Run a container

# daemon mode
$ docker run -d -p 80:80 --name webserver nginx

# interactive
$ docker run -t --rm <image_id> sh

Attach to running container

$ docker exec -it <image_id> sh

Attach a volume

$ docker run \
  -v /home/<user>/.ssh:/root/.ssh \
  -e BUILDKITE_AGENT_TOKEN="<token>" \

Docker in Docker

To run Docker, it must have access to /var/run/docker.sock. This provides API access to stuff. To run docker inside of docker, just mount the socket as a volume inside the container, and it can instrument containers on the root machine as expected (and have full access to the API).

$ docker run -v /var/run/docker.sock:/var/run/docker.sock buildkite/agent


In order to determine where containers come from, strong labels are necessary. After all: without technical controls you only have social guarantees. Label standards should be decided upon and enforced.

LABEL com.example.git.repository=""
      com.example.api.packages="apk info -vv"

In addition to strong labels, it's also recommended to embed Dockerfiles in images.

Image management

$ docker rmi <image_name>
$ docker ps -a  # see all created containers
$ docker rm $(docker ps -aq)  # remove all existing containers

Example node app

FROM mhart/alpine-node:6

# Create app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

# Install app dependencies
COPY package.json /usr/src/app/
RUN npm install

# Bundle app source
COPY . /usr/src/app

CMD [ "npm", "start" ]

Docker ADD vs COPY

Inspect docker properties

Stuff like labels don't show up in $ docker images:

$ docker inspect <image_name>

Remove all stopped containers

$ docker rm "$(docker ps -a -q)"

Remove all untagged images

$ docker rmi "$(docker images | grep "^<none>" | awk '{ print $3 }')"

Iterate over all docker images

$ docker images -q  # images

Stop all docker images

$ docker stop "$(docker ps -q)"

Pass env vars to docker

$ docker run <image_name> -e FOO=bar

See if logged in

$ sudo docker info | grep Username

Tiny containers

Pruning containers is something you probably want to do. This can be done by converting a container to a tarball, removing unneeded stuff and then creating a new container. It's pretty cool.

Push container to registry

$ docker push user/image-name

See Also

results matching ""

    No results matching ""