Docker

Overview

Docker is a containerization platform that packages applications and dependencies into isolated, lightweight containers for consistent deployment across environments.

---

Core Docker Concepts

Container vs Virtual Machine

Aspect	Container	Virtual Machine
Size	MB	GB
Startup Time	Seconds	Minutes
OS	Shared kernel	Full OS
Isolation	Process-level	Hardware-level
Resource Usage	Minimal	Significant
Portability	Excellent	Good

Docker Architecture

┌─────────────────────────────────┐
│     Docker Client (CLI)         │
└──────────────┬──────────────────┘
               │
┌──────────────▼──────────────────┐
│     Docker Daemon               │
│  (Container Runtime)            │
└──────────────┬──────────────────┘
               │
     ┌─────────┼─────────┐
     │         │         │
  Images   Containers Networks  Volumes

---

Docker Installation

Linux

# Update system
sudo apt update

# Install Docker
sudo apt install -y docker.io

# Start Docker daemon
sudo systemctl start docker

# Enable Docker on boot
sudo systemctl enable docker

# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker

Verify Installation

# Check Docker version
docker --version

# Run Hello World
docker run hello-world

# Check Docker info
docker info

---

Docker Images

Understanding Images

A Docker image is a lightweight, standalone executable package containing all code, runtime, system tools, and libraries.

Dockerfile Structure

# Base image
FROM ubuntu:22.04

# Set working directory
WORKDIR /app

# Install dependencies
RUN apt-get update && \
    apt-get install -y python3 python3-pip && \
    rm -rf /var/lib/apt/lists/*

# Copy application code
COPY . .

# Install Python dependencies
RUN pip3 install -r requirements.txt

# Expose port
EXPOSE 5000

# Define environment variable
ENV FLASK_APP=app.py

# Set startup command
CMD ["python3", "app.py"]

Build Image

# Build image from Dockerfile
docker build -t myapp:1.0 .

# Build with build arguments
docker build -t myapp:1.0 --build-arg VERSION=1.0 .

# Build from specific Dockerfile
docker build -f Dockerfile.prod -t myapp:prod .

Image Commands

# List images
docker images

# Search images on Docker Hub
docker search ubuntu

# Pull image from registry
docker pull ubuntu:22.04

# Remove image
docker rmi myapp:1.0

# Tag image
docker tag myapp:1.0 myrepo/myapp:latest

# Push to registry
docker push myrepo/myapp:latest

# Inspect image
docker inspect myapp:1.0

# View image history
docker history myapp:1.0

Image Best Practices

Practice	Benefit	Example
Use specific base image tags	Reproducibility	FROM ubuntu:22.04 not FROM ubuntu:latest
Minimize layers	Reduce image size	Combine RUN commands
Clean up in same layer	Smaller images	apt-get clean && rm -rf /var/lib/apt/lists/*
Use .dockerignore	Skip unnecessary files	*.log, .git, node_modules
Multi-stage builds	Separate build and runtime	Build stage → production stage

---

Docker Containers

Run Containers

# Run container
docker run -d -p 8080:80 --name myapp nginx

# Run with environment variables
docker run -d -e DB_HOST=localhost -e DB_USER=admin myapp

# Run with volume mount
docker run -d -v /host/path:/container/path myapp

# Run with resource limits
docker run -d -m 512m --cpus=1 myapp

# Run interactively
docker run -it ubuntu /bin/bash

# Run with restart policy
docker run -d --restart=always myapp

# Run as specific user
docker run -d --user 1000:1000 myapp

Container Commands

# List running containers
docker ps

# List all containers
docker ps -a

# View container logs
docker logs myapp

# Follow container logs
docker logs -f myapp

# Stop container
docker stop myapp

# Start container
docker start myapp

# Restart container
docker restart myapp

# Remove container
docker rm myapp

# Execute command in container
docker exec -it myapp bash

# Copy files to/from container
docker cp myapp:/app/data.txt ./
docker cp ./config.yml myapp:/app/

# Inspect container
docker inspect myapp

# View container processes
docker top myapp

# View container resource usage
docker stats myapp

# View container port mappings
docker port myapp

---

Container Configuration

Port Mapping

# Map single port
docker run -p 8080:80 nginx
# Host port 8080 → Container port 80

# Map multiple ports
docker run -p 8080:80 -p 443:443 nginx

# Map to random host port
docker run -p 80 nginx

# Map all exposed ports
docker run -P nginx

Environment Variables

# Pass single variable
docker run -e APP_ENV=production myapp

# Pass multiple variables
docker run -e DB_HOST=localhost -e DB_PORT=5432 myapp

# Load from file
docker run --env-file .env myapp

Volume Management

# Named volume
docker run -v mydata:/data myapp

# Bind mount
docker run -v /host/path:/container/path myapp

# Read-only volume
docker run -v /host/path:/container/path:ro myapp

# List volumes
docker volume ls

# Inspect volume
docker volume inspect mydata

# Remove volume
docker volume rm mydata

# Clean up unused volumes
docker volume prune

---

Docker Networks

Network Types

Type	Use Case	Example
Bridge	Default, single host	docker run myapp
Host	Performance critical	docker run --net=host myapp
Overlay	Multi-host (Swarm/K8s)	Docker Swarm networks
None	No networking	docker run --net=none myapp

