Container¶
Info
All changes that are made to containers or networks are logged under the Docker System Events.
Create container¶
When we create a new container, Docker will create a new directory /var/lib/docker/containers/<id>.json and all the container logs will be stored under that file by default.
After the container is created, you have to start the container.
List container details¶
docker container ls # same as docker ps
docker container ls -a # list all containers, including exited containers
docker container ls -q # only display container id
Start container¶
You can get container id from docker container ls.
Run a container¶
run container = create container + start container
Some options:
-it= interactive terminal (creates and enter the terminal session with the command you specify. This means you can execute commands inside the container while it is still running. Useful for debugging purposes.)-d= detach (Run container in background)--name= container name--rm= remove container after the process is done--hostname= setup container hostname--user- setup container username-p= port mapping--envor-eor--env-file= setup environment variables--health-cmdand--health-interval= check container state--privileged= Login as root user, the Privileged container has full access to all the host's devices and files-
--restart= Restart policyRestart Options Description no The container will never be restarted on-failure When the container fails, it will restart the container always The container will always be restarted unless-stopped It's very similar to "always" option, but the container will not restart when it was manually stopped and not even when the Docker Daemon restarts
docker container run <image>
docker container run ubuntu # same as docker run ubuntu
# creates and enter the terminal session
docker container run -it ubuntu
# bash is the command that runs inside the container, it will start a new Bash shell within the container
docker container run -it ubuntu bash
# Run in background with container name = myubuntu
docker container run -d --name=myubuntu ubuntu
# remove the container after the process is done
docker container run --rm ubuntu
# set hostname
docker container run --hostname=myubuntu ubuntu
# Security - setup a username instead of root
docker container run --user=1000 ubuntu
# Port mapping
docker container run -p <local_port>:<container_port> <image>
docker container run -p 80:5000 ubuntu
# the application is only available on the network 192.168.1.*
docker container run -p 192.168.1.10:8000:5000 ubuntu
# map the container port to a random port on the host (Ephemeral Port Range 32768 - 60999)
docker container run -p 5000 ubuntu
# Check Health intervals (liveness probe)
# Note: You need to append health-* in front of all parameters and cmd
docker run --health-cmd "curl -f http://localhost:8000" --health-interval=5s web-ubuntu
# Define environment variables
docker run --env <key>=<value> <image>
docker run --env PORT=8000 ubuntu
docker run -e PORT=8000 ubuntu
# Define environment variables using env file
docker run --env-file <filename> <image>
docker run --env-file .env ubuntu
# Privileged container
docker run --privileged ubuntu
# Restart policy
docker run --restart=no ubuntu
Expose container port (Capital P)¶
Normally it will auto-publish the ports of the container on the host, but what port?
- So with the Capital P option, it will expose all the ports configured in the Dockerfile (expose instruction) when the image is being built.
- Docker uses IPTables to map a port on a container to a port on the host and it uses Docker IPTables chains to modify or configure port mapping on a host.
docker run -P ubuntuWebApp
# Add additional ports that were not specific in the Dockerfile
docker run -P --expose=5000 ubuntuWebApp
Rename container¶
Use docker ps command to get the current container name.
Run a new command in a running container¶
docker exec <container-id> <command>
docker container exec <container-id> <command>
docker container exec -it <container-id> /bin/bash
Attach the terminal's I/O to a running container¶
When you attach the terminal's I/O to a running container, you enter the command, it will display the result to all the users who attach back the container. As an example, if you exit the container, all people will leave the container at the same time.
Inspect container¶
Display a live stream of containers resource usage statistics¶
It will list containers with CPU, memory, network, and disk consumption.
docker stats
docker container stats
docker container stats <container-id>
docker container stats <container-id> <container-id>
Display running processes of a container¶
Display the processes and their process IDs on the Docker host.
Container Logs¶
Pause and Unpause container¶
Restart container¶
Update container¶
docker container update --restart always <container-id>
docker container update --cpus=1.5 <container-id>
Stop, remove, and prune the container¶
Info
SIGTERM -> SIGKILL -> Terminate container process
When executing the docker stop command for Docker containers, Docker initiates the SIGTERM signal to the container initially. If the container does not stop within a grace period, Docker will then send the SIGKILL signal to forcibly terminate the process running within the container.