Docker

lang

date

Apr 20, 2025

slug

Notes-02-en

status

Published

Why Docker

An emerging approach to virtualization.

While traditional virtual machine technology virtualizes a set of hardware, runs a full operating system on it, and then runs the required application processes on that system, application processes within a Docker container run directly on the host's kernel; the container does not have its own kernel, and there is no hardware virtualization.

Docker utilizes system resources more efficiently, without the additional overhead of hardware virtualization and running a full operating system.

Docker container applications run directly from the host kernel and do not need to boot the full operating system, so startup times of seconds or even milliseconds can be achieved.

Docker 's images provide a complete runtime environment in addition to the kernel, ensuring a consistent application environment.

Docker can be customized to achieve continuous integration, continuous delivery, and deployment.

Docker can run on many platforms, whether physical machines, virtual machines, public clouds, private clouds, or even laptops, and the results are consistent, enabling easier migration.

Some concepts:

Image: An image can be thought of as a template for software packaging.

Function: An image is a read-only file that contains everything needed to run an application, including code, runtime environment, dependencies, and configuration.

Container: A container is a running instance created based on an image.

Functionality: A container can be thought of as a runtime process of an image, which is an isolated environment in which applications and services can run.

📌

Examples of the relationship between mirrors and containers: 1. Hamlet in Shakespeare's mind is like a mirror image, the audience has a Hamlet in their own mind after watching the play, the Hamlet in the audience's mind is the container. 2. The relationship between classes and instances in Python. A class is a template and an instance is a concrete implementation of a class.

Repository: A repository is a place for storing and organizing images.A Docker Registry server is dedicated to storing repositories . A Docker Registry can contain multiple repositories; each repository can contain multiple tags; each tag corresponds to an image.

Typically, a repository will contain images of different versions of the same software, and tags are often used to correspond to different versions of that software. You can specify which version of the software is being mirrored by using the format <repository name>:<tag>. If no label is given, latest will be the default label.

Features: Each container has its own filesystem, network, and process space, and can run applications independently.

Docker Installation

Linux installation tutorial (official documentation): https: //docs.docker.com/engine/install/ubuntu/

Version Selection

How to choose between Docker Desktop and Docker Engine:

On systems with a graphical interface (Windows or macOS, etc.), it is recommended to use: Docker Desktop; it integrates Docker Engine, Docker CLI, Docker Compose, Kubernetes (optional), and a graphical interface for Windows and macOS users.

On systems without a graphical interface (Linux), it is recommended to use: Docker Engine;

Docker CE (Community Edition): open source and free of charge
Docker EE (Enterprise Edition, now merged with Mirantis): commercially paid

Repository installation (Ubuntu)

Uninstall old and potentially conflicting packages

Images, containers, volumes and networks stored in /var/lib/docker/ are not automatically deleted. If you want to start with a fresh installation and want to clean up any existing data

If you wish to completely uninstall Docker Engine and start the installation over, you can do so :

Repository Configuration

Install Docker

Verify Docker

Installation Package Installation

Hands-on to find the version

Take Ubuntu as an example:

Go to: https: //download.docker.com/linux/ubuntu/ This URL contains the following directory:

dists/:

This is the core directory of the Docker APT repository and contains packages for different Ubuntu versions and architectures.
Once in the dists/ directory, you will see the names of the various Ubuntu distributions, such as bionic/ (Ubuntu 18.04), focal/ (Ubuntu 20.04), jammy/ (Ubuntu 22.04), and so on.
Going further into each distribution's directory, you can see subdirectories such as stable/, test/, and so on, which contain the installation packages for the corresponding version of Docker Engine and its related components.

gpg :

Contains the GPG key for the Docker APT repository, which is used to verify the authenticity and integrity of packages downloaded from this repository. When installing Docker, you usually need to add this GPG key to your system.

Go to the corresponding system (mine is jammy/ (Ubuntu 22.04)), and after entering: https: //download.docker.com/linux/ubuntu/dists/jammy/, the directory contains the following

stable/, test/, nightly/.

These are the different release channels for Docker. Each directory contains different types of Docker packages.

stable/: Contains stable versions of Docker packages, suitable for production environments.
test/: contains beta Docker packages, used by developers to test new features before releasing them.
nightly/: contains daily builds that provide the latest features and updates, but may be unstable and used only for experimentation and testing.

Typically, the stable/ version is recommended as it is fully tested and verified.

Release, InRelease, Release.gpg.

