Container Management

Advanced container operations, debugging techniques, and troubleshooting methods.

Container Lifecycle Management

Advanced Container Operations

# Run container with resource limits
docker run -m 512m --cpus="1.5" nginx

# Run with restart policy
docker run --restart=unless-stopped nginx

# Run with custom hostname
docker run --hostname myhost nginx

# Run with DNS settings
docker run --dns 8.8.8.8 --dns-search example.com nginx

# Run with user mapping
docker run --user 1000:1000 nginx

# Run in privileged mode (use carefully)
docker run --privileged nginx

Container Process Management

# Send signals to container
docker kill --signal=SIGUSR1 container_name

# Update container resources
docker update --memory 1g --cpus 2 container_name

# Rename container
docker rename old_name new_name

# Wait for container to exit
docker wait container_name

# Attach to running container
docker attach container_name

Monitoring & Performance

Resource Monitoring

# Monitor resource usage
docker stats

# Monitor specific containers
docker stats container1 container2

# Resource stats in JSON format
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"

# One-time stats (no streaming)
docker stats --no-stream

# Show container processes
docker top container_name

# Show container resource limits
docker inspect container_name | grep -i memory
docker inspect container_name | grep -i cpu

Performance Analysis

# Show container events
docker events

# Filter events by container
docker events --filter container=myapp

# Show events since specific time
docker events --since 2023-01-01T00:00:00

# Export performance data
docker stats --no-stream --format "json" > container_stats.json

Debugging & Troubleshooting

Container Debugging

# Run container with debugging shell
docker run -it --entrypoint /bin/bash myapp

# Override entrypoint for debugging
docker run -it --entrypoint /bin/sh alpine

# Access running container shell
docker exec -it container_name /bin/bash

# Run as root in container
docker exec -it --user root container_name /bin/bash

# Start stopped container in debug mode
docker commit container_name debug_image
docker run -it --entrypoint /bin/bash debug_image

Log Analysis

# View logs with timestamps
docker logs -t container_name

# View last N lines of logs
docker logs --tail 50 container_name

# View logs since specific time
docker logs --since 2023-01-01T00:00:00 container_name

# View logs until specific time
docker logs --until 2023-01-01T23:59:59 container_name

# Follow logs with details
docker logs -f --details container_name

# Save logs to file
docker logs container_name > container.log 2>&1

File Operations

# Copy files from container
docker cp container_name:/path/to/file /host/path

# Copy files to container
docker cp /host/path container_name:/path/to/file

# Copy directory recursively
docker cp container_name:/app/logs/ ./logs/

# Archive and copy
docker cp container_name:/app - | tar -tv  # List contents
docker cp - container_name:/app < archive.tar  # Extract

Container Inspection

# View container filesystem changes
docker diff container_name

# Inspect container configuration
docker inspect container_name

# Get specific configuration values
docker inspect -f '{{.State.Status}}' container_name
docker inspect -f '{{.NetworkSettings.IPAddress}}' container_name
docker inspect -f '{{range .Mounts}}{{.Source}}:{{.Destination}}{{end}}' container_name

# Export container filesystem
docker export container_name > container.tar

# Create image from container
docker commit container_name new_image:tag

Health Checks & Monitoring

Health Check Implementation

# In Dockerfile
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1

# Custom health check script
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
  CMD /app/healthcheck.sh

Health Check Commands

# Check container health status
docker inspect -f '{{.State.Health.Status}}' container_name

# View health check history
docker inspect -f '{{json .State.Health}}' container_name | jq

# Run health check manually
docker exec container_name curl -f http://localhost:3000/health

Container Networking

Network Inspection

# Show container IP address
docker inspect -f '{{.NetworkSettings.IPAddress}}' container_name

# Show all network settings
docker inspect -f '{{json .NetworkSettings}}' container_name

# List container's network interfaces
docker exec container_name ip addr show

# Test network connectivity
docker exec container_name ping google.com
docker exec container_name nc -zv hostname 80

Port Management

# Show port mappings
docker port container_name

# Show specific port mapping
docker port container_name 80

# Dynamic port mapping
docker run -P nginx  # Maps all exposed ports

# Multiple port mappings
docker run -p 8080:80 -p 8443:443 nginx

Container Storage

Volume Inspection

# Show container mounts
docker inspect -f '{{json .Mounts}}' container_name | jq

# List volumes used by container
docker inspect -f '{{range .Mounts}}{{.Source}} -> {{.Destination}}{{"\n"}}{{end}}' container_name

