Working with Docker images

Docker images are used to create Docker containers.

Docker images are the build component of Docker.

Picture credit : Understand the architecture

We create Docker containers using [base] images. An image can be basic, with nothing but the operating-system fundamentals, or it can consist of a sophisticated pre-built application stack ready for launch.

When we build images with docker, each action taken (i.e. a command executed such as apt-get install) forms a new layer on top of the previous one. These base images then can be used to create new containers.

Docker registries hold images.

These are public or private stores from which we can upload or download images.

The public Docker registry is provided with the Docker Hub.

We use "docker run" command from client to tell the Docker daemon to run a container, for example:

$ docker run -it ubuntu:latest /bin/bash

Basically, it's a container "launch" command.

At docker, a Docker client is launched and at run subcommand, a new container will be launched.

The new container will be built from ubuntu base image with "latest" tag.

Here i: interactive, : terminal.

As described in the official document, here are the things happening under the hood:

1. Pulls the ubuntu image:

   Docker checks for the presence of the ubuntu image and, if it doesn't exist locally on the host, then Docker downloads it from Docker Hub.

   If the image already exists, then Docker uses it for the new container.

2. Creates a new container:

   Once Docker has the image, it uses it to create a container.

3. Allocates a filesystem and mounts a read-write layer:

   The container is created in the file system and a read-write layer is added to the image.

4. Allocates a network and sets up an IP address:

   Creates a network interface that allows the Docker container to talk to the local host.

5. Executes a process that we specify:

   Runs our application.

$ docker search ubuntu
NAME                              DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
ubuntu                            Ubuntu is a Debian-based Linux operating s...   4416      [OK]       
ubuntu-upstart                    Upstart is an event-based replacement for ...   65        [OK]  
...

docker pull pulls an image from registry to local machine.

$ docker pull ubuntu
latest: Pulling from ubuntu
20ee58809289: Pull complete 
f905badeb558: Pull complete 
119df6bf2a3a: Pull complete 
94d6eea646bc: Pull complete 
bb4eabee84bf: Pull complete 
Digest: sha256:85af8b61adffea165e84e47e0034923ec237754a208501fce5dbeecbb197062c
Status: Downloaded newer image for ubuntu:latest

Docker images can consist of multiple layers.

In the example above, the image consists of five layers (20ee58809289,...,bb4eabee84bf).

We can use a tag to specify what to download. For example, 'latest' for tag:

$ docker pull ubuntu:latest

To list the images on the host:

docker images
REPOSITORY                                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ubuntu                                     latest              bb4eabee84bf        2 weeks ago         124.8 MB
ubuntu                                     16.04               bb4eabee84bf        2 weeks ago         124.8 MB
centos                                     7                   2a332da70fd1        9 weeks ago         196.8 MB
ubuntu                                     trusty              9bc953763843        10 weeks ago        188 MB
debian                                     latest              cea663c8c811        10 weeks ago        125.1 MB
centos                                     latest              ce20c473cd8a        9 months ago        172.3 MB

Now we want to launch a container:

$ docker run -it ubuntu:latest /bin/bash

We're logged in as a root:

root@859d4a27d4c8:/# whoami
root

Check the OS:

root@859d4a27d4c8:/# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
...

Let's check what processes are currently running:

root@859d4a27d4c8:/# top
...
  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
    1 root      20   0   18232   2032   1556 S   0.0  0.1   0:00.09 bash                                                        
   14 root      20   0   36628   1704   1272 R   0.0  0.0   0:00.02 top 

As we can see there are only two processes, and they are isolated ones from the host processes.

