In [1]:
# <code></code>

- Docker version on Linux: <code>sudo docker version</code>
- Docker Images: <code>docker image ls</code>
- Docker Container: <code>docker container ls</code>

## Pulling Images

<code>docker image pull ubuntu:latest</code>

## Running containers

<code>docker container run -it ubuntu:latest /bin/bash</code>

- <code>-it</code> **flags switch your shell into the terminal of the container**
- <code>docker container run</code> **tells the Docker daemon to start a new container**
- <code>ubuntu:latest</code> **the command tells Docker that we want the container to be based on the ubuntu:latest**

<code>ps -elf</code>
 
- **The** <code>/bin/bash</code> **process that we told the container to run with the docker container run command.**
- **The** <code>ps -elf</code> **command/process that we ran to list the running processes.**

<code>Ctrl -PQ</code> **to exit from the container. Doing this from inside of a container will exit you from the container without killing it.**

## Attaching to Running Containers

**You can attach your shell to the terminal of a running container with the** <code>docker container exec</code> **command**

**<code>docker container exec 'option' 'container-name or container-id' 'command/app'</code>**

<code>docker container exec -it container_name bash</code>

### Stop containers

- <code>docker container stop container_name</code>
- <code>docker container rm container_name</code>

**Verify that the container was successfully deleted by running the** <code>docker container ls -a</code>

docker container exec -it vigilant_borg bash

## Create and run a web server image locally

- <code>docker image build -t test:latest .</code> **create an image named test with the latest version defined on the Dockerfile**
- <code>docker container run -d --name web1 --publish 8080:8080 test:latest</code> run it locally

# Images
**Images are like stopped containers (or classes if you’re a developer).**
![image.png](attachment:image.png)

**Commands to start one or more containers from a single image.**
- <code>docker container run</code>
- <code>docker service create</code>

*Once you’ve started a container from an image, the two constructs become dependent on each other, and you cannot delete the image until the last container using it has been stopped and destroyed.*

## Pulling

<code>docker image pull redis:latest</code>  **pull latest redis image**

<code>docker image pull alpine:latest </code>  **pull latest alpine image**

<code>docker image ls</code> **check all images**

### Official Repositories
**Addressing images from official repositories is as simple as providing the repository name and the tag separated by a colon (:).**

In [None]:
docker image pull <repository>:<tag>

**Example:**

- <code>docker image pull mongo:4.2.6</code>
- <code>docker image pull busybox:latest</code>
- <code>docker image pull alpine</code>

### Unofficial Repositories

DockerHub username/Organization name + the name + **:** + version

<code>docker image pull nigelpoulton/tu-demo:v2</code>

#### Images with Multiple Tags
Pull all of the images in a repository by using <code>-a</code> on the pull request

<code>docker image pull -a nigelpoulton/tu-demo</code>

# Filtering the Output of "docker image ls"

<code>docker image ls --filter dangling=true</code>

**A dangling image is an image that is no longer tagged and appears in listings as none:none**

You can delete all dangling images on a system with the <code>docker image prune</code> command. If you add the <code>-a</code> flag, Docker will also remove all unused images (those not in use by any containers).

- <code>dangling:</code> *Accepts <code>true</code> or <code>false</code>, and returns only dangling images (true) or non-dangling images (false).*
- <code>before:</code> *Requires an image name or ID as argument, and returns all images created before i*
- <code>since:</code> *Same as above, but it returns images created after the specified image.*
- <code>label:</code> *Filters images based on the presence of a label or label and value. The docker image ls command does not display labels in its output.*

For all other filtering, you can use <code>reference</code>.

**Example format:**

You can also use the <code>--format</code> flag to format output using Go templates. For example, the following command will only return the size property of images on a Docker host.

