docker-cheat-sheet icon indicating copy to clipboard operation
docker-cheat-sheet copied to clipboard

Published 20 hours ago verified publisher icon daten-und-bass

Metadata

Important Docker Commands Ordered by Compute (Services), Network, Storage then by Docker CLI, Dockerfile, Compose, and Swarm

                                  ##         .
                            ## ## ##        ==
                         ## ## ## ## ##    ===
                     /"""""""""""""""""\___/ ===
                ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
                     \______ o           __/
                       \    \         __/
                        \____\_______/

Docker Cheat Sheet

Important Docker Commands Ordered by

  • Compute (Services),
  • Network,
  • Storage

and then by

  • Docker CLI,
  • Dockerfile,
  • Compose, and
  • Swarm

An explaining blog post can be foud here:
https://daten-und-bass.io/blog/new-docker-cheat-sheet-complete-rewrite-for-docker-version-1-13/

An updating blog post can be foud here:
https://daten-und-bass.io/blog/docker-cheat-sheet-update/

COMPUTE (Services)

Docker CLI

  • create & run: docker run -itd -p 3000:3000 -v /source/path/on/host:/destination/path/in/container --name <ctr_name> <img_name>

    • Description: Interactive container not attached to the current shell with port to host mapping and a host bind volume
    • Optional:
      • Check results: docker inspect <ctr_name>

  • "ssh"/bash into: docker exec -it <ctr_name> /bin/bash

    • Description: Connect to a running container with a new shell

    • Alternative: docker attach <ctr_name>( more on Stackoverflow )

      Attach isn't for running an extra thing in a container, it's for attaching to the running process.

  • start | stop: docker start|restart|stop <ctr_name>

  • rename: docker rename <ctr_name> <new_name>

  • list: docker ps [-a]

  • list formatted: docker ps -a --format "table {{.ID}}\t{{.Names}}\t{{.Status}}\t{{.Ports}}"

  • get runnings processes: docker top <ctr_name>

  • get logs: docker logs <ctr_name>

  • delete: docker rm [-vf] <ctr_name>

  • get long id: docker ps -a --no-trunc

Docker Dockerfile

FROM <img_name>:<tag_name>  

ARG <port_env_var>
ENV NODE_ENV ${<nodejs_env>}  

RUN <some_bash_cmd> \
    && <another_bash_cmd>

COPY <file_name> /destination/path/in/container
VOLUME /source/path/on/host:/destination/path/in/container  

EXPOSE ${<port_env_var>}    # only exposed by container, but not yet mapped to the docker host  

USER <user_name>            # set permisions accordingly (before) ... if not specified: root
WORKDIR <dir_name>
CMD <main_bash_cmd>         # or ENTRYPOINT command (not overwritable) for external scripts

  • build:
    cd .
    docker build -t <image_name> .

  • list all images: docker images [-a]

  • delete: docker rmi <img_name>

  • delete dangling images in docker ps (listed as "none"): docker rmi $(docker images --quiet --filter "dangling=true")

    • Alternative: docker images -qf dangling=true | xargs docker rmi // untested yet, but always without error even if no dangling images exist

  • use Environment Variables: see on Stackoverflow

Docker Compose

version: "3"

services: 
  <srv_name>:
    build:
      context: ./path/to/dir
      args:
        - <port>
    image: <reg_tag>/<img_name>:<img_tag>
    networks:
      - <net_name>
    ports:
       - "${<port_env_var>}:${<port_env_var>}"                  # port to host mapping
    environment:
      - NODE_ENV=<nodejs_env>
      - PORT_ENV_VAR="${<port_env_var>}"
    volumes:
      - /source/path/on/host:/destination/path/in/container     # host bind
    security_opt:
      - no-new-privileges

networks:
  <net_name>:           # custom network created before
    external: true

volumes:
  <vol_name>:           # named volume created before
    external: true

  • test config: docker-compose config

  • build: docker-compose build

  • push to registry: docker-compose push # as specified above by <reg_tag>

  • create & start in one: docker-compose up

  • start | stop: docker-compose start|restart|stop <project_name>

  • kill | delete: docker-compose kill|rm <project_name>

  • set multiple compose files manually as ENVIRONMENT VARIABLE: export COMPOSE_FILE="/path/to/docker-stack.yml:/path/to/docker-stack.dev.yml" ( more here )

Docker Swarm

  • deploy stack: docker stack deploy --compose-file=docker-compose.yml <stack_name> # e.g. ${COMPOSE_PROJECT_NAME}

    • before do: docker-compose build and docker-compose push

  • use multiple compose or stack files for deploy:

    • optional (if stored as variable): echo "${ces_docker_stack_files}" # /path/to/docker-stack.yml -c /path/to/docker-stack.dev.yml
    • docker stack deploy -c $(echo "${ces_docker_stack_files}") ${COMPOSE_PROJECT_NAME} --with-registry-auth
version: "3"

services: 
  <srv_name>:
    <...>:  

    deploy:
      mode: replicated         # or 'global' for one on each docker swarm host
      replicas: <amount>          
      restart_policy:
        condition: <condition>
        max_attempts: <amount>
        delay: <amount>s
      resources:
        limits:                # hard limit
          cpus: '<cpu_share>'
          memory: <amount>M
        reservations:          # soft limit
          cpus: '<cpu_share>'
          memory: <amount>M  
  
networks:
  <...>:  

volumes:
  <...>:

  • list all stacks: docker stack ls

  • list tasks of stack: docker stack ps <stack_name>

  • list tasks of stack: docker stack ps "${COMPOSE_PROJECT_NAME}"

