  • Union file system (UnionFS) - Union file systems implement a union mount and operate by creating layers. Docker uses union file systems in conjunction with copy-on-write techniques to provide the building blocks for containers, making them very lightweight and fast.

Docker container vs Docker image

  • Docker image
    • base of container
    • layered filesystems (stack)
    • read only
    • never changes
  • Docker container
    • runtime instance of a Docker image
    • contains a reference to Docker image
    • containers are isolated processes

Docker commands:

Docker engine commands

  • docker version - show the Docker version information (version of client/server, API, Go, OS/Arch type, etc)
  • docker info - display system-wide information (containers status, images count, CPUs OS type, etc)
  • docker events - get real time events from the server

Docker registry commands

  • docker search - search the Docker Hub for images
  • docker login - log in to a Docker registry
  • docker logout - log out from a Docker registry
Example of docker search:

# search ubuntu image
docker search ubuntu

Dockerfile commands

Example of docker build:

# build an image form a Dockerfile located in the current folder 
# and set a tag `myimage:latest` for new image
docker build -t "myimage:latest" .

Docker images commands

  • docker pull - pull an image or a repository from a registry
  • docker push - push an image or a repository to a registry
  • docker images - list images
Example of docker pull, save, load:

# pull `busybox` image from registry
docker pull busybox

Docker image commands

  • docker history - show the history of an image
  • docker tag - create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  • docker rmi - remove one or more images
  • docker image rm $(docker image ls -a -q) - remove all images
  • docker save - save one or more images to a tar archive
  • docker load - load an image from a tar archive or STDIN
  • docker import - import the contents from a tarball to create a filesystem image
Example docker tag, rmi:

# create a tag `mytag` that refers to `busybox` image
docker tag busybox busybox:mytag

# remove `busybox` image
docker rmi busybox

Example of docker save, load:

# pull `busybox` image from registry
docker pull busybox

# save `busybox` image
docker save busybox > busybox.tar

# remove `busybox` image
docker rmi busybox

# load `busybox` image from TAR file
docker load < busybox.tar

Docker ps command

  • docker ps - show only running containers
  • docker ps -a - show all containers (all statuses)
  • docker ps -f- filter output based on conditions provided
  • docker ps -n- show n last created containers (includes all states) (default -1)
  • docker ps -l - show the latest created container (includes all states)
  • docker ps -q - only display numeric IDs
  • Show n last created containers (includes all states) (default -1)
  • docker ps -s - display total file sizes
Example of docker ps:

# docker --format placeholders
# .ID - Container ID
# .Image - Image ID
# .Command - Quoted command
# .CreatedAt - Time when the container was created.
# .RunningFor - Elapsed time since the container was started.
# .Ports - Exposed ports.
# .Status - Container status.
# .Size - Container disk size.
# .Names - Container names.
# .Labels - All labels assigned to the container.
# .Label - Value of a specific label for this container: 
# .Mounts - Names of the volumes mounted in this container.

# show only running formatted as ID / Image / Ports / Names
docker ps --format "{{.ID}} / {{.Image}} / {{.Ports}} / {{.Names}}"

# show all containers formatted as ID / Image / Ports / Names
docker ps -a --format "{{.ID}} / {{.Image}} / {{.Ports}} / {{.Names}}"

# show all containers formatted as table ID, IMAGE, PORTS, NAMES
docker ps -a --format "table {{.ID}}\t{{.Image}}\t{{.Ports}}\t{{.Names}}"

# show all containers based on `nginx`
docker ps -a -f=ancestor=nginx

Docker container commands

  • docker create - create a new container
  • docker run - run a command in a new container
  • docker start - start one or more stopped containers
  • docker stop - stop one or more running containers
  • docker restart - restart one or more containers
  • docker attach - attach local standard input, output, and error streams to a running container
  • docker kill - kill one or more running containers
  • docker pause - pause all processes within one or more
  • docker unpause - unpause all processes within one or more containers
  • docker rename - rename a container
  • docker rm - remove one or more containers
  • docker exec - run a command in a running container
  • docker diff - inspect changes to files or directories on a container's filesystem
  • docker cp - copy files/folders between a container and the local filesystem
  • docker commit - create a new image from a container's changes
  • docker export - export a container's filesystem as a tar archive
  • docker logs -f - fetch the logs of a container
  • docker top - display the running processes of a container
  • docker port - list port mappings or a specific mapping for the container
Example of docker create, ps, rm, start, stop, attach:

# create a new container based on the Ubuntu image, with:
# - random name i.e `festive_gates`
# - random ID i.e `37a0cb4dd740`
# - status `Created`
# - enabled `-it` (STDIN + pseudo-TTY for input commands)
docker create -it ubuntu /bin/bash

# show all containers (all statuses)
docker ps -a

# show the latest created container 
docker ps -l

# show the latest created container with formatted result: ID, Status, Names
docker ps -l --format "{{.ID}} {{.Status }} {{.Names}}"

# result of above command formatted as: ID, Status, Names
37a0cb4dd740 Created festive_gates

# remove created container by ID
docker rm 37a0cb4dd740

# create a new container as above but with a name: `test_create_ubuntu`
docker create -it --name test_create_ubuntu ubuntu /bin/bash

# start container
docker start test_create_ubuntu

# attach keyboard input to container
docker attach test_create_ubuntu

# logged into container
root@c5d448c6117c:/#

# exit from container
root@c5d448c6117c:/# exit

# stop container
docker stop test_create_ubuntu

# remove container
docker rm test_create_ubuntu

Example of docker run, ps, rm, start, stop, attach:

# run a command in new container based on the Ubuntu image, with:
# - random name i.e `stupefied_montalcini`
# - random ID i.e `30f2887203f3`
# - status `Up`
# - enabled `-it` (STDIN + pseudo-TTY for input commands)
docker run -it ubuntu /bin/bash

# result of about command, logged into container
root@30f2887203f3:/#

# exit from container
root@30f2887203f3:/# exit

# show all containers (all statuses)
docker ps -a

# show the latest created container 
docker ps -l

# show the latest created container with formatted result: ID, Status, Names
docker ps -l --format "{{.ID}} {{.Status }} {{.Names}}"

# result of above command formatted as: ID, Status, Names
30f2887203f3 Exited (0) 3 seconds ago stupefied_montalcini

# create a new container as above but with a name: `test_run_ubuntu`
docker run -it --name test_run_ubuntu ubuntu /bin/bash

# logged into container
root@83d51a5964d7:/#

# exit from container
root@ 83d51a5964d7:/# exit

# stop container
docker stop test_run_ubuntu

# remove container
docker rm test_run_ubuntu

Example of docker run with a command:

# run a ping command from a container and
# remove container on exit by --rm parameter
docker run --rm busybox ping google.com

# example result
64 bytes from 216.58.201.110: seq=0 ttl=37 time=41.393 ms
64 bytes from 216.58.201.110: seq=1 ttl=37 time=44.513 ms
64 bytes from 216.58.201.110: seq=2 ttl=37 time=43.191 ms

# run date command from a container and
# remove container on exit by --rm parameter
docker run --rm ubuntu date

# example result
Mon Mar 26 18:35:16 UTC 2018

Example of docker run with port mapping:

# run a new container based on the Nginx image, with:
# - enabled `-d` that runs a container in a background
# - enabled `-p 80` that publish port 80 of the container 
# to all interfaces of the host with a dynamically allocated port.
# The Nginx by default exposes port 80
docker run -d --name test_nginx_1 -p 80 nginx

# check port mapping
docker port test_nginx_1

# example result of above command
80/tcp -> 0.0.0.0:32773

# test `test_nginx_1` server
curl http://localhost:32773

# - enabled `-p 8080:80` that publish port 80 of the container
# to all interfaces of the host with a static port 8080
docker run -d --name test_nginx_2 -p 8080:80 nginx

# test `test_nginx_2` server
curl http://localhost:8080

Example of docker kill:

# create a new container with a name `test_kill`
docker create -it --name test_kill ubuntu /bin/bash

# start container
docker start test_kill

# kill container
docker kill test_kill

Example of docker rename:

# create a new container with a name `test_rename`
docker run --name test_rename ubuntu /bin/bash

# rename `test_rename` container to `renamed_test`
docker rename test_rename renamed_test

# show the latest created container, should contains `renamed_test`
docker ps -l

Example of docker pause, unpause, logs:

# run a new container with a script that prints a date in 1 second interval, with:
# - enabled `-d` that runs a container in a background
docker run -d --name test_pause ubuntu /bin/sh -c "while true; do date; sleep 1; done"

# fetch the logs of a container
docker logs -f test_pause

# example result of above command, new log per 1 second
Sun Mar 25 17:48:46 UTC 2018
Sun Mar 25 17:48:47 UTC 2018
Sun Mar 25 17:48:48 UTC 2018
...

