Each command creates one layer

Dockerfile
echo -e 'FROM busybox\nRUN echo "hello world"' | docker
Can be piped using stdin
build -

.dockerignore Exclude files not relevant to the build

Multi-stage builds Multiplafe FROM statements Can use different bases

Skip executing unused build stages

Parallelize building independent build stages

BuildKit

Incrementally transfer only the changed files in your build

context between builds

There can only be one CMD instruction in a Dockerfile

If you list more than one CMD then only the last CMD will
CMD
take effect.

provide defaults for an executing container

they both can do the same thing

CMD vs ENTRYPOINT
cmd commands can be overridden but entrypoint cant be
overrriden

initializes a new build stage and sets the Base Image for
subsequent instructions

ARG is the only instruction that may precede FROM in the

FROM
Dockerfile

Optionally a name can be given to a new build stage by

adding AS <name> to the FROM instruction

defines a variable that users can pass at build-time to the

builder with the docker build command using the --build-
arg <varname>=<value> flag

A Dockerfile may include one or more ARG instructions.

can optionally include a default value

An ARG instruction goes out of scope at the end of the

build stage where it was defined

To use an arg in multiple stages, each stage must include

the ARG instruction.

HTTP_PROXY http_proxy HTTPS_PROXY https_proxy

Predefined ARGs
FTP_PROXY ftp_proxy NO_PROXY no_proxy

TARGETPLATFORM - platform of the build result. Eg

linux/amd64, linux/arm/v7, windows/amd64
ARG
TARGETOS - OS component of TARGETPLATFORM

TARGETARCH - architecture component of

TARGETPLATFORM

TARGETVARIANT - variant component of

TARGETPLATFORM
Platform ARGs

BUILDPLATFORM - platform of the node performing the

build.

BUILDOS - OS component of BUILDPLATFORM

BUILDARCH - architecture component of

BUILDPLATFORM

Create container images for solutions by using BUILDVARIANT - variant component of BUILDPLATFORM
Docker
not persisted into the built image

a trigger instruction to be executed at a later time, when

the image is used as the base for another build
ONBUILD
The ONBUILD instruction may not trigger FROM or
MAINTAINER instructions.
Commands

sets the system call signal that will be sent to the

STOPSIGNAL
container to exit

RUN instruction will execute any commands in a new

RUN
layer on top of the current image and commit the results.

adds metadata to an image

key-value pair
LABEL
image can have more than one label

can specify multiple labels on a single line

container listens on the specified network ports at

runtime

EXPOSE
does not actually publish the port

which ports are intended to be published

sets the environment variable

ENV
key-value pair

ADD instruction copies new files, directories or remote

file URLs from <src> and adds them to the filesystem of
ADD the image at the path <dest>

does not support authentication

COPY instruction copies new files or directories from

COPY <src> and adds them to the filesystem of the container at
the path <dest>

allows you to configure a container that will run as an

ENTRYPOINT
executable

VOLUME instruction creates a mount point with the On a drive other than C:/
VOLUME specified name and marks it as holding externally Windows
mounted volumes from native host or other containers Empty or non existing directory

sets the user name (or UID) and optionally the user group
(or GID) to use when running the image and for any RUN,
USER
CMD and ENTRYPOINT instructions that follow it in the
Dockerfile

sets the working directory for any RUN, CMD,

ENTRYPOINT, COPY and ADD instructions that follow it in
the Dockerfile

WORKDIR If the WORKDIR doesn’t exist, it will be created even if it’s

not used in any subsequent Dockerfile instruction

If a relative path is provided, it will be relative to the path

of the previous WORKDIR instruction

tells Docker how to test a container to check that it is still

working
HEALTHCHECK
When a container has a healthcheck specified, it has a
health status in addition to its normal status

allows the default shell used for the shell form of

SHELL
create container images for solutions commands to be overridden

Management of hosting environments

Continuity in software delivery

Why?
Efficient use of hardware

Application portability

A loosely isolated environment that allows us to build and

run software packages

What?
Software containerization is an OS virtualization method
that is used to deploy and run containers without using a
virtual machine

Image version
Tag
One image can have multiple tags

A container image is a read-only portable package that

contains software and may include an operating system

Container image
portable package that contains software

container is the in-memory instance of an image

Immutable Can create child images from a parent image

Base images provide more contraol than parent images

How? Host OS Docker engine running OS

Containers running on Linux share the host OS kernel and

don't require a container OS

Container OS
Isolated from the host

Windows can use different Container OSs

Can stack several directories branches

appears as if the content is merged

Unionfs
Created once the container is run
Writable layer
Does not persist

dockerd Daemon
Server
Track container life cycle

Client docker

Base image

Commands to add software and update base

Docker file Build artifacts

Services to expose

Commands to run when container is live

CLI

Container storage is temporary

Container storage drives are less performant

Container storage

Container storage is coupled to the underlying host

machine

Containers Stored on the host filesystem at a specific folder location

Multiple containers can simultaneously use the same

volumes

mounte volumes are isolated from the host machine

Volume

mount any file or folder on the host

bind mount limited functionality compared to volumes

host can change the contents

Container

Default

private network used by the container

Isolated from Docker Host

Bridge
Containers in the default bridge network can access other
Cannot access by container hostname
containers by IP address

Network Types
80 - container
Can map ports to the host --publish 80:8080
Docker
8080 - host

Run the container on the host network directly

Host
Not supported in Windows and macOS

None disable networking

A registry is a web service to which Docker can connect to

upload and download container images
Registry

Series of repositories

Efficient use of hardware

Container isolation

standardized container format used by developer and

Application portability
operation teams
Benefits

Application delivery

Management of hosting environments

Cloud deployments

Containers share a single host OS Single point of attack

When not to use Complicated than traditional applications

Service monitoring
Stat data isn't stored

List running containers docker ps -a

docker run -d <name>

docker restart <name>

Containers Misc docker pause <name>

Commands docker stop <name>

docker stats <name>

Volume docker volume create

List images docker images

Images
Remove images docker rmi <image name>