## Documentation entry points - [Docker docs](https://docs.docker.com) ## Terminology - **Docker image:** Snapshot of a file system, including some kind of starting command and other things. In other words, it is the blueprint of a Docker container - **Dockerfile:** Instructions for building a Docker image - **Docker container:** A [runnable instance](https://docs.docker.com/get-started/#what-is-a-container) of a Docker image - **Docker registry:** A place to store (and find) Docker images. [Docker Hub](https://hub.docker.com) is an example for a public Docker registry - **Docker repository:** A place in the Docker registry that holds all versions of one image (could be also used differently, but that is what I commonly saw) - **Docker daemon:** The background service running on the host that manages building, running and distributing Docker containers. The daemon is the process that runs on the operating system to which clients talk to - **Docker client:** The command line tool that allows the user to interact with the daemon - **Multi-stage builds:** A way to specify a Docker image in multiple stages inside the Dockerfile. This enables for example to clean up the image after having built the necessary things, thus keeping the image small in size and unnecessary dependencies out - **Tag:** A way to assign a version to an image. The tag is part of the image name: `<hub-user>/<repo-name>:<tag>` ## Docker cheat sheet ### Everyday commands ```sh docker pull <image> # Download an image from registry docker images # List all locally available Docker images docker run -it --rm <image-id> /bin/bash # Start container and start Bash # -it makes it interactive # --rm removes the container after stopping # /bin/bash may not be available docker exec -it <container-id> /bin/bash # Start Bash in running container docker ps # List all running containers docker stop <container-id> # Stop specified container docker container prune # Delete all stopped containers docker stop $(docker ps -aq) # Stop all containers docker rmi <image-id> # Delete specified image ``` ### Other commands Map container-internal port `80` to port `8080` on the outside. For example, if you have a web app running inside the container, it is available on `localhost:80` inside the container, and on `localhost:8080` outside the container: ```sh docker run -p 8080:80 <image> ``` Delete all dangling (untagged or not belonging to a container) resources (images, containers, volumes, networks): ```sh docker system prune docker system prune -a # <- deletes all unused resources, not only dangling ``` ### More cheat sheet goodness - [Docker Commands - The Ultimate Cheat Sheet](https://hackernoon.com/docker-commands-the-ultimate-cheat-sheet-994ac78e2888) - [Nine Docker pro tips for Node.js developers](https://snyk.io/de/blog/nine-docker-pro-tips-node-js-developers/) in the Snyk blog ## Pitfalls ### `COPY`ing symlinks Copying symlinks into an image does not create the symlink as is. It replaces the symlink by the symlink target. If the symlink target is outside the Docker context, Docker creates a symlink file, but it does not work. ### Be aware when mounting files When trying to mount a file into a container and that file does not exist, [then Docker creates a **folder** with the file‘s name on the host‘s file system](https://stackoverflow.com/questions/34134343/single-file-volume-mounted-as-directory-in-docker/44950494#44950494). ### „Docker in Docker“ and mounting volumes "Docker in Docker" (via `-v /var/run/docker.sock:/var/run/docker.sock`) is some kind of illusion: The containers are rather sitting next to each other than nested into each other. > „When you mount the docker socket, it‘s not really docker in docker, but just a client making requests to the daemon on the host over the API, and that daemon doesn‘t know where the requests come from“ -- (forgot where I found the quote, probably Stack Overflow) ### Mounting directory vs. implicitly mounting a volume Consider the `--volume` flag of `docker run`: `-v <source>:<target>` If source is a path, then Docker mounts the respective directory from the host's file system into the container (also called [bind mount](https://docs.docker.com/storage/bind-mounts/)). If source is just a name, Docker implicitly creates a volume and mounts that into the container. See also [Understanding Docker Volumes](https://earthly.dev/blog/docker-volumes/). ## Other resources - [Choosing the best Node.js Docker image](https://snyk.io/blog/choosing-the-best-node-js-docker-image/) - [Introduction to Docker Compose](https://www.baeldung.com/ops/docker-compose) - [Docker `RUN` vs `CMD` vs `ENTRYPOINT`](https://codewithyury.com/docker-run-vs-cmd-vs-entrypoint/) - [Kubernetes Lessons: The Importance of a Graceful Shutdown](https://medium.com/@kunalpatel1793/kubernetes-lessons-the-importance-of-a-graceful-shutdown-38834a4fa3db)