Master Docker: From Basics to Advanced Container Management

1. Introduction

Docker originated as an internal project at dotCloud, open‑sourced in March 2013 under the Apache 2.0 license, and is written in Go. It packages applications and their dependencies into lightweight containers, providing a simple interface for creating and destroying containers.

2. Application Scenarios

Automated packaging and deployment of web applications

Continuous integration, testing, and release pipelines

Deploying and scaling databases or other services in a service‑oriented environment

3. Docker vs. Physical Machines vs. Virtual Machines

Physical machine → direct hardware access.

Virtual machine → full OS virtualization with higher overhead.

Docker container → OS‑level isolation, sharing the host kernel, offering higher efficiency.

4. Three Core Docker Concepts and Their Benefits

Image – a read‑only template used to create containers.

Container – a runnable instance of an image with its own isolated filesystem.

Repository – a storage location for images, often hosted on Docker Hub or a private registry.

#1 Higher resource utilization – containers share the host kernel, avoiding the overhead of full OS virtualization. #2 Faster startup – containers start in seconds or milliseconds, unlike virtual machines that need minutes. #3 Consistent runtime environment – images encapsulate all dependencies, eliminating "works on my machine" issues. #4 Continuous delivery – Docker images can be built with Dockerfile and integrated into CI/CD pipelines. #5 Easier migration – identical containers run on physical machines, VMs, public or private clouds without modification.

5. Docker Installation (CentOS 7+)

# install docker
yum install docker
# start docker
systemctl start docker
# verify version
docker version

5.1 Configure a Mirror (DaoCloud)

Accelerate image pulls in China by adding a mirror:

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://95822026.m.daocloud.io

5.2 Basic Docker Commands

Run docker --help for a full list. Common commands include:

docker run -d centos /bin/sh -c "while true; do echo running; sleep 1; done"
docker ps
docker logs -f <container>
docker exec -it <container> /bin/bash

5.3 Starting Containers

Two typical ways:

# 1. Run in background
docker run -d centos /bin/sh -c "while true; do echo running; sleep 1; done"
# 2. Interactive bash
docker run --name mydocker -it centos /bin/bash

5.4 Creating a Custom Image (Commit)

# start an interactive container
docker run -it centos
# install vim inside the container
yum install -y vim
exit
# list containers
docker container ls -a
# commit the container as a new image
docker commit <container_id> myrepo/centos-vim
# verify the new image
docker images

5.5 Exposing Containers to the Outside World

Use -p or -P to map host ports to container ports:

# random host port mapping
docker run -d -P training/webapp python app.py
# specific port mapping
docker run -d -p 9000:5000 training/webapp python app.py

5.6 Dockerfile Customization

A Dockerfile is a plain‑text script that defines each layer of an image.

FROM centos
LABEL version="1.0" maintainer="[email protected]"
RUN yum update && yum install -y vim python-devel \
    && rm -rf /var/cache/yum
WORKDIR /app
COPY . /app
EXPOSE 8080
CMD ["python", "app.py"]

Key instructions:

FROM – base image.

LABEL – metadata.

RUN – execute commands, creating a new layer.

WORKDIR – set working directory.

COPY / ADD – add files (COPY is preferred; ADD can also extract archives).

ENV – define environment variables.

EXPOSE – document which ports the container listens on.

CMD – default command when the container starts.

ENTRYPOINT – forces a command to run, often combined with a wrapper script.

5.7 Publishing Images

Public registry (Docker Hub):

docker login
docker tag myimage username/myimage
docker push username/myimage

Private registry:

# pull the registry image
docker pull registry
# run a private registry on port 5000
docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry
# configure Docker daemon to allow insecure HTTP
cat > /etc/docker/daemon.json <<EOF
{
  "insecure-registries": ["192.168.11.37:5000"]
}
EOF
systemctl daemon-reload
systemctl restart docker
# tag and push an image to the private registry
docker tag myimage 192.168.11.37:5000/myimage
docker push 192.168.11.37:5000/myimage

5.8 End‑to‑End Example: Flask Application

Project structure:

# app.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
    return "hello docker"
if __name__ == '__main__':
    app.run(host='0.0.0.0', port=8080)

# Dockerfile
FROM python:2.7
LABEL maintainer="Warm and new"
RUN pip install flask
COPY app.py /app/
WORKDIR /app
EXPOSE 8080
CMD ["python", "app.py"]

Build, run, and push the image:

docker build -t peng104/flask-hello-docker .
docker run -d -p 8080:8080 peng104/flask-hello-docker
# push to private registry
docker tag peng104/flask-hello-docker 192.168.11.37:5000/peng-flaskweb
docker push 192.168.11.37:5000/peng-flaskweb