The open source container platform Docker is quite exciting to the open source community. As an alternative to hardware virtualization based on virtual machines, Docker has made the use of software containers acceptable outside of the Linux universe. In our tutorial for beginners, we break down the Docker trend from the ground up. With these clear, step-by-step instructions, learn how to install...
Docker is an open-source software and a standard for virtualizing application containers. Container virtualization is a further development of virtual machines, but there’s one important difference: instead of simulating a complete operating system, a single application is virtualized in a container.
Docker is controlled on a local system via a command line interface. The commands used are essential for working with Docker. We explain how Docker commands work and show you the most important ones.
- What are Docker commands?
- How are Dockerfile, Docker image, and Docker container related to each other?
- Overview of the most important Docker commands
What are Docker commands?
To gain a better understanding of what Docker commands are and how they work, let’s look at the structure of Docker. The Docker installation on a local host contains the Docker Engine as its core. The Docker engine consists of three main components:
- The Docker daemon, which runs as dockerd on the host.
- The Docker API, provided by the Docker daemon. The Docker daemon is accessed and controlled via the API.
- The command line interface (“CLI”), which is used as a docker command to communicate with the Docker API.
To control Docker, a user enters Docker commands via the command line. The commands are received and processed by the Docker CLI and corresponding API calls are generated and submitted to the Docker daemon to execute.
To understand Docker commands, it’s best to play around with the software yourself. Use our Docker tutorial to learn the most important concepts.
How are Docker commands structured?
There are two types of Docker commands that have become established.
On the one hand, there are standalone commands. Usually, these take the form of verbs that perform a specific action. Well-known examples are “docker pull” and “docker build”. As the platform expanded and new functionalities were added, it became increasingly difficult to find suitable verbs.
So-called “Docker management commands” were introduced to group commands and restore order to the diversity of commands. Docker management commands are usually nouns. Well-known examples are “docker image” and “docker container”. The Docker management commands group verbs as subcommands.
In this way, the same verbs can be used in different contexts. For example, the command “docker image rm” is used to remove an image while “docker container rm” is used to remove a container.
Regardless of whether Docker standalone commands or Docker management commands are being used, the Docker commands are invoked on the command line. The name of the command is entered followed by optional parameters. If necessary, this is followed by the name of one or more objects. This can be a container, an image, a volume, or similar.
Let’s look at the general structure of a Docker command on the command line. In the simplest case, only the Docker CLI is called with an option appended:
Well-known examples are the output of the Docker version or the Docker help information:
# Output Docker version docker –version
# View Docker Help docker --help
Append the “--help” option to a Docker subcommand to output the command’s help information.
In most cases, we don’t just call the Docker CLI, but pass the name of a specific command. This can be a standalone command or a management command followed by a subcommand. Let’s first look at the general pattern of a Docker standalone command. The name “docker” is followed by the name of the command, optional parameters, and the name of a Docker object if applicable:
docker <command> [--options] <object>
Two familiar Docker standalone commands from production use are used to display status information:
# View Docker information docker info
# View Docker images on host docker images
Next, let’s familiarize ourselves with Docker management commands. As mentioned earlier, these are used to bring order to an organically increasing range of commands. For example, there was originally the “docker ls” command for listing containers on a host and, analogously, the “docker images” command for listing images. Not exactly intuitive. Even though both commands can still be used, more consistent alternatives with “docker container ls” and “docker image ls” now exist.
The general scheme for Docker management commands is based on the well-known structure of Docker standalone commands. The name “docker” is followed by the name of the management command along with its subcommand. We again conclude with optional parameters and the name of a Docker object if necessary:
docker <management-command> <subcommand> [--options] <object>
Let’s examine the pattern by looking at a more concrete example. Here is the Docker command to launch a new container from the “httpd” image in interactive mode:
docker container run -it httpd
Let’s compare the general structure for Docker management commands with the individual components of the previous example:
|Docker CLI||Docker command||Options||Object|
|Details||Invokes Docker and passes additional commands and options.||Command names must be written exactly as noted in the documentation.||Options are passed to the command and control how it behaves. There are two notations for options, see below.||Placeholder for an object as the target of the operation. For Docker objects, such as containers and images, the ID is the name or hash of the object.|
What options take Docker commands?
Like most command line commands, Docker commands are controlled by optional parameters called “options” when invoked. The options follow the name of the command. They are case-sensitive. Usually there are two notations for most options:
- Short form: -, e.g. “docker -v”
The short form is not very meaningful. Instead, several options can be combined into one, e.g. “docker run -it” instead of “docker -i -t”. The order is arbitrary, so you could also write “docker run -ti”. The short form is well suited for speedy working with known commands on the command line.
- Long-form: --<options name>, e.g. “docker –version”
The long form is easy to understand, but takes more time to type and takes up more space. The long form is well-suited for creating scripts; the meaningful option names serve for documentation purposes.
How are Dockerfile, Docker image, and Docker container related to each other?
A majority of the existing Docker commands are used to manage Docker containers, Docker images, and Docker volumes. Before going into detail about the specific Docker commands, we provide a brief overview of how the important Docker concepts of container and image are related.
A Docker container is created from an immutable template called an image. A Docker image contains the dependencies and configuration settings needed to create a container. Not only can we create a container from an image, but we can also save an existing container to a new image. Containers and images are related in much the same way as the chicken and the egg are related to each other:
|Docker command||Meaning||Chicken-egg analogy|
|docker build||Create Docker image from Dockerfile||Egg with genetic information|
|docker run <image>||Launch Docker container from image||Chick hatches from egg|
|docker commit <container>||Create Docker image from container||Hen lays new egg|
Overview of the most important Docker commands
Docker has rapidly developed over the past ten years. In addition to the original container virtualization, Docker now includes functions that extend far beyond that. For example, Docker-Compose and Docker-Swarm can be used to orchestrate container federations, which was traditionally reserved for Docker alternatives. We cover a subset of the original commands below. A full listing is beyond the scope of this article.
