Master Docker: From Basics to Advanced Deployment and Networking

Overview

1.1 Basic Concepts

Docker is an open‑source application container engine written in Go and released under the Apache 2.0 license.

Docker lets developers package an application and its dependencies into a lightweight, portable container that can run on any popular Linux host, effectively providing virtualization.

Containers use sandbox isolation, have minimal performance overhead, and do not share interfaces with each other.

1.2 Advantages

Simplify Development : Docker packages applications and dependencies into a portable container, enabling rapid virtualization. Tasks that previously took days can now be completed in seconds.

Cost Savings : With cloud computing, developers no longer need expensive hardware for high performance; Docker reduces hardware costs and improves cloud resource utilization.

1.3 Comparison with Traditional VMs

Docker containers are lightweight virtualized environments with the following benefits over VMs:

Fast start/stop in seconds.

Low resource consumption; thousands of containers can run on a single host.

Simple image distribution using Git‑like commands.

Automated creation and deployment via Dockerfile.

Minimal additional system overhead.

Strong isolation with security options and image signing.

Feature

Container

Virtual Machine

Startup Speed

Seconds

Minutes

Disk Usage

MB

GB

Performance

Near native

Weaker than native

Scale per Host

Thousands of containers

Dozens of VMs

1.4 Architecture

Docker follows a client‑server (C/S) model and uses a remote API to manage containers.

Containers are created from Docker images; the relationship mirrors classes (images) and objects (containers) in object‑oriented programming.

1.5 Core Docker Technologies

Namespace – isolation foundation; six namespaces: user, mnt, network, uts, ipc, pid.

cgroups – resource accounting and isolation (cpu, blkio, device, freezer, memory).

unionfs – layered image implementation (aufs/overlayfs).

1.6 Docker Components

docker client – sends requests to the Docker daemon (create, stop, remove containers, etc.).

docker daemon – processes all requests and manages containers.

docker registry – central repository for images, similar to a binary SCM.

2 Installation & Deployment

2.1 Prerequisites

Docker runs on 64‑bit CentOS 7 with kernel version 3.10 or newer. It also supports CentOS 6.5+ with kernel 2.6.32‑431 or newer.

2.2 Install Docker

yum install docker -y          # install
systemctl start docker         # start
systemctl enable docker        # enable at boot

2.3 Basic Commands

docker search centos   # search images

By default the pull speed from overseas registries is slow; you can configure a mirror with Daocloud.

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://d6f11267.m.daocloud.io
# write mirror config
echo "{\"registry-mirrors\": [\"http://d6f11267.m.daocloud.io\"]}" > /etc/docker/daemon.json
systemctl restart docker

Pull an image as needed: docker pull docker.io/ansible/centos7-ansible Pull all images returned by a search:

for i in `docker search centos|awk '!/NAME/{print $2}'`; do docker pull $i; done

List local images:

docker images

2.4 Command Reference

Container operations:

docker create   # create without starting
docker run      # create and start
docker stop     # stop (SIGTERM)
docker start    # start stopped container
docker restart  # restart container
docker rm       # remove container
docker kill     # send SIGKILL
docker attach   # attach to running container
docker wait     # block until container stops

Inspect container information:

docker ps          # list running containers
docker ps -a       # list all containers
docker inspect    # detailed info
docker logs        # view stdout/stderr
docker events      # real‑time events
docker port        # show port mappings
docker top          # show processes
docker diff        # show filesystem changes

Export and import images:

docker save -o centos6.5.tar centos6.5
docker export f9c99092063c > centos6.5.tar
docker load --input centos6.5.tar
docker load < centos6.5.tar

2.5 Simple Practice

Run and enter a container:

docker run -i -t docker.io/1832990/centos6.5 /bin/bash

-t allocate a pseudo‑terminal.

-i keep STDIN open for interaction.

-d run container in background.

/bin/bash starts a Bash shell inside the container.

Commit changes to a new image:

docker ps -l               # get container ID
docker commit -m "feature" -a "author" ID tag   # create new image

2.6 Dockerfile Details

Dockerfile instructions are case‑insensitive; comments start with #. Each line contains a single instruction, which may have multiple arguments.

Instructions are divided into build instructions and setting instructions.

FROM – specify base image (must be first).

MAINTAINER – author information.

RUN – execute commands during image build.

CMD – default command when container starts (only last CMD is used).

ENTRYPOINT – executable that runs when container starts; can be combined with CMD for default parameters.

USER – set user for container processes (default root).

EXPOSE – declare ports the container listens on.

ENV – set environment variables.

ADD – copy files/directories into the image (supports URL and auto‑extract of archives).

VOLUME – define mount points for persistent storage.

WORKDIR – change working directory for subsequent instructions.

Example Dockerfile:

FROM 603dd3515fcc
MAINTAINER Docker xuel
RUN yum install mysql mysql-server -y
RUN mkdir /etc/sysconfig/network
RUN /etc/init.d/mysqld start
EOF

docker build -t "centos6.8:mysqld" .

Note: an image cannot exceed 127 layers. Use ADD to copy files, EXPOSE to open ports, and CMD to define the default process.

2.7 Image Import/Export

Export an image to a file:

docker save -o centos6.5.tar centos6.5
# or
docker export f9c99092063c > centos6.5.tar

Import an image from a file:

docker load --input centos6.5.tar
# or
docker load < centos6.5.tar

Remove containers (add -v to also delete associated volumes):

docker rm -v newnginx

3 Storage

3.1 Data Volumes

Docker images consist of layered read‑only filesystems; a writable layer is added on top for each container. Data volumes persist beyond container removal.

docker run -i -t -v /mnt --name nginx docker.io/nginx /bin/bash

-v mount host directory into container.

Mount a host directory to a container path:

docker run -d -p 80:80 --name nginx -v /webdata/wordpress:/usr/share/nginx/html docker.io/sergeyzh/centos6-nginx

3.2 Data Containers

Create a data‑only container and share its volume with other containers:

docker create -v /mnt -it --name newnginx docker.io/nginx /bin/bash
docker run --volumes-from newnginx --name nginx1 -it docker.io/nginx /bin/bash

3.3 Volume Management

docker volume ls                     # list volumes
docker volume ls -f dangling=true    # list unused volumes
docker volume rm VOLUME_NAME          # remove a volume

4 Networking

Docker provides several network drivers that determine how containers communicate with each other and the outside world.

docker network ls   # list networks

4.1 Bridge (default)

Containers are attached to a virtual bridge docker0. They receive an IP from the bridge subnet and can communicate with each other; external access requires port mapping via iptables DNAT.

4.2 Host

Containers share the host’s network namespace, using the host’s IP and ports while keeping isolated filesystem and processes.

4.3 None

Containers get a network namespace but no network configuration; you must manually add interfaces and IPs, achieving full isolation.

4.4 Port Mapping

Expose container ports to the host:

docker run -d -p 80:80 docker.io/sergeyzh/centos6-nginx   # map host 80 to container 80

-p maps a host port to a container port (random high port if only container port is given).

4.5 Inspecting IP Addresses

for i in `docker ps | grep -v "CONTAINER" | awk '{print $1}'`; do docker inspect $i | grep 'IPAddress'; done

Use docker inspect to view detailed network settings for a specific container.