# Docker

## Running

Download Docker from https://www.docker.com/products/docker-desktop/.

Install it, give it admin permissions if asked.

Most of the commands listed below can be executed from within Jupyter notebook, by prefixing with an exclamation mark (`!`). However, some things require running from the shell. On Unix-like systems, it's called **Terminal**. On Windows, it's **Command Prompt**.

Check that Docker is installed by running `docker version`:

In [1]:
!docker version

Client:
 Version:           27.2.0
 API version:       1.47
 Go version:        go1.21.13
 Git commit:        3ab4256
 Built:             Tue Aug 27 14:14:45 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.34.3 (170107)
 Engine:
  Version:          27.2.0
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.21.13
  Git commit:       3ab5c7d
  Built:            Tue Aug 27 14:15:41 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.20
  GitCommit:        8fc6bcff51318944179630522a095cc9dbf9f353
 runc:
  Version:          1.1.13
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0


All Docker commands are grouped into categories (e.g. `container`, `image`, `volume`, etc.).

So if you want to work on images, the corresponding command will start with `docker image`, on networks - with `docker network`, and so on.

If not category is listed, `container` is assumed by default.

Let's run an extremely simple container, and execute some command in it.

In [2]:
!docker container run alpine echo "Hello World"


Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine

[1Bc63912e1: Download complete MB/4.088MB[1A[2K[1A[2K[1A[2K[1A[2KDigest: sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
Status: Downloaded newer image for alpine:latest
Hello World


the above command has 4 parts:

1. `container` - means that we want to do something with a container (run, remove, etc.)
2. `run` - we will run the container
3. `alpine` - this is the name of the image to run inside the container. `Alpine` is a simple Linux version optimized for containers, with very small footprint
4. and, finally, `echo "Hello World"` is the command we want to immediately execute inside the container.

Let's try another image, this time `centos` (another popular Linux distribution):

In [4]:
!docker container run centos ping -c 5 127.0.0.1

Unable to find image 'centos:latest' locally
latest: Pulling from library/centos

[1Bef134af7: Download complete MB/83.94MB[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2K[1A[2KDigest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for c

Note that it pings 5 times, and this output is shown in the notebook.

Now let's try passing some command ***options***:

In [None]:
!docker container run --detach --name trivia fundamentalsofdocker/trivia:ed2

Here `--detach` means that we leave it running in the background (no messages pushed to the output cell).

And `--name` is there for optionally specifying a container name. If not explicitly given, Docker will assign some name by itself.

We can list currently running containers with `ls` command. `-l` means "provide detailed output".

In [6]:
!docker container ls -l

CONTAINER ID   IMAGE                             COMMAND                  CREATED          STATUS          PORTS     NAMES
bca55b773358   fundamentalsofdocker/trivia:ed2   "/bin/sh -c 'source …"   27 seconds ago   Up 26 seconds             trivia


And we can remove a container with `rm`. `--force` option is there so that Docker does not complain that the container in question is still running. Note that we skip the `container` part, as by default it's `container` anyway.

In [18]:
!docker rm --force trivia


Cannot connect to the Docker daemon at unix:///Users/vitvly/.docker/run/docker.sock. Is the docker daemon running?


Now we shouldn't see any running containers:

In [9]:
!docker container ls

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES


We can also passing a `-a` option. This will list all containers, not only the currently running ones.

In [11]:
!docker container ls -a

CONTAINER ID   IMAGE                 COMMAND                  CREATED          STATUS                      PORTS     NAMES
e0a8ea8c48e9   centos                "ping -c 5 127.0.0.1"    54 minutes ago   Exited (0) 54 minutes ago             nifty_neumann
98beda218482   alpine                "echo 'Hello World'"     56 minutes ago   Exited (0) 56 minutes ago             quizzical_pascal
44fe2fb9314d   alpine                "echo 'Hello World'"     57 minutes ago   Exited (0) 57 minutes ago             crazy_bouman
ab7337959b5e   quay.io/minio/minio   "/usr/bin/docker-ent…"   6 days ago       Exited (0) 6 days ago                 minio


Take some time to examine the list and columns.

