Ferro's Gitbook
  • README
  • DevOps
    • Grafana_Cloud
  • OpenWrt
    • DHCP_DNS
    • GLiNet
    • boot
    • captive_portal
    • luci
    • mwan3
    • radius
    • theme
    • wireless
  • apps
    • web
  • BSD
    • Mac
  • Cloud
    • aws
    • azure
    • cf
    • gcp
    • github
    • ibm_bluemix
    • Pricing
  • container
    • docker
    • Kubernetes
    • podman
  • db
    • InfluxDB
    • loki
    • MySQL & MariaDB
    • Oracle
    • PostgreSQL
  • dev
    • AHK
    • BI
    • LBS
    • ML
    • android
    • editor
    • flutter_web
    • git
    • go
    • HTML5/BS
    • j2ee
    • js
    • js_grid
    • js_vue
    • jupyter
    • ocaml
    • powershell
    • py
    • py_GUI
    • Django
    • shell
    • snippets
    • uni
    • vba
    • wechat.zh
    • wechat_mp.zh
  • elec
    • 3D Printing
    • AC
    • MOSFET
    • battery
    • boost
    • bulk
    • metal
    • simulator
  • hw
    • GPU
    • PCI
    • arduino
    • Bluetooth
    • ent
    • Pinout
    • x86_AMD
    • x86_intel
  • linux
    • Test System
    • X
    • arch
    • fs
    • kernel
    • Memory
    • nw
    • Linux Services
    • Systemd
    • text
  • ms
    • vscode
    • windows
    • wsl
  • multimedia
    • Blender
    • audio
    • blender
    • graphics
    • home
  • nw
    • L3
    • L3_IPv6
    • SDN
    • VPN
    • dns
    • hw
    • Low Level
    • mikrotik
    • mwan
    • Openflow
    • OVS
    • pfsense
    • ppp
    • proxy
    • tsocks
    • pxe
    • Security
    • TCP
  • phone
    • Mi
    • android
  • Storage(SW)
  • vt
    • Intel GVT-g
    • PVE
    • QEMU
    • VDI
    • hyper-v
    • kube
    • libvirt
    • OpenStack
  • Web
    • IBM_MQ
    • IBM_Websphere
    • SSL
    • Apache/IBM_IHS
    • blockchain
    • caddy
    • j2ee
    • nginx
    • static_site
Powered by GitBook
On this page
  • Web UI
  • Scripts
  • Dockerfile code snippets
  • CMD and ENTRYPOINT
  • apt
  • alpine
  • tini
  • S6 - a process supervisor
  • badger
  • Storage
  • btrfs issue
  • Network
  • macvlan/ipvlan
  • plugins
  • DHCP
  • Commands
  • build
  • container/image operations
  • cp
  • run
  • container update
  • Clean up
  • Detach
  • Config
  • Mirrors
  • Proxy
  • Swarm
  • OS
  • CoreOS
  • boot2docker
  • Windows/Mac
  • Automated builds

Was this helpful?

Edit on Git
  1. container

docker

  • Web UI

  • Scripts

  • Dockerfile code snippets

    • CMD and ENTRYPOINT

    • apt

    • alpine

    • tini

    • S6 - a process supervisor

  • badger

  • Storage

    • btrfs issue

  • Network

    • macvlan/ipvlan

    • plugins

    • DHCP

  • Commands

    • build

    • container/image operations

    • cp

    • run

      • X11 Forwarding

    • container update

    • Clean up

    • Detach

  • Config

    • Mirrors

    • Proxy

  • Swarm

  • OS

    • CoreOS

    • boot2docker

  • Windows/Mac

  • Automated builds

Web UI

https://documentation.portainer.io/v2.0/deploy/ceinstalldocker/

Scripts

source /dev/stdin <<< "$(curl -sSL https://raw.githubusercontent.com/fzinfz/scripts/master/linux/docker.sh)"

