Docker

CheatSheet

Docker Architecture

Docker Client. .
DOCKER_HOST Registry (HUB).
Public / Private storage for
images e.g. Docker Hub
docker pull
Docker Daemon (dockerd)
docker build build
Dockerfile

docker run
Application Image
e.g. my_web_app
docker push

Application Container Application Image

e.g. my_web_app
e.g. my_web_app

Command Remote API Containers Images Images

Line
Images are used to run containers

docker pull - Pulls an image from a registry to the Docker Host. docker run - Creates and starts a container from an image.
docker build - Builds an image from a Dockerfile. docker push - Pushes an image from the Docker Host to a registry.

Docker uses a client-server architecture, consisting of several main components that work
together to build, run, and manage containers. Here’s a breakdown of each part:

Docker Client Docker Host

The Docker Client is the primary way users This is the machine (local or cloud-based) where
interact with Docker. It sends commands to the Docker Daemon runs, managing containers and images.
Docker Daemon using CLI commands like docker Images: The Docker Daemon uses images to create
run, docker build, docker pull, and docker push. containers. These images are built from Dockerfiles
The client communicates with the daemon and can be pulled from the Docker Registry.
through a REST API or command-line interface Containers: Containers are instances of images that
(CLI). run applications. Containers are lightweight and
isolated from each other but share the same OS kernel.
Docker Daemon (dockerd)
The Docker Daemon runs on the Docker Host and Docker Registry (Hub)
manages all container-related tasks. A Docker Registry is a repository where Docker images
It listens to API requests and handles actions like are stored and managed. Docker Hub is the default
building, running, and distributing Docker public registry, but private registries can also be set
containers. up.
The daemon also manages Docker images and The registry allows users to push images to share with
container lifecycle operations, ensuring efficient others or pull images for local use.
resource usage on the host machine. Images are versioned and stored in the registry,
serving as blueprints for creating containers on any
Docker Host.

By: Spoorti Shetty

 Installation and Setup Container Lifecycle
Install Docker: Management
Linux: Follow distribution-specific instructions.
Windows/Mac: Use Docker Desktop.
Starting, Stopping, and Managing Containers
Post-Installation:
docker --version – Check installation. docker run -d -p <host-port>:<container-
docker info – Display Docker system information. port> <image>
# Start a container in detached mode
Configuration: with port mapping (e.g. 80:80)
sudo usermod -aG docker $USER - Add user to
the Docker group. docker stop <container-id>
# Gracefully stop a running container

Working with Images docker start <container-id>

# Start a stopped container

Build, List, and Remove Images docker restart <container-id>

# Restart a running or stopped container
docker build -t <image-name> .
# Build an image from Dockerfile docker kill <container-id>
# Forcefully stop (kill) a running container
docker images
# List local images docker rm <container-id>
# Remove a stopped container
docker rmi <image-id>
# Remove an image by ID
docker rm -f <container-id>
docker image prune -a # Force remove a running container
# Remove unused images
docker ps
Pulling and Pushing Images # List running containers

docker pull <image-name> docker ps -a

# Pull an image from a registry # List all containers (including stopped)

docker push <image-name> docker rename <container-id> <new-name>

# Push an image to a registry # Rename a container

Common Run Options

Container Interaction docker run --name <name> -it <image>

and Inspection
# Assign a custom name and run in
interactive mode

docker exec -it <container-id> /bin/bash docker run -v <host-path>:<container-path>

# Start an interactive bash session in a running <image>
container # Mount a volume from the host

docker attach <container-id> docker run --env <env-var>=<value>

# Attach to a running container's main process <image>
# Set an environment variable
docker logs <container-id>
# View container logs docker run --network <network-name>
<image>
docker stats <container-id> # Connect the container to a specified
# Display resource usage statistics for one or network
more containers
docker run --rm <image>
docker inspect <container-id> # Automatically remove the container
# Display detailed configuration and state info when it stops
about a container

docker top <container-id>

# Display running processes inside the container By: Spoorti Shetty
Advanced Dockerfile Data Persistence with
Directives Volumes
Key Dockerfile Instructions Creating and Managing Volumes

FROM <image> # Set base image docker volume create my_volume

# Create volume
WORKDIR /app # Set working directory
docker run -v my_volume:/data <image>
COPY . . # Copy all files to container # Attach volume to container

RUN <command> # Run commands in container docker volume inspect my_volume

# View volume details
EXPOSE <port> # Expose container port.
docker volume rm my_volume
ENTRYPOINT ["executable", "param"] #Set container’s main # Remove volume
executable.
Data Sharing
CMD ["executable", "param"] # Start container process
docker run -v shared_volume:/shared --name
HEALTHCHECK --interval=30s --timeout=10s CMD curl -f app1 busybox
http://localhost:<port> || exit 1 # Define container health check
docker run -v shared_volume:/shared --name
app2 busybox
Multi-Stage Build Example
# Both app1 and app2 can access /shared,
# Stage 1 - Build enabling data sharing.
FROM node:14 AS builder
WORKDIR /app
COPY . .
RUN npm install && npm run build
docker-compose.yml
# Stage 2 - Runtime
FROM node:14-slim
WORKDIR /app
Sample
COPY --from=builder /app/dist /app/dist
version: '3.8'
CMD ["node", "dist/app.js"]
services:
web:
image: nginx
Optimization Best Practices
ports:
- "8080:80"
Layering: Combine commands to reduce layers. Place
volumes:
stable commands at the top (e.g., apt-get update).
- web-data:/usr/share/nginx/html
.dockerignore: Exclude unnecessary files to reduce image
networks:
size.
- app-network
Use ARG for build-time variables; ENV for runtime
db:
configuration.
image: mysql
environment:

Docker Compose Basic MYSQL_ROOT_PASSWORD: rootpass

volumes:
web-data:
Commands networks:
app-network:
docker-compose up -d # Health Checks can also be included in docker
# Start services compose:
docker-compose down services:
# Stop and remove all services web:
image: nginx
docker-compose logs <service> healthcheck:
# View service logs test: ["CMD", "curl", "-f", "http://localhost"]
interval: 30s
docker-compose up -d --scale <service>=3 timeout: 10s
#Scale services retries: 3
docker-compose ps
# List running services By: Spoorti Shetty
 Docker Networking Orchestration with
Network Types
Docker Swarm
Bridge: Default; internal communication between docker swarm init
containers on the same host. # Initialize a swarm
docker network create -d bridge my_bridge_network
docker node ls
Host: Shares the host’s network directly (no isolation). # List nodes in the swarm
docker run --network host nginx
docker service create --name <service> --replicas 3
Overlay: Connects containers across Docker hosts in
Swarm mode. <image>
docker network create -d overlay my_overlay_network # Create replicated service
docker service create --name web --network
my_overlay_network nginx docker service ls
# List services
Macvlan: Assigns unique MAC addresses to containers,
appearing as individual devices. docker service scale <service>=5
docker network create -d macvlan \ # Scale service to 5 instances
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \ docker service update --image <new-image> <service>
-o parent=eth0 my_macvlan_network # Update service image
docker run --network my_macvlan_network --ip
192.168.1.100 nginx

Ipvlan: Like Macvlan but operates with a single MAC

address for a network segment.
CI/CD Integration with
docker network create -d ipvlan \
--subnet=192.168.2.0/24 \
--gateway=192.168.2.1 \
Docker
-o parent=eth0 my_ipvlan_network
docker run --network my_ipvlan_network --ip Push Image to Docker Hub:
192.168.2.100 nginx
docker login
None: Completely isolated network mode with no docker tag <image> <username>/<repository>:<tag>
connectivity. docker push <username>/<repository>:<tag>
docker run --network none nginx
Docker in Continuous Integration Pipelines
Common Network Commands
Automated Builds: Build Docker images for each code
docker network ls commit to ensure compatibility.
#List networks Testing in Containers: Run tests within containers for
consistent environments.
docker network create my_network
Simulate Production: Use Docker Compose to mirror
#Create a network
production environments.
docker network connect my_network <container> Push Tested Images: Send images to a registry to
#Connect container to network simplify downstream deployments.

docker network inspect <network-name> Docker in Continuous Deployment Pipelines

# Inspect network
Automated Deployment: Use orchestration tools (e.g.,
Swarm, Kubernetes) for production rollouts.
Security Essentials Versioning and Rollback: Use tags to version images
and enable rollbacks.

docker scan <image-name> CI/CD Commands Example:

# Scan an image for vulnerabilities.
docker build -t myapp:$GIT_COMMIT .
docker run --user $(id -u):$(id -g) <image> # Build and tag image for each commit
#Run containers as a non-root user.
docker push myapp:$GIT_COMMIT
docker run --memory="256m" --cpus="1" <image> # Push image to Docker Hub
#Limit resource usage
docker pull myapp:$GIT_COMMIT
Tips for Security # Pull image from registry for deployment
Use minimal images (e.g., Alpine).
Limit container privileges (--cap-drop). docker-compose -f docker-compose.prod.yml up -d
Regularly update images and avoid outdated versions. # Deploy using Docker Compose
Environment Variables: Store sensitive information
with docker secret in Swarm mode. By: Spoorti Shetty
 Docker System Additional Commands
Maintenance & Clean- docker commit <container> <new_image>

Up Commands #Create a new image from a container’s changes.

docker cp <container>:<path> <local_path>

#Copy files from a container to the host system.
docker system df
#Check disk usage of Docker resources docker diff <container>
#Show changes made to a container’s filesystem.
docker events
#Monitor real-time events docker export <container> > <file>.tar
#Export a container’s filesystem as a tar archive.
docker system prune
#Remove unused containers, networks, images, docker import <file>.tar
and build cache #Import a tar archive as a new image.

docker system prune -a docker tag <image> <tag>

#Force remove all stopped containers, networks, #Add a tag to an existing image.
and unused images
docker save -o <file> <image>
docker volume prune #Save an image to a tar archive.
#Remove unused volumes
docker load -i <file>
docker image prune #Load an image from a tar archive.
#Remove dangling images
docker network disconnect <network> <container>
docker network prune #Disconnect a container from a network.
#Remove unused networks
docker logout
docker image prune --filter "until=24h" #Log out from a Docker registry.
#Remove unused images based on filters
docker-compose exec <service> <command>
docker builder prune #Run a command in a running service container.
#Clear Docker build cache

By: Spoorti Shetty