- <code>docker image ls --filter=reference="*:latest"</code> Only display images tagged as latest

- <code>docker image ls --format "{{.Size}}"</code> **Return the size property of images on a Docker host.**

- <code>docker image ls --format "{{.Repository}}: {{.Tag}}: {{.Size}}"</code> **Return all images, but only display repo, tag, and size.**

# Searching Docker Hub From the CLI

<code>docker search</code>

- docker search alpine --filter "is-official=true" **You can use**<code>--filter "is-official=true"</code> **so that only official repos are displayed.**

- docker search alpine --filter "is-automated=true" **Only show repos with automated builds.**

One last thing about <code>docker search:</code> by default, Docker will only display 25 lines of results. However, you can use the <code>--limit</code> flag to increase that to a maximum of 100.

# Images and layers

<code>docker image inspect</code>

**Ex.** <code>docker image inspect ubuntu:latest</code>

![image.png](attachment:image.png)

**It’s important to understand that as additional layers are added, the image is always the combination of all layers stacked in the order they were added.**

## Image digest

<code>docker image pull alpine </code>    
<code>docker image ls --digests alpine </code>

**Tags** are mutable therefore it's important to introduce digest.

Docker 1.10 introduced a content-addressable storage model. As part of this model, all images get a cryptographic content hash. As the digest is a hash of the contents of the image, it’s impossible to change the contents of the image without creating a new unique digest. To put it another way, you cannot change the content of an image and keep the old digest. This means digests are immutable and provide a solution to the problem that we just talked about.

## Delete Images

<code>docker image rm</code> command. <code>rm</code> is short for “remove.”

**Ex.** <code>docker image rm f70734b6a266 a4d3716dbb72</code> Deletes multiple images

### Delete all images

**A handy shortcut for deleting all images on a Docker host is to run the docker image rm command, and pass it a list of all image IDs on the system by calling docker image ls with the -q flag.**

<code>docker image rm $(docker image ls -q) -f</code>

### Images - The Commands

- <code>docker image pull</code>is the command to download images. We pull images from repositories inside of remote registries. By default, images will be pulled from repositories on Docker Hub. The following command will pull the image tagged as <code>latest</code> from the <code>alpine</code> repository on Docker Hub: <code>docker image pull alpine:latest</code>.


- <code>docker image ls</code>lists all of the images stored in your Docker host’s local image cache. To see the SHA256 digests of images add the <code>--digests</code> flag.


- <code>docker image inspect</code>is a thing of beauty! It gives you all of the glorious details of an image—layer data and metadata.


- <code>docker manifest inspect</code>allows you to inspect the manifest list of any image stored on Docker Hub. This will show the manifest list for the <code>redis</code> image: <code>docker manifest inspect redis</code>.


- <code>docker buildx</code>is a Docker CLI plugin that extends the Docker CLI to support multi-arch builds.


- <code>docker image rm</code>is the command to delete images. This command shows how to delete the <code>alpine:latest</code> image: <code>docker image rm alpine:latest</code>. You cannot delete an image that is associated with a container in the running (Up) or stopped (Exited) states.

# Containers

<code>docker container run</code>

<code>docker container run 'image' 'app'</code>

![image.png](attachment:image.png)

**Start an Ubuntu Linux container running the Bash shell as its app.**

- <code>docker container run -it ubuntu /bin/bash</code>

## Stop a container

<code>-it</code> **flag make the container interactive and attach it to your terminal**

- <code>docker container run -it alpine:latest sleep 10</code>

### Exiting with terminating

<code>exit</code>

### Exiting without terminating

<code>Ctrl -PQ</code>

#### Re-attaching to the terminal

**It’s important to understand that this container is still running and you can reattach your terminal to it with the <code>docker container exec command</code>.**

## Container Life-cycle

- **Start:** <code>docker container run --name percy -it ubuntu:latest /bin/bash</code> *container named percy*

## Restart policies

*Restart policies are applied per container and can be configured imperatively on the command line as part of <code>docker-container run</code> commands or declaratively in <code>YAML</code> files*

- <code>always</code> The always policy is the simplest. It always restarts a stopped container unless it has been explicitly stopped, such as via a *docker container stop* command.