"Ctrl + P + Q" will do the trick:

root@859d4a27d4c8:/#

k@laptop:~$

From the PID, we can check the "top" on the host is using different space from the "top" on the docker container:

k@laptop:~$ pa aux | grep top
root     14512  0.0  0.0  36628  1704 pts/17   S+   22:01   0:00 top

Now, we may want to get back to our container again via "attach". To do that, we need to know the "CONTAINER ID":

k@laptop:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS              NAMES
859d4a27d4c8        ubuntu:latest       "/bin/bash"         5 minutes ago      Up 5 minutes   cranky_swartz                          

Let's do attach:

k@laptop:~$ docker attach 859d4a27d4c8
root@859d4a27d4c8:/#

We can stop the container and get out of it via "Ctrl + D":

root@859d4a27d4c8:/# exit

k@laptop:~$

If we issue "docker ps" command again, we see the container is not running anymore:

k@laptop:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS              NAMES
k@laptop:~$ 

We can list all containers including old ones that stopped running using "docker ps -a":

k@laptop:~$ docker ps -a
CONTAINER ID        IMAGE                                             COMMAND             CREATED             STATUS                     PORTS               NAMES
859d4a27d4c8        ubuntu:latest                                     "/bin/bash"         31 minutes ago      Exited (0) 4 minutes ago                       cranky_swartz        
...

To run a container in background, we use "docker start" command:

k@laptop:~$ docker start cranky_swartz
cranky_swartz
k@laptop:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
859d4a27d4c8        ubuntu:latest       "/bin/bash"         36 minutes ago      Up 4 seconds                            cranky_swartz       

We can check what processes are running inside a container using "docker top":

k@laptop:~$ docker top cranky_swartz
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                15680               1559                0                   22:33               pts/17              00:00:00            /bin/bash

To stop a container running in background, we use "docker stop" command:

k@laptop:~$ docker stop cranky_swartz

What's in our system related to the Docker containers?

root@laptop:/# tree /var/lib/docker/containers
|-- 859d4a27d4c883db39e68590f1d1d2c340f8775a94fe721eba85111d3b79c1fe
│   |-- 859d4a27d4c883db39e68590f1d1d2c340f8775a94fe721eba85111d3b79c1fe-json.log
│   |-- config.json
│   |-- hostconfig.json
│   |-- hostname
│   |-- hosts
│   |-- resolv.conf
│   |-- resolv.conf.hash

Note that there are no binary images for the container which makes docker consumes much less space compare to the other virtual tools.

We can run a container in a "detach" mode, and later we can attach to it:

Note we need to use "-it" so that we can do something with the container after attaching. Also, we used "--name" to give our own name to the container.

k@laptop:~$ docker run -d -it --name=yaong ubuntu:16.04 /bin/bash
6bbba8e00d68a9b9c38bd7fdbd807dae01b9329d3b5ecd7ad2918305743bf5ea

Ok, it's started, and we can check it:

k@laptop:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
6bbba8e00d68        ubuntu:16.04        "/bin/bash"         About a minute ago   Up About a minute                       yaong              

To stop it:

k@laptop:~$ docker stop 6bbba8e00d68
6bbba8e00d68

k@laptop:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
k@laptop:~$ 

Docker & K8s

1. Docker install on Amazon Linux AMI
2. Docker install on EC2 Ubuntu 14.04
3. Docker container vs Virtual Machine
4. Docker install on Ubuntu 14.04
5. Docker Hello World Application
6. Nginx image - share/copy files, Dockerfile
7. Working with Docker images : brief introduction
8. Docker image and container via docker commands (search, pull, run, ps, restart, attach, and rm)
9. More on docker run command (docker run -it, docker run --rm, etc.)
10. Docker Networks - Bridge Driver Network
11. Docker Persistent Storage
12. File sharing between host and container (docker run -d -p -v)
13. Linking containers and volume for datastore
14. Dockerfile - Build Docker images automatically I - FROM, MAINTAINER, and build context
15. Dockerfile - Build Docker images automatically II - revisiting FROM, MAINTAINER, build context, and caching
16. Dockerfile - Build Docker images automatically III - RUN
17. Dockerfile - Build Docker images automatically IV - CMD
18. Dockerfile - Build Docker images automatically V - WORKDIR, ENV, ADD, and ENTRYPOINT
19. Docker - Apache Tomcat
20. Docker - NodeJS
21. Docker - NodeJS with hostname
22. Docker Compose - NodeJS with MongoDB
23. Docker - Prometheus and Grafana with Docker-compose
24. Docker - StatsD/Graphite/Grafana
25. Docker - Deploying a Java EE JBoss/WildFly Application on AWS Elastic Beanstalk Using Docker Containers
26. Docker : NodeJS with GCP Kubernetes Engine
27. Docker : Jenkins Multibranch Pipeline with Jenkinsfile and Github
28. Docker : Jenkins Master and Slave
29. Docker - ELK : ElasticSearch, Logstash, and Kibana
30. Docker - ELK 7.6 : Elasticsearch on Centos 7
31. Docker - ELK 7.6 : Filebeat on Centos 7
32. Docker - ELK 7.6 : Logstash on Centos 7
33. Docker - ELK 7.6 : Kibana on Centos 7
34. Docker - ELK 7.6 : Elastic Stack with Docker Compose
35. Docker - Deploy Elastic Cloud on Kubernetes (ECK) via Elasticsearch operator on minikube
36. Docker - Deploy Elastic Stack via Helm on minikube
37. Docker Compose - A gentle introduction with WordPress
38. Docker Compose - MySQL
39. MEAN Stack app on Docker containers : micro services
40. MEAN Stack app on Docker containers : micro services via docker-compose
41. Docker Compose - Hashicorp's Vault and Consul Part A (install vault, unsealing, static secrets, and policies)
42. Docker Compose - Hashicorp's Vault and Consul Part B (EaaS, dynamic secrets, leases, and revocation)
43. Docker Compose - Hashicorp's Vault and Consul Part C (Consul)
44. Docker Compose with two containers - Flask REST API service container and an Apache server container
45. Docker compose : Nginx reverse proxy with multiple containers
46. Docker & Kubernetes : Envoy - Getting started
47. Docker & Kubernetes : Envoy - Front Proxy
48. Docker & Kubernetes : Ambassador - Envoy API Gateway on Kubernetes
49. Docker Packer
50. Docker Cheat Sheet
51. Docker Q & A #1
52. Kubernetes Q & A - Part I
53. Kubernetes Q & A - Part II
54. Docker - Run a React app in a docker
55. Docker - Run a React app in a docker II (snapshot app with nginx)
56. Docker - NodeJS and MySQL app with React in a docker
57. Docker - Step by Step NodeJS and MySQL app with React - I
58. Installing LAMP via puppet on Docker
59. Docker install via Puppet
60. Nginx Docker install via Ansible
61. Apache Hadoop CDH 5.8 Install with QuickStarts Docker
62. Docker - Deploying Flask app to ECS
63. Docker Compose - Deploying WordPress to AWS
64. Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI EC2 type)
65. Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI Fargate type)
66. Docker - ECS Fargate
67. Docker - AWS ECS service discovery with Flask and Redis
68. Docker & Kubernetes : minikube
69. Docker & Kubernetes 2 : minikube Django with Postgres - persistent volume
70. Docker & Kubernetes 3 : minikube Django with Redis and Celery
71. Docker & Kubernetes 4 : Django with RDS via AWS Kops
72. Docker & Kubernetes : Kops on AWS
73. Docker & Kubernetes : Ingress controller on AWS with Kops
74. Docker & Kubernetes : HashiCorp's Vault and Consul on minikube
75. Docker & Kubernetes : HashiCorp's Vault and Consul - Auto-unseal using Transit Secrets Engine
76. Docker & Kubernetes : Persistent Volumes & Persistent Volumes Claims - hostPath and annotations
77. Docker & Kubernetes : Persistent Volumes - Dynamic volume provisioning
78. Docker & Kubernetes : DaemonSet