# pause container
docker pause test_pause

# fetch the logs of container
docker logs -f test_pause

# example result of above command, no new logs
Sun Mar 25 17:52:26 UTC 2018
Sun Mar 25 17:52:27 UTC 2018
Sun Mar 25 17:52:28 UTC 2018

# unpause container
docker unpause test_pause

# fetch the logs of container
docker logs -f test_pause

# example result of above command, new log per 1 second
Sun Mar 25 17:54:38 UTC 2018
Sun Mar 25 17:54:39 UTC 2018
Sun Mar 25 17:54:40 UTC 2018
...

# stop container
docker stop test_pause

Example of docker exec:

# run a new container with a name `nginx_server`
docker run -d --name nginx_server -p 8080:80 nginx

# run /bin/bash command in `nginx_server` container (terminal)
docker exec -it nginx_server /bin/bash

# example result
root@479d0e43f6c4:/#

# exit from container
root@479d0e43f6c4:/# exit

# run date `nginx_server` container
docker exec nginx_server date

# example result
Mon Mar 26 19:20:28 UTC 2018

Example of docker cp, diff:

# run a new container with a name `test_cp_ubuntu`
docker run -it --name test_cp_ubuntu ubuntu /bin/bash

# create a new file container_file.txt in container
root@968c86596a3b:/# echo "Container file" > container_file.txt

# exit from container
root@968c86596a3b:/# exit

# copy a file container_file.txt from `test_cp_ubuntu` container to host
docker cp test_cp_ubuntu:/container_file.txt container_file.txt

# test container_file.txt
cat container_file.txt

# result
Container file

# create a new file host_file.txt on host 
echo "Host file" > host_file.txt

# copy a file host_file.txt from host to `test_cp_ubuntu` container
docker cp host_file.txt test_cp_ubuntu:/host_file.txt

# start container
docker start test_cp_ubuntu

# attach keyboard input to container
docker attach test_cp_ubuntu

# test host file
root@968c86596a3b:/# cat host_file.txt

# result
Host file

# inspect changes to files or directories on a container's filesystem
docker diff test_cp_ubuntu

# example result
A /container_file.txt
A /host_file.txt
C /root
A /root/.bash_history

Example of docker commit:

# create a new container with a name `test_commit`
docker run -it --name test_commit ubuntu /bin/bash

# store a date to file.txt
root@bf6d4aeae802:/# date > file.txt

# test file
root@bf6d4aeae802:/# cat file.txt

# example result
Mon Mar 26 20:11:16 UTC 2018

# exit from container
root@bf6d4aeae802:/# exit

# create a new image `new_test_commit_image` 
# from a `test_commit` container's changes
docker commit test_commit new_test_commit_image

# image should be on list
docker images

# create a new container with a name `test_commit_new` 
# based on `new_test_commit_image`
docker run -it --name test_commit_new new_test_commit_image /bin/bash

# test file.txt stored before commit
root@9f283ac64e1d:/# cat file.txt

# result
Mon Mar 26 20:21:29 UTC 2018

Example of docker export, import:

# create a new container with a name `test_export` 
# based on Busybox image
docker create --name test_export busybox
 
# export `test_export` container to TAR file
docker export test_export > test_export.tar

# remove `test_export` container
docker rm test_export

# import `test_export` as `busybox-export` image
cat test_export.tar | docker import - busybox-export

# list images, image `busybox-export` should be on list
docker images

# run a new container `test_export` based on `busybox-export` image
docker run -it --name test_export busybox-export /bin/sh

Example of docker top:

# run a new container with a name `test_top`
docker run -d --name test_top -p 8080:80 nginx

# display the running processes of a `test_top` container
docker top test_top

# example result
PID		USER		TIME		COMMAND
5815		root		0:00		nginx: master process nginx -g daemon off;
5851		101			0:00		nginx: worker process

Docker inspect command

  • docker inspect - return low-level information on Docker objects
Example of docker inspect:

# create a new container with name `test_inspect`
docker run -v /test_directory --name test_inspect ubuntu

# basic usage of docker inspect
docker inspect test_inspect

# example result of above command (sample of JSON)
[{
	"Id": "13074e2597ee1beedad7218b36df2da13851dfbb8f2712d4b2408003d300cf1b",
  "Created": "2018-04-01T22:14:24.725012738Z",
  "Path": "/bin/bash",
  ...
}]

# extract name of container
docker inspect -f '{{.Name}}' test_inspect

# result of above command
/test_inspect

# check IP of container
docker inspect -f '{{.NetworkSettings.IPAddress}}' test_inspect

# result of above command
172.17.0.3

# filter mounted volumes of container
docker inspect -f '{{ .Mounts }}' test_inspect

# example result of above command
[{volume 1c7951286a1975d8399fb7b0e393999628276a43c9a160e6318b4b7435578738 
/var/lib/docker/volumes/1c7951286a1975d8399fb7b0e393999628276a43c9a160e6318b4b7435578738/_data 
/test_directory local  true }]

# check if latest container still running
docker inspect --format '{{.State.Running}}' $(docker ps -lq)

# result of above command
false

Docker volume managment

  • docker volume create - create a volume
  • docker volume inspect - display detailed information on one or more volumes
  • docker volume ls - list volumes
  • docker volume prune - remove all unused local volumes
  • docker volume rm - remove one or more volumes
Example of docker volume inspect, ls, rm:

# create a new container with a name `test_volume1` with
# - v /test_directory (test_directory created in container) 
docker run -it -v /test_directory --name test_volume1 ubuntu

# logged into container and list directory contents
root@29157acd5730:/# ls

# example result of above command
test_directory - should exists on list

# exit from container
root@29157acd5730:/# exit

# return low-level information on Docker objects
# filtered by mounted volumes
docker inspect -f '{{ .Mounts }}' test_volume1

# example result of above command, ID of volume
volume 619f2450dcae05a595328732403ad4bfd489395ac5e21a1339d1f084325b45d0

# display detailed information on volume of above ID
docker volume inspect 619f2450dcae05a595328732403ad4bfd489395ac5e21a1339d1f084325b45d0

# example result of above command
[{
   "CreatedAt": "2018-03-31T21:07:46Z",
   "Driver": "local",
   "Labels": null,
   "Mountpoint": 
   "/var/lib/docker/volumes/619...5d0/_data",
   "Name": "619...5d0",
   "Options": {},
   "Scope": "local"
}]

# list volumes
docker volume ls

# example result of above command, example volume ID should be on list
DRIVER 	VOLUME
local  	619f2450dcae05a595328732403ad4bfd489395ac5e21a1339d1f084325b45d0

# remove `test_volume1` container
docker rm test_volume1

# remove volume of `test_volume1` container
docker volume rm 619f2450dcae05a595328732403ad4bfd489395ac5e21a1339d1f084325b45d0

# list volumes, in result, above volume ID should not be on list
docker volume ls

Example of docker volume prune:

# create a new container with a name `test_volume2` with
# -v /test_directory (test_directory created in container) 
docker run -it -v /test_directory --name test_volume2 ubuntu

# logged into container, and exit
root@7f5ee1d3b3f5:/# exit
 
# return low-level information on Docker objects
# filtered by mounted volumes
docker inspect -f '{{ .Mounts }}' test_volume2

# example result of above command, ID of volume
volume 804bb1b8b588d56b624c8f61c848496f04986b4b6551830f7851879b5f4cb549
 
# list volumes
docker volume ls

# example result of above command, example volume ID should be on list
DRIVER 	VOLUME NAME
local  	804bb1b8b588d56b624c8f61c848496f04986b4b6551830f7851879b5f4cb549

# remove `test_volume2` container
docker rm test_volume2

# remove all unused local volumes
docker volume prune

# list volumes, in result, above volume ID should not be on list
docker volume ls

Example of docker volume create: 