Dockerfile code snippets

CMD and ENTRYPOINT

https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact

ENTRYPOINT [“exec_entry”, “p1_entry”]
CMD [“exec_cmd”, “p1_cmd”]
=> exec_entry p1_entry exec_cmd p1_cmd

apt

RUN apt update && apt install -y 
    --no-install-recommends && rm -r /var/lib/apt/lists/*

alpine

# install pip3
RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.py

RUN apk add --no-cache --virtual .build-deps  \
    curl ca-certificates jq \
    && apk del .build-deps

tini

https://github.com/krallin/tini

docker run --init

S6 - a process supervisor

https://github.com/just-containers/s6-overlay

badger

https://microbadger.com

Storage

https://docs.docker.com/storage/storagedriver/select-storage-driver/#docker-engine---community

When possible, overlay2 is the recommended storage driver. 
Supported backing filesystems: xfs with ftype=1, ext4 ( where /var/lib/docker/ is located )

http://jpetazzo.github.io/assets/2015-06-04-deep-dive-into-docker-storage-drivers.html#80

btrfs issue

https://gist.github.com/hopeseekr/cd2058e71d01deca5bae9f4e5a555440

Network

none/bridge/host/overlay/{belows}: https://docs.docker.com/network/

macvlan/ipvlan

https://hicu.be/macvlan-vs-ipvlan

  • Ipvlan:All sub-interfaces share parent’s MAC | vs Macvlan

  • Ipvlan L3 mode:Each sub-interface has to be configured with a different subnet

  • Macvlan and ipvlan cannot be used on the same parent interface at the same time.

https://docs.docker.com/network/ipvlan/

  • IPvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation.

  • --internal: ( off -o parent= )

  • if no --gateway: gw for --subnet=192.168.1.0/24 will be 192.168.1.1

To access host, check /nw/openwrt

plugins

https://docs.docker.com/engine/extend/plugins_services/#network-plugins

DHCP

  • https://github.com/homeall/dhcphelper

  • https://github.com/modem7/DHCP-Relay

Commands

build

https://docs.docker.com/engine/reference/commandline/build/

docker build [-f Dockerfile.custom] [--target multi-stage] Dockerfile-Root-Folder

docker build - < Dockerfile      # no context, local ADD not working
curl example.com/remote/Dockerfile | docker build -f - .
Get-Content Dockerfile | docker build - # Powershell

docker build -f ctx/Dockerfile http://server/ctx.tar.gz
docker build https://github.com/user/repo.git
Build Syntax Suffix
Commit Used
Build Context Used

myrepo.git#mytag:myfolder

refs/tags/mytag

/myfolder

myrepo.git#mybranch:myfolder

refs/heads/mybranch

/myfolder

Squashing does not destroy any existing image, rather it creates a new image.

container/image operations

docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

docker export container_name > container.tar
docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]

docker save image_name > image.tar
docker load < image.tar[.gz]

docker save python | ssh -C 192.168.88.72 docker load

cp

https://docs.docker.com/engine/reference/commandline/cp/

docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH

run

https://docs.docker.com/engine/reference/run/ https://docs.docker.com/engine/admin/resource_constraints/

--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]

-m, --memory=""
-c, --cpu-shares=0	CPU shares (relative weight)
--dns=[]           : Set custom dns servers for the container
--network="bridge" : Connect a container to a network
                      'bridge': create a network stack on the default Docker bridge
                      'none': no networking
                      'container:<name|id>': reuse another container's network stack
                      'host': use the Docker host network stack
                      '<network-name>|<network-id>': connect to a user-defined network
--network-alias=[] : Add network-scoped alias for the container
--add-host=""      : Add a line to /etc/hosts (host:IP)
--mac-address=""   : Sets the container's Ethernet device's MAC address
--ip=""            : Sets the container's Ethernet device's IPv4 address
--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
--read-only        :prohibiting writes to locations other than the specified volumes

