<div style="text-align: right;">
<img src="https://upload.wikimedia.org/wikipedia/commons/1/1e/Docker_Logo.png" alt="Docker Logo" width="150"/>
</div>

# Docker Container

 <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">Docker</span> It is a platform for developing, shipping (put into production), and running application

Docker allow us package and run application in a isolation enviroment called *container*.  The *isolation* and *security* lets you to run many containers simultaneously on a given host. It uses OS-level virtualization (not at hardware level like VM), therefore containers share the host OS kernel. 
 
Containers are lightweight and contain everything needed to run the application,

 <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;padding-right: 2.5px;">
    Docker for Desktop</span> is a one-click-install application for your Mac, Linux, or Windows environment that lets you build, share, and run containerized applications and microservices.

What's included in Docker Desktop?

* *Docker Engine*: is the core component that runs and manages Docker containers. It consists of three main parts (Server, REST API, CLI).
* *Docker Build*: is the command or process used to create a Docker image from a set of instructions defined in a **Dockerfile**.
* *Docker Compose*: is a tool for defining and running multi-container Docker applications. Instead of running multiple separate docker run commands, you define all your application's services, networks, and volumes in a single YAML file (typically docker-compose.yaml). This makes it easy to:
  - Start and stop an entire application with a single command (docker compose up).
  - Ensure all parts of a complex application (like a web app, database, and a caching service) are configured and run correctly together.
* ...
<!--
* Docker Kubernetes
* Docker Extensions
* Docker Content Ttust
* Kubernetes -->

### Container

* It is a lightweight, standalone, and executable software package that includes everything needed to run an application: 
  source code, runtime, libraries, environment variables, and configuration files. Containers are isolated from each other and the host system, ensuring consistency across different environments (e.g., development, testing, production). They are a key technology in modern software development and deployment, enabling portability, scalability, and efficiency.

  * *Isolation*: Containers run in isolated environments, meaning they do not interfere with each other or the host system.
  Each container has its own filesystem, network interfaces, and processes.
  * *Portability*: Containers encapsulate all dependencies, making them portable across different systems (e.g., laptops, servers, cloud environments).
  This ensures that applications behave consistently regardless of where they are deployed.
  * *Lightweight*: Unlike virtual machines (VMs), containers share the host operating system's kernel, which makes them faster to start and more resource-efficient.
  * *Consistency*: Containers ensure that applications behave the same way in development, testing, and production environments, reducing "it works on my machine" issues.
  * *Scalability*: Containers can be easily scaled up or down to meet demand, making them ideal for modern cloud-native applications.

* A major difference is that containers do not require their own full OS. In fact, all containers on a single host share the host’s OS. This frees up huge amounts of system resources such as CPU, RAM, and storage.




> The **Windows Subsystem for Linux** (WSL) is a powerful feature in Windows that allows developers to run a Linux environment directly on their Windows machine, without the overhead of a traditional virtual machine or the need for dual-booting.
>
> It is primarily designed to enable developers—especially those in web and open-source fields—to use Linux command-line tools, utilities, and applications seamlessly alongside their standard Windows desktop and applications.

Thanks to WSL it is possible to run Linux containers on Windows machines.
<!-- * It is possible to run Linux containers on Windows machines. For example, `Docker Desktop` running on Windows has two modes — `Windows containers` and `Linux containers`
* Linux container run either inside 
  * a lightweight `Hyper-V VM` 
  * or using the `Windows Subsystem for Linux` (WSL). 
  
  The WSL option is newer and the strategic option for the future as it doesn’t require a Hyper-V VM and offers better performance and compatibility:
  `Windows Subsystem for Linux (WSL)` is a feature of Windows that allows you to run a Linux environment on your Windows machine, without the need for a separate virtual machine or dual booting.  -->

### How does a container work?

1. The Container Image (The Blueprint): Before a container can run, it must be packaged into a **Container Image**.

    * **Definition:** An image is a static, immutable file that contains everything needed to run an application: the application code, a runtime (like Python or Java), essential system libraries, binaries, and configuration files.
    * **Layering:** Images are built using a stack of **read-only layers**. When you make a change (e.g., install a package), a new layer is created. This layering system is highly efficient, as identical base layers can be shared among many different images, reducing disk usage.
    * **Read-Only Filesystem:** When a container starts, the image layers form the foundation, creating a read-only filesystem.