# Check volume usage
docker exec container_name df -h

# Show container size
docker ps -s

Temporary File Systems

# Run with tmpfs mount
docker run --tmpfs /tmp:rw,noexec,nosuid,size=100m nginx

# Multiple tmpfs mounts
docker run --tmpfs /cache --tmpfs /tmp nginx

# Read-only container with writable tmpfs
docker run --read-only --tmpfs /tmp nginx

Troubleshooting Common Issues

Container Won't Start

# Check container logs for errors
docker logs container_name

# Run with interactive mode to see errors
docker run -it --entrypoint /bin/bash myapp

# Check image layers for issues
docker history myapp

# Validate Dockerfile syntax
docker build --no-cache -t test .

Container Crashes

# Set restart policy
docker run --restart=on-failure:3 myapp

# Check exit code
docker inspect -f '{{.State.ExitCode}}' container_name

# Save container state before it crashes
docker commit container_name debug_image

# Run with memory and CPU limits
docker run -m 1g --cpus 1 --oom-kill-disable myapp

Permission Issues

# Check file permissions
docker exec container_name ls -la /path/to/file

# Run as specific user
docker exec -it --user root container_name /bin/bash

# Fix ownership issues
docker exec container_name chown -R user:group /path

# Run with user namespace mapping
docker run --user 1000:1000 myapp

Network Issues

# Test DNS resolution
docker exec container_name nslookup google.com

# Check network connectivity
docker exec container_name ping -c 3 8.8.8.8

# Test port connectivity
docker exec container_name telnet hostname 80
docker exec container_name nc -zv hostname 443

# Check iptables rules
docker exec container_name iptables -L

Container Security

Security Scanning

# Scan running container
docker scan container_name

# Check for vulnerabilities
docker scout quickview container_name

# Audit container configuration
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
  aquasec/trivy image myapp:latest

Security Settings

# Run with security options
docker run --security-opt no-new-privileges myapp

# Drop all capabilities
docker run --cap-drop ALL myapp

# Add specific capabilities
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE myapp

# Use AppArmor profile
docker run --security-opt apparmor:docker-default myapp

# Set SELinux labels
docker run --security-opt label=level:s0:c123,c456 myapp

Quick Reference

Essential Debugging Commands

docker logs -f container - Follow container logs
docker exec -it container /bin/bash - Access container shell
docker inspect container - View container configuration
docker stats container - Monitor resource usage
docker cp container:/path . - Copy files from container

Common Troubleshooting Steps

Check container logs: docker logs container_name
Inspect container: docker inspect container_name
Access container shell: docker exec -it container_name /bin/bash
Monitor resources: docker stats container_name
Check network: docker exec container_name ping google.com
Review mounts: docker inspect -f '{{json .Mounts}}' container_name

Performance Tips

Use --restart=unless-stopped for production containers
Set appropriate resource limits with -m and --cpus
Monitor with docker stats regularly
Use health checks to ensure container health
Clean up stopped containers with docker container prune

Container Lifecycle Management​

Advanced Container Operations​

Container Process Management​

Monitoring & Performance​

Resource Monitoring​

Performance Analysis​

Debugging & Troubleshooting​

Container Debugging​

Log Analysis​

File Operations​

Container Inspection​

Health Checks & Monitoring​

Health Check Implementation​

Health Check Commands​

Container Networking​

Network Inspection​

Port Management​

Container Storage​

Volume Inspection​

Temporary File Systems​

Troubleshooting Common Issues​

Container Won't Start​

Container Crashes​

Permission Issues​

Network Issues​

Container Security​

Security Scanning​

Security Settings​

Quick Reference​

Essential Debugging Commands​

Common Troubleshooting Steps​

Performance Tips​

Container Lifecycle Management

Advanced Container Operations

Container Process Management

Monitoring & Performance

Resource Monitoring

Performance Analysis

Debugging & Troubleshooting

Container Debugging

Log Analysis

File Operations

Container Inspection

Health Checks & Monitoring

Health Check Implementation

Health Check Commands

Container Networking

Network Inspection

Port Management

Container Storage

Volume Inspection

Temporary File Systems

Troubleshooting Common Issues

Container Won't Start

Container Crashes

Permission Issues

Network Issues

Container Security

Security Scanning

Security Settings

Quick Reference

Essential Debugging Commands

Common Troubleshooting Steps

Performance Tips