Docker Flags, Dockerfile & Exposing Containers
Video Overview
This note extracts the 5 key concepts from the Day 3 CKA tutorial on Docker. It covers essential
[[Docker Run Flags]],[[Port Mapping]]architecture, writing a[[Dockerfile]], the crucial difference between Exec and Shell forms, and basic container troubleshooting.🔗 Source Video: Day 3: Docker Flags, Dockerfile Deep Dive & Exposing Containers
🧠 Concept 1: Core Docker Run Flags
When launching a container, default settings run the container in the foreground and don’t expose ports. You can modify this behavior using specific flags:
-d(Detached Mode): Runs the container in the background rather than locking up your terminal [00:03:28].-p(Port Publishing): Maps a port on your host machine to a port inside the container [00:03:37].--name: Assigns a custom, recognizable name to your container (instead of a random generated one liketender_edison) [00:04:26].
Command Example
docker run -d -p 8080:80 --name my_nginx_container nginx
🌐 Concept 2: Port Mapping (Publishing)
Understanding how network traffic reaches your container is critical. The syntax is always HostPort:ContainerPort [00:04:37].
- Host Port (e.g.,
8080): The port opened on your actual machine (like your Mac or EC2 instance). - Container Port (e.g.,
80): The port the application inside the container is listening to.
Crucial Insight
You can run multiple containers that all listen on the exact same Container Port (e.g., Port
80for NGINX), as long as you assign them different Host Ports (e.g.,8080:80,8081:80,8082:80) [00:06:06].
🏗️ Concept 3: Anatomy of a Dockerfile
A [[Dockerfile]] is a step-by-step recipe to build a custom container image. Key instructions include:
FROM: Sets the base image (e.g.,python:3.9-slim). Usingslimimages is recommended as they are smaller and have a lower vulnerability attack surface [00:12:44].WORKDIR: Sets the current working directory inside the container (e.g.,/app). All subsequent commands execute here [00:11:38].ADD/COPY: Copies files from your host system into the container image [00:09:30].RUN: Executes commands during the build process (e.g.,pip install flask) [00:09:03].EXPOSE: Purely for documentation. It tells other developers/admins what port the app uses (e.g.,5000), but it does not actually publish the port [00:09:52].CMD: The default command that executes when the container starts [00:10:40].
⚡ Concept 4: CMD Instructions (Exec vs. Shell Form)
There are two ways to write your CMD instruction, and knowing the difference is crucial for container stability and security [00:17:27]:
1. Exec Form (Recommended & Faster):
- Syntax:
CMD ["python", "app.py"] - Runs the command directly as the first process (
PID 1). - Benefits: Consumes fewer resources, avoids shell injection vulnerabilities, and allows the application to receive shutdown signals gracefully [00:21:35].
2. Shell Form:
- Syntax:
CMD python app.py - Opens a
/bin/shshell first, and then runs the command inside it [00:18:21]. - Downside: Consumes more resources, is less secure, and if you send a stop signal, the shell intercepts it, causing your app to shut down abruptly.
🛠️ Concept 5: Essential Troubleshooting Commands
If a container is acting up, you don’t need to guess. Use these commands to inspect the active [[Container]]:
docker top <container_name>: Shows you exactly what processes are actively running inside the container [00:19:09].docker logs <container_name>: Outputs the standard logs of the application running inside [00:22:05].docker exec -it <container_name> bash: Opens an interactive (-it) terminal session inside a running container, allowing you to poke around the file system and debug live [00:22:19].