Master Docker Container Management: Run, Monitor, and Optimize Resources

Run Containers

docker run starts a container. Commands can be specified via CMD, ENTRYPOINT, or directly in the docker run command line.

Running pwd shows / as the current directory. Use docker ps or docker container ls to view running containers.

docker ps -a
docker container -a

These commands list all containers, including stopped ones.

1.1 Keep a Container Running

The container’s lifecycle depends on the command executed at start; as long as that command does not exit, the container stays alive. Use a long‑running command such as:

docker run ubuntu /bin/bash -c "while true;do sleep 1;done"

Add -d to run in background and avoid occupying the terminal.

Container IDs have a long form and a short 12‑character form. You can name a container with --name and refer to it by long ID, short ID, or name.

docker stop xxx   # xxx is ID or name

1.2 Enter a Container

docker attach – attaches to the container’s main process terminal (Ctrl+C stops the container).

docker exec – runs a new process inside the container, e.g.:

docker exec -it <container> bash|sh

attach uses the original terminal; exec creates a new one. Use docker logs -f xxx to follow output.

2. Best Practices for Running Containers

Containers fall into service containers (daemons) and tool containers (temporary environments). Service containers should run with -d; tool containers often use run -it.

3. Stop/Start/Restart Containers

docker stop xxx   # stop by ID or name

docker stop sends SIGTERM; use docker kill for SIGKILL.

docker start xxx   # restart a stopped container

docker restart performs stop then start. Use --restart=always or --restart=on-failure:3 to auto‑restart on failure.

4. Pause/Unpause Containers

docker pause temporarily stops a container’s CPU usage; docker unpause resumes it.

5. Remove Containers

Delete exited containers to free host resources:

docker rm -v $(docker ps -aq -f status=exited)

6. Container State Machine

Typical flow: create → start (docker run combines create and start) → stop → restart. --restart only applies when the main process exits, not when stopped manually.

7. Resource Limits

7.1 Memory

Use -m/--memory to set a memory cap and --memory-swap for memory + swap limit, e.g.:

docker run -m 200M --memory-swap=300M ubuntu

7.2 CPU

Set CPU weight with -c/--cpu-shares (default 1024). Higher weight gets more CPU when contention occurs.

docker run --name containerA -c 1024 ubuntu
docker run --name containerB -c 512 ubuntu

7.3 Block I/O

Control disk bandwidth with --blkio-weight, --device-read-bps, --device-write-bps, etc.

docker run --name containerA -it --blkio-weight 600 ubuntu
docker run --name containerB -it --blkio-weight 300 ubuntu

8. Underlying Technologies

Docker relies on cgroups for resource limiting and namespaces for isolation.

8.1 cgroup

cgroup (control group) configures CPU, memory, and I/O limits; settings appear under /sys/fs/cgroup. Example:

docker run -it --cpu-shares 512 progrium/stress -c 1

8.2 namespace

Linux provides six namespaces (mount, UTS, IPC, PID, network, user) to isolate resources. Each container sees its own filesystem, hostname, IPC mechanisms, process IDs, network interfaces, and user IDs.