A Docker container includes the following components. Corresponding commands are available for control:
- Container operating system and union file system
- Software components and configuration
- Environment variables and runtime configuration
- Ports and volumes
- Processes and logs
Which Docker standalone commands are there?
Most Docker functionalities can now be controlled using Docker management commands these days. Although the original commands still work, there are more expressive equivalents:
|Docker standalone commands||Equivalent Docker management command||Explanation|
|docker ps||docker container ls||Display the containers running on the host|
|docker images||docker image ls||Display the images available on the host|
|docker inspect <object>||docker <object-type> inspect <object>, e.g. docker image inspect <image>||View information about Docker objects such as images, containers, volumes, etc.|
However, there are still a handful of Docker standalone commands. These cannot be replaced with Docker Management commands, as they refer to the Docker installation as a whole:
|Docker standalone command||Explanation|
|docker --help||View help for the Docker CLI|
|docker --version||View the version of the Docker installation|
|docker info||View system-wide information about the Docker installation|
|docker login||Log in to a container registry or cloud backend|
|docker logout||Log off from container registry or cloud backend|
What Docker container commands are there?
Unlike virtualization with virtual machines, a Docker container does not contain its own operating system. Instead, all containers running on a Docker host access the same operating system kernel. Each container is allocated a certain amount of system resources by command when running. These include memory, CPU cores, mass storage, and (virtual) network devices. Here are two examples:
Assign a CPU core and 10 megabytes of memory to Docker containers at startup:
docker container run --cpus="1" --memory="10m" <image>
Map TCP port 80 of the Docker host to port 80 of the Docker container:
docker container run -p 80:80/tcp <image>
Containers can be started, stopped, and removed on a host. Furthermore, the processes running inside a container can be controlled. Accordingly, many of the Docker container commands deal with these tasks:
|Docker container command||Explanation|
|docker container ls||Display the containers running on the host|
|docker container stats||Display status information of running containers|
|docker container run <image>||Start a new container from the specified image or run a command in a new container|
|docker container commit <container>||Create a new image from the changes of a running container|
|docker container attach <container>||Provide a running container with local standard input, output, and error streams|
|docker container logs <container>||Display log information of a container|
|docker container inspect <container>||Display detailed information of a container|
|docker container update <container>||Renew the configuration of a container|
|docker container rename <container> <new-name>||Rename container|
|docker container port <container>||Show port assignments of a container|
|docker container pause <container>||Pause active processes in container|
|docker container unpause <container>||Resume the execution of the paused processes in a container|
|docker container exec <container> <command>||Execute a command within a running container|
|docker container stop <container>||Stop the execution of a container|
|docker container start <container>||Resume the execution of a stopped container|
|docker container restart <container>||Restart a container; behaves like docker container stop <container>; docker container start <container>.|
|docker container top <container>||List the processes running in a container|
|docker container kill <container>||Kill running container|
|docker container rm <container>||Remove a container from the system|
|docker container prune||Remove all stopped containers from the system|
|docker container cp <container>:<source-path> <dest-path>||Copy files and folders between a container and local file system.|
|docker container diff <container>||Display changes to file system of a container|
|docker container export <container>||Output the file system of a container as a tarball archive; all layers will be reduced to one|
Which Docker image commands are there?
Unlike virtual machine images, a Docker image is not a single file in its normal state. Instead, it is a composite of multiple components:
- Image layers: contain data added by operation on the file system. Layers are overlaid and reduced to a consistent level by a union file system.
- Parent image: provides basic functions of the image and anchors the image in the Docker ecosystem root tree.
- Image manifest: describes the composite and identifies the image layers it contains.
A Docker image contains read-only layers. Each layer describes successive changes to the image’s file system. For each operation resulting in a change to the image’s file system, a new layer is created. The following commands are used to interact with images on the host:
|Docker image command||Explanation|
|docker image build||Create a Docker image from a Dockerfile|
|docker image history <image>||View steps to create a Docker image|
|docker image import <tarball>||Create a Docker image from a “tarball” archive|
|docker image inspect <image>||View detailed information for a Docker image|
|docker image load||Load image archive created with “docker image save”|
|docker image ls||List images available on the Docker host|
|docker image prune||Remove unused Docker images from Docker host|
|docker image pull <image>||Obtain Docker image from registry|
|docker image push <image>||Send image to a registry|
|docker image rm <image>||Remove image from the local host|
|docker image save <image>||Create image archive with all layers from one image|
|docker image tag <source-image> <target-image>||Tagging an image|
What are the Docker Volume commands?
A Docker container contains an isolated application. However, in many cases it is useful to share files between the container and the host system. For this purpose, Docker recognizes different types of volumes. The differences between the volumes are subtle; the choice of the appropriate type depends heavily on the particular deployment scenario:
- Named volumes – recommended
- Anonymous volumes – are lost when the container is removed
- Bind Mounts – not recommended; performant
- Tmpfs Mounts — located in main memory; only under Linux
A handful of Docker commands are available for interacting with volumes:
|Docker volume command||Explanation|
|docker volume ls||Display the volumes located on the host|
|docker volume prune||Remove all unused volumes from the host|
|docker volume create||Create a new volume on the host|
|docker inspect <volume>||Display detailed information of a volume|
|docker volume rm <volume>||Remove the specified volume from the host|