2. Container Instantiation (The Running Process): When you run an image (creating a container), the container runtime (like Docker Engine) leverages kernel features to isolate the process.

    * **The Container is a Process:** Fundamentally, a container is just an **isolated process** running on the host OS.
    * **The Writable Layer:** The container runtime adds a thin, **writable layer** on top of the image's read-only layers. All changes the running application makes (new files, logs, etc.) are written to this layer, preserving the immutability of the underlying image.

3. Core Isolation Technologies: The isolation that makes a container feel like a separate machine is achieved through two main Linux kernel features:

    A. Namespaces (Isolation/Visibility)
    Namespaces provide the illusion of a completely separate operating system by isolating specific system resources. They control **what a container can see**.

    | Namespace | What it Isolates (What the Container Sees) | Example |
    | :--- | :--- | :--- |
    | **PID** (Process ID) | The process tree. | The container's main process appears as **PID 1** inside the container, and it cannot see processes running outside of it on the host. |
    | **NET** (Network) | The network stack. | The container gets its own IP address, routing table, and network interfaces, separate from the host's and other containers'. |
    | **MNT** (Mount) | The filesystem mount points. | The container sees its own root filesystem (defined by the image) and cannot access the host's files unless explicitly mounted. |
    | **UTS** (Hostname) | Hostname and domain name. | The container can have its own unique hostname. |
    | **User** | User and group IDs. | Allows a user to be `root` inside the container, but be mapped to an unprivileged user on the host for security. |

    B. Control Groups (cgroups) (Resource Management)
    Cgroups are responsible for **managing and limiting the resources** a container can consume. They control **what a container can use**.

    * **Resource Limits:** Cgroups prevent a single rogue container from consuming all of a host's resources.
    * **Examples:** You can use cgroups to limit a container to a specific amount of **CPU time**, **RAM**, **network bandwidth**, and **disk I/O**.

>  The Ops Perspective:
> 
> When you install Docker, you get two major components: the Docker `client` and the Docker `daemon` (sometimes called the "Docker engine", server)
>  

## Images

It’s useful to think of a Docker image as an object that contains an OS filesystem, an application, and all application dependencies.

We can get images from Docker Hub: https://hub.docker.com/

The syntax is:

```bash
docker pull <image_name>:<tag>-<flavor>
```
The `<tag>:<flavor>` is optional. If we don't pass this option, then Docker will pull the `latest` version.

Every image get its own and unique `ID` 

```bash
  docker images
```

* We can call the images by its names or its `ID`
* When we work with its IDs we only need type words as long as it's unique.

### Example for **Python**

It is mantained by Docker community and Python maintainers

```bash
docker pull python:3.12-slim
```
It contains

1. A minimal Linux operating system environment (the base layer).
2. The Python interpreter (e.g., Python 3.12, 3.11, etc.).
3. Essential libraries and utilities needed to run Python and manage packages (like pip).

**Tags**

These *tags* specify the Python version installed in the image

**Flavor**

The base Linux distribution used dictates the size and complexity of the image. Choosing the correct variant is the most crucial step for production containerization.

1. Full (e.g., python:3.12)
   * Base OS: A full-featured Debian distribution.
   * Pros: Includes many standard tools, compilers (gcc), and libraries that your application might implicitly need for building wheels or  compiling C extensions.
   * Cons: Largest size, leading to slower build times and more attack surface (more installed packages = more potential security  vulnerabilities).

2. Slim (e.g., python:3.12-slim)
   * Base OS: A minimal Debian distribution.
   * Pros: Significantly smaller than the full tag. It usually strips out documentation and non-essential packages. This is a common and  recommended choice.
   * Cons: Does not include compilers or common build tools. If your Python dependencies require compiling C extensions (e.g., NumPy,  Pandas), the build will likely fail.

