- Consistency Across Environments
- Isolation
- Portability
- Lightweight
- Version Control
- Scalability
- DevOps Integration
- Docker client and server
- Docker image
- Docker registry
- Docker container
A Docker Conatiner is a runnable insatance of a Docker Image. We can create multiple instances/ Containers from just one image.
Docker Volume is a Persistent data storage mechanism.
Docker Network is a Communications Channel that enables different Docker Conatiners to talk/ communicate to each other or with the external world. It creates connectivity allowing containers to share information.
Docker Workflow comprises of 1. Docker Client 2. Docker Host(Docker Daemon) 3. Docker Registry(Docker Hub).
Creating own docker image starts from a Special File called Docker File. It's a set of some specific instructions and keywords telling Dcoker how to create an image of our application. The four layers of instructions: From, Pull, Run and CMD.
- FROM: creates a layer based on Ubuntu, and then we add files from the Docker repository to the base command of that base layer.
- WORKDIR [Pull]: Adds files from your Docker repository
- COPY [Run]: Builds your container
- CMD: Specifies which command to run within the container
- Docker compose
- Docker swamp
Docker Compose is a tool for defining and running multi-container applications. It is the key to unlocking a streamlined and efficient development and deployment experience.
Compose simplifies the control of your entire application stack, making it easy to manage services, networks, and volumes in a single, comprehensible YAML configuration file. Then, with a single command, you create and start all the services from your configuration file.
Compose works in all environments; production, staging, development, testing, as well as CI workflows. It also has commands for managing the whole lifecycle of your application:
- Start, stop, and rebuild services
- View the status of running services
- Stream the log output of running services
- Run a one-off command on a service
Use watch to automatically update and preview your running Compose services as you edit and save your code.
For many projects, this allows for a hands-off development workflow once Compose is running, as services automatically update themselves when you save your work. It allows to:
- Sync
- Rebuild
- Sync-restart
"watch" adheres to the following file path rules:
- All paths are relative to the project directory
- Directories are watched recursively
- Glob patterns aren't supported
- Rules from .dockerignore apply
- Use ignore to defined additional paths to be ignored (same syntax)
- Temporary/backup files for common IDEs (Vim, Emacs, JetBrains, & more) are ignored automatically
- .git directories are ignored automatically
Container images consist of layers and software packages, which are susceptible to vulnerabilities. These vulnerabilities can compromise the security of containers and applications.
Docker Scout is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. Simply go to the Docker Scout section in the Docker Engine and select the application which we want to check.
Docker Scout is a standalone service and platform that you can interact with using Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. Docker Scout also facilitates integrations with third-party systems, such as container registries and CI platforms.