Scribd
Upload
10 views

Docker Cheat Sheet

Uploaded by

Christian Osei Danso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Docker Cheat Sheet

Uploaded by

Christian Osei Danso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

// The Most Flexible IaC Platform

Docker Cheat Sheet


General Commands B u ild ma es
I g

docker version docker build .


Displays detailed information about your Docker CLI and daemon versions. B uild the Dockerfile in your working directory into a new image.
docker system info docker build -t example-image:latest .
Lists data about your Docker environment, including active plugins and the Build the Dockerfile in your working directory and tag the resulting image as
number of containers and images on your system. example-image:latest.
docker help docker build -f docker/ ockerfile pp
D _A

View the help index, a reference of all the supported commands. B uild the Dockerfile at the docker/Dockerfile App path. _

docker <command> --help docker build --build-arg foo=bar .


View the help information about a particular command, including detailed B uild an image and set the foo build argument to the value bar.
information on the supported option flags.
docker build --pull .
Instructs Docker to pull updated versions of the images referenced in FROM
Ru n Containers instructions in your Dockerfile, before building your new image.
docker build -- uiet .
q
docker run example-image:latest
Build an image without emitting any output during the build. The image ID
R un a new container using the example-image:latest image. The output from will still be emitted to the terminal when the build completes.
the container’s foreground process will be shown in your terminal.
>docker run example-image:latest demo-command
Supplying an argument after the image name sets the command to run inside ana e Containers
M g

the container; it will be appended to the image’s entrypoint. (It’s possible to


override the entrypoint with the docker run command’s --entrypoint flag.) docker ps
docker run --rm example-image:latest List all the containers currently running on your host.
The --rm flag instructs Docker to automatically remove the container when it docker ps -a
exits instead of allowing it to remain as a stopped container.
List every container on your host, including stopped ones.
docker run -d example-image:latest
docker attach <container>
Detaches your terminal from the running container, leaving the container in
the background. Attach your terminal to the foreground process of the container with the ID or
name container .
< >

docker run -d example-image:latest


docker commit <container> new-image:latest
Detaches your terminal from the running container, leaving the container in
the background. Save the current state of container to a new image called new-
< >

image:latest.
docker run -it example-image:latest
docker inspect <container>
Attaches your terminal’s input stream and a TTY to the container. Use this
command to run interactive commands inside the container. O btain all the information Docker holds about a container, in J SON format.
docker run --name my-container example-image:latest docker kill <container>
N ames the new container my-container. S end a SI KILL signal to the foreground process running in a container, to
G

force it to stop.
docker run --hostname my-container example-image:latest
docker rename <container> my-container
Set the container’s hostname to a specific value (it defaults to the container’s
name). R ename a specified container to my-container.
docker run --env foo=bar example-image:latest docker pause <container> and docker unpause <container>
S et the value of the foo environment variable inside the container to bar. P ause and unpause the processes running within a specific container.
docker run --env-file config.env example-image:latest docker stop <container>
Populate environment variables inside the container from the file config.env. S top a running container.
The file should contain key-value pairs in the format foo=bar.
docker start <container>
docker run -p 8080:80 example-image:latest
S tart a previously stopped container.
B ind port 8080 on your Docker host to port 80 inside the container. It allows
you to visit localhost:8080 to access the network service listening on port 80 docker rm <container>
inside the container.
Delete a container by its ID or name. Use the -f (force) flag to delete a
docker run -v /host-directory: /container-directory example-image:latest container that’s currently running.
Bind mount /host-directory on your host to /container-directory inside the
container. The directory’s contents will be visible on both sides of the mount.
docker run -v data:/data example-image:latest
Execute Commands in Containers
M ount the named Docker volume called data to /data inside the container. docker exec my-container demo-command
docker run --network my-network example-image:latest R un demo-command inside my-container; the process’ output will be shown
in your terminal
Connect the new container to the Docker network called my-network.
docker exec -it my-container demo-command
docker run --restart unless-stopped example-image:latest Run a command interactively by attaching your terminal’s input stream and a
Set the container to start automatically when the Docker daemon starts, pseudo-TTY.
unless the container has been manually stopped. Other restart policies are
also supported.
docker run --privileged example-image:latest iew Container Resource Utilization
V

Run the container with privileged access to the host system. This should
usually be disabled to maintain security. docker stats <container>
Stream a container’s resource utilization information into your terminal. The
output includes CPU, memory, and I/O usage, as well as the number of
processes running within the container.
Co py to and rom Containers
F

docker cp example.txt my-container: /data


Pull and Push ma es g
Copy example.txt from your host to /data inside the my-container container.
I

docker cp my-container:/data/example.txt /demo/example.txt docker push example.com/user/image:latest