3. Alpine (e.g., python:3.12-alpine)
   * Base OS: Alpine Linux, which uses musl libc instead of the standard GNU libc (glibc).
   * Pros: The smallest official Python images. Excellent for minimizing image size.
   * Cons: Can be challenging. Due to using musl libc, some pre-compiled Python packages (wheels) built for glibc will not work, forcing  them to be compiled from source or requiring specific musl-compatible wheels.


rc:release candidate

## Containers 

Once we have the images we can run them
```bash 
docker container run -it python:3.12-slim bash
```
It point outs that Docker will run the container in interactive mode (-it) and attach the current shell to container's terminal

```bash
root@913d58d37125:/#
```
where `913d58d37125` is the ID of the container

In this terminal we can run commands. 
```bash
python3 -c "print('Hello World!')"
```

> To go out of the container's terminal  `ctrl+d` 
> 
> If we want to navigate inside container's terminal we can use the commands of `bash`.

`-it` is for interactive mode, that is, the container will be run in interactive mode and attach the current shell to the container's terminal

### Running containers

We can see the container is running. Here `ps` means *process*. 
```bash 
docker container ps
```

We can see the container have been ran and stopped (if we delete a container, this will not yet apperar here)  
```bash
docker container ps -a
```

### Deleting containers

We can delete a container with 

```bash 
docker container rm 913d58d37125
``` 
Here `913d58d37125` is the ID of the container 

If the container is running, we can force the stop and then delete it with `-f`

```bash 
docker container rm 913d58d37125 -f
```

We can directly remove all containers without saving their IDs to a file first

```bash
docker rm $(docker container ps -a -q)
```

### Attaching to running containers

If the container is runnig we can attach on it using a `bash terminal`. Or We can use an IDE like Visual Studio Code, which offers a "Attach to Running Container" command

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker container exec -it <container-id-or-name>
```
or 

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker attach <container-id-or-name>
```

Example

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker container exec -it 913d58d37125 bash
```

### Running database containers

MYSQL

The following command 

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash 
docker run --name mysql_db -e "MYSQL_ROOT_PASSWORD=yourStrong@Password" -p 3306:3306 mysql:latest
```

This initialize the container that is runnig server of MySQL.

The name of the container is `mysql_db`, and the `-e` (`--env`) point out the `environment variables`,  e.g. `MYSQL_ROOT_PASSWORD`. Finally, `mysql` is the name of the image that contains the `mysql`. The first `3306` is the host port and `3306` is the container port. We can add `-d` before to 
`--name` to detach mode (run in background).

Once it running the container, we can access to container. The `docker exec` command allows us to run commands inside a Docker container. The following command line will give you a bash shell inside your `mysql_db` container
to it passing the following command.

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker container exec -it mysql_db bash
```

Connecting to MySQL

Using this command line we can connect to MySQL

```bash
mysql -u <username> -p
```

We only need to replace `<username>` with your MySQL username (e.g., root).

Then, press Enter, and you will be prompted to enter your password.
After typing the correct password, the mysql> prompt will appear, indicating you are connected

POSTGRES SQL

PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards-compliance. As a database server, its primary function is to store data, securely and supporting best practices, and retrieve it later, as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet)

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
$ docker run --name postgres_db -e "POSTGRES_PASSWORD=yourStrong@Password" -d postgres:13
```


MONGODB

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker run --name mongo_db -p 27017:27017 -d mongo
```

This initialize the container that is running server of the mongo *mongod* (mongo deamon).

MSSQL

If not exists *mcr.microsoft.com/mssql/server:2022-latest* it will be donwloaded.


<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker run --name mssql_db -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=yourStrong@Password" -p 1433:1433 -d mcr.microsoft.com/mssql/server:2022-latest
```

`-d` detach mode.

Used for running container in the background (as daemon). In database containers, this is often used to run the database server in the background.

