- configure files
- check docker layer
- docker with proxy
- docker for osx
- command-line auto completion
- others
- complete alias
- get tags
- run inside windows docker image
configure files
docker desktop
[!TIP|label:references:]
| FILE | MACOS | WINDOWS | LINUX |
|---|---|---|---|
settings-store.jsonsettings.json(<=v4.34) |
~/Library/Group Containers/group.com.docker/settings-store.json |
%APPDATA%\Docker\settings-store.json |
~/.docker/settings-store.json |
.com.apple.containermanagerd.metadata.plist |
~/Library/Containers/com.docker.docker/.com.apple.containermanagerd.metadata.plist |
- | - |
{
"AcceptCanaryUpdates": false,
"ActiveOrganizationName": "",
"AllowBetaFeatures": true,
"AllowExperimentalFeatures": true,
"AnalyticsEnabled": true,
"AutoDownloadUpdates": false,
"AutoPauseTimedActivitySeconds": 30,
"AutoPauseTimeoutSeconds": 300,
"AutoStart": false,
"BackupData": false,
"BlockDockerLoad": false,
"ContainerTerminal": "integrated",
"ContainersOverrideProxyExclude": "",
"ContainersOverrideProxyHTTP": "",
"ContainersOverrideProxyHTTPS": "",
"ContainersOverrideProxyPAC": "",
"ContainersOverrideProxyTCP": "",
"ContainersOverrideProxyTransparentPorts": "80,443",
"ContainersProxyHTTPMode": "",
"Cpus": 12,
"CredentialHelper": "docker-credential-osxkeychain",
"CustomWslDistroDir": "",
"DataFolder": "/Users/marslo/Library/Containers/com.docker.docker/Data/vms/0/data",
"DefaultSnapshotter": "overlayfs",
"DeprecatedCgroupv1": false,
"DesktopTerminalEnabled": false,
"DevEnvironmentsEnabled": false,
"DisableHardwareAcceleration": false,
"DisableUpdate": false,
"DiskFlush": "os",
"DiskSizeMiB": 61035,
"DiskStats": "",
"DiskTRIM": true,
"DisplayRestartDialog": true,
"DisplaySwitchWinLinContainers": false,
"Displayed18362Deprecation": false,
"DisplayedElectronPopup": [],
"DisplayedOnboarding": true,
"DockerAppLaunchPath": "/Applications/Docker.app",
"DockerBinInstallPath": "system",
"DockerDebugDefaultEnabled": false,
"DogfoodFeatureFlagsEnabled": false,
"ECIDockerSocketAllowDerivedImages": true,
"ECIDockerSocketCmdList": [],
"ECIDockerSocketCmdListType": "deny",
"ECIDockerSocketImgList": [],
"EnableDefaultDockerSocket": true,
"EnableIntegrationWithDefaultWslDistro": false,
"EnableIntegrityCheck": true,
"EnableSegmentDebug": false,
"EnableWasmShims": false,
"EnhancedContainerIsolation": false,
"ExposeDockerAPIOnTCP2375": false,
"ExtensionsEnabled": true,
"ExtensionsPrivateMarketplace": false,
"ExtensionsPrivateMarketplaceAdminContactURL": "",
"FilesharingDirectories": [
"/Users",
"/Volumes",
"/private",
"/tmp",
"/var/folders"
],
"HostNetworkingEnabled": false,
"IPv4Only": false,
"IPv6Only": false,
"KernelForUDP": false,
"KubernetesEnabled": false,
"KubernetesImagesRepository": "",
"KubernetesMode": "",
"KubernetesNodesCount": 0,
"LastContainerdSnapshotterEnable": 1730830362,
"LastLoginDate": 0,
"LatestBannerKey": "",
"LicenseTermsVersion": 2,
"LifecycleTimeoutSeconds": 600,
"MemoryMiB": 8092,
"NetworkType": "gvisor",
"OnlyMarketplaceExtensions": true,
"OpenUIOnStartupDisabled": false,
"OverrideProxyExclude": "",
"OverrideProxyHTTP": "",
"OverrideProxyHTTPS": "",
"OverrideProxyPAC": "",
"OverrideProxyTCP": "",
"OverrideWindowsDockerdPort": -1,
"ProxyEnableKerberosNTLM": false,
"ProxyHTTPMode": "system",
"ProxyLocalhostPort": 0,
"RequireVmnetd": true,
"RunWinServiceInWslMode": false,
"SbomIndexing": true,
"ScoutNotificationPopupsEnabled": true,
"ScoutOsNotificationsEnabled": false,
"SettingsVersion": 40,
"ShowAnnouncementNotifications": true,
"ShowExtensionsSystemContainers": false,
"ShowGeneralNotifications": true,
"ShowInstallScreen": false,
"ShowKubernetesSystemContainers": false,
"ShowPromotionalNotifications": true,
"ShowSurveyNotifications": true,
"SkipUpdateToWSLPrompt": false,
"SkipWSLMountPerfWarning": false,
"SocksProxyPort": 0,
"SwapMiB": 1024,
"SynchronizedDirectories": [],
"ThemeSource": "system",
"UpdateAvailableTime": 0,
"UpdateHostsFile": false,
"UpdateInstallTime": 0,
"UseBackgroundIndexing": false,
"UseContainerdSnapshotter": true,
"UseCredentialHelper": true,
"UseGrpcfuse": true,
"UseLibkrun": false,
"UseNightlyBuildUpdates": false,
"UseResourceSaver": true,
"UseVirtualizationFramework": true,
"UseVirtualizationFrameworkRosetta": true,
"UseVirtualizationFrameworkVirtioFS": true,
"UseVpnkit": true,
"UseWindowsContainers": false,
"VpnKitAllowedBindAddresses": "0.0.0.0",
"VpnKitMTU": 1500,
"VpnKitMaxConnections": 2000,
"VpnKitMaxPortIdleTime": 300,