Copy /data/example.txt out of the my-container container, to /demo/ P ush an image from your Docker host to a remote registry. The image is
example.txt on your host. identified by its tag, which must reference the registry you’re pushing to.
docker pull example.com/user/image:latest
M anually pull an image from a remote registry to make it available on your
Access Container o s L g host.
docker logs <container>
This command streams the existing log output from a container into your
terminal window, then exits.
M ana e etworks
g N

docker logs <container> --follow docker create network my-network


This variation emits all existing logs, then continues to stream new logs into Create a new network called my-network; it will default to using the bridge
your terminal as they’re stored. driver.
docker logs <container> -n 10
docker create network my-network -d host
et the last 0 logs from a container. Use the -d flag to select an alternative driver, such as host, bridge, ipvlan,
G 1
macvlan, overlay, or none.
docker network connect <network> <container>
Mana e ma es
g I g Connect a container to an existing network.
docker images docker network disconnect <network> <container>
List all stored images. R emove a container from a network it’s currently connected to.
docker rmi <image> docker network ls
Delete an image by its ID or tag. Deletion of images which have multiple tags List all the Docker networks available on your host, including built-in
must be forced using the -f flag. networks such as bridge and host.
docker tag <image> example-image:latest docker network rm <network>
A dd a new tag (example-image:latest ) to an existing image ( image ). Delete a network by its ID or name. This is only possible when there are no
containers currently connected to the network.
< >

M ana e olumes
g V
Use Con fig u t ra ion Contexts
docker volume create my-volume
docker context create my-context
--host=tcp: //host: ca= /ca-file cert= /cert-file key= /key-file

Create a new named volume called my-volume. 2376, ~ , ~ , ~

Create a new context called my-context to connect to a specified Docker


docker volume ls host.
List the volumes present on your host.
docker context update <context>
docker volume rm M odify the configuration of a named context; the command accepts the same
Delete a volume, which will destroy the data within it. The volume must not arguments as docker context create.
be used by any container.
docker context ls
List the contexts available in your Docker config file.
Create SBOM s docker context use <context>
docker sbom example-image:latest Switch to a named context. Subse uent docker commands will be executed
q

against the Docker host configured in the newly selected context.


Produce an SBOM for the image tagged example-image:latest. The SBOM
will be shown in your terminal. docker context rm <context>
docker sbom example-image:latest --output sbom.txt Delete a context by its name.
P roduce an SBOM and save it to sbom.txt.
docker sbom example-image:latest --format spdx- son j Scan or ulnerabilities
f V

Produce an SBOM in a standard machine-parseable format, such as SPD


docker scan example-image:latest
X

spdx- son), CycloneD (cyclonedx- son), or Syft SON (syft- son).


( j X j J j

Scan for vulnerabilities in the image tagged example-image:latest. The


results will be shown in your terminal.
Docker Hub ccount A docker scan example-image:latest --file ockerfile D

docker login
T he --file argument supplies the path to the Dockerfile that was used to
build the image. hen the Dockerfile is available, more detailed vulnerability
W

Login to your account. You’ll be prompted to supply credentials interactively. information is produced.
You must login before you can push images. Logging in also helps you avoid
hitting public pull rate limits. docker scan example-image:latest --severity high

docker logout
O nly report vulnerabilities that are high severity or higher. The --severity flag
also supports low and medium values.
Logs you out of your account
docker search nginx
Clean U Unused Resources
p
S earches Docker Hub for images matching the supplied search term (nginx,
in this example). docker system prune
R emoves unused data, including dangling image layers (images with no
tags).
Docker Compose
docker system prune -a
docker compose ps Extends the prune process by deleting all unused images, instead of only
Displays a list of containers created by Docker Compose. dangling ones.
docker compose stop docker system prune --volumes
Stops all running containers defined in your docker-compose.yml. You can Includes volume data in the prune process. This will delete any volumes that
restart them later using docker compose start. aren’t used by a container.
docker compose restart docker image prune
Restarts all the containers in your stack. R emoves dangling images, without affecting any other types of data.
docker compose down docker image prune -a
Stops and removes containers, networks, and any other resources created by R emoves all unused images.
docker compose up. Volumes are not deleted unless you set the -v or --
volumes flag. docker network prune

docker compose logs


R emoves unused networks.
Shows log output from all services in your stack, with each log line tagged by docker volume prune
the container’s name.
R emoves unused volumes.
docker compose build
docker system df
Rebuilds images for services with a build section in the docker-compose.yml.
R eports your Docker installation’s total disk usage.

The IaC Orchestration Platform Engineers Trust

You might also like