- <code>unless-stopped</code> *will not be restarted when the daemon restarts if they were in the Stopped (Exited) state.*


- <code>on-failed</code>

- <code>docker container run -d --name always --restart always alpine sleep 1d</code>

- <code>docker container run -d --name unless-stopped --restart unless-stopped alpine sleep 1d</code>

## Web Server Example

Create a webserver called webserver

<code>docker container run -d --name webserver -p 8000:8080 educative1/ddd-web</code> 

- **Deamon mode:** *the <code>-d</code> (daemon mode) flag start a container without attaching it to yout terminal (therefore the prompt doesn't change)*


- **Exposing ports:** *the <code>-p</code> flag maps port 8000 on the Docker host to port 8080 inside the container. This means that traffic hitting the Docker host on port 8000 will be directed to port 8080 inside of the container.


## Delete all containers

<code>docker container rm $(docker container ls -aq) -f </code>

## Docker commands

- <code>docker container run</code> *s the command used to start new containers. In its simplest form, it accepts an image and a command as arguments. <code>docker container run -it ubuntu /bin/bash</code>


- <code>Ctrl-PQ</code> *will detach your shell from the terminal of a container and leave the container running (UP) in the background.*


- <code>docker container ls</code> * lists all containers in the running (UP) state. If you add the -a flag, you will also see containers in the stopped (Exited) state.*


- <code>docker container exec</code>*runs a new process inside of a running container. It’s useful for attaching the shell of your Docker host to a terminal inside of a running container.* <code>docker container exec -it container-name or container-id bash</code>


- <code>docker container stop</code> *will stop a running container and put it in the Exited (0) state*


- <code>docker container start</code>will restart a stopped (Exited) container. You can give <code>docker container start</code> the name or ID of a container.


- <code>docker container rm</code> *will delete a stopped container. You can specify containers by name or ID. It is recommended that you stop a container with the <code>docker container stop</code> command before deleting it*


- <code>docker container inspect</code> *will show you detailed configuration and runtime information about a container. It accepts container names and container IDs as its main argument.*

# Containerizing an app - The TLDR
Containers are all about making apps simple to **build**, **ship**, and **run**.

- Start with your application code and dependencies.
- Create a Dockerfile that describes your app, its dependencies, and how to run it.
- Feed the Dockerfile into the docker image build command.
- Push the new image to a registry (optional).
- Run the container from the image.

![image.png](attachment:image.png)

## Build a Dockerfile

Examples of instructions that create new layers are <code>FROM</code>, <code>RUN</code>, and <code>COPY</code>. Examples that create metadata include <code>EXPOSE</code>, <code>WORKDIR</code>, <code>ENV</code>, and <code>ENTRYPOINT</code>.

In [None]:
#Example Dockerfile
FROM alpine
LABEL maintainer="nigelpoulton@hotmail.com"
RUN apk add --update nodejs nodejs-npm
COPY . /src
WORKDIR /src
RUN npm install
EXPOSE 8080
ENTRYPOINT ["node", "./app.js"]

- **FROM:** All Dockerfiles start with the FROM instruction. This will be the base layer of the image, and the rest of the app will be added on top as additional layers.


- **LABEL:** Dockerfile creates a LABEL that specifie the maintainer of the image.


- **RUN:** The <code>RUN apk add --update nodejs nodejs-npm</code> instruction uses the Alpine apk package manager to install <code>nodejs</code> and <code>nodejs-npm</code> into the image. It creates a new image layer directly above the Alpine base layer


- **COPY:** The <code>COPY . /src</code> instruction creates another new layer and copies in the application and dependency files from the build context.


- **WORKDIR:** the Dockerfile uses the <code>WORKDIR</code> instruction to set the working directory inside the image filesystem for the rest of the instructions in the file.


- **RUN:** Then the <code>RUN npm install</code> instruction creates a new layer and uses <code>npm</code> to install application dependencies listed in the <code>package.json</code> file in the build context.


- **EXPOSE:** The application exposes a web service on TCP port 8080, so the Dockerfile documents this with the <code>EXPOSE 8080</code> instruction. This is added as image metadata and not an image layer.


- **ENTRYPOINT:** Finally, the <code>ENTRYPOINT</code> instruction is used to set the main application that the image (container) should run. This is also added as metadata and not an image layer.

