Docker Up & Running
Recently I was taking a deep dive into the workings of Docker with the help of Docker: Up & Running. These notes list useful commands and info for later use, covering ways to handle, check, and tune containers and images.
Monitoring and Stats
docker stats <container-name>
This one shows a live feed of resource usage stats for running containers, like CPU percentage, memory use, and network I/O. It acts as a real-time performance checker in the terminal, highlighting resource demands or spikes—handy for keeping an eye on container health without extra tools. The output refreshes constantly to track trends, and pairing it with glances gives a broader view of system and Docker stats together.
docker top <container-name>
Running this lists active processes inside a container, similar to a ps command on a standard server, showing details like PID, user, and the command in use. It’s a quick way to check what’s running inside, spotting any odd processes without needing to log into the container, offering a direct look at operations through the Docker API.
docker system events
This command streams live events from the Docker daemon, such as container starts, stops, or exec calls, providing a real-time log of system activity. It’s useful for tracking what’s happening or catching potential security issues, like unexpected exec commands, by leaving it running in a terminal to watch events as they occur.
Searching and Exploring Images
docker search <term>
This one queries Docker Hub or another registry for images matching the term, returning names, descriptions, star counts, and official status flags. It’s a simple way to browse available images without downloading, showing how the client reaches out through the daemon to external services, all from the terminal.
Inspecting Containers
docker container diff <container-name>
This command lists filesystem changes in a container since it started, marking files as A (added), C (changed), or D (deleted)—like a change tracker. It shows what’s been altered, such as new logs or updated files, making it easy to debug filesystem effects without entering the container, pulling data straight from the daemon.
cd /var/lib/docker/containers/<hash>
Navigating to /var/lib/docker/containers/<hash> (where <hash> is a container’s ID from docker ps -a) is a shell step, not a Docker command, reaching the host directory where the daemon keeps container data like logs and configs. It gives a raw look at a container’s files, letting you check logs or configs to troubleshoot issues, skipping container entry.
docker inspect <container-name>
This command retrieves comprehensive details about a container, including environment variables, log driver configuration (e.g., blocking or non-blocking), and other attributes, output as a single JSON object. This facilitates an in-depth analysis of a container’s setup, proving valuable insights for troubleshooting.
docker service inspect <service-name> --pretty
This command provides detailed information about a Docker service, such as those managed in Swarm mode, formatted in a human-readable structure. This offers an efficient method to examine service configuration and scaling parameters, retrieving data directly from the daemon in a clear, accessible presentation without requiring additional interpretation.
Image History and Optimization
docker image history
This one lists all build layers of an image, with full commands, sizes, and timestamps, helping figure out why an image might be too big. It shows Docker’s layers stack up—deleting files doesn’t shrink them, but multi-stage builds can—making it clear how to trim images for less network strain.
System and Context Insights
docker context list
Running this spits out a list of all configured Docker contexts—like local or remote daemons you’ve set up to work with. It’s a quick way to see which server the CLI is talking to, keeping things straight when juggling multiple environments, all without digging through config files.
docker system info
This command dumps a bunch of useful stats about the Docker setup, like how many containers are running, total images, and system details. It’s a handy snapshot to check the daemon’s workload or see what’s chewing up space, delivered straight to the terminal.
Daemon Configuration and Metrics
Metrics Endpoint Config
Adding {"experimental": true, "metrics-addr": "0.0.0.0:9323"} to /etc/docker/daemon.json sets the daemon to share metrics on port 9323, accessible via the API for detailed runtime data. Using Prometheus in a container with --network host, you can pull stats like CPU or memory use, giving a close look at how the daemon manages container resources, useful for performance checks.
Logs
To configure the maximum log size for Docker containers, you can use the --log-opt flag with the max-size option when running a container. For example, to set the maximum log size to 10 megabytes, you would use the following command:
docker run --log-opt max-size=10m my-app:latest
Alternatively, you can configure the logging options in the docker-compose.yml file under the logging section for a service. Here is an example configuration:
logging:
options:
max-size: "10m"
max-file: "5"To apply these settings globally, you can set the log-opts in the /etc/docker/daemon.json file. Here is an example configuration:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "5"
}
}After making changes to the daemon.json file, you need to restart the Docker service for the changes to take effect.
Existing containers will not automatically adopt the new logging configuration unless they are recreated. To update the logging driver for an existing container, you would need to stop and recreate the container with the desired logging options.