docker.txt

Docker Documentation:

Intro:
    -- Docker is a PAAS platform as a service, those apps will run in every system

    Virtualization: [Virtual Machine]
        -- Virtual environment to run a system like linux, use allocated resources

        Hypervisor:
            -- Allocates system resources like ram, disk, and make virtual machine on itself
            -- if two vms of 5 gb are made, then 10 gb of system is allocated
            -- this use of hyperviser is called as virtualization

    Containerization:
        -- Docker container use shared resources 

        Docker Engine:
            -- it run OS's ram and disk by accessing OS's Kernel system 
            -- it makes processes aka containers that allows to run application 

Docker Components:
    
    ContainerD:
        -- docker runs this in background
        -- it uses linux kernel to run containers

    Docker Daemon:
        -- daemon means background process
        -- It run above containerD

    Docker CLI:
        -- In order to talk to daemon, cli is used

    Docker Engine:
        -- Above complete architecture is docker engine that works together

        

Installation:
    sudo apt install ca-certificates curl:
        -- ca-certificates: Ensures your system trusts HTTPS certificates from various authorities, preventing security issues while downloading packages. These are "Certificate Authorities" certificates. They allow your system to verify the authenticity of websites and other network resources, ensuring secure connections. Docker uses them to verify the integrity of its downloads.
        -- curl: A tool to fetch data from URLs, required to download Docker’s GPG key. This is a command-line tool for transferring data with URLs. We'll use it to download the Docker GPG key in the next step.

    sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc:
        -- sudo curl: We use sudo because we're writing to a system directory.
        -- https://download.docker.com/linux/ubuntu/gpg: This is the URL from which we're downloading the Docker GPG key. This key is critical. It allows your system to verify that the Docker packages you download are genuine and haven't been tampered with.
        -- -o /etc/apt/keyrings/docker.asc: This tells curl to save the downloaded key to the specified file path. .asc is a common extension for ASCII armored GPG keys.

    sudo chmod a+r /etc/apt/keyrings/docker.asc:
        -- This sets the permissions on the Docker GPG key file. a+r means "add read permission for all users." It's essential that the package manager can read this key. This is important to allow apt to access and verify the key when installing Docker.



    echo \
        "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
        $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
        sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt update

        -- This command adds the Docker repository information to your system's package sources.
        -- echo..: This part constructs the line that will be added to the Docker repository configuration file.
                -- deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ...:
                    -- This is the actual repository entry.
                    -- deb: 
                        -- Indicates a Debian package repository.
                    -- dpkg --print-architecture: 
                        -- Detects your system’s architecture (e.g., amd64, arm64) to ensure you install the correct Docker version.
                    -- signed-by=/etc/apt/keyrings/docker.asc: 
                        -- Specifies the path to the GPG key we downloaded earlier. 
                        -- This is crucial for verifying the authenticity of the Docker packages 
                        -- and also Ensures that only packages signed with Docker’s GPG key are trusted.
                    -- https://download.docker.com/linux/ubuntu: 
                        -- The URL of the Docker Ubuntu repository.
                -- $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}"): 
                    -- This clever bit of shell scripting retrieves / dynamically fetches your Ubuntu 
                    -- codename (e.g. noble for Ubuntu 24.04, jammy, kinetic, lunar, etc.). 
                    -- This makes the repository configuration specific to your Ubuntu version. 
                    -- It reads the /etc/os-release file, which contains information about your distribution.
                    -- UBUNTU_CODENAME is preferred, but $VERSION_CODENAME is used as a fallback if the former isn't set.
                -- stable: 
                    -- Specifies the "stable" channel of Docker packages.
                    -- This is generally recommended for production environments.
                    -- There are also test and edge channels, but those are for testing and should be used with caution.
        -- |: 
            -- This is a pipe. It takes the output of the echo command and sends it as input to the tee command.
        -- sudo tee /etc/apt/sources.list.d/docker.list > /dev/null: 
            -- tee writes the input/info it receives to the specified file /etc/apt/sources.list.d/docker.list.
            -- sudo is necessary because we're writing to a system directory. 
            -- /etc/apt/sources.list.d/docker.list is the file where the Docker repository information is stored.
            -- Putting each repository in its own file under the /etc/apt/sources.list.d/ directory is a best practice for organization.
            -- > /dev/null:
                -- This redirects any output from tee (which would be the same repository line) to /dev/null,
                -- effectively suppressing it and prevents unnecessary terminal clutter.
                -- We don't need to see the output; we just want the file written.
        -- sudo apt update: 
            -- Fetches the latest package information, including Docker’s newly added repository.
            -- As before, this updates your system's package list after adding the new Docker repository.
            -- This is essential so that your system knows about the Docker packages now available.
        -- lsb_release -cs: 
            -- As we saw in the previous step of the Docker installation
            -- the codename is used to specify the correct Docker repository for your distribution.  
            -- Using lsb_release -cs (or the equivalent method of reading /etc/os-release) is a 
            -- robust way to get the codename programmatically, 
            -- ensuring that your Docker installation is configured correctly for your Ubuntu version.
            -- This is a best practice, as it avoids hardcoding the codename, which would make your installation script less portable.
        -- ls /etc/apt/sources.list.d/:
            -- Run ls /etc/apt/sources.list.d/ to check for duplicate or unnecessary repositories.
            -- If you switch versions, remove old repos with: sudo rm /etc/apt/sources.list.d/docker.list

    sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin:
        -- docker-ce: Docker Community Edition (CE), the core engine. This is the standard version for most users.
        -- docker-ce-cli: The Docker command-line interface. You'll use this to interact with Docker.
        -- containerd.io: The lightweight container runtime. Docker uses containerD to manage containers.
        -- docker-buildx-plugin: Advanced multi-platform build support. A CLI plugin that extends the docker build command with features for building images with BuildKit.
        -- docker-compose-plugin: Official docker-compose plugin for managing multi-container apps. A CLI plugin that provides docker compose functionality.

    sudo usermod -aG docker $USER:
        -- This is a crucial command for Docker security and usability.
        -- sudo: This means the command is executed with root privileges. You need sudo because you're modifying user group memberships, which is a system-level change.
        -- usermod: This is the command-line utility for modifying user account settings.
        -- -a: This option means "append." It adds the user to the specified group without removing them from any other groups they're already in. This is important!
        -- -G docker: This specifies the group you're adding the user to, which is the docker group.
        $USER: This is an environment variable that represents the currently logged-in user. It's a convenient way to refer to your own username.

    su - $USER | newgrp docker | groups:
        -- su - $USER: This command switches the current user to the user specified by the $USER environment variable (i.e., yourself). The - is important; it tells su to create a login shell. This ensures that the group changes you made with usermod are properly applied. Just running su $USER might not pick up the group change.
        -- groups: This command displays the groups that a user is a member of.

    sudo systemctl status docker | docker version | sudo docker info | docker compose version :
        -- Check docker status, version, info including the kernel version, number of CPUs, and memory

    docker compose version:
        -- check docker compose version

    Secrets management: 
        -- Never store sensitive information (passwords, API keys) directly in your Docker images or containers. Use Docker secrets or a dedicated secrets management solution.

    Volumes:
        -- Use volumes for data persistence: Don't store data inside containers. Use Docker volumes to persist data across container restarts and updates.

    Networking:
        -- Understand Docker networking and create custom networks as needed to isolate your containers and improve security.


