Docker 4 - How to manage Docker Containers
Introduction
- A Docker container has a lifecycle that you can use to manage and track the state of the container.
Container Lifecycle:
- The lifecycle of a container includes the following states:
- Created: The container is created but not running.
- Running: The container is running.
- Paused: The container is paused.
- Stopped: The container is stopped.
- Exited: The container has exited.
Running a Container:
- Use the
run
command to start a container. - You can restart a running container; it receives a termination signal to allow graceful shutdown before stopping.
Container States:
- A container is considered running until it’s paused, stopped, killed, or exits on its own.
- A container can self-exit when its process completes or enters a fault state.
Pausing a Container:
- Use the
pause
command to suspend all processes in a running container.
Stopping a Container:
- Use the
stop
command to gracefully shut down a container by sending a termination signal to its processes.
Killing a Container:
- Use the
kill
command to forcefully terminate a container by sending a kill signal directly to the container’s kernel.
Removing a Container:
- Use the
remove
command to delete a stopped container. - All data stored in the container is destroyed upon removal.
How to view available containers
- To list running containers, run the docker ps command. To see all containers in all states, pass the -a argument.
1
docker ps -a
- Here’s the output from that command:
1
2
3
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d93d40cc1ce9 tmp-ubuntu:latest "dotnet website.dll …" 6 seconds ago Up 5 seconds 8080/tcp happy_wilbur
33a6cf71f7c1 tmp-ubuntu:latest "dotnet website.dll …" 2 hours ago Exited (0) 9 seconds ago adoring_borg
Reviewing Docker Output:
IMAGE Column: Shows the image name (e.g.,
tmp-ubuntu:latest
).- You can create multiple containers from the same image, enabling scaling.
STATUS Column: Displays the container’s current status (e.g., running, exited).
- Status helps you quickly assess the container’s health.
NAMES Column: Lists the container’s name.
- If not specified, Docker assigns a random name.
- To assign a specific name, use the
--name
flag with therun
command.
Why Containers Have Names:
- Names allow you to run multiple instances of the same image.
- Container names are unique; you can’t reuse a name unless you remove the previous container first.
Running a Container:
- Use the
docker run
command with the image name or ID to start a container. - Example to run in the background:
docker run -d tmp-ubuntu
. - Docker finds the image, loads the container, and executes the entry point command.
Pausing a Container:
- Use the
docker pause
command to suspend all processes in a container. - Example:
docker pause happy_wilbur
. - To resume, use
docker unpause
.
Restarting a Container:
- Use the
docker restart
command to stop and then start a container. - Example:
docker restart happy_wilbur
. - If the container doesn’t stop, a kill signal is sent.
Stopping a Container:
- Use the
docker stop
command to send a termination signal and stop a running container. - Example:
docker stop happy_wilbur
.
Removing a Container:
- Use the
docker rm
command to remove a container. - Example:
docker rm happy_wilbur
. - Removing a container destroys all data in it; containers should be considered temporary for data storage.
Docker Container Storage Configuration
Temporary Nature of Container Storage:
- Data written to a container’s filesystem (e.g., log files) is lost when the container is removed.
- Container storage is tied to the host machine, making data access and transfer difficult.
- Storage drivers used in containers are less performant due to extra abstraction layers.
Options for Persistent Data Storage:
Volumes:
- Stored on the host filesystem in a specific folder managed by Docker.
- Created using the
docker volume create
command, either manually or as part of a Dockerfile. - Volumes can be shared across multiple containers and persist after a container stops.
- Example: Logs stored in a volume remain accessible even after the container is removed.
- Third-party plugins, like Azure Storage, can be used as volumes.
Bind Mounts:
- Similar to volumes but can mount any file/folder from the host.
- More performant but depend on the host’s folder structure.
- Used when the host system might need to modify the mounted data.
- Volumes are the preferred method for container data storage.
SMB Paths for Windows Containers:
- Mount SMB paths as volumes, allowing different containers on various hosts to use the same storage.
Docker Container Network Configuration
Default Network Configuration:
- Isolates containers on the Docker host, allowing secure inter-container communication.
Linux Network Options:
- Bridge (default): Internal, private network for containers; isolates them from the host network.
- Host: Directly uses the host’s network, eliminating network isolation.
- Overlay, IPvLan, MACvLan, None: Other options for advanced scenarios.
Windows Network Options:
- NAT (default): Similar to Linux’s bridge network.
- Transparent, Overlay, L2Bridge, L2Tunnel, None: Additional options.
Bridge Network:
- Containers are assigned IPs and can communicate via IP addresses.
- Hostname-based communication is not supported by default.
- Use the
--publish
flag to map container ports to host ports. - The publish flag effectively configures a firewall rule that maps the ports.
- In this example, your tracking portal is accessible to clients browsing to port 80.
- You’ll have to map port 80 from the container to an available port on the host.
- You have port 8080 open on the host, which enables you to set the flag like this:
1
--publish 8080:80
- Any client browsing to the Docker host IP and port 8080 can access the tracking portal.
- Aside from Linux-specific configurations, the NAT network on Windows hosts functions the same as a bridge network.
- Also, NAT is the default network on Windows, and all containers will connect to it unless otherwise specified.
Host Network:
- Runs the container directly on the host’s network, using the host IP.
- Only available on Linux; Windows lacks this option.
Overlay Network:
- Creates a virtual network switch, enabling containers to get IPs from the same network as the host.
None Network:
- Disables networking for containers, useful for applications that don’t require network access.
Operating System Considerations
- OS-Specific Limitations:
- macOS doesn’t support the Docker0 bridge network interface or host-network configuration.
- Windows and macOS desktops have different networking capabilities compared to Linux.
- Container orchestrators may add additional networking configurations.
This post is licensed under CC BY 4.0 by the author.