### Storage in Docker
By default, data stored inside a Docker container is ephemeral, meaning it will be lost when the container is removed or stopped. To persist data beyond the lifecycle of a container, Docker provides several options for storage:
1. **Volumes**:
   - Volumes are the preferred way to persist data in Docker. They are managed by Docker and can be easily shared between containers.
   - You can create a volume using the command:
     ```bash
     docker volume create my_volume
     ```
   - To use a volume in a container, you can mount it using the `-v` or `--mount` flag:
     ```bash
     docker run -d -v my_volume:/data my_image
     ```
   - Data stored in volumes is stored outside the container's filesystem, making it persistent even if the container is deleted.
2. **Bind Mounts**:
   - Bind mounts allow you to mount a file or directory from the host machine into a container. This is useful for development purposes, as it allows you to share code and configuration files between the host and the container.
   - To use a bind mount, you can use the `-v` or `--mount` flag with the full path of the host directory:
     ```bash
     docker run -d -v /path/on/host:/data my_image
     ```    
   - Changes made to the files in the mounted directory on the host will be reflected in the container and vice versa.
3. **tmpfs Mounts**:
   - tmpfs mounts are used to store data in the host system's memory. This is useful for temporary data that does not need to be persisted.
   - To use a tmpfs mount, you can use the `--tmpfs` flag:
     ```bash
     docker run -d --tmpfs /data my_image
     ```
    - Data stored in tmpfs mounts is lost when the container is stopped or removed, as it resides in memory.

### Volumen

<center>
<img src="https://miro.medium.com/v2/format:webp/0*hN3NgV1e3ZchXg_G" height=300>
</center>

In [None]:
from jose import JWTError, jwt
from datetime import timedelta, datetime
import requests

BASE_URL = 'http://localhost:8000'

# Step 1: Get the access token
token_response = requests.post(
    'http://127.0.0.1:8005/token',
    json={'username': 'admin', 'password': 'secret'}  # form data
)


if token_response.status_code == 200:
    token_data = token_response.json()
    access_token = token_data['access_token']
    
    # Step 2: Use the token in the Authorization header
    protected_response = requests.get(
        'http://127.0.0.1:8005/protected',
        headers={'Authorization': f'Bearer {access_token}'}
    )
    
    print(protected_response.json())
else:
    print("Login failed:", token_response.json())

def auth(email: str, password: str):
    """Get all products from the API"""
    try:
        response = requests.post(
            f"{BASE_URL}/api/users/token", 
            json={"email": email, "password": password})

        if response.status_code == 200:
            return response.json()
        return dict()
    except requests.exceptions.ConnectionError:
        print("Failed to connect to the API. Make sure the service is running.")
        return dict(
            access_token="",
            token_type="bearer"
        )
# Base URL for the API (connecting to the app service from inside the container)
BASE_URL = "http://localhost:8000"

def add_to_cart(product_id: int, quantity: int, token: str):
    """Add a product to the cart"""
    cart_data = {
        "product_id": product_id,
        "quantity": quantity
    }
    
    response = requests.post(
            f"{BASE_URL}/api/cart/", 
            json=cart_data,
            headers={"Authorization": f"Bearer {token}"})
    if response.status_code == 201:
        return response.json()
    return {}


cart_item = add_to_cart(1, 1, token['access_token'])

A *volume* in Docker is a persistent storage mechanism used to store data outside the container's filesystem.  

Volumes are managed by **Docker (engine)** and allow data to persist even after a container is stopped, removed, or recreated. They are the preferred way to manage data that needs to be shared between containers or preserved across container lifecycles.

Docker volumes allow you to to create references to files outside of a Docker container. This means any changes you make to your source files can be immediately reflected in the container, without the need for a rebuild.

<!-- This is a typical common Docker command to run a container

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker run -p 3000:3000 -v /app/node_modules -v $(pwd):/app <image_id>
```

1. `-p 3000:3000` maps port 3000 of the container to port 3000 on the host machine, allowing you to access the app via localhost:3000.
2. `-v /app/node_modules` puts a bookmark on the node_modules folder inside the container, which tells Docker to use the node_modules from the container itself, not from the mounted volume. This is important because node_modules are platform-specific and should not be overridden by the host's files.
3. `-v $(pwd):/app` mounts the current working directory (from your host) to the /app directory inside the container. This means any file changes in the current directory are immediately accessible within the container. -->

Volumes are mechanism for persisting data generated by and used by Docker containers

You can create and manage volumes outside the scope of any container.

- Volumes are easier to back up or migrate.
- You can manage volumes using Docker CLI commands or the Docker API.
- Volumes work on both Linux and Windows containers.
- Volumes can be more safely shared among multiple containers.
- Volume drivers let you store volumes on remote hosts or cloud providers, encrypt the contents of volumes, or add other functionality
- New volumes can have their content pre-populated by a container.

<span style="font-size:14px;border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">Create a volume:</span>
<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker volume create my-vol
```