Uninstall Docker:

    Backup:

        docker run --rm -v volume_name:/data -v $(pwd):/backup alpine tar -czvf /backup/volume_backup.tar.gz /data
            -- save volumes

        docker export container_id -o backup.tar
            -- export containers

        sudo docker system prune -a:
            -- Use docker system prune Instead of rm -rf (Safer Way)
            -- If you only want to remove unused data

    Remove All FIles:

        docker system prune:
            -- Before uninstalling, you can run docker system prune to remove unused images, containers, networks, and volumes. This can free up disk space and make the uninstallation process faster. It's good practice and d… -a is for images from stop containers.

        sudo apt purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras:
            -- Completely removes Docker binaries and all installed packages.
            -- Does NOT remove images, volumes, and containers.

        sudo rm -rf /var/lib/docker:
            -- This removes the Docker images, containers, volumes, docker’s network configurations and other data. Warning: This is destructive. Make sure you have backups of any important data before running this command.

        sudo rm -rf /var/lib/containerd:
            -- This removes containerd's data. Warning: This is destructive.

        sudo rm /etc/apt/sources.list.d/docker.list:
            -- These commands remove the Docker repository configuration

        sudo rm /etc/apt/keyrings/docker.asc:
            -- These commands remove the Docker GPG key

    The provided commands are good for a clean uninstall. Removing the repository configuration and GPG key is important to prevent issues if you reinstall Docker later.

Docker Login:
    docker login:
        -- login using PAT from docker

Dockerfile:
    -- A file that creates images that run containers

Basic Commands:

    docker build –help:
        -- System information about command 

Docker Images:
    
    docker search ubuntu:
        -- search docker hub for images and [OK] is official image
    
    docker search python --filter is-official=true:
        -- search python image and it must be official

    docker run --rm python:latest cat /etc/os-release:
        -- The docker search command only shows high-level details and
        -- does not list different variants (like alpine, slim, or versions).
        -- It only displays the official base image (python) from Docker Hub.
        -- we can run this to get different version

    docker pull ubuntu:
        -- download the official ubuntu image to your computer

    docker images remove 78945 123548:
        -- remove iamge using id

    docker rmi $(docker images -q):
        -- remove all images

    docker image prune:
        -- When you rebuild an image with the latest tag,
        -- Docker creates a new image and assigns the latest tag to it.
        -- The previous image is left untagged (<none>).
        -- This can lead to "dangling" images that consume disk space
        -- Prune removes all untagged (<none>) images.

Docker Containers:
    
    docker ps:
        -- View only active/running containers.

    docker ps -a:
        -- To view all containers — active and inactive, run docker ps with the -a switch.

    docker ps -l:
        -- To view the latest container created — run docker ps with the -l switch.

    docker run -it ubuntu:
        -- Run ubuntu container using ubuntu image from docker hub
        -- -it flag is for using interactive shell mode inside container
        -- it stops when exited

    docker run -d -p 80:80 nginx: 
        -- -p is used to publish port or map port number 80 on our host machine 
        -- to port number 80 inside the container
        -- bcz we need to bind port 80 from os to port 80 in the linux process
        -- -d is for detach mode to run in background
        -- it doesnot stop when exited

    docker stop 45272a0bf5f4 | quirky_cartwright:
        -- stop a container using id or name

    docker start 45272a0bf5f4 | quirky_cartwright:
        -- start a container using id or name

    docker rm 45272a0bf5f4 | quirky_cartwright:
        -- remove a container using id or name
    
Dockerfile:

    Syntax:
        FROM [<base_image>:<image_tag>]
        WORKDIR [working directory]
        COPY [copy code]
        RUN [install librarires]
        EXPOSE [expose port]
        CMD [serve application]

    alpine:
        -- lightweight linux distro

    run/cmd:
        -- run builds the container
        -- cmd serves the container
    
    cmd/entrypoint:
        -- cmd can be over-written but entrypoint cannot be

Java App: ->>> </home/safi/tws/java-quotes-app>
    
    docker build -t java_quotes:latest .:
        -- Used to build images 
        -- build is the process of compiling
        -- -t is for naming the container
        -- . represents the file location

    docker run -d -p 80:8000 --name java_quotes_app java_quotes:latest:
        -- run the container, expose port
        -- --name flag is for naming the container

Python App: ->>> </home/safi/tws/flask-app-ecs>
    
    docker build -t flash_api:latest .
    docker run --rm -p 80:80 flash_api:latest [remove_on_detach]

