More on this book
Community
Kindle Notes & Highlights
Read between
November 17, 2021 - July 17, 2025
In the Ops Perspective section, we’ll download an image, start a new container, log in to the new container, run a command inside of it, and then destroy it.
In the Dev Perspective section, we’ll focus more on the app. We’ll clone some app-code from GitHub, inspect a Dockerfile, containerize the app, run it as a container.
As we progress through the chapter, we may use the terms “Docker host” and “Docker node” interchangeably. Both refer to the system that you are running Docker on.
The daemon implements the runtime, API and everything else required to run Docker.
In a default Linux installation, the client talks to the daemon via a local IPC/Unix socket at /var/run/docker.sock.
On Windows this happens via a named pipe at npipe:////./p...
This highlight has been truncated due to consecutive passage length restrictions.
It’s useful to think of a Docker image as an object that contains an OS filesystem, an application, and all application dependencies.
In the Docker world, an image is effectively a stopped container.
If you’re a developer, you can think of an image as a class.
For now, it’s enough to know that an image contains enough of an operating system (OS), as well as all the code and dependencies to run whatever application it’s designed for.
The ubuntu image that we’ve pulled has a stripped-down version of the Ubuntu Linux filesystem, including a few of the common Ubuntu utilities.
If you pull an application container such as nginx or mcr.microsoft.com/windows/servercore/iis, you will get an image that contains some OS, as well as the code to run either NGINX or IIS.
It’s also worth noting that each image gets its own unique ID.
docker container run tells the Docker daemon to start a new container.
The -it flags tell Docker to make the container interactive and to attach the current shell to the container’s terminal
docker image inspect web:latest
It is considered a good practice to use images from official repositories with the FROM instruction. This is because their content has been vetted and they are quick to release new versions when vulnerabilities are fixed.
You can view the output of the docker image build command to see the general process for building an image.
As the following snippet shows, the basic process is: spin up a temporary
container > run the Dockerfile instruction inside of that container > save the results as a new image layer >...
This highlight has been truncated due to consecutive passage length restrictions.