The `-q` option will only list container IDs:

In [12]:
!docker container ls -a -q


e0a8ea8c48e9
98beda218482
44fe2fb9314d
ab7337959b5e


Also, you can invoke `--help` command option to list all available options for particular command:

In [19]:
!docker container ls --help


Usage:  docker container ls [OPTIONS]

List containers

Aliases:
  docker container ls, docker container list, docker container ps, docker ps

Options:
  -a, --all             Show all containers (default shows just running)
  -f, --filter filter   Filter output based on conditions provided
      --format string   Format output using a custom template:
                        'table':            Print output in table format
                        with column headers (default)
                        'table TEMPLATE':   Print output in table format
                        using the given Go template
                        'json':             Print in JSON format
                        'TEMPLATE':         Print output using the given
                        Go template.
                        Refer to https://docs.docker.com/go/formatting/
                        for more information about formatting output with
                        templates
  -n, --last int        Show n last c

There is also a `stop` container command that stops a container by ID or name:

In [21]:
!docker container stop trivia

trivia


After stopping, container will be down, but not removed, hence visible in the output of `ls -a`:

In [22]:
!docker container ls -aq

576a24020ffd


We can start the container again via `start` command:

In [23]:
!docker container start 576a24020ffd

576a24020ffd


In [24]:
!docker container stop trivia

trivia


In [26]:
!docker container ls -a

CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS                        PORTS     NAMES
576a24020ffd   fundamentalsofdocker/trivia:ed2   "/bin/sh -c 'source …"   3 minutes ago   Exited (137) 27 seconds ago             trivia


Now, we can ***inspect*** the container via `inspect` command:

In [38]:
!docker container inspect trivia

[
    {
        "Id": "3eb3a1011d623c9c13c22ba6b0130b34b0db071c5e9f96254a9f76bfe1ffb81d",
        "Created": "2024-11-05T10:35:21.679070631Z",
        "Path": "/bin/sh",
        "Args": [
            "-c",
            "source script.sh"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 1825,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2024-11-05T10:35:21.711150631Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:0bb60b6958950c25f7946646eaa6deb9f1db1597d8fbe70d869d67123066dfda",
        "ResolvConfPath": "/var/lib/docker/containers/3eb3a1011d623c9c13c22ba6b0130b34b0db071c5e9f96254a9f76bfe1ffb81d/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/3eb3a1011d623c9c13c22ba6b0130b34b0db071c5e9f96254a9f76bfe1ffb81d/hostname",
 

Also, we can ***execute*** an arbitrary command inside the running container via `exec`.

**Note:** the below two examples has to be run inside Command Prompt:

1.
```
docker container exec -it trivia /bin/sh
```
2.
```
docker container exec trivia ps
```

Now let's remove the container (note that we don't need `--force` option as it's already stopped):

In [27]:
!docker container rm 576a24020ffd

576a24020ffd


In [28]:
!docker container ls -a

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES


In order to wrap up the container section, let's run a web server inside Docker:

In [44]:
!docker container run -d --name nginx -p 8080:80 nginx:alpine

Unable to find image 'nginx:alpine' locally
alpine: Pulling from library/nginx

[1Bee71aeeb: Pulling fs layer 
[1Bc7406b65: Pulling fs layer 
[1B64b3e722: Pulling fs layer 
[1B18b1a2c5: Pulling fs layer 
[1Bdf5b8f8a: Pulling fs layer 
[1B342cad58: Pulling fs layer 
[7Bee71aeeb: Download complete MB/15.63MB[7A[2K[7A[2K[7A[2K[3A[2K[6A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2K[7A[2KDigest: sha256:2140dad235c130ac861018a4e13a6bc8aea3a35f3a40e20c1b060d51a7efd250
Status: Downloaded newer image for nginx:alpine
29176eb030b5fe2bab3b9f68a00d350058f742926a405c303e9fe34077429afd


Note that above `-d` is a short form of `--detach`, and `-p 8080:80` maps ports: from 80 inside the container to 8080 on your machine.

If you now go to http://localhost:8080, you should see a Nginx welcome page.

Now remove the container and check that no other containers remain:

In [45]:
!docker container rm nginx

nginx


In [46]:
!docker container ls -a


CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES


## Images

Docker images are descriptions of what software needs to be run inside a Docker container. In other words, containers are running instances of images.

Inside `pinger` subdir, there is a Dockerfile with the below contents:

```
FROM alpine:3.17
ENTRYPOINT [ "ping" ]
CMD [ "-c", "3", "8.8.8.8" ]
```

Each line in the file specifies the steps required to build the image. These steps can also be though of as *layers*.

