Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2025-09-22 05:40:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
thorstenc 2016-10-12 15:17:58 +13:00 committed by GitHub
parent 51643fdea8
commit 2744b320b9
1 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
README.md
View file

@ -61,13 +61,13 @@ curl -sSL https://get.docker.com/ | sh
If you're not willing to run a random shell script, please see the [installation](https://docs.docker.com/engine/installation/) instructions for your distribution. If you're not willing to run a random shell script, please see the [installation](https://docs.docker.com/engine/installation/) instructions for your distribution.
If you are a complete Docker newbie, you should follow the [series of tutorials](https://docs.docker.com/engine/linux/started/) now. If you are a complete Docker newbie, you should follow the [series of tutorials](https://docs.docker.com/linux/started/) now.
### Mac OS X ### Mac OS X
Download and install [Docker Toolbox](https://www.docker.com/products/docker-toolbox). If that doesn't work, see the [installation instructions](https://docs.docker.com/engine/installation/mac/). Download and install [Docker Toolbox](https://www.docker.com/products/docker-toolbox). If that doesn't work, see the [installation instructions](https://docs.docker.com/engine/installation/mac/).
> **NOTE** If you have an existing docker toolbox, you might think you can upgrade [Docker Machine](https://docs.docker.com/engine/machine/install-machine/) binaries directly (either from URL or `docker-machine upgrade default`) and it will take care of itself. This is not going to help -- `docker-machine` will be `1.10.3` while `docker` is still `1.8.3` or whatever your previous version is. > **NOTE** If you have an existing docker toolbox, you might think you can upgrade [Docker Machine](https://docs.docker.com/machine/install-machine/) binaries directly (either from URL or `docker-machine upgrade default`) and it will take care of itself. This is not going to help -- `docker-machine` will be `1.10.3` while `docker` is still `1.8.3` or whatever your previous version is.
> >
> You are much better off using Docker Toolbox DMG file to upgrade, which will take care of all the binaries at once. > You are much better off using Docker Toolbox DMG file to upgrade, which will take care of all the binaries at once.
@ -87,7 +87,7 @@ docker run hello-world
That's it, you have a running Docker container. That's it, you have a running Docker container.
If you are a complete Docker newbie, you should probably follow the [series of tutorials](https://docs.docker.com/engine/mac/started/) now. If you are a complete Docker newbie, you should probably follow the [series of tutorials](https://docs.docker.com/mac/started/) now.
## Containers ## Containers
@ -120,7 +120,7 @@ There's also a [logging driver](https://docs.docker.com/engine/admin/logging/ove
* [`docker kill`](https://docs.docker.com/engine/reference/commandline/kill) sends a SIGKILL to a running container. * [`docker kill`](https://docs.docker.com/engine/reference/commandline/kill) sends a SIGKILL to a running container.
* [`docker attach`](https://docs.docker.com/engine/reference/commandline/attach) will connect to a running container. * [`docker attach`](https://docs.docker.com/engine/reference/commandline/attach) will connect to a running container.
If you want to integrate a container with a [host process manager](https://docs.docker.com/engine/articles/host_integration/), start the daemon with `-r=false` then use `docker start -a`. If you want to integrate a container with a [host process manager](https://docs.docker.com/articles/host_integration/), start the daemon with `-r=false` then use `docker start -a`.
If you want to expose container ports through the host, see the [exposing ports](#exposing-ports) section. If you want to expose container ports through the host, see the [exposing ports](#exposing-ports) section.
@ -242,7 +242,7 @@ Importing a container as an image using the `import` command creates a new image
## Networks ## Networks
Docker has a [networks](https://docs.docker.com/engine/userguide/networking/dockernetworks/) feature. Not much is known about it, so this is a good place to expand the cheat sheet. There is a note saying that it's a good way to configure docker containers to talk to each other without using ports. See [working with networks](https://docs.docker.com/engine/userguide/networking/work-with-networks/) for more details. Docker has a [networks](https://docs.docker.com/userguide/networking/dockernetworks/) feature. Not much is known about it, so this is a good place to expand the cheat sheet. There is a note saying that it's a good way to configure docker containers to talk to each other without using ports. See [working with networks](https://docs.docker.com/engine/userguide/networking/work-with-networks/) for more details.
### Lifecycle ### Lifecycle
@ -276,7 +276,7 @@ $ curl 203.0.113.2
A repository is a *hosted* collection of tagged images that together create the file system for a container. A repository is a *hosted* collection of tagged images that together create the file system for a container.
A registry is a *host* -- a server that stores repositories and provides an HTTP API for [managing the uploading and downloading of repositories](https://docs.docker.com/engine/userguide/dockerrepos/). A registry is a *host* -- a server that stores repositories and provides an HTTP API for [managing the uploading and downloading of repositories](https://docs.docker.com/userguide/dockerrepos/).
Docker.com hosts its own [index](https://hub.docker.com/) to a central registry which contains a large number of repositories. Having said that, the central docker registry [does not do a good job of verifying images](https://titanous.com/posts/docker-insecurity) and should be avoided if you're worried about security. Docker.com hosts its own [index](https://hub.docker.com/) to a central registry which contains a large number of repositories. Having said that, the central docker registry [does not do a good job of verifying images](https://titanous.com/posts/docker-insecurity) and should be avoided if you're worried about security.
@ -331,7 +331,7 @@ Here are some common text editors and their syntax highlighting modules you coul
### Examples ### Examples
* [Examples](https://docs.docker.com/engine/reference/builder/#dockerfile-examples) * [Examples](https://docs.docker.com/engine/reference/builder/#dockerfile-examples)
* [Best practices for writing Dockerfiles](https://docs.docker.com/engine/articles/dockerfile_best-practices/) * [Best practices for writing Dockerfiles](https://docs.docker.com/articles/dockerfile_best-practices/)
* [Michael Crosby](http://crosbymichael.com/) has some more [Dockerfiles best practices](http://crosbymichael.com/dockerfile-best-practices.html) / [take 2](http://crosbymichael.com/dockerfile-best-practices-take-2.html). * [Michael Crosby](http://crosbymichael.com/) has some more [Dockerfiles best practices](http://crosbymichael.com/dockerfile-best-practices.html) / [take 2](http://crosbymichael.com/dockerfile-best-practices-take-2.html).
* [Building Good Docker Images](http://jonathan.bergknoff.com/journal/building-good-docker-images) / [Building Better Docker Images](http://jonathan.bergknoff.com/journal/building-better-docker-images) * [Building Good Docker Images](http://jonathan.bergknoff.com/journal/building-good-docker-images) / [Building Better Docker Images](http://jonathan.bergknoff.com/journal/building-better-docker-images)
* [Managing Container Configuration with Metadata](https://speakerdeck.com/garethr/managing-container-configuration-with-metadata) * [Managing Container Configuration with Metadata](https://speakerdeck.com/garethr/managing-container-configuration-with-metadata)
@ -344,7 +344,7 @@ Note that if you're using [aufs](https://en.wikipedia.org/wiki/Aufs) as your fil
## Links ## Links
Links are how Docker containers talk to each other [through TCP/IP ports](https://docs.docker.com/engine/userguide/dockerlinks/). [Linking into Redis](https://docs.docker.com/engine/examples/running_redis_service/) and [Atlassian](https://blogs.atlassian.com/2013/11/docker-all-the-things-at-atlassian-automation-and-wiring/) show worked examples. You can also (in 0.11) resolve [links by hostname](https://docs.docker.com/engine/userguide/dockerlinks/#updating-the-etchosts-file). Links are how Docker containers talk to each other [through TCP/IP ports](https://docs.docker.com/userguide/dockerlinks/). [Linking into Redis](https://docs.docker.com/engine/examples/running_redis_service/) and [Atlassian](https://blogs.atlassian.com/2013/11/docker-all-the-things-at-atlassian-automation-and-wiring/) show worked examples. You can also (in 0.11) resolve [links by hostname](https://docs.docker.com/userguide/dockerlinks/#updating-the-etchosts-file).
NOTE: If you want containers to ONLY communicate with each other through links, start the docker daemon with `-icc=false` to disable inter process communication. NOTE: If you want containers to ONLY communicate with each other through links, start the docker daemon with `-icc=false` to disable inter process communication.
@ -375,7 +375,7 @@ If you want to link across docker hosts then you should look at [Swarm](https://
## Volumes ## Volumes
Docker volumes are [free-floating filesystems](https://docs.docker.com/engine/userguide/dockervolumes/). They don't have to be connected to a particular container. You should use volumes mounted from [data-only containers](https://medium.com/@ramangupta/why-docker-data-containers-are-good-589b3c6c749e) for portability. Docker volumes are [free-floating filesystems](https://docs.docker.com/userguide/dockervolumes/). They don't have to be connected to a particular container. You should use volumes mounted from [data-only containers](https://medium.com/@ramangupta/why-docker-data-containers-are-good-589b3c6c749e) for portability.
### Lifecycle ### Lifecycle
@ -395,7 +395,7 @@ Because volumes are isolated filesystems, they are often used to store state fro
See [advanced volumes](http://crosbymichael.com/advanced-docker-volumes.html) for more details. Container42 is [also helpful](http://container42.com/2014/11/03/docker-indepth-volumes/). See [advanced volumes](http://crosbymichael.com/advanced-docker-volumes.html) for more details. Container42 is [also helpful](http://container42.com/2014/11/03/docker-indepth-volumes/).
You can [map MacOS host directories as docker volumes](https://docs.docker.com/engine/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume): You can [map MacOS host directories as docker volumes](https://docs.docker.com/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume):
``` ```
docker run -v /Users/wsargent/myapp/src:/src docker run -v /Users/wsargent/myapp/src:/src
@ -460,7 +460,7 @@ This is where general Docker best practices and war stories go:
## Security ## Security
This is where security tips about Docker go. The Docker [security](https://docs.docker.com/engine/articles/security/) page goes into more detail. This is where security tips about Docker go. The Docker [security](https://docs.docker.com/articles/security/) page goes into more detail.
First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html). First things first: Docker runs as root. If you are in the `docker` group, you effectively [have root access](http://reventlov.com/advisories/using-the-docker-command-to-root-the-host). If you expose the docker unix socket to a container, you are giving the container [root access to the host](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html).