Docker Engine
Brief
Docker engine is containerization technology.
Uses:
namespacescgroups
More information in Official documentation
Tips
Clean apt cache in due build process
FROM ubuntu:latest
RUN apt update \
&& apt install -y curl unzip \
&& rm -rf /var/lib/apt/lists/* \
&& apt clean
How to pass secret in build process
💡 That secrets will not be store in an image. Secret will not available after build process.
- Make sure env
DOCKER_BUILDKITdefined. - Secret available in the mounted step others steps cannot reach secret.
$ export DOCKER_BUILDKIT=1
$ docker build --secret id=secretfile,src=<secret_path> .
Other way running as:
$ DOCKER_BUILDKIT=1 docker build --secret id=secretfile,src=<secret_path> .
Example Dockerfile:
FROM ubuntu:latest
RUN --mount=type=secret,id=secretfile,dst=/<home_dir>/.ssh/id_rsa \
git clone git://<target_repo_with_ssh>/<name_of_repo>.git
Save stdout log from container
$ docker logs <container_name> > <filename_log> 2>&1
Check history of image
$ docker history <image_id>
Copy all data from container
$ docker export <container_id> > <name_of_tar>
Check runtime metrics
$ docker stats
Enable full access from container to GuestOS
This is UNSECURE
$ docker run -ti --privilage <image>
Copy images between two different registries
$ docker save <DOCKER_IMAGE> | gzip | pv | DOCKER_HOST=ssh://<username>@<target_host>:<target_port> docker load