Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker [2024-09-28 Sat wk39 18:34] – [Build Images] baumkpdocker_notes:docker [2025-06-21 Sat wk25 12:15] (current) – [Networks] baumkp
Line 8: Line 8:
  
 =====Installation===== =====Installation=====
 +  *[[https://docs.docker.com/engine/install/debian/|Install Docker Engine on Debian]]
 One click installation script: One click installation script:
   *''%%curl -fsSL https://get.docker.com -o get-docker.sh%%''   *''%%curl -fsSL https://get.docker.com -o get-docker.sh%%''
Line 20: Line 20:
  
 Install Docker Engine : [Docker Engine](https://docs.docker.com/engine/install/) Install Docker Engine : [Docker Engine](https://docs.docker.com/engine/install/)
 +
 +====Docker Desktop for Linux====
 +I have preferred to run Docker command as a native Linux applications.  Docker Desktop originally was created to allow operating systems other than Linux to run Docker by creating a virtual Linux machine to operate them within.  Linux does not need this as the various docker programs run natively. A version of Docker Desktop was created for Linux that looks like it has some additional user interface features, but to date I have not wanted to setup an additional VM for this purpose and am happy to continues to use the Linux KVM VM solution.
  
 =====Uninstall===== =====Uninstall=====
 Both the install methods actually use the standard package manager to install docker. Both the install methods actually use the standard package manager to install docker.
-  -''dpkg -l|grep docker'' to check the docker packages actually installed+  -''dpkg -l|grep docker'' to check the docker packages actually installed and **which docker packages and versions are installed**
   -''sudo apt remove docker-ce''   -''sudo apt remove docker-ce''
   -Check the the ''var/lib/docker'' directory, ''sudo du -d 1 -h var/lib/docker''   -Check the the ''var/lib/docker'' directory, ''sudo du -d 1 -h var/lib/docker''
Line 123: Line 126:
   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.
 <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code> <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code>
 +
 +It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"''
  
  
Line 232: Line 237:
 |''docker volume rm VOLUME'' | Destroy a volume| |''docker volume rm VOLUME'' | Destroy a volume|
 |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)| |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)|
-|''docker volume prune'' | Delete all volumes (not referenced by any container)|+|''docker volume prune'' | Delete all volumes not referenced by any container|
  
 +**Network:**
 +|<50em>|
 +^COMMAND ^ DESCRIPTION^
 +|''docker network ls'' | List all volumes|
 +|''docker network create NETWORK'' | Create a NETWORK|
 +|''docker network inspect NETWORK'' | Show information (json formatted)|
 +|''docker network rm NETWORK'' | Destroy a NETWORK|
 +|''%%docker network ls --filter="dangling=true%%"'' | List all dangling networks (not referenced by any container)|
 +|''docker network prune'' | Delete all networks volumes not referenced by any container|
 +
 +=====DOCKER DNS=====
 +Docker has an internal DNS for each discrete type network.  This allows docker containers to be referenced by container name and compose name and allows repeatable inter-container referencing by name, so dynamic  container internal IP addressing is not a reference issue.  Container names are automatically assigned or can be specifically assigned with ''--name CONTAINER_NAME'' in Docker, and ''container_name: CONTAINER_NAME'' in Docker compose file.
 ====docker ps command==== ====docker ps command====
 The ''docker ps'' command output is long and often difficult to read on the terminal for this reason. The ''docker ps'' command output is long and often difficult to read on the terminal for this reason.
Line 245: Line 262:
 ===reference=== ===reference===
   *[[https://devdojo.com/bobbyiliev/how-to-change-the-docker-ps-output-format|How to change the docker ps output format]]   *[[https://devdojo.com/bobbyiliev/how-to-change-the-docker-ps-output-format|How to change the docker ps output format]]
 +  *[[https://dev.to/cicube/docker-cheat-sheet-most-useful-commands-ghl|Docker Cheat Sheet - Most Useful Commands]]
   *Docker Docs   *Docker Docs
     *[[https://docs.docker.com/reference/cli/docker/container/ls/|docker container ls]]     *[[https://docs.docker.com/reference/cli/docker/container/ls/|docker container ls]]
Line 271: Line 289:
     * ''docker network create network_named''     * ''docker network create network_named''
   - Host (Appears on the host machine as if installed there, no separate network.)   - Host (Appears on the host machine as if installed there, no separate network.)
-  - MACVLAN +    -If you use the host network mode for a container, that container's network stack isn't isolated from the Docker host (the container shares the host's networking namespace), and the container doesn't get its own IP-address allocated.   
 +  - MACVLAN 
 +    -The macvlan network assigns a unique MAC address to each container, making it appear to be a physical device on your network, just like a traditional virtual machine. The Docker daemon then routes the traffic to containers on the basis of their MAC address. It also allows you to assign an IP address from the same subnet in which the Docker host resides. This avoids the use of the host network, there is no NAT overhead, and you won't run into network performance issues.  
     - MACVLAN (without subVLAN) this create a new ip address on the host machine     - MACVLAN (without subVLAN) this create a new ip address on the host machine
-      * <code bash>docker network create -d macvlan \+      * <code bash>docker network create 
 +-d macvlan \
 --subnet 192.168.1.0/24 \ --subnet 192.168.1.0/24 \
 --gateway 192.168.1.1 \ --gateway 192.168.1.1 \
--o parent=br0 +-o parent=br0 network_named</code>
-network_named</code>+
       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.
       * May be problem with multiple MACs on common switch port.  Need to set promiscuous mode on network, e.g. ''sudo ip link set br0 promisc on''.       * May be problem with multiple MACs on common switch port.  Need to set promiscuous mode on network, e.g. ''sudo ip link set br0 promisc on''.
Line 283: Line 303:
   - IPVLAN    - IPVLAN 
     - IPVLAN on host subnet, this create a new ip address on the host machine, but not with new MAC number, it uses the host MAC number     - IPVLAN on host subnet, this create a new ip address on the host machine, but not with new MAC number, it uses the host MAC number
-      * <code bash>docker network create -d ipvlan \+      * <code bash>docker network create 
 +-d ipvlan \
 --subnet 192.168.1.0/24 \ --subnet 192.168.1.0/24 \
 --gateway 192.168.1.1 \ --gateway 192.168.1.1 \
--o parent=br0 +-o parent=br0 network_named</code>
-network_named</code>+
       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.
       * May be problem with shared MAC with multiple IP address, but less likely than MACVLAN.       * May be problem with shared MAC with multiple IP address, but less likely than MACVLAN.
     - IPVLAN on separate subnet using the host machine as gateway, but not with new MAC number, it uses the host MAC number     - IPVLAN on separate subnet using the host machine as gateway, but not with new MAC number, it uses the host MAC number
-      * <code bash>docker network create -d ipvlan \+      * <code bash>docker network create 
 +-d ipvlan \
 --subnet 192.168.1.0/24 \ --subnet 192.168.1.0/24 \
 -o parent=br0 -o ipvlan_mode=l3 \ -o parent=br0 -o ipvlan_mode=l3 \
---subnet 192.168.10.0/24 +--subnet 192.168.10.0/24 network_named</code>
-network_named</code>+
       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.       * No host DHCP access so need to specify ip address when creating container (docker cli ''%%--ip 192.168.1.14%%''). If not specified docker DHCP will assign and could cause clash with host.
       * May be problem with shared MAC with multiple IP address, but less likely than MACVLAN.       * May be problem with shared MAC with multiple IP address, but less likely than MACVLAN.
Line 301: Line 321:
   - None network - no assigned network, container has no external network connectivity   - None network - no assigned network, container has no external network connectivity
  
-====network troubleshooting====+====References==== 
 +  *[[https://www.aidenwebb.com/posts/dockers-seven-network-types-and-when-to-use-them/|Dockers seven network types and when to use them]] 
 +  *[[https://dev.to/wallacefreitas/docker-networking-a-comprehensive-guide-3d5j|Docker Networking: A Comprehensive Guide]] 
 +  *[[https://dev.to/abhay_yt_52a8e72b213be229/unlocking-advanced-docker-networking-macvlan-vs-ipvlan-38o4|Unlocking Advanced Docker Networking: Macvlan vs. Ipvlan]] 
 +  *[[https://ipwithease.com/macvlan-vs-ipvlan-understand-the-difference/|MacVLAN vs IPvlan: Understand the difference]] 
 +  *[[https://medium.com/@dyavanapellisujal7/docker-macvlan-and-ipvlan-explained-advanced-networking-guide-b3ba20bc22e4|Docker MacVLAN and IPVLAN Explained: Advanced Networking Guide]] 
 +  *[[https://4sysops.com/archives/macvlan-network-driver-assign-mac-address-to-docker-containers/|Macvlan network driver: Assign MAC address to Docker containers]] 
 +  *[[https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/|Configuring IPvlan networking in Docker]] 
 +=====network troubleshooting=====
 A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon. A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon.
   *''%%docker run --rm --name netshoot --network proxy -it nicolaka/netshoot /bin/bash%%''   *''%%docker run --rm --name netshoot --network proxy -it nicolaka/netshoot /bin/bash%%''
  
-====Troubleshooting====+ 
 +====Network Troubleshooting====
   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''
   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]
 +
 +=====Docker Cleanup=====
 +Docker can take a lot of disk space.  While I store my docker containers and data on a separate drive with a lot of space, docker is run on a VM that has about 55GB space, which is usually enough for Linux.  
 +Docker stores the container images and other operating information in ''/var/lib/docker'', with a lot of information in ''/var/lib/docker/overlay2'', the command ''sudo du -d 1 -h /var/lib/docker'' lists the sub-directories and used space.   See [[https://www.virtualizationhowto.com/2023/11/docker-overlay2-cleanup-5-ways-to-reclaim-disk-space/|Docker Overlay2 Cleanup: 5 Ways to Reclaim Disk Space]], in particular the following commands:
 +  *''docker system prune'', which will remove stopped containers, networks not associated with any container, and dangling images, the ''-a'' flag will also remove all unused images.  The ''-f'' flag is to force removal.
 +  *''docker image prune''  removes older images.
 +
  
 <- docker_notes:vm-container|Back ^ docker_notes:index|Start page ^ docker_notes:docker-compose|Next -> <- docker_notes:vm-container|Back ^ docker_notes:index|Start page ^ docker_notes:docker-compose|Next ->