1. We select `alpine:3.17` as the base to start from (this means Alpine Linux version 3.17)
2. We specify the command to run upon container startup via `ENTRYPOINT`
3. And specify the parameters to the command via `CMD`. The arguments to `CMD` can be overridden on-the-fly when we run the container.
  
**Note:** it's possible to specify everything inside `CMD`, not using `ENTRYPOINT`. But in that case we will not be able to override the default `CMD`.

We can now ***build*** the image via the below command:

In [27]:
!docker image build -t img_pinger pinger

[1A[1B[0G[?25l[+] Building 0.0s (0/1)                                    docker:desktop-linux
[?25h[1A[0G[?25l[+] Building 0.2s (1/2)                                    docker:desktop-linux
[34m => [internal] load build definition from Dockerfile                       0.0s
[0m[34m => => transferring dockerfile: 105B                                       0.0s
[0m => [internal] load metadata for docker.io/library/alpine:3.17             0.2s
[?25h[1A[1A[1A[1A[0G[?25l[+] Building 0.3s (1/2)                                    docker:desktop-linux
[34m => [internal] load build definition from Dockerfile                       0.0s
[0m[34m => => transferring dockerfile: 105B                                       0.0s
[0m => [internal] load metadata for docker.io/library/alpine:3.17             0.3s
[?25h[1A[1A[1A[1A[0G[?25l[+] Building 0.5s (1/2)                                    docker:desktop-linux
[34m => [internal] load build definition from Dockerfile     

In the above command, `-t` option specifies the **name** for the image.

Last argument, `pinger`, specifies the folder in which to look for the Dockerfile. Alternatively, you can use Windows Command Prompt and `cd` to `pinger` directory and run the build from there. In that case, the command will look like this:
  ```
  !docker image build -t img_pinger .
  ```
  The `.` (dot) stands for current directory.

We can run the image we've just built via:

In [28]:
!docker container run --rm img_pinger

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=63 time=24.228 ms
64 bytes from 8.8.8.8: seq=1 ttl=63 time=30.638 ms
64 bytes from 8.8.8.8: seq=2 ttl=63 time=26.928 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 24.228/27.264/30.638 ms


The `--rm` option in the above command means that we should immediately delete the container after stopping.

We can also provide custom arguments to the `ping` `ENTRYPOINT`, as discussed above:

In [48]:
!docker container run --rm -it img_pinger -w 5 127.0.0.1

PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.035 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.138 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.105 ms
64 bytes from 127.0.0.1: seq=3 ttl=64 time=0.137 ms
64 bytes from 127.0.0.1: seq=4 ttl=64 time=0.136 ms

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.035/0.110/0.138 ms


Note that thanks to `--rm`, we don't have any containers lying around after stopping:

In [49]:
!docker container ls -a

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES


Currently downloaded (or built) images can be viewed via `ls` subcommand:

In [50]:
!docker image ls

REPOSITORY                    TAG       IMAGE ID       CREATED       SIZE
quay.io/minio/minio           latest    9535594ad412   3 weeks ago   217MB
nginx                         alpine    2140dad235c1   4 weeks ago   76.7MB
pinger                        latest    60cf059f4580   8 weeks ago   11.4MB
alpine                        latest    beefdbd8a1da   8 weeks ago   13.6MB
centos                        latest    a27fd8080b51   3 years ago   380MB
fundamentalsofdocker/trivia   ed2       0bb60b695895   5 years ago   13.1MB


Similarly to how `rm` behaves for containers, we can remove images as well:

In [51]:
!docker image rm centos

Untagged: centos:latest
Deleted: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177


In [52]:
!docker image ls

REPOSITORY                    TAG       IMAGE ID       CREATED       SIZE
quay.io/minio/minio           latest    9535594ad412   3 weeks ago   217MB
nginx                         alpine    2140dad235c1   4 weeks ago   76.7MB
pinger                        latest    60cf059f4580   8 weeks ago   11.4MB
alpine                        latest    beefdbd8a1da   8 weeks ago   13.6MB
fundamentalsofdocker/trivia   ed2       0bb60b695895   5 years ago   13.1MB


### Multi-stage image builds

Consider the below, much more complicated, Dockerfile:
```
FROM alpine:3.12 AS build
RUN apk update && \
apk add --update alpine-sdk
RUN mkdir /app
WORKDIR /app
COPY . /app
RUN mkdir bin
RUN gcc -Wall hello.c -o bin/hello

FROM alpine:3.12
COPY --from=build /app/bin/hello /app/hello
CMD /app/hello
```

It's located under `hello_c` subdir.

This file describes a two-stage build (it has 2 `FROM` directives).

During first stage:
1. We use `alpine:3.12` as the base image, and name it `build`.
2. Then, `RUN` a package update command that will install the C compiler.
3. Then `RUN mkdir /app` will create a directory inside the image.
4. `WORKDIR /app` will switch current build dir to `/app/`, so that all subsequent commands like `RUN` or `COPY` are executed from within that dir.
5. `COPY . /app` will copy the files from `.` on your machine (the folder in which Dockerfile is located, `hello_c`) to `/app` inside the image.
6. `RUN mkdir bin` will create additional dir named `bin`. As we are inside `/app` WORKDIR now, the resulting dir will be `/app/bin`
7. `RUN gcc -Wall hello.c -o bin/hello` will compile `hello.c` and put the result into `/app/bin`.

Now, during second stage:
1. We use `alpine:3.12` as the base image.
2. We use `COPY --from=build` so that to tell Docker that we are copying not from our machine, but from the temporary `build` from stage 1.
3. Then we use `CMD` to specify which command should run upon container startup.

We can build the Dockerfile via `docker image build -t hello-c .` from within `hello_c` subdirectory.

Now we can see the image we just built via `ls` subcommand:

In [30]:
!docker image ls

REPOSITORY       TAG       IMAGE ID       CREATED          SIZE
hello-c          latest    4254b85ed709   28 seconds ago   8.72MB
redis-web        latest    353a1799536c   6 days ago       313MB
new-web          latest    fbe8c83422a0   6 days ago       313MB
redis            alpine    f9f38fd31d4d   6 weeks ago      70.7MB
postgres         alpine    38a37cc842c0   7 weeks ago      370MB
dpage/pgadmin4   latest    585350593e8b   2 months ago     732MB
img_pinger       latest    46ffb548a596   2 months ago     11.4MB
pinger           latest    9d7e73baada8   2 months ago     11.4MB
hello-world      latest    305243c73457   18 months ago    21kB


And we can run it via:

In [31]:
!docker container run hello-c

Hello, world!


Now remove it:

In [34]:
!docker image rm -f hello-c

Untagged: hello-c:latest


In [36]:
!docker image ls

REPOSITORY       TAG       IMAGE ID       CREATED              SIZE
<none>           <none>    4254b85ed709   About a minute ago   8.72MB
new-web          latest    fbe8c83422a0   6 days ago           313MB
redis-web        latest    353a1799536c   6 days ago           313MB
redis            alpine    f9f38fd31d4d   6 weeks ago          70.7MB
postgres         alpine    38a37cc842c0   7 weeks ago          370MB
dpage/pgadmin4   latest    585350593e8b   2 months ago         732MB
img_pinger       latest    46ffb548a596   2 months ago         11.4MB
pinger           latest    9d7e73baada8   2 months ago         11.4MB
hello-world      latest    305243c73457   18 months ago        21kB


**Note:** image names can use a short form, or be fully qualified:
```
<registry URL>/<User or Org>/<name>:<tag>
```

In majority of cases, `registry URL` is hub.docker.com.

### Example python env

Consider the below Dockerfile:

```
FROM python:3.13

RUN pip install jupyter

RUN pip install numpy

EXPOSE 8888

CMD ["jupyter", "notebook", "--ip=0.0.0.0", "--no-browser", "--allow-root"]
```

This will install jupyter and numpy, and execute `jupyter notebook` upon container startup.

## Volumes

The purpose of volumes is a long-term storage of data inside a container. Once container is removed, its data are gone. Volumes exist independently of containers.

For instance, we can try creating a `sample.txt` file inside a container:

In [37]:
!docker container run --name demo alpine /bin/sh -c 'echo "This is a test" > sample.txt'

Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
Digest: sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a
Status: Downloaded newer image for alpine:latest


Check the difference between base image (alpine) and current instance of the container:

In [38]:
!docker container diff demo

A /sample.txt


The file is there, but once container is removed, it will be gone. This is where volumes help.