<span style="font-size:14px;border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">List all volumes:</span>
<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>


```bash
docker volume ls
```

<span style="font-size:14px;border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">Inspect a volume:</span>
<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker volume inspect my-vol
```

<span style="font-size:14px;border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">Remove a volume:</span>
<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>


```bash
docker rm my-vol
```

EXAMPLE 01

If you start a container with a volume that doesn't yet exist, Docker creates the volume for you.

The following example Docker will start a new container named `mssql_db`, mount a volume named `mssql_data` to `/var/opt/mssql` inside the container, set the `ACCEPT_EULA` and `MSSQL_SA_PASSWORD` environment variables, map port 1433 of the host to port 1433 of the container, and use the latest version of the Microsoft SQL Server image with the tag 2022-latest.

<span style="font-size:12px;background-color:rgb(231, 231, 231);border: 2px;
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker run --name mssql_db -mount source=mssql_data,target=/var/opt/mssql -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=yourStrong@Password" -p 1433:1433 -d mcr.microsoft.com/mssql/server:2022-latest
```

for MySQL the volumen point to /var/lib/mysql



EXAMPLE 02

This command pulls the jupyter/datascience-notebook image tagged latest from Quay.io if it is not already present on the local host. It then starts an ephemeral container running a Jupyter Server with the JupyterLab frontend and exposes the server on host port `8888`.

<span style="font-size:12px;background-color:rgb(231, 231, 231);border: 2px;
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker run -it --rm -p 8888:8888 -v ${PWD}:/home/jovyan/work quay.io/jupyter/datascience-notebook
```

The use of the -v flag in the command mounts the current working directory on the host (`${PWD}` in the example command) as `/home/jovyan/work` in the container. The server logs appear in the terminal.

Visiting `http://<hostname>:8888/?token=<token> in a browser loads JupyterLab`.

Due to the usage of the `--rm` flag Docker automatically cleans up the container and removes the file system when the container exits, but any changes made to the `~/work` directory and its files in the container will remain intact on the host. 

BACK UP A MYSQL DATABASE

This Docker command creates a one-time container to back up a MySQL database from another container

<span style="font-size:12px;background-color:rgb(231, 231, 231);border: 2px;
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker run --rm --volumes-from mysql-container -v $(pwd):/backup ubuntu/mysql:latest tar cvf /backup/backup.tar /var/lib/mysql
```

- `docker run`: This is the command to create and run a new Docker container.

- `--rm`: This flag tells Docker to automatically remove the container after it exits. This is useful for one-off tasks like backups, where you don't need the container to persist.

- `--volumes-from mysql-container`: This is a crucial part. It mounts all the volumes from the container named mysql-container into the new container being created (randomly name). This is how the backup process gains access to the MySQL data directory. **It's essential that a container named mysql-container exists and has the data volume you want to back up**.

- `-v $(pwd):/backup`: This is a bind mount. It mounts the current working directory on your host machine ($(pwd)) to the /backup directory inside the new container. This is where the backup file (backup.tar) will be created.

- `ubuntu/mysql:latest`: This specifies the image to use for the new container. It's using the official MySQL image based on Ubuntu. Although it says mysql, the command inside the container doesn't actually start the MySQL server; it just uses the image because it contains the tar utility.

- `tar cvf /backup/backup.tar /var/lib/mysql`: This is the command that will be executed inside the new container.
  - `tar`: This is the archiving utility.
  - `c`: Create an archive.
  - `v`: Verbose output (list the files being archived).
  - `f /backup/backup.tar`: Specify the archive file name (backup.tar) and its location (/backup, which is mounted to your current working directory).
  - `/var/lib/mysql`: This is the directory inside the mysql-container (mounted thanks to --volumes-from) containing the MySQL database files (data volume). This is what's being archived.

More about volumen https://docs.docker.com/storage/volumes/#start-a-container-with-a-volume

## Docker Build (Building an Image)

`dockerfile` is a file which each line represents an instruction that `Docker` uses to build an image.

The `docker build` command executes the instructions contained within a `Dockerfile` sequentially to construct a *layered image filesystem*.

The following command build the image called `app`

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>

```bash
docker build -t app .
``` 
`-t` is for tag and the period `.` at the end of the standard docker build command `docker build -t app .` tells the daemon to use the current working directory as the build context. That is, the directory from which the `Dockerfile` will be read.

