Docker Deployment and Management Fundamentals
Prerequisites and Installation
Verify system requirements before procedeing. Docker Engine relies on specific kernel features (Linux 3.10+ for Centos 7).
Environment Verification
# Check kernel version
uname -r
# Confirm OS details
cat /etc/os-release
Setup Process
Access the official documentation for the latest package manager scripts. The following steps apply to RHEL-based systems.
Clean Previous Installations
Remove conflicting versions to ensure a clean state:
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest-logrotate \
docker-logrotate \
docker-engine
Configure Package Manager
Install dependencies and add the official repository mirror (using Alibaba Cloud as an example):
yum install -y yum-utils
# Add configuration repo
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Update cache
yum makecache fast
# Install engine and CLI tools
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Service Management
Initialize the background service:
systemctl start docker
systemctl enable docker
# Verify installation
docker version
# Run a test container
docker run hello-world
# List local repositories
docker images
Uninstallation
To remove all components:
yum remove docker-ce docker-ce-cli containerd.io docker-compose-plugin
rm -rf /var/lib/docker
Architecture Overview
Docker operates on a Client-Server model. The daemon process listens on the host machine, while the client sends requests via socket interfaces. When commands are received, the server executes them directly.
Performance Comparison vs VMs
Unlike Virtual Machines which require a separate Guest OS instance for each workload, Docker containers share the host's kernel. This reduces overhead because there is no need to boot a separate operating system or load unnecessary drivers.
Command Reference
System Information
docker version # View daemon/client versions
docker info # Show system-wide stats including image/container counts
Reference manual: https://docs.docker.com/engine/reference/run/
Image Management
List images stored locally:
docker images
# Options:
# -a : Display all layers
# -q : Quiet mode (IDs only)
Search public registries:
# Filter by rating (stars)
docker search mysql --filter=STARS=3000
Download and Pull:
# Default tag is 'latest'
docker pull nginx
# Specific version
docker pull redis:6.2
Delete images:
# Remove specific ID
docker rmi <image_id>
# Force removal of unused images
docker rmi -f $(docker images -aq)
Container Lifecycle
Create and run new instances:
# Attach interactive shell and detach flag
docker run -it --name ubuntu-shell ubuntu /bin/bash
# Port mapping (Host:Container)
docker run -p 8080:80 httpd
# Random port allocation
docker run -P alpine
List active and historical containers:
# Running only
docker ps
# All states (-a), limit recent (-n), IDs only (-q)
docker ps -a -n 5 -q
Exit strategies:
exit # Stops the container
Ctrl + P + Q # Detaches without stopping (tty mode)
Control processes:
docker stop <id>
docker kill <id> # SIGKILL
docker restart <id>
docker rm -f <id> # Remove forcefully
Diagnostics
View logs in real-time with timestamps:
docker logs -tf --tail 50 <container_id>
Check resource usage statistics:
docker top <container_id>
docker stats
Inspect metadata:
docker inspect <container_id>
Interactive execution inside running containers:
# Exec creates a new shell session
docker exec -it <container_id> /bin/bash
# Attach uses the original TTY stream
docker attach <container_id>
Transfer files between host and container:
# Host -> Container
docker cp ./script.sh <container_id>:/opt/script.sh
# Container -> Host
docker cp <container_id>:/opt/data.tar.gz ./
Data Persistence
Data inside ephemeral containers is lost upon deletion. Volumes allow data to persist outside the container lifecycle.
Mounting Strategies
Bind mount (specific host path):
docker run -v /home/user/project:/data -it ubuntu bash
Anonymous volume (managed by Docker):
docker run -v /data --name db-app postgres
Named volume (preferred for production):
docker run -v vol_data:/data --name mysql-instance mysql:5.7
Read-only access:
docker run -v myvol:/config:ro nginx
Practical Configuration
Ensure sensitive database passwords are passed as environment variables:
docker run -d \
--name prod-db \
-p 3306:3306 \
-e MYSQL_ROOT_PASSWORD=SecRetP@ss \
-v db_data:/var/lib/mysql \
mysql:5.7
Share volumes between containers using --volumes-from:
docker run --volumes-from prod-db --name backup-agent busybox
Building Images
The Dockerfile defines how to build custom layers.
File Structure Example
Each instruction creates a read-only layer.
FROM ubuntu:20.04
MAINTAINER DevTeam
# Set working directory
WORKDIR /app
# Copy dependencies first (better caching)
COPY requirements.txt .
RUN pip install -r requirements.txt
# Copy source code
COPY . .
# Expose ports
EXPOSE 5000
# Startup command
CMD ["python", "main.py"]
Build and Tag
docker build -t my-custom-image:1.0 .
CMD vs ENTRYPOINT
- CMD: Sets default parameters that can be overridden at runtime.
- ENTRYPOINT: Defines the executable; arguments are appended.
Networking Model
Containers communicate through virtual networks isolated from the host interface unless specified otherwise.
Network Modes
- bridge (default): Creates a private internal network.
- host: Shares the host's networking stack.
- none: No external network access.
- container: Uses another container's network namespace.
Custom Networks
Create an isolated subnet for services communication:
docker network create \
--driver bridge \
--subnet 192.168.10.0/24 \
--gateway 192.168.10.1 \
app-net
Attach services to this network:
docker run -d --net app-net --ip 192.168.10.5 redis
This configuration allows inter-container DNS resolution using container names instead of IP addresses.
