Master Docker: From Basics to Advanced Deployment and Networking

Overview

Basic Concepts

Docker is an open‑source application container engine written in Go and released under the Apache 2.0 license.

It enables developers to package applications and their dependencies into lightweight, portable containers that can run on any popular Linux host, effectively providing virtualization.

Containers use sandbox isolation, have minimal performance overhead, and behave similarly to iPhone apps.

Advantages

Simplify Deployment : Developers can package applications and dependencies into a portable container and run it on any Linux machine, achieving virtualization.

Docker dramatically reduces the time required for tasks that previously took days or weeks to seconds.

Cost Savings : In the cloud era, developers no longer need expensive hardware to achieve high performance.

Docker integrates with cloud platforms, maximizing resource utilization and changing the traditional virtualization model.

Comparison with Traditional VMs

Docker containers offer significant benefits compared with conventional virtual machines:

Fast start/stop in seconds.

Low resource consumption; thousands of containers can run on a single host.

Simple image distribution via Git‑like commands.

Automation through Dockerfile.

Minimal additional system overhead.

Strong isolation using Linux security mechanisms, image signing, and security options since version 1.3.

Feature Comparison Table

Feature

Container

Virtual Machine

Startup Speed

Seconds

Minutes

Disk Usage

MBs

GBs

Performance

Near native

Below native

Scale per Host

Thousands

Dozens

Basic Architecture

Docker follows a client‑server (C/S) model and uses a remote API to manage containers.

Containers are created from Docker images, analogous to objects instantiated from classes in object‑oriented programming.

Fundamental Docker Technologies

Namespace – the foundation of container isolation; six namespaces: user, mnt, network, uts, ipc, pid.

cgroups – resource accounting and isolation; subsystems include cpu, blkio, device, freezer, memory.

unionfs – layered file system (e.g., aufs, overlayfs) that underpins image layering.

Docker Components

docker client – sends requests (create, stop, destroy, etc.) to the Docker daemon.

docker daemon (server) – processes all Docker requests and manages containers.

docker registry – central repository for images, similar to a binary SCM.

Installation & Deployment

Prerequisites

Docker runs on CentOS 7 (64‑bit kernel ≥ 3.10) or CentOS 6.5+ (kernel ≥ 2.6.32‑431).

Install Docker

yum install docker -y          # install
systemctl start docker         # start
systemctl enable docker        # enable at boot

Basic Commands

docker search centos   # search images

Because pulling from overseas registries can be slow, you can configure a mirror:

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://d6f11267.m.daocloud.io
# write mirror config
echo "{\"registry-mirrors\": [\"http://d6f11267.m.daocloud.io\"]}" > /etc/docker/daemon.json
systemctl restart docker              # restart

Pulling Images

docker pull docker.io/ansible/centos7-ansible

Pull all images returned by a search:

for i in `docker search centos|awk '!/NAME/{print $2}'`;do docker pull $i;done

List local images:

docker images

Container Operations

docker create               # create without starting
docker run                  # create and start
docker stop                  # stop (SIGTERM)
docker start                 # start a stopped container
docker restart               # restart
docker rm                     # remove container
docker kill                  # send SIGKILL
docker attach                 # attach to a running container
docker wait                   # block until container stops

Inspect container information:

docker ps               # list running containers
docker ps -a            # list all containers
docker inspect          # detailed info
docker logs             # view stdout/stderr
docker events           # real‑time events
docker port             # port mappings
docker top              # processes inside container
docker diff             # filesystem changes

Running a Container Interactively

docker run -i -t docker.io/1832990/centos6.5 /bin/bash

-t allocates a pseudo‑TTY.

-i keeps STDIN open for interaction.

-d runs the container in the background.

/bin/bash starts a Bash shell inside the container.

Committing Changes

docker ps -l                     # get container ID
docker commit -m "feature" -a "author" ID tag   # create a new image from the container

Dockerfile Basics

Create a Dockerfile with the required instructions and build an image:

mkdir DockerFile
cd DockerFile
cat > Dockerfile <<EOF
FROM 603dd3515fcc
MAINTAINER Docker xuel
RUN yum install mysql mysql-server -y
RUN mkdir /etc/sysconfig/network
RUN /etc/init.d/mysqld start
EOF

docker build -t "centos6.8:mysqld" .

-t specifies repository and tag.

. denotes the Dockerfile location.

Note: An image cannot exceed 127 layers. Use ADD to copy files, EXPOSE to open ports, and CMD to define the default command (e.g., CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"] ).

Dockerfile Instruction Types

FROM – base image (must be first).

MAINTAINER – author information.

RUN – execute commands during build.

CMD – default command when container starts (only the last CMD is used).

ENTRYPOINT – executable that runs and can receive parameters; works with CMD for default args.

USER – set the user for container processes.

EXPOSE – declare ports the container listens on.

ENV – set environment variables.

ADD – copy files/directories (or URLs) into the image; can auto‑extract archives.

VOLUME – define mount points for persistent storage.

WORKDIR – change working directory for subsequent instructions.

Storage

Data Volumes

Docker images consist of read‑only layers; a writable layer is added on top for each container. Data placed in a volume persists even after the container is removed.

docker run -i -t -v /mnt --name nginx docker.io/nginx /bin/bash

-v mounts a host directory into the container.

Mount a host directory into a container:

docker run -d -p 80:80 --name nginx -v /webdata/wordpress:/usr/share/nginx/html docker.io/sergeyzh/centos6-nginx

-d runs in background.

--name assigns a name.

-v host_dir:container_dir mounts the directory.

-p host_port:container_port maps ports.

Data Containers

Create a data‑only container and share its volume with other containers:

docker create -v /mnt -it --name newnginx docker.io/nginx /bin/bash
docker run --volumes-from newnginx --name nginx1 -it docker.io/nginx /bin/bash

Additional containers using --volumes-from newnginx can see the same files.

Volume Management

Docker does not delete volumes when a container is removed. List and remove unused volumes:

docker volume ls                    # list volumes
docker volume ls -f dangling=true    # list dangling volumes
docker volume rm VOLUME_NAME        # remove a volume
# Remove a container and its volume together
docker rm -v newnginx

Networking

Bridge Network

By default containers attach to the docker0 bridge, which provides layer‑2 connectivity between containers and the host. Port forwarding is implemented with iptables DNAT rules.

Host Network

When a container runs with --net host, it shares the host’s network namespace, using the host’s IP and ports while keeping isolated filesystem and processes.

None Network

With --net none, the container has its own network namespace but no network configuration; you must manually add interfaces if needed.

Port Mapping

Expose container services to the outside world using -p:

docker run -d -p 80:80 docker.io/sergeyzh/centos6-nginx   # map host port 80 to container port 80

Use docker port CONTAINER_ID to view the mapping.