# create a new volume with name `test_ubuntu_volume`
docker volume create test_ubuntu_volume

# list volumes
docker volume ls

# example result of above command, example volume ID should be on list
DRIVER 	VOLUME NAME
local  	test_ubuntu_volume
 
# create a new container with a name `test_volume_create` with
# -v test_ubuntu_volume:/volume_data where
# `test_ubuntu_volume` in mapped as `volume_data` in container
docker run -it -v test_ubuntu_volume:/volume_data --name test_volume_create ubuntu

# go to `volume_data` in `test_volume_create` container
root@76fd2af1023c:/# cd volume_data/

# create `file1.txt` file in `volume_data` directory
root@76fd2af1023c:/volume_data# echo "Test file1" > file1.txt

# exit from container
root@76fd2af1023c:/volume_data# exit

# remove container
docker rm test_volume_create

# create a new container with a name `test_keep_volume`
# and bind exists `test_ubuntu_volume`
docker run -it -v test_ubuntu_volume:/volume_data --name test_keep_volume ubuntu

# go to `volume_data` in `test_volume_create` container
root@60d335502983:/# cd volume_data/

# preview content of `file1.txt` created via previous container
root@60d335502983:/volume_data# cat file1.txt

# result of above command
Test file1

Example of bind docker volume: 

# create a local folder named `shared_folder`
mkdir shared_folder

# go to `shared_folder`
cd shared_folder

# touch file in `shared_folder`
echo "Test file1" > file1.txt

# exit from `shared_folder`
cd ..

# create a new container with a name `test_volume_shared` with
# -v $(pwd)/shared_folder:/volume_data where
# $(pwd) return working directory name
# `shared_folder` folder on host mapped as `volume_data` in container
docker run -it -v $(pwd)/shared_folder:/volume_data --name test_volume_shared ubuntu

# go to `volume_data` in `test_volume_shared` container
root@13074e2597ee:/# cd volume_data/

# preview content of `file1.txt` created on host machine
root@13074e2597ee:/volume_data# cat file1.txt

# result of above command
Test file1

# touch new file file in `volume_data`
root@13074e2597ee:/volume_data# echo "Test contaniner" > file2.txt

# exit from container
root@13074e2597ee:/volume_data# exit

# go to `shared_folder`
cd shared_folder

# preview content of `file2.txt` created in container
cat file2.txt

# result of above command
Test contaniner

Example of docker volumes-from:

# run a new container with a name `test_volume_source` where
# a new volume `/shared_volume`
docker run -it -v /shared_volume --name test_volume_source ubuntu

# go to `shared_volume` in `test_volume_source` container
root@40d8412524de:/# cd shared_volume/

# create a file
root@40d8412524de:/shared_volume# echo "Test file" > file1.txt

# exit from container
root@40d8412524de:/shared_volume# exit

# run a new container with a name `test_volume_from ` where
# a volume comes from `/test_volume_source`
docker run -it --volumes-from test_volume_source --name test_volume_from ubuntu /bin/bash

# go to `shared_volume`
root@ff2703b7db42:/# cd shared_volume/

# preview a file
root@ff2703b7db42:/shared_volume# cat file1.txt

# result of above command
Test file

Docker tips

  • docker ps -a | less -S - better output of running containers that table rows are not wrapped
  • docker run -d --restart always -p 80 --name test_nginx_restart nginx - restarting the container on every Docker restart
  • docker run --rm ubuntu date - remove container on exit
  • docker rm $(docker ps -aq) - remove all stopped containers
  • docker stop $(docker ps -q --filter ancestor=nginx) - stop all containers based on nginx image
  • docker rmi -f $(docker images | grep "<none>" | awk "{print \$3}") - remove all <none> images
  • docker ps -aq - list all containers (only IDs)
  • docker stop $(docker ps -aq) - stop all running containers
  • docker rm $(docker ps -aq) - remove all containers
  • docker rmi $(docker images -q) - remove all images
  • docker system df - Docker disk usage
  • docker system prune - Docker cleanup (containers, networks, cache)
  • docker ps --size - amount of data used for the writable layer of each container

Recommended tools

  • Portainer.io - portainer is an open-source lightweight management ui which allows you to easily manage your docker hosts or swarm clusters
  • Docker Compose - compose is a tool for defining and running multi-container Docker applications

About

🐳 Aggregation of my personal notes collected during daily work with the Docker

Topics

docker docker-compose cheatsheet docker-images docker-containers learning-docker

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •