Mohammad's Blog

Docker Advance

Md Nur Mohammad's photo
Md Nur Mohammad
·

5 min read

Table of contents

Docker Compose

Docker Compose is a tool that helps you define and share multi-container applications. With Compose, you can create a YAML file to define the services, and with a single command, you can spin everything up or tear it all down. Automate the containers.

  • First, install Docker Compose with the following command:
sudo apt-get install docker-compose
  • Sample docker-compose file: vim docker-compose.yaml
vim docker-compose.yaml

Now Write a Docker Compose file. A sample file is below.

version: '3.9'
services:
    web:
       build: .
       ports:
          - 8001:8001
    db:
      image: mysql:5.7
      ports:
          - 3306:3306
     environment:
         MYSQL_ROOT_PASSWORD: 'test@1234'
  • Now run this YAML file.
docker-compose up
  • Stop all Docker containers that are created by the docker-compose file.
docker-compose down
  • Docker composes files with a volume.
version: '3.9'
services:
    web:
       conatiner_name: 'django-app'
       build: .
       ports:
          - 8001:8001
       volumes:
          - django_todo_volume:/app
    db:
      container_name: 'mysql-ctr'
      image: mysql:5.7
      ports:
          - 3306:3306
     environment:
         MYSQL_ROOT_PASSWORD: 'test@1234'
volumes:
    django_todo_volume:

version: '3'
services:
  web:
    image: nginx
    ports:
      - "80:80"
  db:
    image: mysql
    environment:
      MYSQL_ROOT_PASSWORD: example

docker-compose up -d
docker-compose up --scale web=3

Docker in Production

Docker Security Best Practices

  • Avoid running containers as root

  • Use signed images to prevent tampering

  • Set resource limits using --memory and --cpu

      docker run --memory="256m" --cpus="1.0" ubuntu

  • Scanning images for vulnerabilities:

      docker scan <image-name>

  • Use Docker Content Trust (DCT) to verify signed images.

Advanced Docker Functions

1. Docker Compose

Docker Compose is a tool for defining and managing multi-container Docker applications. It allows you to use a YAML file (docker-compose.yml) to define the services, networks, and volumes that make up your application, simplifying deployment and management.

  • Key Features:

    • Define multiple services in a single file.

    • Control the startup order of services.

    • Manage networks and volumes.

    • Scale services up or down with a single command.

  • Example docker-compose.yml File:

      version: '3.8'

  services:
    web:
      image: nginx
      ports:
        - "8080:80"
    app:
      image: my-app-image
      depends_on:
        - db
    db:
      image: postgres
      environment:
        POSTGRES_USER: user
        POSTGRES_PASSWORD: password

  • Run with:

      docker-compose up -d

2. Docker Networking

Docker has a powerful networking model that allows containers to communicate with each other and the outside world. Docker provides several network drivers to support various use cases:

  • Bridge Network (Default for standalone containers): Allows containers to communicate on the same host.

  • Host Network: Removes network isolation between the container and the Docker host. Useful for performance-critical applications.

  • Overlay Network: Used for multi-host communication; essential for Docker Swarm or Kubernetes clusters.

  • Creating a Custom Network:

      docker network create my_custom_network
  docker run -d --network=my_custom_network --name myapp nginx

  docker network ls   #To see network created or not

3. Docker Volumes

Docker volumes are used to persist data generated or used by Docker containers. They offer several advantages over bind mounts, such as ease of backup, portability, and better performance.

  • Named Volumes:

      docker volume create my_data_volume
  docker run -d --name myapp -v my_data_volume:/var/lib/mydata nginx
  docker volume ls

  • Anonymous Volumes:

      docker run -d --name myapp -v /var/lib/mydata nginx

4. Docker Swarm Mode

Docker Swarm is Docker’s native clustering and orchestration tool. It allows you to turn multiple Docker hosts into a single, virtual Docker host, enabling container orchestration, scaling, and management across a cluster.

  • Key Features:

    • Easy setup and configuration.

    • Built-in load balancing.

    • Rolling updates and service scaling.

  • Initialize a Swarm:

      docker swarm init

  • Deploy a Service in Swarm Mode:

      docker service create --replicas 3 --name myservice nginx

5. Docker BuildKit

BuildKit is a modern build system for Docker that offers improved performance, better caching, and advanced features like build secrets and multi-stage builds.

  • Enable BuildKit:

      export DOCKER_BUILDKIT=1
  docker build -t myapp .

  • Use Multi-Stage Builds:

      # Stage 1: Build the application
  FROM golang:1.16-alpine AS build
  WORKDIR /app
  COPY . .
  RUN go build -o myapp

  # Stage 2: Create a lightweight runtime image
  FROM alpine:latest
  WORKDIR /app
  COPY --from=build /app/myapp .
  CMD ["./myapp"]

6. Docker Secrets

Docker Secrets is a feature that allows you to securely store and manage sensitive data, such as passwords, API keys, and TLS certificates, for use by Docker services.

  • Create a Secret:

      echo "my_secret_password" | docker secret create my_secret_password -

  • Use Secrets in a Docker Swarm Service:

      version: '3.8'

  services:
    db:
      image: postgres
      secrets:
        - my_secret_password

  secrets:
    my_secret_password:
      external: true

7. Docker Registries and Repositories

Docker Registries (like Docker Hub or a self-hosted registry) store Docker images that can be shared, managed, and accessed by others.

  • Running a Private Docker Registry:

      docker run -d -p 5000:5000 --name registry registry:2

  • Push and Pull Images from Your Private Registry:

      docker tag myapp localhost:5000/myapp
  docker push localhost:5000/myapp
  docker pull localhost:5000/myapp

8. Docker Health Checks

Health checks are used to determine whether a container is healthy and functioning correctly. Docker will periodically execute a command within the container to check its status.

  • Define a Health Check in a Dockerfile:

      FROM nginx
  HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -f http://localhost/ || exit 1

9. Docker Resource Limits

Docker allows you to set resource limits (such as CPU and memory) for containers, which is useful for managing the resources available to each container and preventing a single container from consuming too many resources.

  • Set CPU and Memory Limits:

      docker run -d --name myapp --cpus="1.5" --memory="512m" nginx

10. Docker Logging and Monitoring

Docker provides built-in logging drivers to collect, store, and manage log output from your containers. You can also use tools like the ELK stack, Prometheus, and Grafana for monitoring and observability.

  • Set Logging Options:

      docker run --log-driver json-file --log-opt max-size=10m --log-opt max-file=3 nginx

Summary of Advanced Docker Functions

  • Docker Compose: Orchestrate multi-container applications.

  • Docker Networking: Create custom networks for container communication.

  • Docker Volumes: Persist and manage data outside containers.

  • Docker Swarm Mode: Cluster and orchestrate containers.

  • Docker BuildKit: Optimize and enhance the build process.

  • Docker Secrets: Securely manage sensitive data.

  • Docker Registries: Store and manage Docker images.

  • Docker Health Checks: Monitor the health of your containers.

  • Docker Resource Limits: Control CPU and memory usage.

  • Docker Logging and Monitoring: Log and monitor container performance.

These advanced functions allow you to efficiently manage and scale complex applications in a production environment. Would you like more details on any specific feature?

######### THE END

DockerDocker composeDockerfiledocker imagesdocker-networkDocker Volumes