Andreas/docker-cheat-sheet
1
0
Fork 0
mirror of https://github.com/wsargent/docker-cheat-sheet.git synced 2025-12-18 08:00:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Minor updates for clarity

Browse source 
Update a few sentences for clarity and verb usage. Add a link to the TextMate Dockerfile syntax highlighter.
This commit is contained in:
Anna Winkler 2016-10-05 10:58:24 -06:00 committed by GitHub
parent 9ec2fffb06
commit 5688e5ffc4
1 changed files with 36 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

26
README.md
View file

@ -97,9 +97,9 @@ If you want a transient container, `docker run --rm` will remove the container a
If you want to map a directory on the host to a docker container, `docker run -v $HOSTDIR:$DOCKERDIR`. Also see [Volumes](https://github.com/wsargent/docker-cheat-sheet/#volumes).
If you want to remove also the volumes associated with the container, the deletion of the container must include the -v switch like in `docker rm -v`.
If you want to remove also the volumes associated with the container, the deletion of the container must include the `-v` switch like in `docker rm -v`.
There's also a [logging driver](https://docs.docker.com/engine/admin/logging/overview/) available for individual containers in docker 1.10. To run docker with a custom log driver (i.e. to syslog), use `docker run --log-driver=syslog`
There's also a [logging driver](https://docs.docker.com/engine/admin/logging/overview/) available for individual containers in docker 1.10. To run docker with a custom log driver (i.e., to syslog), use `docker run --log-driver=syslog`.
### Starting and Stopping
@ -121,7 +121,7 @@ Restart policies on crashed docker instances are [covered here](http://container
### Info
* [`docker ps`](https://docs.docker.com/reference/commandline/ps) shows running containers.
* [`docker logs`](https://docs.docker.com/reference/commandline/logs) gets logs from container. (You can use a custom log driver, but logs is only available for `json-file` and `journald` in 1.10)
* [`docker logs`](https://docs.docker.com/reference/commandline/logs) gets logs from container. (You can use a custom log driver, but logs is only available for `json-file` and `journald` in 1.10).
* [`docker inspect`](https://docs.docker.com/reference/commandline/inspect) looks at all the info on a container (including IP address).
* [`docker events`](https://docs.docker.com/reference/commandline/events) gets events from container.
* [`docker port`](https://docs.docker.com/reference/commandline/port) shows public facing port of container.
@ -135,7 +135,7 @@ Restart policies on crashed docker instances are [covered here](http://container
### Import / Export
* [`docker cp`](https://docs.docker.com/reference/commandline/cp) copies files or folders between a container and the local filesystem..
* [`docker cp`](https://docs.docker.com/reference/commandline/cp) copies files or folders between a container and the local filesystem.
* [`docker export`](https://docs.docker.com/reference/commandline/export) turns container filesystem into tarball archive stream to STDOUT.
### Executing Commands
@ -258,6 +258,7 @@ Here are some common text editors and their syntax highlighting modules you coul
* [Atom](https://atom.io/packages/language-docker)
* [Vim](https://github.com/ekalinin/Dockerfile.vim)
* [Emacs](https://github.com/spotify/dockerfile-mode)
* [TextMate](https://github.com/docker/docker/tree/master/contrib/syntax/textmate)
* For a most comprehensive list of editors and IDEs, check [Docker meets the IDE] (https://domeide.github.io/)
### Instructions
@ -357,7 +358,7 @@ You can [map MacOS host directories as docker volumes](https://docs.docker.com/u
docker run -v /Users/wsargent/myapp/src:/src
```
You can also use remote NFS volumes if you're [feeling brave](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-shared-storage-volume-as-a-data-volume).
You can use remote NFS volumes if you're [feeling brave](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-shared-storage-volume-as-a-data-volume).
You may also consider running data-only containers as described [here](http://container42.com/2013/12/16/persistent-volumes-with-docker-container-as-volume-pattern/) to provide some data portability.
@ -377,13 +378,13 @@ You can tell Docker that the container listens on the specified network ports at
EXPOSE <CONTAINERPORT>
```
But note that EXPOSE does not expose the port itself, only `-p` will do that. To expose the container's port on your localhosts port:
Note that EXPOSE does not expose the port itself -- only `-p` will do that. To expose the container's port on your localhost's port:
```
iptables -t nat -A DOCKER -p tcp --dport <LOCALHOSTPORT> -j DNAT --to-destination <CONTAINERIP>:<PORT>
```
If you're running Docker in Virtualbox, you then need to forward the port there as well, using [forwarded_port](https://docs.vagrantup.com/v2/networking/forwarded_ports.html). It can be useful to define something in Vagrantfile to expose a range of ports so that you can dynamically map them:
If you're running Docker in Virtualbox, you then need to forward the port there as well, using [forwarded_port](https://docs.vagrantup.com/v2/networking/forwarded_ports.html). Define a range of ports in your Vagrantfile like this so you can dynamically map them:
```
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
@ -443,7 +444,7 @@ Since docker 1.11 you can easily limit the number of active processes running in
docker run --pids-limit=64
```
Also available since docker 1.11 is the ability to prevent processes to gain new privileges. This feature is in the linux kernel since version 3.5. You can read more about it in [this](http://www.projectatomic.io/blog/2016/03/no-new-privs-docker/) blog post.
Also available since docker 1.11 is the ability to prevent processes from gaining new privileges. This feature have been in the linux kernel since version 3.5. You can read more about it in [this](http://www.projectatomic.io/blog/2016/03/no-new-privs-docker/) blog post.
```
docker run --security-opt=no-new-privileges
@ -538,7 +539,7 @@ or install [jq](https://stedolan.github.io/jq/):
docker inspect $(dl) | jq -r '.[0].NetworkSettings.IPAddress'
```
or using a [go template](https://docs.docker.com/reference/commandline/inspect)
or using a [go template](https://docs.docker.com/reference/commandline/inspect):
```
docker inspect -f '{{ .NetworkSettings.IPAddress }}' <container_name>
@ -608,16 +609,19 @@ In 1.9.0, the filter `dangling=false` does _not_ work - it is ignored and will l
docker images -viz | dot -Tpng -o docker.png
```
### Slimming down Docker containers [Intercity Blog](http://bit.ly/1Wwo61N)
### Slimming down Docker containers (see [Intercity Blog](http://bit.ly/1Wwo61N))
- Cleaning APT in a RUN layer
This should be done in the same layer as other apt commands.
Otherwise, the previous layers still persist the original information and your images will still be fat.
```
RUN {apt commands} \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
```
- Flatten an image
```
ID=$(docker run -d image-name /bin/bash)
@ -633,7 +637,7 @@ gzip -dc image.tgz | docker import - flat-image-name
### Monitor system resource utilization for running containers
To check the CPU, memory, and network i/o usage of a single container, you can use:
To check the CPU, memory, and network I/O usage of a single container, you can use:
```
docker stats <container>