Network Commands

# List networks
docker network ls

# Create network
docker network create mynetwork

# Run container on network
docker run -d --network mynetwork --name app1 myapp
docker run -d --network mynetwork --name app2 myapp

# Connect container to network
docker network connect mynetwork running_container

# Disconnect container
docker network disconnect mynetwork container_name

# Inspect network
docker network inspect mynetwork

# Remove network
docker network rm mynetwork

Container Communication

# Containers on same network can communicate by name
# Inside container:
ping app1  # Resolves to app1's IP

# Expose ports for external access
docker run -p 3000:3000 webapp

---

Docker Compose

Docker Compose File

version: '3.8'

services:
  web:
    build: .
    ports:
      - "8080:80"
    environment:
      - DB_HOST=database
      - DB_USER=admin
    depends_on:
      - database
    volumes:
      - ./app:/app
    networks:
      - mynetwork
    restart: unless-stopped

  database:
    image: postgres:15
    environment:
      - POSTGRES_USER=admin
      - POSTGRES_PASSWORD=secret
      - POSTGRES_DB=myapp
    volumes:
      - db_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    networks:
      - mynetwork
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U admin"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    ports:
      - "6379:6379"
    networks:
      - mynetwork

volumes:
  db_data:

networks:
  mynetwork:
    driver: bridge

Docker Compose Commands

# Start services
docker-compose up -d

# View logs
docker-compose logs -f

# Stop services
docker-compose stop

# Stop and remove containers
docker-compose down

# Remove volumes too
docker-compose down -v

# Execute command in service
docker-compose exec web bash

# View running services
docker-compose ps

# Restart services
docker-compose restart

# Build services
docker-compose build

---

Docker Registry

Docker Hub

# Login to Docker Hub
docker login

# Push image
docker tag myapp:1.0 username/myapp:1.0
docker push username/myapp:1.0

# Pull image
docker pull username/myapp:1.0

# Logout
docker logout

Private Registry

# Run private registry
docker run -d -p 5000:5000 registry:2

# Tag image for private registry
docker tag myapp:1.0 localhost:5000/myapp:1.0

# Push to private registry
docker push localhost:5000/myapp:1.0

# Pull from private registry
docker pull localhost:5000/myapp:1.0

---

Multi-stage Builds

Reducing Image Size

# Stage 1: Build
FROM golang:1.20 as builder
WORKDIR /build
COPY . .
RUN go build -o app .

# Stage 2: Runtime
FROM alpine:latest
WORKDIR /app
COPY --from=builder /build/app .
EXPOSE 8080
CMD ["./app"]

Result: Image size reduced from ~900MB to ~15MB

---

Docker Best Practices

Practice	Benefit	Example
Use Alpine base images	Minimal size	FROM alpine:latest
One process per container	Simplicity & debugging	Single service
Health checks	Auto recovery	HEALTHCHECK CMD curl localhost
Security scanning	Vulnerability detection	docker scan myapp:1.0
Non-root user	Security	USER appuser
Read-only root	Security	docker run --read-only
Resource limits	Stability	-m 512m --cpus=1
Distroless images	Security & size	FROM gcr.io/distroless/base

---

Troubleshooting

Common Issues

# Container exits immediately
docker logs container_name  # Check logs

# Port already in use
docker ps  # Find container using port
docker stop container_name

# Permission denied
sudo usermod -aG docker $USER
newgrp docker

# Out of disk space
docker system prune -a  # Remove unused images/containers

# Slow performance
docker stats  # Check resource usage
docker run -m 512m --cpus=1 myapp  # Add limits

---

Summary Table: Essential Docker Commands

Command	Purpose	Example
build	Create image	docker build -t myapp:1.0 .
run	Start container	docker run -d myapp
ps	List containers	docker ps -a
logs	View container logs	docker logs -f myapp
exec	Run command in container	docker exec -it myapp bash
stop	Stop container	docker stop myapp
rm	Remove container	docker rm myapp
images	List images	docker images
push	Push to registry	docker push myapp:1.0
compose	Manage multi-container	docker-compose up

---

Resources

• Docker Documentation
• Docker Hub
• Docker Best Practices
• Dockerfile Reference