Scribd
Upload
3 views10 pages

It Topic Docker

Docker is a platform for developing, shipping, and running applications in lightweight containers that share the host OS kernel, making them efficient in resource usage. Key concepts include images, containers, Dockerfiles, registries, volumes, and networking modes. Docker also supports multi-container applications through Docker Compose and offers orchestration options like Kubernetes, AWS ECS, and Docker Swarm.

Uploaded by

Huy Nguyễn
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views10 pages

It Topic Docker

Docker is a platform for developing, shipping, and running applications in lightweight containers that share the host OS kernel, making them efficient in resource usage. Key concepts include images, containers, Dockerfiles, registries, volumes, and networking modes. Docker also supports multi-container applications through Docker Compose and offers orchestration options like Kubernetes, AWS ECS, and Docker Swarm.

Uploaded by

Huy Nguyễn
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Docker Overview

Docker is a platform for developing, shipping, and running applications in containers.


Containers are lightweight, standalone, executable packages that include everything
needed to run software: code, runtime, system tools, libraries, and settings.

Unlike virtual machines, containers share the host OS kernel, making them much
more efficient in terms of resource usage and startup time.

Docker was first released in 2013 and has since become the industry standard
for containerization technology.
Key Concepts
Image: A read-only template used to create containers. Images are built in layers,
each layer representing a set of filesystem changes.

Container: A running instance of an image. Containers are isolated from each other
and from the host system, but can communicate through defined channels.

Dockerfile: A text file with instructions to build an image step by step.


Each instruction creates a new layer in the image.

Registry: A repository for storing and distributing images.


Docker Hub is the default public registry.
Private registries can be hosted on AWS ECR, GCR, or self-hosted.

Volume: Persistent storage mechanism for containers.


Data in volumes survives container restarts and removals.

Network: Docker provides several networking modes:


- bridge: Default network for container communication
- host: Container shares host network stack
- overlay: Multi-host networking for Swarm/Kubernetes
Dockerfile Best Practices
FROM python:3.11-slim # Use specific, minimal base images
WORKDIR /app # Set working directory
COPY [Link] . # Copy dependency file first
RUN pip install -r [Link] # Install dependencies (cached layer)
COPY . . # Copy application code
EXPOSE 8080 # Document the port
CMD ["python", "[Link]"] # Define startup command

Tips:
- Order instructions from least to most frequently changing
- Use multi-stage builds to reduce final image size
- Avoid running as root (use USER instruction)
- Use .dockerignore to exclude unnecessary files
- Pin dependency versions for reproducible builds
- Minimize the number of layers by combining RUN commands
Essential Commands
Building Images:
docker build -t myapp:1.0 . # Build with tag
docker build --no-cache -t myapp . # Build without cache
docker images # List local images
docker rmi myapp:1.0 # Remove image

Running Containers:
docker run -d -p 8080:80 myapp # Run detached, map port
docker run -it ubuntu bash # Run interactive shell
docker run -v /host:/container myapp # Mount volume
docker run --env-file .env myapp # Pass environment variables
docker run --name web --restart=always myapp # Auto-restart

Managing Containers:
docker ps # List running containers
docker ps -a # List all containers
docker stop <container_id> # Stop gracefully
docker kill <container_id> # Force stop
docker rm <container_id> # Remove container
docker logs -f <container_id> # Follow logs
docker exec -it <container_id> bash # Shell into container

Cleanup:
docker system prune -a # Remove all unused resources
docker volume prune # Remove unused volumes
Docker Compose
Docker Compose defines and runs multi-container applications with YAML.

Example [Link]:
version: '3.8'
services:
web:
build: .
ports:
- '8080:80'
depends_on:
- db
environment:
- DATABASE_URL=postgres://db:5432/app
db:
image: postgres:15
volumes:
- pgdata:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=secret
volumes:
pgdata:

Commands:
docker-compose up -d # Start all services
docker-compose down # Stop and remove
docker-compose logs -f web # Follow specific service logs
docker-compose exec web bash # Shell into service
docker-compose build # Rebuild images
docker-compose ps # List service status
Container Orchestration
For production environments, container orchestration is essential.

Kubernetes (K8s):
- Industry standard for container orchestration
- Manages deployment, scaling, and operations
- Key objects: Pod, Service, Deployment, ConfigMap, Secret
- Managed services: EKS (AWS), GKE (Google), AKS (Azure)

AWS ECS (Elastic Container Service):


- AWS-native container orchestration
- Simpler than Kubernetes for AWS-only environments
- Launch types: EC2 (self-managed) or Fargate (serverless)
- Integrates natively with ALB, CloudWatch, IAM

Docker Swarm:
- Docker's built-in orchestration tool
- Simpler to set up than Kubernetes
- Good for smaller deployments
- Limited ecosystem compared to Kubernetes
Security Best Practices
- Use official base images from trusted sources
- Scan images for vulnerabilities (Trivy, Snyk, Docker Scout)
- Never store secrets in images or Dockerfiles
- Run containers as non-root user
- Use read-only filesystem where possible
- Limit container resources (CPU, memory)
- Keep images updated with security patches
- Use Docker Content Trust for image signing
- Implement network policies to restrict container communication
- Regularly audit and remove unused images and containers
Docker Container Basics - Additional Notes

Docker is a platform for developing, shipping, and running applications in containers.


Containers are lightweight, standalone, executable packages that include everything
needed to run software: code, runtime, system tools, libraries, and settings.

Unlike virtual machines, containers share the host OS kernel, making them much
more efficient in terms of resource usage and startup time.

Docker was first released in 2013 and has since become the industry standard
for containerization technology.
Docker Container Basics - Additional Notes

Docker is a platform for developing, shipping, and running applications in containers.


Containers are lightweight, standalone, executable packages that include everything
needed to run software: code, runtime, system tools, libraries, and settings.

Unlike virtual machines, containers share the host OS kernel, making them much
more efficient in terms of resource usage and startup time.

Docker was first released in 2013 and has since become the industry standard
for containerization technology.
Docker Container Basics - Additional Notes

Docker is a platform for developing, shipping, and running applications in containers.


Containers are lightweight, standalone, executable packages that include everything
needed to run software: code, runtime, system tools, libraries, and settings.

Unlike virtual machines, containers share the host OS kernel, making them much
more efficient in terms of resource usage and startup time.

Docker was first released in 2013 and has since become the industry standard
for containerization technology.

You might also like