Create a volume via:

In [60]:
!docker volume create sample

sample


Inspect it:

In [61]:
!docker volume inspect sample

[
    {
        "CreatedAt": "2024-11-05T11:47:53Z",
        "Driver": "local",
        "Labels": null,
        "Mountpoint": "/var/lib/docker/volumes/sample/_data",
        "Name": "sample",
        "Options": null,
        "Scope": "local"
    }
]


Now we can run containers, attach them to the volume, and create some files:
```
docker container run --name test -it -v sample:/data alpine /bin/sh
```

We attach volumes via `-v` option. In this case, `sample` volume is mapped to `/data` dir inside the container.

**Note:** the `-it` means that the container run will run in interactive mode. As Jupyter notebook does not support it, the above command has to be run from the Command Prompt.

Now remove the container:

In [62]:
!docker container rm test

test


And create the same container again, attached to the same `sample` volume. The files you've created during first run should still be there.

Now remove the `sample` volume:

In [63]:
!docker volume rm sample

sample


We can also map local dirs to container dirs, by providing their paths instead of the volume name after `-v` option:
```
docker container run -d --name my-site -v local/html:/usr/share/nginx/html -p 8080:80 nginx:alpine
```

## Networks

Docker specifies a `container networking model`. This model defines **software defined networks**, which can be thought of as a way to arrange communications between multiple containers of a single application. Each container, moreover, runs in its own **network namespace** or **sandbox**.


You can view current networks via `network ls` command:

In [45]:
!docker network ls

NETWORK ID     NAME      DRIVER    SCOPE
8d845304bdba   bridge    bridge    local
a44d5472c247   host      host      local
33c7de9853f4   none      null      local


By default, Docker creates 3 networks: **bridge**, **host**, and **none**.

The **bridge** network is the default network that containers use.

We can inspect it:

In [2]:
!docker network inspect bridge

[
    {
        "Name": "bridge",
        "Id": "f8fae2d5aaa07ed9fb7a8a13c0db9f4f29a67947c62897eb1ac3dfb0f86c1929",
        "Created": "2024-11-12T11:39:44.2291835Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
           

Pay attention to IPAM node: `IP address management`. This specifies which addresses will be assigned to containers using this network.

These addresses are local to the network your machine is running inside of, e.g., your WiFi router network.

Create a new network:

In [46]:
!docker network create --driver bridge sample-net

f282c4b4cbe2ea77d200f1aea870e07dac85300d6c9adb7d0807a50ba60d14ef


And check which subnet it gets assigned:

In [None]:
!docker network inspect sample-net | grep Subnet

You can provide a custom subnet when creating a network:

!docker network create  --subnet "11.11.0.0/16" test-subnet

In [8]:
!!docker network inspect test-subnet | grep Subnet

['                    "Subnet": "11.11.0.0/16"']

Now let's run a couple of containers and check IP addresses they get:

`docker container run --name c1 -it --rm alpine:latest /bin/sh`

and inside the container:
```
/ # ip addr show eth0
21: eth0@if22: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 65535 qdisc noqueue state UP
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
```

From outside:

In [10]:
!docker container inspect c1 | grep IPAddress

            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.2",
                    "IPAddress": "172.17.0.2",


And another container:

In [11]:
!docker container run --name c2 -d --rm alpine:latest ping 127.0.0.1

691dab6d3f35e5f220a89950b7596683acae06dc5ddf7b0594d15269a56297ef


Check its network:

In [12]:
!docker container inspect c2 | grep IPAddress

            "SecondaryIPAddresses": null,
            "IPAddress": "172.17.0.3",
                    "IPAddress": "172.17.0.3",


And now, if we inspect the network, we'll see those containers attached (recall that `bridge` is the default network):

In [13]:
!docker network inspect bridge

[
    {
        "Name": "bridge",
        "Id": "80f2302e3302f74de65281dc290cf71acf13634784830883436cb072ab9ac294",
        "Created": "2024-11-12T12:22:30.525464791Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "691dab6d3f35e5f220a89950b7596683acae06dc5ddf7b0594d15269a56297ef": {
                "Name": "c2",
                "EndpointID": "d11763fcf4b72cf4af8c1fb5f31c5ce3966de61c96791db1e9b2adf3c547bd0f",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172

Now let's create two more containers and attach them via `--network` option to the `sample-net` network we created earlier:

In [47]:
!docker container run --name c3 -d --network sample-net alpine ping 127.0.0.1

9ab6bb78688d3a3a5c196acaf735e340f45e080f2391e520448971c134281ed7


In [48]:
!docker container run --name c4 -d --network sample-net alpine ping 127.0.0.1

c6ec9db2b0799850f002968690908f3b7607183dd91f82cf18117b0343a3a1fd


Check that hosts are mutually reachable via `docker container exec -it c3 /bin/sh` and try connecting to c4 (should work) and c1 (should fail).

