This is a summary from Docker run reference
Docker runs processes in isolated containers. A container is a process which runs on a host. The host may be local or remote. When an operator executes docker run
, the container process that runs is isolated in that it has its own file system, its own networking, and its own isolated process tree separate from the host.
1 | docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] |
The docker run
command can override nearly all the defaults set from docker image.
Let’s first see the docker run
command I encountered:
1 | docker run --detach \ |
Detched [-d]
To start a container in detached mode, you use -d=true
or just -d
option. By design, containers started in detached mode exit when the root process used to run the container exits, unless you also specify the --rm
option. If you use -d
with --rm
, the container is removed when it exits or when the daemon exits, whichever happens first.
This is why we specify
tail -f /dev/null
at end of start script in container.
Foreground
In foreground mode (the default when -d
is not specified), docker run can start the process in the container and attach the console to the process’s standard input, output, and standard error. It can even pretend to be a TTY (this is what most command line executables expect) and pass along signals.
For interactive processes (like a shell), you must use -it
together in order to allocate a tty for the container process.
For example:
1 | docker run -it --rm busybox /bin/sh |
This will directly open a shell to operate on container, once exit, container will be removed.
Name [--name
]
Specify container name. If you do not assign a container name with the --name
option, then the daemon generates a random string name for you. Defining a name can be a handy way to add meaning to a container.
IPC settings [--ipc
]
1 | --ipc="MODE" : Set the IPC mode for the container |
IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues.
Shared memory segments are used to accelerate inter-process communication at memory speed, rather than through pipes or through the network stack.
1 | --ipc=<Value> |
Value Description
- “”: Use daemon’s default.
- “none”: Own private IPC namespace, with /dev/shm not mounted.
- “private”: Own private IPC namespace.
- “shareable”:Own private IPC namespace, with a possibility to share it with other containers.
- “container: <name-or-ID>”: Join another (“shareable”) container’s IPC namespace.
- “*host”: Use the host system’s IPC namespace.
If not specified, daemon default is used, which can either be private
or shareable
, depending on the daemon version and configuration.
If these types of applications are broken into multiple containers, you might need to share the IPC mechanisms of the containers, using “shareable” mode for the main container, and container:<donor-name-or-ID>
for other containers.
Network settings
1 | --dns=[] : Set custom dns servers for the container |
I meet --add-host
flag in service docker:
1 | --add-host="${SERVICES_HOST} ${DB2_XMETA_HOST} ${ENGINE_HOST}":${SERVICES_HOST_IP} \ |
Restart policies (--restart
)
Using the --restart
flag on Docker run you can specify a restart policy for how a container should or should not be restarted on exit.
When a restart policy is active on a container, it will be shown as either Up
or Restarting
in docker ps
.
Exit Status
The exit code from docker run
gives information about why the container failed to run or why it exited. When docker run
exits with a non-zero code, the exit codes follow the chroot standard.
Clean up [--rm
]
By default a container’s file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the final state) and you retain all your data by default. But if you are running short-term foreground processes, these container file systems can really pile up. If instead you’d like Docker to automatically clean up the container and remove the file system when the container exits, you can add the --rm
flag.
HOSTNAME [--hostname
]
1 | --hostname="xxx" Container host name |
Set the hostname of the container.
Runtime privilege and Linux capabilities
I separate this section to the blog <<Docker Capability>>
since it’s important to me.
Logging drivers [--log-driver
]
The container can have a different logging driver than the Docker daemon. Use the --log-driver=VALUE
with the docker run
command to configure the container’s logging driver.
Default logging driver is json format. The docker logs
command is available only for the json-file
and journald
logging drivers.
Overriding Dockerfile image defaults
I separate this section to the blog <<Docker Image Defaults>>
since it’s important to me.
-p
Remember, the first part of the -p value is the host port and the second part is the port within the container
VOLUME (shared filesystems)
When use -v
option binds mount a volume from host machine to inside container, if the container originally has contents inside the mount target folder, they will all be removed when mount and replaced by contents from source host machine folder.
Note that
docker commit
will not include any data contained in volumes mounted inside the container.