Docker
- Restart Policies
- WatchTower
- Insecure Registries
- Operating Folder
- Prune unused objects
- Troubleshooting
- aliases
- Using Docker for temp app usage
Restart Policies
Use a restart policy
To configure the restart policy for a container, use the --restart flag when using the docker run command. The value of the --restart
flag can be any of the following:
Flag | Description |
---|---|
no |
Do not automatically restart the container. (the default) |
on-failure |
Restart the container if it exits due to an error, which manifests as a non-zero exit code. |
always |
Always restart the container if it stops. If it is manually stopped, it is restarted only when Docker daemon restarts or the container itself is manually restarted. (See the second bullet listed in restart policy details) |
unless-stopped |
Similar to always, except that when the container is stopped (manually or otherwise), it is not restarted even after Docker daemon restarts. |
WatchTower
https://containrrr.github.io/watchtower/
With watchtower you can update the running version of your containerized app simply by pushing a new image to the Docker Hub or your own image registry. Watchtower will pull down your new image, gracefully shut down your existing container and restart it with the same options that were used when it was deployed initially.
version: "3"
services:
watchtower.service:
container_name: watchtower.service
image: containrrr/watchtower:latest
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_SCHEDULE="0 4 * * 2 *"
- WATCHTOWER_TIMEOUT=30s
logging:
options:
max-size: "200k"
max-file: "10"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/.docker/config.json:/config.json
Insecure Registries
in /etc/docker/daemon.json add this (don't forget comma after existing lines)
"insecure-registries":["192.168.10.110:5000"]
Operating Folder
In /etc/docker/daemon.js (don't forget to comma after existing lines)
"data-root": "/data/docker"
Prune unused objects
Prune images and containers
https://docs.docker.com/config/pruning/
Prune images
The docker image prune command allows you to clean up unused images. By default, docker image prune only cleans up dangling images. A dangling image is one that is not tagged and is not referenced by any container. To remove dangling images:
$ docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
To remove all images which are not used by existing containers, use the -a flag:
$ docker image prune -a
WARNING! This will remove all images without at least one container associated to them.
Are you sure you want to continue? [y/N] y
By default, you are prompted to continue. To bypass the prompt, use the -f or --force flag.
You can limit which images are pruned using filtering expressions with the --filter flag. For example, to only consider images created more than 24 hours ago:
$ docker image prune -a --filter "until=24h"
Other filtering expressions are available. See the docker image prune reference for more examples.
Prune containers
When you stop a container, it is not automatically removed unless you started it with the --rm flag. To see all containers on the Docker host, including stopped containers, use docker ps -a. You may be surprised how many containers exist, especially on a development system! A stopped container?s writable layers still take up disk space. To clean this up, you can use the docker container prune command.
$ docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
By default, you are prompted to continue. To bypass the prompt, use the -f
or --force
flag.
By default, all stopped containers are removed. You can limit the scope using the --filter
flag. For instance, the following command only removes stopped containers older than 24 hours:
$ docker container prune --filter "until=24h"
Other filtering expressions are available. See the docker container prune reference for more examples.
Prune volumes
Volumes can be used by one or more containers, and take up space on the Docker host. Volumes are never removed automatically, because to do so could destroy data.
$ docker volume prune
WARNING! This will remove all volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
By default, you are prompted to continue. To bypass the prompt, use the -f
or --force
flag.
By default, all unused volumes are removed. You can limit the scope using the --filter
flag. For instance, the following command only removes volumes which are not labelled with the keep label:
$ docker volume prune --filter "label!=keep"
Other filtering expressions are available. See the docker volume prune reference for more examples.
Prune networks
Docker networks don?t take up much disk space, but they do create iptables rules, bridge network devices, and routing table entries. To clean these things up, you can use docker network prune to clean up networks which aren?t used by any containers.
$ docker network prune
WARNING! This will remove all networks not used by at least one container.
Are you sure you want to continue? [y/N] y
By default, you are prompted to continue. To bypass the prompt, use the -f
or --force
flag.
By default, all unused networks are removed. You can limit the scope using the --filter
flag. For instance, the following command only removes networks older than 24 hours:
$ docker network prune --filter "until=24h"
Other filtering expressions are available. See the docker network prune reference for more examples.
Troubleshooting
https://bobcares.com/blog/iptables-no-chain-target-match-by-that-name-docker/
Our customers often approach us with this error. Firstly, we check if the firewall service status using
systemctl restart iptables.service
If the service is down we restart the service.
Then, we check the iptables rules using the command
iptables -L
The docker firewall rules were missing thus it shows the error.
To resolve the error our Support Engineers restart the docker service. For instance, to restart the docker we use the command,
service docker restart
While restarting the Docker, it automatically creates the firewall rules. And we ensure to enable the firewall before restarting the docker.```
aliases
alias dcud="docker-compose up -d"
alias dcd="docker-compose down"
alias dcp="docker-compose pull"
alias dclf="docker-compose logs -f"
alias glances="docker run --rm --name=glances -v /var/run/docker.sock:/var/run/docker.sock:ro --pid host --network host -it nicolargo/glances:latest-full"
alias ctop="docker run --rm -ti --name=ctop --volume /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop:latest"
pull, down, up
pdu() { dcp dcd dcud }
down, up
downup() { dcd dcud }
Using Docker for temp app usage
docker run -it --rm -v .:/tmp -w /tmp node /usr/local/bin/npm install