Master Docker: From Basics to Advanced Networking and Deployment

Overview

Docker is an open‑source container engine written in Go and released under the Apache 2.0 license. It lets developers package applications and their dependencies into lightweight, portable containers that can run on any Linux host.

Fundamental concepts

Namespaces : isolate containers; six namespaces (user, mount, network, UTS, IPC, PID).

cgroups : control and monitor resource usage; main subsystems include cpu, blkio, device, freezer, memory.

UnionFS : layered filesystem (e.g., aufs, overlayfs) that underpins image layering.

Installation

Remove conflicting packages before installing Docker:

for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

Install Docker via APT:

# Add Docker's official GPG key
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"$UBUNTU_CODENAME\") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

Basic commands

docker search latest          # search images
sudo docker pull docker.io/ansible/centos7-ansible
sudo docker images            # list local images
docker create                 # create container without starting
docker run                    # create and start
docker stop <id>              # stop container (SIGTERM)
docker start <id>             # start stopped container
docker restart <id>          # restart container
docker rm <id>                # remove container
docker kill <id>             # send SIGKILL
docker attach <id>            # attach to running container
docker exec -it <id> /bin/bash # interactive shell
docker ps                     # list running containers
docker ps -a                  # list all containers
docker inspect <id>           # detailed info
docker logs <id>              # view logs
docker port <id>              # show port mappings
docker top <id>               # show processes
docker diff <id>              # filesystem changes

Dockerfile and image building

Create a Dockerfile with the desired instructions and build the image:

mkdir DockerFile
cd DockerFile
cat > Dockerfile <<EOF
FROM 603dd3515fcc
MAINTAINER Docker xuel
RUN yum install mysql mysql-server -y
RUN mkdir /etc/sysconfig/network
RUN /etc/init.d/mysqld start
EOF
docker build -t "centos6.8:mysqld" .

Note: an image cannot exceed 127 layers. Use ADD to copy files, EXPOSE to declare ports, and CMD to specify the default command.

Networking

Docker creates a virtual bridge docker0 on the host; containers attach to it and receive an IP address from the bridge’s subnet. Docker also creates a veth pair to connect the container’s eth0 to the host bridge.

Bridge network

Default network mode; containers on the same bridge can communicate, while external access requires port mapping via iptables DNAT.

Host network

Containers share the host’s network namespace, using the host’s IP and ports while keeping separate filesystem and process namespaces.

None network

Containers get their own network namespace but no network configuration; users must manually add interfaces and IP addresses.

Port publishing

Use -p hostPort:containerPort to map a host port to a container port, or -p containerPort for random host port assignment.