- Each instruction in the Dockerfile (like FROM, RUN, COPY, ENV) creates a read-only layer in the final image. These layers are stacked on top of each other.
- Because images are composed of layers, if you change an instruction, Docker only has to rebuild the layers from that point forward, which is faster.

Docker uses a powerful caching mechanism to speed up subsequent builds.

- How it works: When the Docker daemon executes an instruction, it checks if it has already built a layer for the exact same instruction in the past.
- Cache Hit: If a layer with the identical instruction exists, Docker uses the cached layer ("cache hit") instead of re-executing the instruction. This is why you often see ---> Using cache during a build.
- Cache Invalidation: The cache is broken ("cache miss") when:
  - An instruction is changed.
  - The contents of a file referenced by ADD or COPY are changed. Docker checks the checksums of the files.
  - You use the --no-cache flag.
  - An instruction that relies on the current time (like a build-time variable) is used.

<table data-path-to-node="19"><thead><tr><td data-path-to-node="19,0,0,0">Instruction</td><td data-path-to-node="19,0,1,0">Purpose</td><td data-path-to-node="19,0,2,0">Creates a Layer?</td></tr></thead><tbody><tr><td data-path-to-node="19,1,0,0"><b><code>FROM</code></b></td><td data-path-to-node="19,1,1,0">Sets the base image for subsequent instructions. Must be the first instruction.</td><td data-path-to-node="19,1,2,0">Yes</td></tr><tr><td data-path-to-node="19,2,0,0"><b><code>RUN</code></b></td><td data-path-to-node="19,2,1,0">Executes commands in a new layer on top of the current image.</td><td data-path-to-node="19,2,2,0">Yes</td></tr><tr><td data-path-to-node="19,3,0,0"><b><code>COPY</code></b></td><td data-path-to-node="19,3,1,0">Copies files/directories from the build context into the image filesystem.</td><td data-path-to-node="19,3,2,0">Yes</td></tr><tr><td data-path-to-node="19,4,0,0"><b><code>ADD</code></b></td><td data-path-to-node="19,4,1,0">Similar to <code>COPY</code>, but can also extract tarballs (compressed) and fetch files from URLs.</td><td data-path-to-node="19,4,2,0">Yes</td></tr><tr><td data-path-to-node="19,5,0,0"><b><code>CMD</code></b></td><td data-path-to-node="19,5,1,0">Provides defaults for an executing container. Only one <code>CMD</code> can exist.</td><td data-path-to-node="19,5,2,0">No (Metadata)</td></tr><tr><td data-path-to-node="19,6,0,0"><b><code>ENTRYPOINT</code></b></td><td data-path-to-node="19,6,1,0">Configures a container that will run as an executable. Often used with <code>CMD</code>.</td><td data-path-to-node="19,6,2,0">No (Metadata)</td></tr><tr><td data-path-to-node="19,7,0,0"><b><code>WORKDIR</code></b></td><td data-path-to-node="19,7,1,0">Sets the working directory for subsequent <code>RUN</code>, <code>CMD</code>, <code>ENTRYPOINT</code>, <code>COPY</code>, and <code>ADD</code> instructions.</td><td data-path-to-node="19,7,2,0">Yes</td></tr><tr><td data-path-to-node="19,8,0,0"><b><code>ENV</code></b></td><td data-path-to-node="19,8,1,0">Sets environment variables.</td><td data-path-to-node="19,8,2,0">Yes</td></tr></tbody></table>

EXAMPLE

Simple *Hello World* application using FastAPI

Tree of the project

```bash
fastapi_docker_app
├── main.py
├── requirements.txt
├── Dockerfile
```



<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;"> Python : main.py</span>

```python
from fastapi import FastAPI

app = FastAPI()

@app.get("/")
async def root():
    return {"message": "Hello World"}
```

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;"> txt : requirements.txt</span>

```bash
fastapi==0.115.0
uvicorn[standard]==0.23.2
```

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">dockerfile: dockerfile</span>

```bash
FROM python:3.12-slim

WORKDIR /app

COPY requirements.txt .

RUN pip install --no-cache-dir -r requirements.txt

COPY main.py .

EXPOSE 8000

CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
```

Usage

```bash
docker build -t fastapi-app .
docker run -p 8000:8000 fastapi-app
curl http://localhost:8000
```


## Docker Compose

**Docker Compose** is a tool for defining and running multi-container Docker applications. It allows you to use a YAML file (**docker-compose.yml**) to configure the services, networks, and volumes required for your application. With a single command, you can create and start all the services defined in the configuration file, making it easier to manage complex applications that consist of multiple containers.