![image.png](attachment:image.png)

## Pushing Images
Docker Hub is the most common public image registry, and it’s the default push location for <code>docker image push commands</code>.

In [None]:
docker login
#Login with **your** Docker ID to push and pull images from Docker Hub...
Username: kpi
Password:
Login Succeeded

## Tag the image
Before you can push an image, you need to tag it in a special way. This is because Docker needs all of the following information when pushing an image:
- Registry
- Repository
- Tag

### re-tagging
I don’t have access to the web repository. All of my images live in the kpi second-level namespace. This means that I need to re-tag the image to include my Docker ID. Remember to substitute your own Docker ID.
<code>docker image tag web:latest nigelpoulton/web:latest</code>

- **Rename:** <code>docker image tag current-tag new-tag</code>

- **Push:** <code>docker image push kpi/web:latest</code>

## Image history

You can view the instructions that were used to build the image with the <code>docker image history command</code>

## Keeping Docker images small

Docker images should be small. The aim of the game is to only ship production images with the stuff needed to run your app in production.

For example, the way you write your Dockerfiles has a huge impact on the size of your images. A common example is that every <code>RUN</code> instruction adds a new layer. As a result, it’s usually considered a best practice to include multiple commands as part of a single <code>RUN</code> instruction—all glued together with double-ampersands (<code>&&</code>) and backslash <code>(\)</code> line-breaks. While this isn’t rocket science, it requires time and discipline.

In [None]:
#Example
FROM node:latest AS storefront
WORKDIR /usr/src/atsea/app/react-app
COPY react-app .
RUN npm install
RUN npm run build

FROM maven:latest AS appserver
WORKDIR /usr/src/atsea
COPY pom.xml .
RUN mvn -B -f pom.xml -s /usr/share/maven/ref/settings-docker.xml dependency:resolve
COPY . .
RUN mvn -B -s /usr/share/maven/ref/settings-docker.xml package -DskipTests

FROM java:8-jdk-alpine AS production
RUN adduser -Dh /home/gordon gordon
WORKDIR /static
COPY --from=storefront /usr/src/atsea/app/react-app/build/ .
WORKDIR /app
COPY --from=appserver /usr/src/atsea/target/AtSea-0.0.1-SNAPSHOT.jar .
ENTRYPOINT ["java", "-jar", "/app/AtSea-0.0.1-SNAPSHOT.jar"]
CMD ["--spring.profiles.active=postgres"]

three <code>FROM</code> instructions
- Stage 0 is called <code>storefront</code>.
- Stage 1 is called <code>appserver</code>.
- Stage 2 is called <code>production</code>.

## Avoiding cache invalidation
You can force the build process to ignore the entire cache by passing the <code>--no-cache=true</code> flag to the <code>docker image build</code> command.

## Docker commands

- <code>docker image build</code> is the command that reads a Dockerfile and containerizes an application. The <code>-t</code> flag tags the image, and the <code>-f</code> flag lets you specify the name and location of the Dockerfile. With the <code>-f</code> flag, it is possible to use a Dockerfile with an arbitrary name and in an arbitrary location. The build context is where your application files exist, and this can be a directory on your local Docker host or a remote Git repo.


- <code>FROM</code>vinstruction in a Dockerfile specifies the base image for the new image you will build. It is usually the first instruction in a Dockerfile and a best-practice is to use images from official repos on this line.


- <code>RUN</code>instruction in a Dockerfile allows you to run commands inside the image. Each RUN instruction creates a single new layer.


- <code>COPY</code>instruction in a Dockerfile adds files into the image as a new layer. It is common to use the <code>COPY</code> instruction to copy your application code into an image.


- <code>EXPOSE</code>instruction in a Dockerfile documents the network port that the application uses.


- <code>ENTRYPOINT</code> instruction in a Dockerfile sets the default application to run when the image is started as a container.


