Docker Beginner's Tutorial
Docker Beginner’s Tutorial
What is Docker?
Docker is a platform that allows developers to package applications and their dependencies into lightweight, portable containers. Containers can run on any system that supports Docker, ensuring consistency across different environments.
Key Features of Docker
- Portability: Write once, run anywhere.
- Isolation: Separate containers for different applications.
- Efficiency: Containers use fewer resources than virtual machines.
- Scalability: Easily scale applications by running multiple containers.
Why Do We Need Docker?
- Environment Consistency: Avoid the “it works on my machine” problem.
- Faster Development: Quickly set up environments and test changes.
- Simplified Deployment: Package the application and dependencies together.
- Resource Efficiency: Containers share the host OS, reducing overhead.
—
Getting Started with Docker
Installation
- Download Docker Desktop from Docker’s official website.
- Follow the installation instructions for your operating system.
- Verify installation by running:
Terminal window docker --version
—
Creating a Docker Image with a Dockerfile
A Dockerfile is a script that contains instructions to build a Docker image.
Example Dockerfile
Below is a sample Dockerfile for a simple Python application:
# Use an official Python runtime as a base imageFROM python:3.9-slim
# Set the working directory inside the containerWORKDIR /app
# Copy the current directory's content to the container's /app directoryCOPY . /app
# Install application dependenciesRUN pip install --no-cache-dir -r requirements.txt
# Expose the application portEXPOSE 5000
# Command to run the applicationCMD ["python", "app.py"]Explanation of Dockerfile Commands
FROM: Specifies the base image (e.g.,python:3.9-slim).WORKDIR: Sets the working directory inside the container.COPY: Copies files from the host to the container.RUN: Executes commands during the build process (e.g., install dependencies).EXPOSE: Documents the port the container will use.CMD: Specifies the command to run when the container starts.
Build a Docker Image
To build a Docker image from the Dockerfile:
docker build -t my-python-app .-t: Tags the image with a name (my-python-app)..: Refers to the current directory containing the Dockerfile.
Security Best Practices for Docker Images
1. Use Official Base Images
- Start with minimal and verified base images, such as those from trusted repositories like
python:3.9-slim.
2. Minimize Layers
- Combine related commands into a single
RUNinstruction to reduce the image size.
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*3. Avoid Hardcoding Secrets
- Never store sensitive data (e.g., passwords, API keys) in the Dockerfile. Use environment variables or secret management tools.
4. Use Multi-Stage Builds
- Use a build stage to compile or build your application, and a separate, smaller stage for the final image.
FROM golang:1.18 AS builderWORKDIR /appCOPY . .RUN go build -o main .
FROM alpine:latestCOPY --from=builder /app/main .CMD ["./main"]5. Regularly Update Images
- Update base images and dependencies to fix vulnerabilities.
6. Scan Images for Vulnerabilities
- Use tools like
docker scanto identify security issues:
docker scan my-python-app- changing the user from root to a non-root user
FROM python:3.9-slimRUN groupadd -r <group-name> && useradd --no-log-init -r -g <group-name> <user-name>
USER nonrootWORKDIR /appCOPY . /appRUN pip install --no-cache-dir -r requirements.txtEXPOSE 5000CMD ["python", "app.py"]---
## Using the `.dockerignore` File
The `.dockerignore` file is used to exclude files and directories from being included in the Docker image during the build process. This reduces the image size and improves security.
### Example `.dockerignore` File```plaintext# Ignore log files*.log
# Ignore node_modules directorynode_modules/
# Ignore git files.git
# Ignore temporary files*.tmpBenefits of Using .dockerignore
- Smaller Images: Exclude unnecessary files, reducing image size.
- Improved Build Performance: Avoid copying large files or directories.
- Enhanced Security: Prevent sensitive files (e.g.,
.env) from being included.
To use .dockerignore, place it in the same directory as your Dockerfile. Docker automatically respects this file during the docker build process.
Running a Docker Container
Start a Container
Run a container using the built image:
docker run -d -p 5000:5000 --name my-container my-python-app-d: Runs the container in detached mode.-p: Maps host port 5000 to container port 5000.--name: Assigns a name to the container (my-container).
View Running Containers
docker psStop a Container
docker stop my-containerRemove a Container
docker rm my-containerManaging Docker Images
Pull an Image
Download an image from Docker Hub:
docker pull nginxPush an Image
Push a locally built image to Docker Hub:
docker push my-username/my-python-appRemove an Image
Delete a local image:
docker rmi my-python-appWorking with Volumes
Volumes allow you to persist data outside of containers.
Create and Attach a Volume
docker volume create my-volumeRun a container with a volume:
docker run -d -p 5000:5000 --name my-container -v my-volume:/app/data my-python-app-v my-volume:/app/data: Mounts the volumemy-volumeto/app/datainside the container.
List Volumes
docker volume lsRemove a Volume
docker volume rm my-volumeDocker Commands Cheat Sheet
| Command | Description |
|---|---|
docker --version | Check Docker version |
docker build -t <name> . | Build a Docker image |
docker run -d -p <host-port>:<container-port> --name <name> <image> | Run a container |
docker ps | List running containers |
docker ps -a | List all containers (including stopped ones) |
docker stop <container> | Stop a running container |
docker rm <container> | Remove a container |
docker pull <image> | Pull an image from Docker Hub |
docker push <image> | Push an image to Docker Hub |
docker rmi <image> | Remove a Docker image |
docker volume create <name> | Create a volume |
docker volume ls | List all volumes |
docker volume rm <name> | Remove a volume |
docker exec -it <container> <command> | Execute a command inside a running container |
docker logs <container> | View logs of a container |
docker inspect <container> | Inspect detailed container information |
docker images | List all local Docker images |
docker scan <image> | Scan a Docker image for vulnerabilities |