Javascript App: ->>> </home/safi/tws/flask-app-ecs>
    
    docker build -t nextjs_profile:latest .
    docker run -d -p 80:3000 --name nextjs_profile_app nextjs_profile:latest
    docker rm nextjs_profile_app 

Distroless Images:
    -- when we use python:latest base image our build is upto 1 gb
    -- but when we use python-slim base image our build is 126 mb
    -- in distroless the OS is very minimal, files are small
    -- Distroless images contain only your application and its runtime dependencies.
    -- They do not contain package managers, shells or any other programs
    -- you would expect to find in a standard Linux distribution.

    -- we make a multi stage Dockerfile

    docker build -t flash-app-mini -f ./Dockerfile-MS .:
        -- -f represent the path of Dockerfile for multi stage build

    docker run -d -p 80:80 --name flash-mini-app flash-app-mini:latest

    docker image tag flash-app-mini:latest username/flash-app-mini:latest

Docker Volumes:

    docker volume ls:
        -- list volumes

    docker volume create mysql_data:
        -- create volume names mysql_data

    docker inspect mysql_data:
        -- we inpect the volume, and see the mount point for our data

    MYSQL Volume:
        docker pull mysql:
            -- pull latest image
        
        docker run -d --name mysql_db -v mysql_data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=root mysql
            -- -e is for environment variable that mysql asks
            -- -v maps teh volume in host to container where mysql stores data

        docker exec -it mysql_db bash:
            -- in order to go inside a runnig container
            -- bash is shell we are using
        
        mysql -u root -p:
            -- connect to mysql using 'root' password

        docker stop mysql_db | docker rm mysql_db:
            -- stop and remove container

    Python App: ->>>>
    
        docker run -it --rm -v $(pwd):/app -w /app python bash
            -- enter into app to install deps
        
        docker run --rm -p 80:80 -v $(pwd):/app flash-app-mini:latest
            -- run the app and live upadte


Docker Networking:
    
    docker network ls:
        -- list all networks

    docker network create network_one:
        -- create a user defined netowrk

    Types:
        Bridge:
            -- default
            -- port mapping is fone using Bridge    

        None:
            -- complete isolation of container
            -- no connection between containers
        
        Host:
            -- docker container must match the host netowrk
            -- no port mapping is required

        User Defined Bridge:
            -- created by user 

        MACV LAN:
            -- connect to device using mac address  

        IPV LAN:
            -- connect to device using ip address  

        Overlay:
            -- connect to defferent servers like diff ec2s  
        
Tier Flask + Mysql app:
    -- In order to connect two container we need bridge network
    -- suppose container names are flask and mysql
    -- then container name becomes domain

    docker network create ttfan:
        -- create a network

    docker run -d \
        --name ttfa_mysql \
        -v ttfav:/var/lib/mysql \
        -p 3306:3306 \
        --network=ttfan \
        -e MYSQL_ROOT_PASSWORD=root \
        -e MYSQL_USER=safi \
        -e MYSQL_PASSWORD=password \
        -e MYSQL_DATABASE=ttfa_db \
        mysql:latest

        -- create a mysql container with port, network and environment

    docker build -t ttfa_img .
        -- build the image

    docker run -d \
        --name ttfa_app \
        -p 5000:5000 \
        --network=ttfan \
        -e MYSQL_HOST=ttfa_mysql \
        -e MYSQL_USER=safi \
        -e MYSQL_PASSWORD=password \
        -e MYSQL_DB=ttfa_db \
        ttfa_img:latest

        -- run the container with port, environment

Docker Compose:
    -- yaml is a general config file with key:value pair, or an object with multiple pairs
    -- list is denoted as hyphen "-" in ports or environment variables 
    
TTFA:
    -- as mysql takes 10 seconds to get ready
    -- we use healthcheks with interval
    -- the start_period is when to start retrying
    -- timeout is time to wait after tries are done