dokucama

User Tools

Site Tools

Trace: wireshark
virtualization:docker

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
virtualization:docker [2021/03/01 06:46] jotasandokuvirtualization:docker [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 1: Line 1:
 **__DOCKER__**\\ **__DOCKER__**\\
 Emulate only the user space. Container engine isolates user spaces. Emulate only the user space. Container engine isolates user spaces.
-  * cgroups: kernel mechanism for limiting and measuring the total resources used by a group of processes running on a system. For example, you can apply CPU, memory, network or IO quotas. cgroups +  * **cgroups**: kernel mechanism for limiting and measuring the total resources used by a group of processes running on a system. For example, you can apply **CPU**, memory, network or IO quotas. cgroups 
-  * namespaces: Namespaces are a kernel mechanism for limiting the visibility that a group of processes has of the rest of a system. For example you can limit visibility to certain process trees, network interfaces..+  * **namespaces**: Namespaces are a kernel mechanism for limiting the visibility that a group of processes has of the rest of a system. For example you can manage **network stack** in different namespaces.
  
  
 Tutorial, all [[https://container.training/intro-fullday.yml.html#65|HERE]]\\ Tutorial, all [[https://container.training/intro-fullday.yml.html#65|HERE]]\\
-The principle of docker is we start a container to __Run a Task__. If there's no task to run, the container just __stops and exists__.\\ +The principle of docker is we start a container to __Run a Task__. If there's no task to run, the container just __stops and exits__.\\
-**TODO:** docker/kubernetes and ipv6\\ +
-\\ +
-Normally, docker files live in: +
-  usermod -aG docker jsantosa # so we can run it under non-root +
-  [jotasancent@localhost Desktop]$ sudo ls -l /var/lib/docker/ +
-  total 56 +
-  drwx------. 20 root root  4096 Jul 10 12:50 containers        +
-  drwx------.  5 root root  4096 Mar 29 13:49 devicemapper +
-  /home/jsantosa/.local/share/containers # for podman +
-Show running container:\\ +
-  docker ps -a +
-note: PORTS means the TCP ports exposed by the container.+
  
-Manage Imaged and Containers: 
-  docker ps -a    # running containers 
-  docker images   # stored images 
-  docker search <pattern>  --no-trunc # looks for images in the remote registry and see the description 
-  docker rm -f [container name or ID] 
-  docker rmi [image name or ID] 
  
-With cli access +----
-  docker run -it ubuntu # start and connect to shell +
-  docker inspect 25b4bff1417c | jq . # to check the instance params without having to connect to it +
-  docker exec -it "id of running container" bash  # connect to shell running container+
 RUN container:  RUN container: 
-  docker run -it --rm  {image-name} /bin/bash   # 'it' for interactive, rm to clean up the container and remove the file system when the container exits+  docker run -it --rm  --name C2 {image-name-eg-busybox} /bin/bash   # 'it' for INTERACTIVE, rm to clean up the container and remove the file system when the container exits
   docker run --rm -v /foo -v awesome:/bar busybox top  # to mount a local storage filesystem ( uses 'union' daemon to mount it )   docker run --rm -v /foo -v awesome:/bar busybox top  # to mount a local storage filesystem ( uses 'union' daemon to mount it )
   cat /proc/1/cpuset # to Tell if I'm in a container or not   cat /proc/1/cpuset # to Tell if I'm in a container or not
Line 38: Line 17:
  
 Flags to be run with //docker run// (see  //man docker-run//) Flags to be run with //docker run// (see  //man docker-run//)
-  d <-- to run container in the background +  d <-- to run container in the background 
-  i <-- interactive +  i <-- interactive 
-  t <-- allocate a pseudo-tty and attach to the standard input of any container +  t <-- allocate a pseudo-tty and attach to the standard input of any container 
-  P <-- flag is new and tells Docker to map any required network ports inside our container to our host+  P <-- flag is new and tells Docker to map any required network ports inside our container to our host
  
 Stop a container: Stop a container:
   docker stop f51e9de57784     # list containers with ps -a   docker stop f51e9de57784     # list containers with ps -a
   docker restart <container-id/name>   # restart   docker restart <container-id/name>   # restart
 +  docker run -itd --name c3 busybox    # start container daemon mode
 +  docker run -it --name c2 busybox    # start container interactive mode
   docker exec -it "id of running container" bash # connect running container   docker exec -it "id of running container" bash # connect running container
      
 +Remove all running and exited container (USER WITH CARE!):
 +  docker container kill $(docker ps -q)
 +  docker rm $(docker ps -a -f status=exited -q)
 +
 To list containers, stop them , get logs etc,[[https://www.docker.com/sites/default/files/Docker_CheatSheet_08.09.2016_0.pdf|**check this link**]] To list containers, stop them , get logs etc,[[https://www.docker.com/sites/default/files/Docker_CheatSheet_08.09.2016_0.pdf|**check this link**]]
      
Line 59: Line 44:
 To delete an image To delete an image
   docker rmi [OPTIONS] IMAGE [IMAGE...]   docker rmi [OPTIONS] IMAGE [IMAGE...]
 +
 +
 +----
 +
 +\\
 +Normally, docker files live in:
 +  usermod -aG docker jsantosa # so we can run it under non-root
 +  [jotasancent@localhost Desktop]$ sudo ls -l /var/lib/docker/
 +  total 56
 +  drwx------. 20 root root  4096 Jul 10 12:50 containers       
 +  drwx------.  5 root root  4096 Mar 29 13:49 devicemapper
 +  /home/jsantosa/.local/share/containers # for podman
 +Show running container:\\
 +  docker ps -a
 +note: PORTS means the TCP ports exposed by the container.
 +
 +Manage Imaged and Containers:
 +  docker ps -a    # running containers
 +  docker images   # stored images
 +  docker search <pattern>  --no-trunc # looks for images in the remote registry and see the description
 +  docker rm -f [container name or ID]
 +  docker rmi [image name or ID]
 +
 +''docker inspect'' allows us to check the container's meta information:
 +  docker run -it ubuntu # start and connect to shell
 +  docker inspect 25b4bff1417c | jq . # to check the instance params without having to connect to it
 +  docker exec -it "id of running container" bash  # connect to shell running container
 +  
 +  
      
 Creating images: Creating images:
Line 72: Line 86:
  
 ---- ----
-DOCKER NETWORK CNM (classical) CNI (Kubernetes)+__**DOCKER NETWORKING**__ CNM (classical) CNI (Kubernetes)
   * driver:   * driver:
     * host     * host
Line 80: Line 94:
       * veth0,1..       * veth0,1..
  
-  podman network create netdev # crates simple bridge network+  docker network create --driver=bridge --subnet=192.168.99.0/24 br0 # crates simple bridge network 
 +  docker run -itd --rm --name C1 --network=br0 busybox  # creates container and connects to that ^ network
  
 [[https://container.training/intro-fullday.yml.html#239 |This]] to assign cnm network to containers and more [[https://container.training/intro-fullday.yml.html#239 |This]] to assign cnm network to containers and more
Line 89: Line 104:
  
  
-----+__IPV6__\\ 
 +{{ :virtualization:docker_networking_deep_dive.pdf |}}\\ 
 +Opposite to ipv4, docker in ipv6 does **not use NAT**. Each container gets its own IP.\\ 
 +For networking, we have two options: 
 +  Every docker container gets /64 and advertises it via BGP. Each container is a bgp speaker 
 +  Each container gets a chunk of the /64. Then we use NDP proxy to discover the containers.
  
-KUBERNETES NOTES:\\ 
virtualization/docker.1614581195.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki