====== Docker ======
===== Cheatsheet =====
  * Run container at boot
<code>
docker run --restart=always <image>
</code>
  * List image from rgistry:
<code>
docker image ls | grep <registry> | awk '{print $1 ":" $2}'
</code>

  * docker
<code>
docker build -t friendlyname .              # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyname          # Run "friendlyname" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyname       # Same thing, but in detached mode
docker exec -it [container-id] bash         # Enter a running container
docker ps                                   # See a list of all running containers
docker stop <hash>                          # Gracefully stop the specified container
docker ps -a                                # See a list of all containers, even the ones not running
docker kill <hash>                          # Force shutdown of the specified container
docker rm <hash>                            # Remove the specified container from this machine
docker rm $(docker ps -a -q)                # Remove all containers from this machine
docker images -a                            # Show all images on this machine
docker rmi <imagename>                      # Remove the specified image from this machine
docker rmi $(docker images -q)              # Remove all images from this machine
docker login                                # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag  # Tag <image> for upload to registry
docker push username/repository:tag         # Upload tagged image to registry
docker run username/repository:tag          # Run image from a registry
docker system prune                         # Remove all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes. (Docker 17.06.1-ce and superior)
docker system prune -a                      # Remove all unused containers, networks, images not just dangling ones (Docker 17.06.1-ce and superior)
</code>


  * docker compose
<code>
docker-compose up                               # Create and start containers
docker-compose up -d                            # Create and start containers in detached mode
docker-compose down                             # Stop and remove containers, networks, images, and volumes
docker-compose logs                             # View output from containers
docker-compose restart                          # Restart all service
docker-compose pull                             # Pull all image service 
docker-compose build                            # Build all image service
docker-compose config                           # Validate and view the Compose file
docker-compose scale <service_name>=<replica>   # Scale special service(s)
docker-compose top                              # Display the running processes
</code>

  * docker services 
<code>
docker service create <options> <image> <command>   # Create new service
docker service inspect --pretty <service_name>      # Display detailed information Service(s)
docker service ls                                   # List Services
docker service ps                                   # List the tasks of Services
docker service scale <service_name>=<replica>       # Scale special service(s)
docker service update <options> <service_name>      # Update Service options
</code>

  * docker stack 
<code>
docker stack ls                                 # List all running applications on this Docker host
docker stack deploy -c <composefile> <appname>  # Run the specified Compose file
docker stack services <appname>                 # List the services associated with an app
docker stack ps <appname>                       # List the running containers associated with an app
docker stack rm <appname>                       # Tear down an application
</code>

  * docker machine
<code>
docker-machine create --driver virtualbox myvm1 # Create a VM (Mac, Win7, Linux)
docker-machine create -d hyperv --hyperv-virtual-switch "myswitch" myvm1 # Win10
docker-machine env myvm1                # View basic information about your node
docker-machine ssh myvm1 "docker node ls"         # List the nodes in your swarm
docker-machine ssh myvm1 "docker node inspect <node ID>"        # Inspect a node
docker-machine ssh myvm1 "docker swarm join-token -q worker"   # View join token
docker-machine ssh myvm1   # Open an SSH session with the VM; type "exit" to end
docker-machine ssh myvm2 "docker swarm leave"  # Make the worker leave the swarm
docker-machine ssh myvm1 "docker swarm leave -f" # Make master leave, kill swarm
docker-machine start myvm1            # Start a VM that is currently not running
docker-machine stop $(docker-machine ls -q)               # Stop all running VMs
docker-machine rm $(docker-machine ls -q) # Delete all VMs and their disk images
docker-machine scp docker-compose.yml myvm1:~     # Copy file to node's home dir
docker-machine ssh myvm1 "docker stack deploy -c <file> <app>"   # Deploy an app
</code>

===== Registry management =====
  * list all images in catalog
<code>
curl -s  http://<registry>/v2/_catalog -k
</code>
  * list tags of an image
<code>
curl -s  http://<registry>/v2/httpd/tags/list -k | python -m json.tool
</code>
  * remove an image
<code>
curl -k -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET http://<registry>/v2/<image>/manifests/<tag> -k 2>&1 | grep Docker-Content-Digest | awk '{print ($3)}'
curl -vs -X DELETE http://<registry>/v2/<image>/manifests/<Docker-Content-Digest> -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -k
docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml
</code>

===== Clean overlay =====
<code>
sudo docker inspect $(sudo docker ps -qa) | grep -oE '[a-f0-9]{64}' >> inspect-hashs.txt
sudo docker inspect $(sudo docker images -qa) | grep -oE '[a-f0-9]{64}' >> inspect-hashs.txt
sudo ls -l /var/lib/docker/overlay > overlays.txt
diff -u  inspect-hashs.txt overlays.txt | grep -E '^\+' | grep -oE '[a-f0-9]{64}' | xargs sudo rm -rf /var/lib/docker/overlay2/
</code>

===== User namespace =====
Create a unprivileged user
<code>
# Create a user called "dockremap"
$ sudo adduser dockremap

# Setup subuid and subgid
$ sudo sh -c 'echo dockremap:500000:65536 > /etc/subuid'
$ sudo sh -c 'echo dockremap:500000:65536 > /etc/subgid'
</code>
Add option **--userns-remap=default** to docker daemon
<code>
# Can be done in daemon.json
{
"userns-remap" : "default"
}
</code>
Verify **sysctl user_namespace.enable** equal 1
and run 
<code>
echo 31096 > /proc/sys/user/max_user_namespaces
</code>