  • list services of stack: docker stack services <stack_name>

  • show logs of a stack service: docker service logs <service_name>

  • delete: docker stack rm <stack_name>

NETWORK

Docker CLI

  • list networks: docker network ls

  • get info for default container network "bridge": docker network inspect bridge

  • get docker host ip: docker-machine ip <host_name>

  • create custom bridge network: docker network create --driver bridge <network_name>

    • Optional:
      • specify a subnet (to avoid overlap with other networks!): <...> --subnet=192.168.0.0/16 <...>
      • specify which ip's to take: <...> --ip-range=192.168.1.0/24 <...>
      • specify as internal: --internal
    • connect container to it:
      • in run command (only one network allowed): docker run <...> --net=<network_name> <...>
      • connect existing container: docker network connect <network_name> <container_name>
      • give container a static ip: <...> --ip=192.168.1.11 <...>

  • delete custom network: docker network rm <network_name>

  • get container ip:
    docker ps // get id
    docker network inspect <network_name> // check ip of this id

    • Alternative: docker inspect <container_name>

  • map exposed container port to docker host: docker run <...> -p 8529:8529 <...>

Docker Dockerfile

<...>

EXPOSE 3000 # only exposed by container, but not yet mapped to the docker host

<...>

Docker Compose

version: "3"

services: 
  <...>:


networks:
  <net_name>:       # custom network created before
    external: true

volumes:
  <...>:

Docker Swarm

  • specify ip or eth settings for swarm cluster:

    • Advertised address to swarm members for API access and overlay networking: docker swarm init --advertise-addr <addr> <...>
    • Listening address for inbound swarm manager traffic: docker swarm init --listen-addr <addr> <...>

  • create custom overlay network (encrypted): docker network create --opt encrypted --driver overlay <network_name>

  • create overlay network: docker network create --driver overlay --subnet=<ip_range> --gateway=<ip_address> <net_name>

    • Optional: --attachable for allowing unmanaged (non-swarm) containers and --opt encrypted for encryption

STORAGE

Docker CLI

  • list volumes: docker volume ls

  • details volumes: docker volume inspect

  • create (named) volume (available only on this docker host): docker volume create --name <volume_name>

  • Edit (on docker host) a containter file (e.g. .conf) of a stopped | not starting containter:

    • http://stackoverflow.com/questions/32750748/how-to-edit-files-in-stopped-not-starting-docker-container
      docker-machine ssh <host_name>
      sudo -i
      cd /mnt/sda1/var/lib/docker/aufs/diff/<longContainerId>/path/to/file
      vi <file_name>

  • copy from docker host into container: docker cp /source/path/on/host <container_name>:/destination/path/in/container

  • delete (named) volume: docker volume rm <volume_name>

  • map volumes (from host to container: docker run <...> -v /source/path/on/host:/destination/path/in/container <...>

  • volume deletion (via -v in docker run, not for named volumes) needs to be excplit on container deletion via -v: docker rm -v <container_name>

  • delete all exited containers including their volumes: docker rm -v $(docker ps -a -q -f status=exited)

  • delete the unwanted / left overs:

    • README first: https://dzone.com/articles/docker-clean-after-yourself docker run -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker --rm martin/docker-cleanup-volumes

Docker Dockerfile

<...>

VOLUME /source/path/on/host:/destination/path/in/container

<...>

Docker Compose

version: "3"

services: 
  <...>:

networks:
  <...>:

volumes:
  <vol_name>:       # named volume created before
    external: true

Docker Swarm

Keep in mind that regular volumes (see above) are always local to that host only (so a container needing that volume can only correctly start on thist host).

  • create cluster aware storage resources, e.g. via NFS (with volumes available on multiple hosts):
    https://docs.docker.com/storage/volumes/#create-a-service-which-creates-an-nfs-volume https://docs.docker.com/engine/reference/commandline/volume_create/#driver-specific-options

  • create cluster aware storage resources, e.g, via GlusterFS (with also data resources themselves replicated among multiple hosts):
    https://gist.github.com/scyto/f4624361c4e8c3be2aad9b3f0073c7f9

Other

Security

  • create secret: docker secret create <sec_name> /path/to/<sec_file>
  • remove secret: docker secret rm <sec_name>
  • more here and here ... and same for configs

Docker Machine

  • start | stop: docker-machine start|stop <host_name>
  • ssh into: docker-machine ssh <host_name>
  • send one ssh command: docker-machine ssh <host_name> '<command> <params> <...>
  • adjust time drift: docker-machine ssh <host_name> 'sudo ntpclient -s -h pool.ntp.org
    • only neccessary in a docker toolbox vm on virtualbox

Docker Daemon Access

  • connect to remote docker daemon from a local shell: export DOCKER_HOST="ssh://<user>@<ip>"

Registry

  • login to registry: echo "${token}"| docker login registry.example.com --username "${user}" --password-stdin
  • logout from registry: docker logout registry.example.com

Ingress

Docker Events

  • listen to events: docker events
  • get help: docker-machine <command_name> --help
  • get env vars: docker-machine env <host_name>

OTHER

  • get help: docker <command_name> --help

Further information

Reference documentation: https://docs.docker.com/reference/

Metadata

20
Stars
3
Forks
Watchers

Owner

verified publisher icon daten-und-bass

Metadata

Important Docker Commands Ordered by Compute (Services), Network, Storage then by Docker CLI, Dockerfile, Compose, and Swarm

Back