The-Ramadhan

Docker Container

#docker#container

Container are runtime constructs. Container run from an image.

Docker creates containers by taking OS resources and creating a virtual version of those resources and packaging it as a container so that it looks like a regular OS.

Container engine like docker is performs OS-level Virtualization.

A container is lighter than a VM because it runs on the same OS as the host. No OS on each container like VM does. It makes container start faster than VM.

Read/Write Layer

All layers that build an image is immutable. When run a container from an image, every container got a thin read/write layer on top of these immutable layers. When read/write layer need read access to a file, docker search through all layer from top to bottom and just uses the existing files. First time read/write layer need to modify the file, it copy the file to the read/write layer before any modification. Modification is happen in read/write layer. The original layer that build an image remains unchanged. This read/write layer is deleted when container removed.

The strategy above is called copy-on-write (CoW). This strategy also used when a layer want to modify file from layer below it on build process.

Running a Container

To run a container use docker run [opts...] <image_repo>:<tag> command.

Tag is optional when running a container, docker will assume latest if not specified.

The docker run command accept several options:

  • -d to detach container from terminal and run in the background
  • -p to map container port to host port
  • -e set environment variables inside container
  • --name give container a name (if not specified, docker will generate random name)
  • etc.

The command is equal to docker container run command.

Start App in Container

Three way to start app inside container:

  • Entrypoint instruction
    • Use to specify executable
    • Cannot be overridden by CLI command
    • Can be overridden by --entrypoint option flag
    • CLI command will be pass as argument to Entrypoint
  • Cmd instruction
    • Use to specify default command
    • Can be overridden by CLI command
  • CLI Command
    • Passes when executing docker run command
    • docker run [opts...] <image> <command>

Dockerfile must have at least one of Entrypoint or Cmd instruction.

Connecting to Container

There’s two way to connect to a running container, both using docker exec command:

  • Interactive
    • append -it flag to the command to attach interactive tty to the container.
    • Ex: docker exec -it redis bash
      • bash here is the command, it means we attach new bash session in the container.
  • Remote execution
    • not using it flag with the command
    • we send command to container and printout the output to local terminal
    • Ex: docker exec redis redis-cli SET healthcheck healthy
      • redis-cli SET healthcheck healthy command will be executed inside the container and local terminal will receive the return value, in this case OK.

Container Process

In most cases, containers run only a single process (referred to as the main process) with PID 1, and it is visible from the docker host with a different PID.

To directly attach to main process, use docker attach command. To exit session without kill the main process (if shor bash is the main process) use ctrl+PQ.

If the container’s main process is killed, it also kills the container (stop the container).

Inspect Command

The docker inspect command return information about specific docker object. Use docker container inspect to specifically use the command for requesting information about one or more containers.

When using the docker inspect command on a container, we can obtain information such as the container status, port mapping, container network, Entrypoint and/or Cmd, and container volume or mount.

Stop, Restart, and Delete Container

Stop container using docker stop command. It will take up to 10 seconds to stop gracefully by sending SIGTERM to container’s PID 1. After 10 seconds it will send SIGKILL to stop the container immediately. Restart container using docker restart command.

Stop and restart container doesn’t delete read write layer.

Remove container with docker rm command. It doesn’t allow app the usual 10-second grace period to flush buffers and gracefully quit. Add -f or --force flag to force remove a running container.

To delete all containers, run or stop, use docker rm $(docker ps -aq) -f.

Restart Policy

Restart policy is a self healing mechanism that allow docker engine to restart a failed container. Restart policy are set per container.

Docker support 4 restart policy:

  • no (default)
  • on-failure
    • restart scenario:
      • Non-Zero Exit Code
      • Docker Daemon Restart (even when container in stopped state)
  • always
    • restart scenario:
      • Non-Zero Exit Code
      • Zero Exit Code
      • Docker Daemon Restart (even when container in stopped state)
  • unless-stopped
    • restart scenario:
      • Non-Zero Exit Code
      • Zero Exit Code

Restart policy specify in docker run command using --restart flag.