Release: A metadata file describing the packages available in the distribution, containing version information, dependencies, etc. for each package.
InRelease: Contains the contents of the Release file and its GPG signature, providing a way to verify the integrity and authenticity of the file.
Release.gpg: is a separate GPG signature for the Release file, used to verify the integrity and origin of the file.

pool/:

This directory contains the physical location of all Docker package files, organized by package name.
This includes docker-ce (Docker Community Edition), containerd.io (container runtime), and so on.
These .deb files can be downloaded directly for offline installation without an internet connection.

Go to the pool/ directory, select the stable version of stable/, and then select the system architecture type

amd64/: package files for 64-bit architecture (also known as x86_64 architecture).

arm64/: package files for ARM architecture.

s390x/: packages for the IBM System z architecture.

My Ubuntu is installed on a Mac M1 computer, so I chose the arm64/ architecture and went in and included the following types of files:

containerd.io(required): container runtime, which is a component that the Docker engine depends on.

docker-ce(required): the core package for Docker Community Edition, the Docker engine.

docker-ce-cli(required): Docker command line tool.

docker-compose-plugin(optional - recommended) :: Plugin for multi-container management.

docker-buildx-plugin (optional - recommended): Plugin for multi-platform builds.

docker-ce-rootless-extras (optional): Plugin to support Docker running in rootless mode.

Choosing the right version

Recommended version: 20.10...

Compatibility: Choose a version that is compatible with other packages. For example, docker-ce, docker-ce-cli, and containerd.io are usually required to be version-compatible. If you choose the latest version of docker-ce, also choose the matching versions of docker-ce-cli and containerd.io.

Starting the Installation (Ubuntu)

Download the required .deb packages

Install dependent packages: Install all downloaded .deb files together to ensure that package dependencies are handled correctly:

If you encounter dependency issues during installation, you can use the following command to resolve them:

Then re-run the dpkg command:

Start Docker and verify the installation

Problems encountered (Ubuntu)

Run the test image: sudo docker run hello-world

Error reported:

Reason: Network can't access docker's image source.

Option 1: Configure a domestic mirror source

Change or add a new configuration file: vim /etc/docker/daemon.json

Restart the service: service docker restart

Check the mirror source: docker info|grep Mirrors -A 5 --Match the "Mirrors" line, then display 5 additional lines after the matched line ( A means "After").

Option 2: Go to the official AliCloud to apply for the mirror address also accelerated failure

https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

Result: After the update, I found that it still doesn't work, and I realized that a lot of mirror sources have been discontinued (give up).

Start installation (CentOS 7.9)

Download the latest version of the docker installer here, if you download only a few, it will prompt dependency issues.

The above installation encountered GPG validation issues

Download the gpg file manually: https: //download.docker.com/linux/centos/gpg

Import gpg key: sudo rpm --import gpg

Verify the gpg key: rpm -qa gpg-pubkey*

Re-execute the install command and the installation will be successful

Starting the Setup

Making a quick Python environment image

Detailed image production process see below [image production].

1, create a Dockerfile file

2、Build the image

3, export and import

4, from the image to create containers

Python mirror comparison

Version name	Version Examples	Version Size	Version Features	Scenarios
Standard version	`python:3.9`	~900MB	Based on Debian Buster, includes a complete Python environment and common tools (e.g. `pip`, `setuptools` ), the most full-featured.	Development environments, test environments, and scenarios that require a complete toolchain.
Slim version	`python:3.9-slim`	~120MB	Based on Debian Buster, contains only the minimal dependencies needed to run Python, removes non-essential tools and documentation, and is small in size.	Production environment, image size sensitive scenarios.
Alpine Edition	`python:3.9-alpine`	~50MB	Based on Alpine Linux, minimal size, but may have compatibility issues (e.g. lack of glibc).	Scenarios that are extremely sensitive to image size and are open to potential compatibility tweaks.
Buster Edition	`python:3.9-buster`	~900MB	Based on the Debian Buster, includes the full system toolchain for Debian-compatible scenarios.	Development or production environments that require Debian compatibility.
Bullseye Edition	`python:3.9-bullseye`	~900MB	Based on Debian Bullseye, a newer version of Debian with an updated system toolchain.	Scenarios that require newer Debian system support.
Windowsservercore	`python:3.9-windowsservercore`	~4GB	Based on Windows Server Core, for Windows container environments.	Scenarios that require Python to run in a Windows container.
Nano Server	`python:3.9-nanoserver`	~1GB	Based on Windows Nano Server, smaller in size, suitable for lightweight Windows container environments.	ㅤ

Image Operation

Container Operations

Creating Containers

An image can be used to create multiple containers, each of which is a separate running instance of the image.

When you use docker run to create and start a new container, all the specified parameters (such as port mapping, volume mounts, environment variables, etc.) are saved to the configuration of that container. You do not need to specify these parameters again when you start a container with the docker start command.

