178 lines
8.8 KiB
Markdown
178 lines
8.8 KiB
Markdown
Here’s a **no-nonsense Docker CLI guide** focused on the **20% of commands that deliver 80% of the value** for senior engineers, with real-world examples and troubleshooting tips:
|
||
|
||
---
|
||
|
||
# **Docker CLI: The Senior Engineer’s Cheat Sheet**
|
||
**Goal:** Master Docker’s command-line interface for **debugging, optimization, and orchestration**.
|
||
|
||
---
|
||
|
||
## **1. Core Commands (The Essentials)**
|
||
| **Command** | **What It Does** | **Key Flags** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker run` | Start a container | `-d` (detached), `-p 80:80` (port map) |
|
||
| `docker ps` | List running containers | `-a` (show stopped) |
|
||
| `docker exec -it` | Run a command in a running container | `-it` (interactive TTY) |
|
||
| `docker logs` | View container logs | `-f` (follow), `--tail 100` |
|
||
| `docker stop` / `docker rm` | Stop or remove a container | `-f` (force remove running) |
|
||
|
||
**Pro Tip:**
|
||
- Use `docker run --rm` to **auto-remove containers** after they exit (great for testing).
|
||
|
||
---
|
||
|
||
## **2. Image Management**
|
||
| **Command** | **What It Does** | **Key Flags** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker build` | Build an image from a Dockerfile | `-t my-image:tag` (tag image) |
|
||
| `docker images` | List local images | `-q` (quiet, just IDs) |
|
||
| `docker pull` | Download an image from a registry | `--platform linux/amd64` |
|
||
| `docker push` | Upload an image to a registry | |
|
||
| `docker image prune` | Delete unused images | `-a` (remove all dangling) |
|
||
|
||
**Critical Knowledge:**
|
||
- **Image Layers**: Each `RUN`, `COPY`, etc., in a Dockerfile creates a layer (cacheable).
|
||
- **Multi-Platform Builds**:
|
||
```bash
|
||
docker buildx build --platform linux/amd64,linux/arm64 -t my-image:multiarch .
|
||
```
|
||
|
||
---
|
||
|
||
## **3. Networking & Ports**
|
||
| **Command** | **What It Does** | **Example** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker network ls` | List networks | |
|
||
| `docker network inspect` | Show network details (IPs, gateways) | `docker network inspect bridge` |
|
||
| `docker port` | List port mappings | `docker port my-container` |
|
||
| `docker run --network` | Attach to a specific network | `--network host` (host mode) |
|
||
|
||
**Key Concepts:**
|
||
- **Bridge Network**: Default (NAT’d containers).
|
||
- **Host Network**: Bypasses Docker networking (faster, less secure).
|
||
- **Overlay Network**: For multi-host Swarm/Kubernetes.
|
||
|
||
---
|
||
|
||
## **4. Storage & Volumes**
|
||
| **Command** | **What It Does** | **Example** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker volume ls` | List volumes | |
|
||
| `docker volume create` | Create a named volume | `docker volume create my-vol` |
|
||
| `docker run -v` | Mount a volume or bind mount | `-v /data:/app/data` |
|
||
| `docker cp` | Copy files between host/container | `docker cp my-container:/file .` |
|
||
|
||
**Pro Tips:**
|
||
- **Named Volumes**: Managed by Docker (best for databases).
|
||
- **Bind Mounts**: Link to host dir (great for development):
|
||
```bash
|
||
docker run -v $(pwd):/app my-image
|
||
```
|
||
|
||
---
|
||
|
||
## **5. Debugging & Troubleshooting**
|
||
| **Command** | **What It Does** | **When to Use** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker stats` | Live resource usage (CPU/mem/IO) | Identify resource hogs |
|
||
| `docker top` | View processes inside a container | Debug hung processes |
|
||
| `docker inspect` | Low-level container/image details | Find IPs, volumes, configs |
|
||
| `docker events` | Real-time Docker daemon events | Audit container lifecycles |
|
||
| `docker system df` | Show disk usage (images, containers, volumes) | Cleanup decisions |
|
||
|
||
**Critical Flags for `docker inspect`:**
|
||
```bash
|
||
docker inspect -f '{{.NetworkSettings.IPAddress}}' my-container # Get container IP
|
||
docker inspect -f '{{.LogPath}}' my-container # Find log file path
|
||
```
|
||
|
||
---
|
||
|
||
## **6. Cleanup & Maintenance**
|
||
| **Command** | **What It Does** | **Nuclear Option** |
|
||
|--------------------------------------|--------------------------------------------------|-----------------------------------|
|
||
| `docker container prune` | Remove stopped containers | |
|
||
| `docker image prune` | Remove dangling images | `-a` (remove all unused) |
|
||
| `docker system prune` | Remove **everything** unused | `--volumes` (include volumes) |
|
||
|
||
**Warning:**
|
||
- `docker system prune --all --volumes` **deletes all unused images, containers, and volumes** (use with caution!).
|
||
|
||
---
|
||
|
||
## **7. Docker Compose (Bonus)**
|
||
| **Command** | **What It Does** |
|
||
|--------------------------------------|--------------------------------------------------|
|
||
| `docker-compose up` | Start services defined in `docker-compose.yml` |
|
||
| `docker-compose down` | Stop and remove services |
|
||
| `docker-compose logs` | View aggregated logs |
|
||
| `docker-compose exec` | Run a command in a service container |
|
||
|
||
**Pro Tip:**
|
||
- Use `docker-compose --profile` to enable/disable services (e.g., dev vs. prod):
|
||
```yaml
|
||
services:
|
||
redis:
|
||
profiles: ["prod"]
|
||
```
|
||
|
||
---
|
||
|
||
## **8. Real-World Scenarios**
|
||
### **1. Debug a Crashing Container**
|
||
```bash
|
||
docker logs -f my-container # Check logs
|
||
docker exec -it my-container sh # Shell into it
|
||
docker inspect my-container # Check exit code
|
||
```
|
||
|
||
### **2. Simulate Out-of-Memory (OOM) Killer**
|
||
```bash
|
||
docker run -m 100m --rm alpine tail /dev/zero # Trigger OOM
|
||
dmesg | grep -i kill # Find OOM event
|
||
```
|
||
|
||
### **3. Optimize Builds**
|
||
```dockerfile
|
||
# Bad (creates huge layers):
|
||
RUN apt-get update && apt-get install -y python
|
||
RUN pip install -r requirements.txt
|
||
|
||
# Good (single layer):
|
||
RUN apt-get update && apt-get install -y python && \
|
||
pip install -r requirements.txt && \
|
||
apt-get clean
|
||
```
|
||
|
||
---
|
||
|
||
## **9. Interview Questions**
|
||
1. **How do you reduce Docker image size?**
|
||
- Use multi-stage builds, Alpine-based images, and clean up temp files in the same `RUN` layer.
|
||
|
||
2. **What’s the difference between `CMD` and `ENTRYPOINT`?**
|
||
- `ENTRYPOINT` defines the executable; `CMD` provides default args (can be overridden by `docker run`).
|
||
|
||
3. **How do you persist data in Docker?**
|
||
- Volumes (`-v my-vol:/data`) or bind mounts (`-v /host/path:/data`).
|
||
|
||
---
|
||
|
||
## **10. Cheat Sheet**
|
||
```bash
|
||
# Start a container with a shell
|
||
docker run -it --rm alpine sh
|
||
|
||
# Build and tag an image
|
||
docker build -t my-app:1.0 .
|
||
|
||
# Clean up everything unused
|
||
docker system prune -a --volumes
|
||
```
|
||
|
||
**Next Steps:**
|
||
- Learn **Docker Swarm** (`docker swarm init`).
|
||
- Dive into **Kubernetes** (`kubectl`).
|
||
- Master **eBPF for container tracing** (`bpftrace`).
|
||
|
||
Need a **deep dive on Docker security** or **multi-host networking**? Let me know! 🐳 |