- *Multi-Container Orchestration* :
Docker Compose enables you to define and manage multiple containers as a single application. For example, a web application might include a database container, a backend API container, and a frontend container.
- *Declarative Configuration* :
The docker-compose.yml file provides a declarative way to define the application's services, networks, and volumes. This makes it easy to version control and share configurations.
- *Single Command Management* :
You can start, stop, or rebuild all the services with simple commands like `docker-compose up` and `docker-compose down`.
- *Environment Variables* :
Docker Compose supports environment variables, allowing you to customize configurations for different environments (e.g., development, testing, production).
- *Networking* :
Docker Compose automatically creates a default network for your services, enabling them to communicate with each other using service names as hostnames.
- *Volume Management* :
Volumes can be defined and shared between containers, ensuring data persistence and consistency.

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">yaml</span>

```yaml
version: '3.8'  # Specify the version of the Docker Compose file format

services:
  web:  # Name of the first service
    image: nginx:latest  # Docker image to use
    ports:
      - "80:80"  # Map port 80 on the host to port 80 in the container
    depends_on:
      - db  # This service depends on the "db" service

  db:  # Name of the second service
    image: mysql:latest  # Docker image to use
    environment:  # Environment variables for the MySQL container
      MYSQL_ROOT_PASSWORD: example
    volumes:
      - db_data:/var/lib/mysql  # Persistent volume for MySQL data

volumes:  # Define named volumes
  db_data:
```

`version` :
- Specifies the version of the Docker Compose file format. Use 3.8 or later for compatibility with most Docker setups.

`services` :
- Defines the services (containers) required for the application:
    - `web`: A web server using the nginx:latest image.
    - `db`: A MySQL database using the mysql:latest image.

`ports` :
- Maps port 80 on the host to port 80 in the web container.

`depends_on` :
- Ensures that the db service starts before the web service.

`environment` :
- Sets environment variables for the db service (e.g., the MySQL root password).

`volumes` :
- Defines a named volume (db_data) to persist MySQL data.

1. Save the YAML content to a file named *docker-compose.yml*.
2. Run the following command in the same directory as the *docker-compose.yml* file:

<span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">bash</span>
```bash
docker-compose up -d 
```
If we want to use other name we can pass flag `-f`.
```bash
docker-compose -f my-docker-compse.yml up -d 
```

### docker run

The `docker run` command runs a command in a new container, pulling the image if needed and starting the container.

Usage <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">docker container run [OPTIONS] IMAGE [COMMAND] [ARG...]</span>

options:

- <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">--rm</span>: Automatically remove the container and its associated anonymous volumes when it exits

- <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">-i</span>: Docker keeps the container's STDIN stream open, allowing you to send input even when the container is running in detached mode.

- <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">-p</span>: 	Publish a container's port(s) to the host. <span style="font-size:14px;background-color:rgb(231, 231, 231);border:  1px solid rgb(165, 165, 165);
    border-radius:5px; padding-left: 2.5px;
    padding-right: 2.5px;">-p 8080:5000</span>

We can run an image with the following commands
* `docker run postgres` or by its *image id* `docker run 41cd24e8c51b`

We can run several version of the images. That mean we can run several version of a program.

To see the images that we have

* `docker images`

To see the images that we have runned (thta is the containers)

* `docker ps`

## Containerize an application

An application usually are made up by the frontend and backend code. Later usually are made up by APIs that sent document to client, but sent post to get data from database.

So we can divide the appication into the *logic* and *server database*. 

In general, each container should do one thing and do it well. A few reasons:

* There’s a good chance you’d have to scale APIs and front-ends differently than databases
* Separate containers let you version and update versions in isolation
* While you may use a container for the database locally, you may want to use a managed service for the database in production. You don’t want to ship your database engine with your app then.
* ... 
