Master Docker: From Basics to Advanced Container Management

1. Overview

1.1 Basic Concepts

Docker is an open‑source application container engine written in Go and released under the Apache 2.0 license. It lets developers package an application and its dependencies into a lightweight, portable container that can run on any Linux host, providing a form of virtualization.

Containers use sandbox isolation, have minimal performance overhead, and behave like independent apps.

1.2 Advantages

Simplify deployment : package and run anywhere, turning days‑long tasks into seconds.

Cost saving : reduces need for expensive hardware; works well with cloud resources.

1.3 Comparison with traditional VMs

Containers start in seconds, versus minutes for VMs.

Much lower resource consumption; thousands of containers can run on a single host.

Simple image distribution via Docker Hub, similar to Git.

Dockerfile enables automated build and deployment.

Containers have near‑native performance and low overhead.

Security features such as namespaces, cgroups, and image signing improve isolation.

Feature

Container

Virtual Machine

Startup speed

Seconds

Minutes

Disk usage

MBs

GBs

Performance

Near native

Below native

Scale per host

Thousands

Dozens

1.4 Architecture

Docker follows a client‑server (C/S) model and uses a remote API to manage containers. Images are the immutable templates from which containers are created; the relationship mirrors class‑object in OOP.

1.5 Core Docker technologies

Namespaces – isolation (user, mnt, network, uts, ipc, pid).

cgroups – resource accounting and limits (cpu, blkio, device, freezer, memory).

UnionFS (aufs/overlayfs) – layered image implementation.

1.6 Docker components

docker client – sends requests to the daemon.

docker daemon – processes requests and manages containers.

docker registry – central image repository.

2. Installation & Deployment

2.1 Prerequisites

Docker runs on 64‑bit CentOS 6.5+ (kernel ≥ 2.6.32‑431) or CentOS 7 (kernel ≥ 3.10).

2.2 Install Docker

yum install docker -y
systemctl start docker
systemctl enable docker

2.3 Basic commands

docker search centos

Use a mirror (e.g., DaoCloud) to accelerate image pulls.

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://d6f11267.m.daocloud.io
echo "{\"registry-mirrors\": [\"http://d6f11267.m.daocloud.io\"]}" > /etc/docker/daemon.json
systemctl restart docker

docker pull docker.io/ansible/centos7-ansible

for i in `docker search centos|awk '!/NAME/{print $2}'`; do docker pull $i; done

docker images

2.4 Common container commands

docker create
docker run
docker stop
docker start
docker restart
docker rm
docker kill
docker attach
docker wait

docker ps
docker ps -a
docker inspect
docker logs
docker events
docker port
docker top
docker diff

docker exec

2.5 Simple practice

docker run -i -t docker.io/1832990/centos6.5 /bin/bash

Options: -t allocate a pseudo‑TTY, -i keep STDIN open, -d run in background, and /bin/bash starts a shell.

2.6 Building images with Dockerfile

Create a Dockerfile and run docker build -t centos6.8:mysqld .. Important directives:

FROM – base image (must be first).

MAINTAINER – author information.

RUN – execute commands during build.

CMD – default command when container starts.

ENTRYPOINT – executable that runs with optional CMD parameters.

USER – set runtime user.

EXPOSE – declare container ports.

ENV – set environment variables.

ADD – copy files or URLs into the image (auto‑extract archives).

VOLUME – define mount points for persistent data.

WORKDIR – set working directory.

2.7 Image import/export

docker save -o centos6.5.tar centos6.5
docker export f9c99092063c > centos6.5.tar
docker load --input centos6.5.tar
docker rm -f <container_id>

3. Storage

3.1 Data volumes

Docker stores images as layered filesystems; a writable layer is added on top of read‑only layers. Use -v /host/path:/container/path to mount host directories, or create a named volume and share it between containers.

docker run -i -t -v /mnt --name nginx docker.io/nginx /bin/bash

3.2 Volume management

docker volume ls
docker volume ls -f dangling=true
docker volume rm <volume_name>
docker rm -v <container_name>

4. Networking

4.1 Bridge network

Docker creates a virtual bridge docker0 on the host; containers attach via a veth pair and receive an IP from the bridge subnet. Port mapping is performed with -p host_port:container_port.

4.2 Host network

Using --net host makes the container share the host’s network namespace, so it uses the host’s IP and ports directly.

4.3 None network

--net none

gives the container its own network namespace but no interfaces; users must configure networking manually.

4.4 Exposing ports

docker run -d -p 80:80 docker.io/nginx

-p without an explicit host port assigns a random high port.