Containers & Virtualization
Docker Basics
Docker Installation and Setup
# Install Docker (Ubuntu/Debian)
sudo apt update
sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
# Add user to docker group (avoid sudo)
sudo usermod -aG docker $USER
newgrp docker
# Verify installation
docker --version
docker info
docker run hello-world
Image Management
# Search for images
docker search nginx
docker search --limit=5 ubuntu
# Pull images
docker pull nginx
docker pull nginx:1.20
docker pull ubuntu:20.04
# List images
docker images
docker image ls
docker images -a # Show all images including intermediate
# Remove images
docker rmi image_name
docker rmi image_id
docker image prune # Remove unused images
docker image prune -a # Remove all unused images
Container Lifecycle
# Run containers
docker run nginx # Run and attach to container
docker run -d nginx # Run in background (detached)
docker run -it ubuntu bash # Interactive with terminal
docker run --name myapp nginx # Assign custom name
docker run -p 8080:80 nginx # Port mapping (host:container)
docker run -v /host/path:/container/path nginx # Volume mount
# List containers
docker ps # Running containers
docker ps -a # All containers
docker ps -q # Only container IDs
# Container control
docker start container_name
docker stop container_name
docker restart container_name
docker pause container_name
docker unpause container_name
# Remove containers
docker rm container_name
docker rm -f container_name # Force remove running container
docker container prune # Remove stopped containers
Container Interaction
# Execute commands in running container
docker exec -it container_name bash
docker exec container_name ls /app
docker exec -u root container_name apt update
# Copy files between host and container
docker cp file.txt container_name:/path/to/
docker cp container_name:/path/to/file.txt ./
# View container logs
docker logs container_name
docker logs -f container_name # Follow logs
docker logs --tail 100 container_name
docker logs --since "2023-01-01" container_name
# Inspect container details
docker inspect container_name
docker stats container_name # Real-time resource usage
docker top container_name # Processes in container
Docker Networking
Network Management
# List networks
docker network ls
# Create networks
docker network create mynetwork
docker network create --driver bridge mybridge
docker network create --driver overlay myoverlay
# Inspect network
docker network inspect bridge
docker network inspect mynetwork
# Connect/disconnect containers
docker network connect mynetwork container_name
docker network disconnect mynetwork container_name
# Remove networks
docker network rm mynetwork
docker network prune # Remove unused networks
Network Types and Usage
# Bridge network (default)
docker run --network bridge nginx
# Host network (use host's network)
docker run --network host nginx
# Custom network
docker run --network mynetwork nginx
# Container communication
docker run --name app1 --network mynetwork nginx
docker run --name app2 --network mynetwork --link app1 ubuntu
Docker Volumes
Volume Management
# Create volumes
docker volume create myvolume
docker volume create --driver local myvolume
# List volumes
docker volume ls
# Inspect volume
docker volume inspect myvolume
# Remove volumes
docker volume rm myvolume
docker volume prune # Remove unused volumes
Volume Types
# Named volumes
docker run -v myvolume:/data nginx
# Host bind mounts
docker run -v /host/path:/container/path nginx
docker run -v $(pwd):/app nginx # Current directory
# Anonymous volumes
docker run -v /container/path nginx
# Read-only volumes
docker run -v /host/path:/container/path:ro nginx
# Tmpfs mounts (memory)
docker run --tmpfs /tmp nginx
Docker Build
Dockerfile Basics
# Example Dockerfile
FROM ubuntu:20.04
LABEL maintainer="user@example.com"
# Install packages
RUN apt-get update && apt-get install -y \
nginx \
curl \
&& rm -rf /var/lib/apt/lists/*
# Set working directory
WORKDIR /app
# Copy files
COPY . .
ADD https://example.com/file.tar.gz /tmp/
# Set environment variables
ENV NODE_ENV=production
ENV PATH=/app/bin:$PATH
# Expose ports
EXPOSE 80 443
# Create user
RUN useradd -m appuser
USER appuser
# Set entrypoint and command
ENTRYPOINT ["./entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]
Build Commands
# Build image
docker build -t myapp .
docker build -t myapp:v1.0 .
docker build -f Dockerfile.prod -t myapp:prod .
# Build with arguments
docker build --build-arg VERSION=1.0 -t myapp .
# Multi-stage build
docker build --target production -t myapp:prod .
# Build cache management
docker build --no-cache -t myapp .
docker system prune -a # Clean build cache
Docker Compose
Docker Compose Basics
# docker-compose.yml
version: '3.8'
services:
web:
build: .
ports:
- '8080:80'
volumes:
- ./app:/var/www/html
environment:
- NODE_ENV=production
depends_on:
- db
networks:
- app-network
db:
image: postgres:13
environment:
POSTGRES_DB: myapp
POSTGRES_USER: user
POSTGRES_PASSWORD: password
volumes:
- db_data:/var/lib/postgresql/data
networks:
- app-network
volumes:
db_data:
networks:
app-network:
driver: bridge
Compose Commands
# Start services
docker-compose up
docker-compose up -d # Detached mode
docker-compose up --build # Rebuild images
docker-compose up --scale web=3 # Scale service
# Stop services
docker-compose down
docker-compose down -v # Remove volumes
docker-compose down --rmi all # Remove images
# Service management
docker-compose start
docker-compose stop
docker-compose restart
docker-compose pause
docker-compose unpause
# View services
docker-compose ps
docker-compose logs
docker-compose logs -f web # Follow logs for specific service
docker-compose top # Show running processes
# Execute commands
docker-compose exec web bash
docker-compose run web npm install
Container Registry
Docker Hub
# Login to Docker Hub
docker login
docker login -u username
# Tag images for registry
docker tag myapp:latest username/myapp:latest
docker tag myapp:latest username/myapp:v1.0
# Push to registry
docker push username/myapp:latest
docker push username/myapp:v1.0
# Pull from registry
docker pull username/myapp:latest
# Logout
docker logout
Private Registry
# Run local registry
docker run -d -p 5000:5000 --name registry registry:2
# Tag for private registry
docker tag myapp localhost:5000/myapp
# Push to private registry
docker push localhost:5000/myapp
# Pull from private registry
docker pull localhost:5000/myapp
Kubernetes Basics
Cluster Management
# Cluster information
kubectl cluster-info
kubectl get nodes
kubectl get nodes -o wide
kubectl describe node node-name
# Namespaces
kubectl get namespaces
kubectl create namespace myapp
kubectl delete namespace myapp
kubectl config set-context --current --namespace=myapp
Pod Management
# Create and manage pods
kubectl run nginx --image=nginx
kubectl run nginx --image=nginx --port=80
kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
# List pods
kubectl get pods
kubectl get pods -o wide
kubectl get pods --all-namespaces
kubectl get pods -l app=nginx # Filter by label
# Pod details
kubectl describe pod pod-name
kubectl logs pod-name
kubectl logs -f pod-name # Follow logs
kubectl logs pod-name -c container-name # Multi-container pod
# Execute commands in pod
kubectl exec -it pod-name -- bash
kubectl exec pod-name -- ls /app
# Port forwarding
kubectl port-forward pod-name 8080:80
# Delete pods
kubectl delete pod pod-name
kubectl delete pods --all
Deployments
# Create deployment
kubectl create deployment nginx --image=nginx
kubectl create deployment nginx --image=nginx --replicas=3
# Scale deployment
kubectl scale deployment nginx --replicas=5
kubectl autoscale deployment nginx --cpu-percent=50 --min=1 --max=10
# Update deployment
kubectl set image deployment/nginx nginx=nginx:1.20
kubectl rollout restart deployment/nginx
# Rollback deployment
kubectl rollout undo deployment/nginx
kubectl rollout undo deployment/nginx --to-revision=2
kubectl rollout history deployment/nginx
# Deployment status
kubectl rollout status deployment/nginx
kubectl get deployments
kubectl describe deployment nginx
Services
# Create services
kubectl expose deployment nginx --port=80 --type=ClusterIP
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl expose deployment nginx --port=80 --type=LoadBalancer
# List services
kubectl get services
kubectl get svc
kubectl describe service nginx
# Service endpoints
kubectl get endpoints
kubectl describe endpoints nginx
ConfigMaps and Secrets
# ConfigMaps
kubectl create configmap app-config --from-literal=key1=value1
kubectl create configmap app-config --from-file=config.properties
kubectl get configmaps
kubectl describe configmap app-config
# Secrets
kubectl create secret generic app-secret --from-literal=password=secret123
kubectl create secret generic app-secret --from-file=credentials.txt
kubectl get secrets
kubectl describe secret app-secret
Container Security
Security Best Practices
# Scan images for vulnerabilities
docker scan image_name
trivy image nginx:latest
# Use non-root user
FROM nginx:alpine
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -s /bin/sh -D appuser
USER appuser
# Security options
docker run --security-opt no-new-privileges nginx
docker run --read-only nginx
docker run --cap-drop ALL --cap-add NET_ADMIN nginx
Runtime Security
# AppArmor profile
docker run --security-opt apparmor=profile_name nginx
# SELinux
docker run --security-opt label=level:s0:c100,c200 nginx
# Resource limits
docker run --memory=512m --cpus=1.0 nginx
docker run --ulimit nofile=1024:2048 nginx
# Network security
docker run --network none nginx # No network access
docker run --dns 8.8.8.8 nginx # Custom DNS
Virtual Machines
KVM/QEMU
# Install KVM
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
# Check KVM support
kvm-ok
lscpu | grep Virtualization
# Create VM
qemu-img create -f qcow2 vm-disk.qcow2 20G
virt-install --name myvm --ram 2048 --disk path=vm-disk.qcow2,size=20 --cdrom ubuntu.iso
# Manage VMs
virsh list --all
virsh start myvm
virsh shutdown myvm
virsh destroy myvm
virsh undefine myvm
# VM information
virsh dominfo myvm
virsh vcpuinfo myvm
virsh domblklist myvm
VirtualBox
# Install VirtualBox
sudo apt install virtualbox virtualbox-ext-pack
# Manage VMs
VBoxManage list vms
VBoxManage startvm "VM Name"
VBoxManage controlvm "VM Name" poweroff
VBoxManage controlvm "VM Name" pause
VBoxManage controlvm "VM Name" resume
# Create VM
VBoxManage createvm --name "MyVM" --register
VBoxManage modifyvm "MyVM" --memory 2048 --cpus 2
VBoxManage createhd --filename "MyVM.vdi" --size 20000
VBoxManage storagectl "MyVM" --name "SATA Controller" --add sata
VBoxManage storageattach "MyVM" --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium "MyVM.vdi"
Container Monitoring
Docker Monitoring
# Container resource usage
docker stats
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
# System-wide Docker info
docker system df # Disk usage
docker system events # Real-time events
docker system info # System information
# Container inspection
docker inspect container_name | jq '.State'
docker inspect container_name | jq '.NetworkSettings.IPAddress'
Kubernetes Monitoring
# Resource usage
kubectl top nodes
kubectl top pods
kubectl top pods --containers
# Cluster events
kubectl get events
kubectl get events --sort-by=.metadata.creationTimestamp
# Resource quotas
kubectl get resourcequota
kubectl describe resourcequota
Monitoring Tools
# Prometheus configuration for containers
# docker-compose.yml
version: '3.8'
services:
prometheus:
image: prom/prometheus
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
node-exporter:
image: prom/node-exporter
ports:
- "9100:9100"
cadvisor:
image: gcr.io/cadvisor/cadvisor
ports:
- "8080:8080"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
Container Troubleshooting
Common Issues and Solutions
# Container won't start
docker logs container_name
docker inspect container_name | jq '.State'
# Permission issues
docker exec -it --user root container_name bash
docker run --privileged container_name
# Network connectivity
docker exec container_name ping google.com
docker exec container_name nslookup google.com
docker network ls
docker network inspect bridge
# Storage issues
docker exec container_name df -h
docker system df
docker volume ls
Debug Commands
# Container filesystem
docker exec container_name find / -name "*.log"
docker exec container_name ls -la /proc/1/fd/
# Process debugging
docker exec container_name ps aux
docker exec container_name netstat -tuln
docker exec container_name lsof -i
# Performance debugging
docker exec container_name top
docker exec container_name iostat
docker exec container_name free -h
Recovery Operations
# Restart services
docker-compose restart
kubectl rollout restart deployment/app
# Recover from failed state
docker container prune
docker volume prune
docker network prune
docker system prune -a
# Backup and restore
docker commit container_name backup_image
docker save -o backup.tar image_name
docker load -i backup.tar
Container Orchestration
Docker Swarm
# Initialize swarm
docker swarm init
docker swarm init --advertise-addr 192.168.1.100
# Join swarm
docker swarm join --token TOKEN manager-ip:2377
docker swarm join-token worker
docker swarm join-token manager
# Manage nodes
docker node ls
docker node inspect node-id
docker node update --availability drain node-id
# Deploy services
docker service create --name web --replicas 3 -p 8080:80 nginx
docker service ls
docker service ps web
docker service scale web=5
docker service update --image nginx:1.20 web
Kubernetes Advanced
# StatefulSets
kubectl create -f statefulset.yaml
kubectl get statefulsets
kubectl scale statefulset mysql --replicas=3
# DaemonSets
kubectl get daemonsets
kubectl describe daemonset fluentd
# Jobs and CronJobs
kubectl create job hello --image=busybox -- echo "Hello World"
kubectl create cronjob hello --image=busybox --schedule="*/1 * * * *" -- echo "Hello World"
# Ingress
kubectl get ingress
kubectl describe ingress myapp-ingress
Container Performance
Optimization Techniques
# Multi-stage builds
FROM node:16 AS builder
WORKDIR /app
COPY package.json .
RUN npm install
FROM node:16-alpine
WORKDIR /app
COPY --from=builder /app/node_modules ./node_modules
COPY . .
CMD ["npm", "start"]
# Layer caching
COPY package.json .
RUN npm install
COPY . .
# Resource limits
docker run --memory=512m --cpus=1.0 nginx
docker run --oom-kill-disable nginx
Performance Monitoring
# Container metrics
docker stats --no-stream
docker exec container_name cat /proc/meminfo
docker exec container_name cat /proc/cpuinfo
# Kubernetes metrics
kubectl top pods --sort-by=cpu
kubectl top pods --sort-by=memory
kubectl get hpa
Quick Reference
Essential Commands
# Docker basics
docker ps -a # List all containers
docker images # List images
docker exec -it container bash # Access container shell
docker logs -f container # Follow container logs
# Kubernetes basics
kubectl get pods # List pods
kubectl get services # List services
kubectl describe pod pod-name # Pod details
kubectl logs pod-name # Pod logs
# Cleanup
docker system prune -a # Clean Docker system
kubectl delete pod --all # Delete all pods
docker-compose down -v # Stop and remove volumes
Common Troubleshooting
# Container debugging
docker inspect container_name | jq '.State.Health'
docker exec container_name ps aux
docker exec container_name netstat -tuln
# Network issues
docker network ls
kubectl get svc
kubectl describe endpoints service-name
# Storage issues
docker volume ls
kubectl get pv
kubectl get pvc