Volume labels  
`:z` => shared  
`:Z` => private

`--entrypoint` will clear out `CMD`

echo test | docker run --rm -i alpine cat
docker run --security-opt seccomp:unconfined  # may fix chromium start error

X11 Forwarding

http://wiki.ros.org/docker/Tutorials/GUI https://people.ece.cornell.edu/skand/post/x-forwarding-on-docker/

--env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw"

container update

https://docs.docker.com/engine/reference/commandline/container_update/

docker container update [OPTIONS] CONTAINER [CONTAINER...] --cpus="1.5" # one and a half of the CPUs --cpu-shares , -c --memory , -m Memory limit --memory-reservation Memory soft limit --restart

Clean up

docker container prune
docker system prune  # Remove unused data

Detach

Ctrl+p & Ctrl+q

Config

https://docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file

/etc/docker/daemon.json     # delete `,` & `#...`
# `dockerd` for debugging: https://docs.docker.com/engine/admin/
{
    "live-restore": true,   # containers remain running if daemon unavailable
    "graph": "/data/docker-fs",
    "storage-driver": "overlay2",
}

Mirrors

CN: https://yeasy.gitbook.io/docker_practice/install/mirror LAN: https://docs.docker.com/registry/configuration/#proxy

Proxy

23.0+ : https://docs.docker.com/reference/cli/dockerd/#proxy-configuration

  • daemon configuration file : /etc/docker/daemon.json

  • command-line options : https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config

https://docs.docker.com/config/daemon/proxy/#environment-variables

mkdir -p /etc/systemd/system/docker.service.d

cat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:1081"
Environment="HTTPS_PROXY=http://127.0.0.1:1081"
Environment="NO_PROXY=localhost,127.0.0.1,192.168.*.*,172.16.*.*,100.*.*.*"
EOF

systemctl daemon-reload && systemctl restart docker
systemctl show --property=Environment docker

Swarm

TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes TCP and UDP port 4789 for overlay network traffic --opt encrypted => protocol 50 (ESP) is open

https://docs.docker.com/engine/swarm/admin_guide/#/add-manager-nodes-for-fault-tolerance

docker swarm init --advertise-addr 10.2.0.1
docker swarm join-token manager
docker swarm join-token worker
docker swarm init --force-new-cluster # without losing data

docker node ls
docker node update --label-add server=s1 st

netstat -lntup | egrep '2377|7946|4789|50'

docker service create --name nginx -p 8080:80 --replicas 3 nginx
docker service create --name nginx -p 80:80  -p 443:443 --network web --mode global nginx

docker service ls
docker service ps nginx
docker inspect <ID> | grep Err

https://docs.docker.com/engine/reference/commandline/service_create/

docker network create \
    --driver overlay \
    --subnet 10.66.3.0/24 \
    --opt encrypted \
    web

docker network ls

# node IP
ip addr | grep -P -o '\d+\.\d+\.\d+\.\d+(?=/24)'

# service VIP
ip addr | grep -P -o '\d+\.(?!255)\d+\.\d+\.\d+(?=/32)'

OS

CoreOS

https://coreos.com/releases/

vi /etc/coreos/update.conf
update_engine_client -update

boot2docker

https://github.com/boot2docker/boot2docker Lightweight Linux for Docker

echo EXTRA_ARGS="--foo=bar"  >>  /var/lib/boot2docker/profile

Windows/Mac

https://docs.docker.com/engine/installation/windows/ https://docs.docker.com/machine/drivers/ https://forums.docker.com/t/how-can-i-ssh-into-the-betas-mobylinuxvm/10991/

Automated builds

Docker Hub | $5+/m: https://www.docker.com/pricing/ Github Actions | 2k min/m: https://docs.docker.com/ci-cd/github-actions/ Jetbrains Space |

https://www.jetbrains.com/help/space/docker.html#publish-a-docker-image-to-docker-hub

PreviouscontainerNextKubernetes

Last updated 8 months ago

Was this helpful?