Docker Cheatsheet
Installation
# Linux
$ curl -sSL https://get.docker.com/ | sh
# Mac - Install with brew (https://brew.sh/)
$ brew cask install docker
Check Version
# Just show the version
$ docker version --format '{{.Server.Version}}'
19.03.8
# Short version
$ docker --version
Docker version 19.03.8, build afacb8b7f0
# Long version
$ docker version
Client: Docker Engine - Community
Version: 19.03.8
Server: Docker Engine - Community
Engine:
Version: 19.03.8
Registry & Repository
# Login to registry
docker login
# Login to Nvidia NGC registry (https://ngc.nvidia.com/setup/api-key)
docker login nvcr.io
Username: $oauthtoken
Password: <Login via link and click generate API key>
# Logout from registry
docker logout
# Search docker repository, results returned are ranked by number of stars
docker search <keyword>
# Pulls image from registry to local machine
docker pull <image-name>
# Push image from local machine to registry
docker push <image-name>
Load and Save Image / Container
The difference between save and export is that the exported-imported image has lost all of its history whereas the save-loaded image still have its history and layers. This means that you cannot do any rollback or to a previous layer if you export-import. However, if you use save-load the image, you can go back to previous layer using docker tag <layer-id> <image-name>
.
# Save an existing image
docker save --output busybox.tar busybox
docker save -o busybox.tar busybox
# Save an existing image with particular tag
docker save -o busybox:latest
# Load an image from file
docker load -i busybox.tar
# Export an existing container (but without the mounted volume)
docker export --output my_container.tar my_container
docker export -o my_container.tar my_container
# Import a container as an image from file or from URL
docker import my_container.tar
docker import https://example.com/my_container.tar
Running Container
# Run container from image
docker run <container-name>
# Run transient container (removes container after it stops)
docker run --rm <container-name>
# Run container and attach shell (-t = allocate tty, -i keep STDIN open even if not attached)
docker run -it <container-name>
# Start docker in transient and attach shell
docker run --rm -it <container-name>
# Start docker in transient, attach shell and publish port (outside-port:inside-port)
docker run --rm -it -p 8080:80 <container-name>
# Start docker in transient, attach shell and mount volume
# Note: if /path/from/host does not exists, docker will create folder automatically
docker run --rm -it -v /path/from/host:/path/in/container <container-name>
Removal
# Kill running containers
docker kill $(docker ps -q)
# Delete all containers by force (including running ones)
docker rm -f $(docker ps -aq)
# Delete stopped container
docker rm -v $(docker ps -a -q -f status=exited)
# Stop all and delete all containers
docker stop $(docker ps -aq) && docker rm -v $(docker ps -aq)
# Delete dangling images
docker rmi $(docker images -q -f dangling=true)
# Delete all images
docker rmi $(docker images -q)
# Remove all stopped containers, all networks not used by at least one container, all dangling images and all dangling build cache
docker system prune
Removal (Advanced)
# Find and remove images based on name
docker rmi $(docker images | grep 'IMAGENAME')
Find / Filter images
# Find all images with LATEST tag
docker images | grep latest
# Find all images based on image name
docker images | grep 'IMAGENAME' | tr -s ' ' | cut -d ' ' -f 3
# Find all image ID with LATEST tag
docker images | grep latest | tr -s ' ' | cut -d ' ' -f 3
Update images
# Update all pulled images with latest tag
docker images --format "{{.Repository}}:{{.Tag}}" | grep ':latest' | xargs -L1 docker pull;
Monitoring
# Show running containers
docker ps
# Get logs from container (-f for follow)
docker logs <my_container>
docker logs -f <my_container>
# Looks at all info in a container
docker inspect <my_container>
# Shows public facing port of container
docker port <my_container>
# Show running processes in container
docker top <my_container>
# Check CPU, memory, network I/O usage of single container
docker stats <container_name>
docker stats --all # shows all containers (default only show running)
# Show changed files in container's filesystem (good for tracing)
docker diff <container_name>
# Summary of space currently used by different docker objects
docker system df
Utilities
# Creates a container but does not start it
docker create
# Renames container
docker rename
# Updates a container's resource limits
docker update
# Copy files/folders between container and local filesystem
docker cp foo.txt my_container:/foo.txt
docker cp my_container:/foo.txt foo.txt
# Filter images based on name
docker image ls --filter 'reference=nvcr.io/nvidia/*'
Other Interesting Commands
# Use --volumes-from to mount volume that was mounted in another container in a new container. Use this to share volume with other containers.
# Note: first command is to create the mount in the dbstore container
# Note: second command is to list the /dbdata volume that is mounted on the new container from the first container
docker run -v /home/user/desktop/data:/data-volume --name dbstore ubuntu
docker run --rm --volumes-from dbstore ubuntu ls /dbdata
# Update all images with "latest"
# Ref: https://dev.to/goffity/update-all-docker-images-already-pulled-o3l
docker images | grep -v REPOSITORY | awk '{print $1}' | xargs -L1 docker pull
Common Questions
What is the difference between RUN, CMD and ENTRYPOINT in a Dockerfile?
RUN is an image build step, the state of the container after a RUN
command will be committed to the container image. A Dockerfile can have many RUN
steps that layer on top of one another to build the image.
CMD is the command the container executes by default when you launch the built image. A Dockerfile will only use the final CMD
defined. The CMD
can be overridden when starting a container with docker run $image $other_command
.
ENTRYPOINT is also closely related to CMD
and can modify the way a container is started from an image.
Good Stuff
References