79. Docker & Kubernetes : Secrets
80. Docker & Kubernetes : kubectl command
81. Docker & Kubernetes : Assign a Kubernetes Pod to a particular node in a Kubernetes cluster
82. Docker & Kubernetes : Configure a Pod to Use a ConfigMap
83. AWS : EKS (Elastic Container Service for Kubernetes)
84. Docker & Kubernetes : Run a React app in a minikube
85. Docker & Kubernetes : Minikube install on AWS EC2
86. Docker & Kubernetes : Cassandra with a StatefulSet
87. Docker & Kubernetes : Terraform and AWS EKS
88. Docker & Kubernetes : Pods and Service definitions
89. Docker & Kubernetes : Service IP and the Service Type
90. Docker & Kubernetes : Kubernetes DNS with Pods and Services
91. Docker & Kubernetes : Headless service and discovering pods
92. Docker & Kubernetes : Scaling and Updating application
93. Docker & Kubernetes : Horizontal pod autoscaler on minikubes
94. Docker & Kubernetes : From a monolithic app to micro services on GCP Kubernetes
95. Docker & Kubernetes : Rolling updates
96. Docker & Kubernetes : Deployments to GKE (Rolling update, Canary and Blue-green deployments)
97. Docker & Kubernetes : Slack Chat Bot with NodeJS on GCP Kubernetes
98. Docker & Kubernetes : Continuous Delivery with Jenkins Multibranch Pipeline for Dev, Canary, and Production Environments on GCP Kubernetes
99. Docker & Kubernetes : NodePort vs LoadBalancer vs Ingress
100. Docker & Kubernetes : MongoDB / MongoExpress on Minikube
101. Docker & Kubernetes : Load Testing with Locust on GCP Kubernetes
102. Docker & Kubernetes : MongoDB with StatefulSets on GCP Kubernetes Engine
103. Docker & Kubernetes : Nginx Ingress Controller on Minikube
104. Docker & Kubernetes : Setting up Ingress with NGINX Controller on Minikube (Mac)
105. Docker & Kubernetes : Nginx Ingress Controller for Dashboard service on Minikube
106. Docker & Kubernetes : Nginx Ingress Controller on GCP Kubernetes
107. Docker & Kubernetes : Kubernetes Ingress with AWS ALB Ingress Controller in EKS
108. Docker & Kubernetes : Setting up a private cluster on GCP Kubernetes
109. Docker & Kubernetes : Kubernetes Namespaces (default, kube-public, kube-system) and switching namespaces (kubens)
110. Docker & Kubernetes : StatefulSets on minikube
111. Docker & Kubernetes : RBAC
112. Docker & Kubernetes Service Account, RBAC, and IAM
113. Docker & Kubernetes - Kubernetes Service Account, RBAC, IAM with EKS ALB, Part 1
114. Docker & Kubernetes : Helm Chart
115. Docker & Kubernetes : My first Helm deploy
116. Docker & Kubernetes : Readiness and Liveness Probes
117. Docker & Kubernetes : Helm chart repository with Github pages
118. Docker & Kubernetes : Deploying WordPress and MariaDB with Ingress to Minikube using Helm Chart
119. Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 2 Chart
120. Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 3 Chart
121. Docker & Kubernetes : Helm Chart for Node/Express and MySQL with Ingress
122. Docker & Kubernetes : Deploy Prometheus and Grafana using Helm and Prometheus Operator - Monitoring Kubernetes node resources out of the box
123. Docker & Kubernetes : Deploy Prometheus and Grafana using kube-prometheus-stack Helm Chart
124. Docker & Kubernetes : Istio (service mesh) sidecar proxy on GCP Kubernetes
125. Docker & Kubernetes : Istio on EKS
126. Docker & Kubernetes : Istio on Minikube with AWS EC2 for Bookinfo Application
127. Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part I)
128. Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part II - Prometheus, Grafana, pin a service, split traffic, and inject faults)
129. Docker & Kubernetes : Helm Package Manager with MySQL on GCP Kubernetes Engine
130. Docker & Kubernetes : Deploying Memcached on Kubernetes Engine
131. Docker & Kubernetes : EKS Control Plane (API server) Metrics with Prometheus
132. Docker & Kubernetes : Spinnaker on EKS with Halyard
133. Docker & Kubernetes : Continuous Delivery Pipelines with Spinnaker and Kubernetes Engine
134. Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-dind (docker-in-docker)
135. Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-kind (k8s-in-docker)
136. Docker & Kubernetes : nodeSelector, nodeAffinity, taints/tolerations, pod affinity and anti-affinity - Assigning Pods to Nodes
137. Docker & Kubernetes : Jenkins-X on EKS
138. Docker & Kubernetes : ArgoCD App of Apps with Heml on Kubernetes
139. Docker & Kubernetes : ArgoCD on Kubernetes cluster
140. Docker & Kubernetes : GitOps with ArgoCD for Continuous Delivery to Kubernetes clusters (minikube) - guestbook