Networks can be deleted via `rm` as usual, or we can use `prune`:

In [68]:
!docker network prune --force

Deleted Networks:
sample-net



`prune` can also be used for other object types:
```
docker container prune -f
docker image prune -af
docker system prune -f
```

Similarly to how we can run additional commands via `container exec`, we can connect currently running to more networks via
```
docker network connect <network> <container>
```

Another network type, `--network host` is used to run container connectecd to host's network. You can check it via
```
docker container run --rm -it --name test1 --network host alpine:latest /bin/sh
```
and `ip addr show eth0` inside.

### Running containers in the same network namespace

Container can be attached to the network sandbox of another container, so that they share same IP address:

In [71]:
!docker network create test-net

8f3a7cab15b47ca638554b88ed487982669555104a8538c353371c320bc2944c


In [72]:
!docker container run --name web -d --network test-net nginx:alpine

cb3c164cc9c444a109cad91fd7a54076946dbc08f66c2472e30e78b49486c826


And now use the `--network container:<name>` syntax to connect to the network sandbox of `web` container:
```
docker container run -it \
--network container:web \
alpine /bin/sh
```
and then `wget -qO - localhost` inside to verify they indeed share same address.

### Port mapping

Port mapping allows us to open specific ports inside the container to the outside world.

`-P` parameter will automatically map ports:`docker container run --name web -P -d nginx:alpine`

`docker container port web` will show ports we just mapped:
```
 docker container port web
80/tcp -> 0.0.0.0:55000
```

We can map a specific port via the `-p` option:

In [16]:
!docker container run --name web2 -p 8080:80 -d nginx:alpine

8f58fb31b2e7efe01e8d7c651279e29223e4acbfdc370f5c2ba80802959a8938


## Docker Compose

With Docker Compose, applications consisting of several containers can be configured in one file.

In a sense, Docker Compose allows one to declaratively specify which images and with which options (volumes/environments etc.) should run.

While Dockerfile uses its own format, Docker Compose files are written in YAML (https://en.wikipedia.org/wiki/YAML).

Consider a sample `docker-compose.yml`:

```
version: "3.8" 
services: 
  db:
    image: postgres:alpine
    environment:
    - POSTGRES_USER=dockeruser
    - POSTGRES_PASSWORD=dockerpass
    - POSTGRES_DB=pets
    volumes:
    - pg-data:/var/lib/postgresql/data
    - ./db:/docker-entrypoint-initdb.d
  
  pgadmin:
    image: dpage/pgadmin4
    ports:
      - "5050:80"
    environment:
      PGADMIN_DEFAULT_EMAIL: admin@acme.com
      PGADMIN_DEFAULT_PASSWORD: admin
    volumes:
      - pgadmin-data:/var/lib/pgadmin

volumes: 
  pg-data:
  pgadmin-data:
```

This will run 2 containers: one for PostgreSQL, and another for pgAdmin. This file is located in the `pg` subdir.

Inside that dir, run
```
docker compose up
```
to start the containers, press `Ctrl+C` to stop it, and
```
docker compose down
```
to cleanup.

We can also use a `build` entry to build custom images:
```
services:
  web:
    build: .
    ports:
      - "8000:5000"
  redis:
    image: "redis:alpine"
```

In the above example, the `build: .` tells Docker Compose to use the Dockerfile in current directory (`.`), and for redis, use a stock image named `redis:alpine`, which it will download from hub.docker.com.

Full example is in `redis` subdir.

If you want to use a custom Dockerfile name, use this syntax instead:
```
build:
  context: web
  dockerfile: Dockerfile.dev
```

`docker compose up`, with `-d` in order to run in detached mode.

Note that Docker Compose prefixes all names with the name of the parent folder. This can be overridden with the `--project-name` option:
```
docker compose --project-name demo up
```