- Other Dockerfile instructions include <code>LABEL</code>, <code>ENV</code>, <code>ONBUILD</code>, <code>HEALTHCHECK</code>, <code>CMD</code>

# Docker for Developers

## Container management Commands

- <code>docker ps</code> lists the containers that are still running. Add the <code>-a</code> switch in order to see containers that have stopped


- <code>docker logs</code> retrieves the logs of a container, even when it has stopped


- <code>docker inspect</code> gets detailed information about a running or stopped container


- <code>docker stop</code> stops a container that is still running


- <code>docker rm</code> deletes a container

**Remove all containers:** <code>docker container prune -f</code>

*The -f switch is an implicit confirmation to proceed and delete all stopped containers right away, instead of asking to confirm that operation.*

## Running a Server Container

<code>docker run -d -p 8085:80 nginx</code> *the* <code>-d</code> *to disconnect while allowing the long-lived container to continue running in the background*

## Using Volumes
Using a volume, you map a directory inside the container to a persistent storage. Persistent storages are managed through drivers, and they depend on the actual Docker host. They may be an Azure File Storage on Azure or Amazon S3 on AWS. With Docker Desktop, you can map volumes to actual directories on the host system; this is done using the <code>-v</code> switch on the docker run command.<code>

*It will ensure that any data written to the /var/lib/mysql directory inside the container is actually written to the /your/dir directory on the host system. This ensures that the data is not lost when the container is restarted.*

<code>docker run -v /your/dir:/var/lib/mysql -d mysql:5.7</code>

## Creating a simple Image

<code>docker build -t hello .</code>

The <code>-t</code> switch is used in front of the desired image. An image can be created without a name, it would have an auto-generated unique ID, so it is an optional parameter on the docker build command.

## Creating an Image Including Files

In [None]:
FROM nginx:1.15

COPY index.html /usr/share/nginx/html

<code>docker build -t webserver .</code> *The <code> -t</code> flag 'tag' attributes a name instead of a random Container ID*


<code>docker run --rm -it -p 8082:80 webserver </code> *the <code>-rm</code> tell the Docker Daemon to clean up the container and remove the file system after the container exits. This helps you save disk space after running short-lived containers

### Remove Images Locally

In [None]:
docker rmi c067edac5ec1
docker rmi webserver:latest

## Tags

**repository_name/name:tag**

<code>docker build -t hello:1.0 .</code>

## Environment Variables
In order to provide an environment variable’s value at runtime, you simply use the <code>-e name=value</code> parameter on the docker run command.

![image.png](attachment:image.png)

### Default Value
<code>ENV name=Dockie</code>

*It’s good practice to add an ENV instruction for every environment variable your image expects since it documents your image.*

## Sample Usage

**ping.sh**

In [None]:
#!/bin/sh

echo "Pinging $host..."
ping -c 5 $host

**DockerFile**

In [None]:
FROM debian:8

ENV host=www.google.com

COPY ping.sh .

CMD ["sh", "ping.sh"]

**Build:**

<code>docker build -t pinger .</code>

**Run:**

<code>docker run --rm pinger</code>

<code>docker run --rm -e host=www.bing.com pinger</code>

**Other Example:**

In [None]:
FROM node:11-alpine

ENV diameter=4.0

COPY compute.js .

CMD node compute.js

<code>docker run --rm -e diameter=5.0 jsparam</code>

## Networking
When your image hosts server software, it listens on one or several ports. For instance, an HTTP server generally listens on the TCP port 80.

You can make this explicit using an EXPOSE instruction:

<code>EXPOSE 80</code>

## Docker Hub Tag

<code>ecapi96/name:tag</code>

## Run an Image on Another Machine

<code>docker run --rm -it -p 8085:80 learnbook/webserver</code>

*Then open your browser and head to the following URL in order to see my web page being served over HTTP by that container.*
<code>http://localhost:8085</code>

## .dockerignore
However, you may want to exclude files from that copy. You can use a <code>.dockerignore</code> file for that purpose. Simply add a <code>.dockerignore</code> file at the root of your build context that lists files and folders that should be excluded from the build like a <code>.gitignore</code> file.