When using docker run to create a container, the standard operations that Docker runs in the background include:

Checking to see if the specified image exists locally, and downloading it from the registry if it doesn't.

Creating and starting a container using the image

allocating a filesystem and mounting a read-write layer on top of the read-only image layer

Bridge a virtual interface to the container from a bridge interface configured on the host computer.

Configure an ip address from the address pool for the container.

Execute the user-specified application

The container is terminated after execution

📌

After running an image to generate a container, there are typically two ways to manipulate the contents of the container:

The container opens an access port to be accessed from a browser

The container opens a bash shll inside the container for command line operations

Container status and start/stop

Packaging transfer

File form

Online

Docker Storage

Data is stored inside the container:

Modification of data needs to go inside the container first, cumbersome operation

Data is lost when the container crashes

Generally used to operate storage configuration files and data

Directory mounting

Volume Mapping

Volume mapping is actually a kind of mounting, but it automatically synchronizes the contents of the folder in the container that needs to be mounted to the volume on the server when it is mounted.

Only the first time you use volume mapping, if the volume is empty and there is data in the container directory, will Docker copy the data from the container directory to the volume. After that, the data in the volume is self-contained and will not be overwritten by the initial catalog when mounted to any container.

Docker Networking

Network data access between containers

Each container will automatically join docker's automatic network docker0 when it starts (you can see the docker0 card in the server's ip configuration), so that a local area network is formed between these containers, and they can access each other by using the container IP + container port.

But docker0 doesn't support container hostname, so we need to create a custom network and add containers to this network, which can support container hostname (so that the container's name can be used as the hostname as a stable access address)

Docker Compose.

Container batch management tool for jobs with more project services;

Command start

Take a blog project as an example

Compose startup

Compose mainly through the operation of theose .yaml file to realize the batch operation

`Compose.yaml`configuration file writing

Syntax specification see: official documentation;

Compose.yaml file configuration

Compose batch start

Making images

Dockerfile

The docker builder uses the contents of the dockerfile file to make an image, so the main thing you need to do to make an image is to write a Dockerfile.

Typically, the first line of a Dockerfile is the FROM directive, which defines the base environment for the image. However, if your machine doesn't have internet access, you can't pull the base image directly from the official Docker Hub or other online repositories. There are several ways to solve this problem:

Method 1: Using an existing local base image

Method 2: Getting the base image offline

Pull the image on a networked machine.

Save the image as a .tar file on a networked machine

Transfer the image to an offline machine

Load the image on the offline machine

Method 3: Configure an available image source, seeherefor AliCloud hosting.

The commands in the Dockerfile are executed sequentially, and some commands depend on the results of previous commands, so you need to write them in order.

📌

Dockerfile configuration reference

Building Images

Hands-on

Official front-end example: get started guide

Cloning the case study project

Creating a project image

Creating a Dockerfile
Adding content to the file

Explanation of the content

# syntax=docker/dockerfile:1: Specifies the docker syntax version.

FROM node:18-alpine: based on the base image node:18-alpine

WORKDIR /app: Sets the working directory in the container to /app.

COPY . .: Copies all files and folders from the current directory to the container's working directory /app.

RUN yarn install --production: Run yarn install --production in the working directory to install the dependencies according to the package.json file.

CMD ["node", "src/index.js"]: specifies the default command to be executed when the container starts, which will run Node.js and execute the src/index.js file.

EXPOSE 3000: exposes port 3000 inside the container to the external network

Creating an image in the terminal

Command Interpretation

As a base mirror is specified, some dependency mirror layers may be downloaded

t specifies a combination of the name and label of the mirror, the default label is "latest".

. Tells Docker to look for the Dockerfile file in the current directory.

📌

Specify the platform when creating

Run the image to create the container

Command Explanation

docker run: This is the command to run the Docker container.

dp 127.0.0.1:3000:3000: This is the part used to set the run options for the container.

d means to run the container in background (detached) mode.
p 127.0.0.1:3000:3000 maps port 3000 of 127.0.0.1 on the host to port 3000 of the container.

getting-started: This specifies the name of the Docker image to run.

View the results of the run: http: //localhost:3000/

📌

Stop the container from running

Update the project content and recreate the image

Modify the project file: src/static/js/app.js line 56
Rebuild the image and instantiate the container

📌

Delete the old container

Share the image on DockerHub

Create a repository on DockerHub with the same name as the project folder getting-started and remember the Namespace content in front of the repository name;
Add a label for the local image with the sticky note Namespace/getting-started;
Push the image to the DockerHub repository, using the newly added tag name.

Official Python Case: Containerize a Python application

Clone the case project

Initialize Docker

Some new files will be added

Build and start the container (run it in the project folder)