Administration

Context

docker context ls
Show created contexts (list of Docker sockets).

docker context use myRemoteContext
Switch to a Docker context.

docker context create myRemoteContext --docker "host=ssh://my.remote.docker.ip"
Create a remote context (connect via ssh to execute Docker commands).

Monitoring

docker ps
Show running containers.

docker ps -a
Show all containers.

docker stats
Stats about running containers.

docker volume ls
Show volumes.

Images

Basis

docker images
Show images locally available.

docker pull registryImage
Pull image from an image registry.

docker pull registryImage:imageTag
Pull specific tag of an image an image registry.

docker rmi myImage
Remove the local image.

Layers

docker image history myImage
Show image layers.

docker image history myImage --no-trunc --format json | tac | jq -r '.CreatedBy'
Show image layers commands.

Create

docker build path/to/Dockerfile -t myUser/myImageName:myVersion
Create an image from a Dockerfile.

docker diff myContainer
Show differences between an image and a container created from this image.

docker commit myContainer myNewImage
Save the current state of a container into a new image.

docker save myImage > /path/myImage.tar
Export an image (archive).

docker load -i /path/myImage.tar
Import an image (form archive).

Containers

Create

docker create myImage
Create a new container.

docker run myImage myCommand
Run a command in new container.

Manage

docker rename myContainer myContainerNewName
Rename container.

docker start myContainer
Start the container.

docker pause myContainer
Pause the container.

docker stop myContainer
Stop the container.

docker rm myContainer
Remove the container.

Interact

docker exec myCommand myContainer
Run the command in a running container.

docker exec -it /bin/bash myContainer
Run Bash in interactive mode in a running container.

docker cp myFile.txt myContainer:/path/to/destination
Copy a file from host to the container.

docker cp myContainer:/path/to/source myFile.txt
Copy a file form the container to the host.

Flags

--name myContainer
Give a name to the container.

-d
Detached Mode (run in background).

-it
Keep stdin open (to use it like a shell).

--rm
Remove the container when it is stopped.

-p 1212:1212
Map ports (host:container).

-v /myHostFolder:/myContainerFolder
Map a folder between the host and the container.

--read-only
Makes the container's root file system read-only.

--security-opt=no-new-privileges
Prevents processes inside the container from gaining new privileges during execution (security measure against privilege escalation).

--cap-drop=ALL
Start the container without capabilities.

--cap-add=SYS_NICE
Capability for scheduling (required for GPU scheduling?).

--cpus=2
Set CPU limit.

--gpu all
Set GPU limits (syntax allows for more detailed control than CPU).

--memory=4g
Set RAM limit.

--memory-swap=4g
Set Swap limit.

Tips

Access Container File System

CONTAINER_PID=$(docker inspect -f '{{.State.Pid}}' myContainer)
Get container's PID.

nsenter --target $CONTAINER_PID --mount ls /
Run ls in the container's file system.