In [None]:
# Ignore .git folder
.git
# Ignore Typescript files in any folder or subfolder
**/*.ts

## Multi-Stage Dockerfiles
Use a single Dockerfile file with distinct sections. An image can be named simply by adding AS at the end of the FROM instruction. Consider the following simplified Dockerfile file:

In [None]:
FROM fat-image AS builder
...

FROM small-image
COPY --from=builder /result .
...

It defines two images, but only the last one will be kept as the result of the docker build command. The filesystem that has been created in the first image, named builder, is made available to the second image thanks to the --from argument of the COPY command. It states that the /result folder from the builder image will be copied to the current working directory of the second image.

**Example:**

In [None]:
FROM microsoft/dotnet:2.2-sdk AS builder
WORKDIR /app

COPY *.csproj  .
RUN dotnet restore

COPY . .
RUN dotnet publish --output /out/ --configuration Release

FROM microsoft/dotnet:2.2-aspnetcore-runtime-alpine
WORKDIR /app
COPY --from=builder /out .
EXPOSE 80
ENTRYPOINT ["dotnet", "aspnet-core.dll"]

## Docker with common Development Profiles

**DockerFiles**

**Python:**

In [None]:
FROM python:3.7-stretch

# Install modules
RUN pip install Flask

# Needed by the Flask module
ENV FLASK_APP=server.py

# Copy source files into the image
COPY templates ./templates
COPY server.py .

EXPOSE 5000

CMD ["flask", "run", "--host=0.0.0.0"]

<code>docker run --rm -it -p 8089:5000 learnbook/python-server</code>

**Java:**

In [None]:
# Use an image with the SDK for compilation
FROM openjdk:8-jdk-alpine AS builder
WORKDIR /out
# Get the source code inside the image 
COPY *.java .
# Compile source code
RUN javac Hello.java

# Create a lightweight image 
FROM openjdk:8-jre-alpine
# Copy compiled artifacts from previous image
COPY --from=builder /out/*.class .
CMD ["java", "Hello"]

<code>docker run --rm learnbook/java</code>

**Node.js:**

In [None]:
FROM node:10-alpine

# Create app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

# Install app dependencies
COPY package.json /usr/src/app/
RUN npm install

WORKDIR /usr/src/app

# Bundle app source
COPY . /usr/src/app/

EXPOSE 80

CMD ["npm", "start"]

<code>docker run --rm -it -p 8087:80 learnbook/node-server</code>

**PHP:**

In [None]:
FROM php:7.0-apache

# Install Apache module
RUN a2enmod rewrite

COPY . /var/www/html/

<code>docker run --rm -it -p 8090:80 learnbook/php-server</code>

**.NET Core:**

In [None]:
# Use an image with the SDK for compilation
FROM microsoft/dotnet:2.2-sdk AS builder
WORKDIR /app

# Get the build file
COPY *.csproj  .
# Optional. Run this first so that it is cached
RUN dotnet restore

# Get the source code inside the image 
COPY . .
RUN dotnet publish --output /out/ --configuration Release

# Create a lightweight image
FROM microsoft/dotnet:2.2-aspnetcore-runtime-alpine
WORKDIR /app
# Copy compiled artifacts from previous image
COPY --from=builder /out .
EXPOSE 80
ENTRYPOINT ["dotnet", "aspnet-core.dll"]

<code>docker run --rm -it -p 8088:80 learnbook/aspnetcore-server</code>

# Monitoring

## Stats

<code>docker stats</code>

![image.png](attachment:image.png)

## Reclaim Disk Space

*Note that only dangling images are removed. Unused images are kept, which is fine if a network connection is scarce or unavailable because it means you keep base images that may be useful later on. If you want to remove all unused images, just use the following command:*

- <code>docker container prune -f</code>


- <code>docker volume prune -f</code>


- <code>docker image prune -f</code>


- <code>docker image prune --all</code>

# Publish an Image

In [None]:
docker tag jsparam learnbook/jsparam
docker login -u learnbook -p <your-password>
docker push learnbook/jsparam

In [1]:
# run two containers
docker run --rm -e diameter=3.5 learnbook/jsparam
docker run --rm -e diameter=1.5 learnbook/jsparam