Docker

Introduction

Docker is a platform for developing, shipping, and running applications in containers. It provides the ability to package and run an application in a loosely isolated environment called a container.

Core Components:

  • Docker Engine
  • Docker CLI
  • Docker Desktop
  • Docker Registry
  • Docker Compose
  • Docker Hub

Dockerfile

Basic Dockerfile

Example of a multi-stage Dockerfile:

# Build stage
FROM node:14 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

# Production stage
FROM nginx:alpine
COPY --from=builder /app/build /usr/share/nginx/html
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

Build Arguments and Environment Variables

# Using ARG and ENV
FROM node:14-alpine

# Build arguments
ARG NODE_ENV=production
ARG PORT=3000

# Environment variables
ENV NODE_ENV=${NODE_ENV}
ENV PORT=${PORT}
ENV APP_VERSION=1.0.0

WORKDIR /app
COPY . .
RUN npm install --only=production

EXPOSE ${PORT}
CMD ["npm", "start"]

Docker Compose

Multi-Container Application

Example of a Docker Compose configuration:

version: '3.8'

services:
  web:
    build: 
      context: ./frontend
      dockerfile: Dockerfile
    ports:
      - "80:80"
    depends_on:
      - api
    networks:
      - frontend-net

  api:
    build: ./backend
    environment:
      - DB_HOST=db
      - DB_USER=admin
      - DB_PASS=secret
    depends_on:
      - db
    networks:
      - frontend-net
      - backend-net

  db:
    image: postgres:13
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=admin
      - POSTGRES_PASSWORD=secret
    networks:
      - backend-net

networks:
  frontend-net:
  backend-net:

volumes:
  db-data:

Essential Commands

Container Management

# Container lifecycle
docker run -d -p 80:80 --name webserver nginx
docker start webserver
docker stop webserver
docker restart webserver
docker rm webserver

# Container inspection
docker ps -a
docker logs webserver
docker inspect webserver
docker stats webserver

# Image management
docker pull nginx:latest
docker build -t myapp:1.0 .
docker push myapp:1.0
docker rmi myapp:1.0

Volume and Network Commands

# Volume management
docker volume create mydata
docker volume ls
docker volume inspect mydata
docker volume rm mydata

# Network management
docker network create mynet
docker network connect mynet container1
docker network disconnect mynet container1
docker network rm mynet

Networking

Network Types

Docker Networks:

  • bridge - Default network
  • host - Host network access
  • none - No network access
  • overlay - Multi-host networking
  • macvlan - MAC address assignment

Network Configuration

# Create custom network
docker network create \
  --driver=bridge \
  --subnet=172.28.0.0/16 \
  --ip-range=172.28.5.0/24 \
  --gateway=172.28.5.254 \
  custom-network

# Run container with network
docker run -d \
  --name=api \
  --network=custom-network \
  --ip=172.28.5.10 \
  api-image

Best Practices

Image Building

Best Practices:

  • Use specific base image tags
  • Minimize layer count
  • Use .dockerignore
  • Implement multi-stage builds
  • Scan for vulnerabilities
  • Keep images small

Security

Security Measures:

  • Run as non-root user
  • Use secrets management
  • Limit container capabilities
  • Regular security updates
  • Image signing
  • Network segmentation