"VpnKitTransparentProxy": true,
"VpnkitCIDR": "192.168.65.0/24",
"WslDiskCompactionThresholdGb": 0,
"WslEnableGrpcfuse": false,
"WslEngineEnabled": false,
"WslInstallMode": "installLatestWsl",
"WslUpdateRequired": false
}
$ defaults read ~/Library/Containers/com.docker.docker/.com.apple.containermanagerd.metadata.plist
{
MCMMetadataActiveDPClass = "-1";
MCMMetadataContentClass = 2;
MCMMetadataIdentifier = "com.docker.docker";
MCMMetadataSchemaVersion = 0;
MCMMetadataUUID = "386F734E-BD40-4755-87A2-DDF4ABD17A64";
MCMMetadataUserIdentity = {
personaUniqueString = "2EDCF936-1321-4383-A54D-3784F660E452";
posixGID = 20;
posixUID = 503;
type = 0;
version = 2;
};
MCMMetadataVersion = 7;
}
check docker layer
[!NOTE|label:references:]
install
$ DIVE_VERSION=$(curl -sL "https://api.github.com/repos/wagoodman/dive/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
$ curl -OL https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.deb
$ sudo apt install ./dive_${DIVE_VERSION}_linux_amd64.deb
docker with proxy
[!NOTE|label:references:]
docker pull
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTPS_PROXY=http://sample.proxy.com:80"
Environment="HTTP_PROXY=http://sample.proxy.com:80"
Environment="ALL_PROXY=http://sample.proxy.com:80"
systemctl daemon-reload;systemctl start docker
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
# verify
$ systemctl show docker --property Environment
Environment=HTTPS_PROXY=http://sample.proxy.com:80 HTTP_PROXY=http://sample.proxy.com:80 ALL_PROXY=http://sample.proxy.com:80
for socks5
$ [ ! -d /etc/systemd/system/docker.service.d ] && sudo mkdir -p /etc/systemd/system/docker.service.d $ sudo bash -c "cat > /etc/systemd/system/docker.service.d/socks5-proxy.conf" << EOF [Service] Environment="ALL_PROXY=socks5://sample.proxy.com:80" Environment="NO_PROXY=localhost,127.0.0.1,130.147.0.0/16,130.145.0.0/16" EOF $ sudo systemctl daemon-reload $ sudo systemctl enable docker.service $ sudo systemctl restart docker.service-
# for rootless mode $ mkdir -p ~/.config/systemd/user/docker.service.d/ # or regular mode $ sudo mkdir -p /etc/systemd/system/docker.service.d $ sudo bash -c "cat > /etc/systemd/system/docker.service.d" << EOF [Service] Environment="HTTP_PROXY=http://sample.proxy.com:80" Environment="HTTPS_PROXY=https://sample.proxy.com:443" Environment="NO_PROXY=localhost,127.0.0.1,sample.docker-registry.com,.corp" EOF $ sudo systemctl daemon-reload $ sudo systemctl restart docker # verify $ systemctl show docker --property Environment Environment=HTTP_PROXY=http://sample.proxy.com:80 HTTPS_PROXY=http://sample.proxy.com:443 NO_PROXY=localhost,127.0.0.1,sample.docker-registry.com,.corp
docker build
$ mkdir -p ~/.docker
$ cat > ~/.docker/config.json << EFO
{
"proxies":
{
"default":
{
"httpProxy": "http://sample.proxy.com:80",
"httpsProxy": "http://sample.proxy.com:80",
"allProxy": "http://sample.proxy.com:80",
"noProxy": "*.sample.domain1.com,.domain2.com,127.0.0.0/8"
}
}
}
EOF
or via
--build-arg:$ docker build \ --build-arg http_proxy=http://sample.proxy.com:80 \ --build-arg https_proxy=http://sample.proxy.com:443 \ .details
| VARIABLE | DOCKERFILE EXAMPLE | DOCKER RUN EXAMPLE | |:-----------:|:-------------------------------------------------|----------------------------------------------------------------| | HTTP_PROXY | ENV HTTP_PROXY="http://sample.proxy.com:80" | --env HTTP_PROXY="http://sample.proxy.com:80" | | HTTPS_PROXY | ENV HTTPS_PROXY="https://sample.proxy.com:80" | --env HTTPS_PROXY="https://sample.proxy.com:80" | | FTP_PROXY | ENV FTP_PROXY="ftp://sample.proxy.com:80" | --env FTP_PROXY="ftp://sample.proxy.com:80" | | NO_PROXY | ENV NO_PROXY=".sample.domain1.com,.domain2.com" | --env NO_PROXY=".sample.domain1.com,.domain2.com,127.0.0.0/8" |
via daemon.json
[!TIP]
$ cat /etc/docker/daemon.json
{
"proxies": {
"http-proxy": "http://proxy.example.com:80",
"https-proxy": "https://proxy.example.com:443",
"no-proxy": "*.test.example.com,.example.org"
}
}
docker build with GPG key proxy
without proxy
... gpg --batch \ --keyserver https://keyserver.ubuntu.com:80 \ --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831E ... # result gpg: keyserver receive failed: Connection timed outGPG with proxy
... apt-key adv --keyserver-options http-proxy=http://sample.proxy.com:80 \ --keyserver hkp://keyserver.ubuntu.com:80 \ --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \ ... # result Executing: /tmp/apt-key-gpghome.uegAG54mKu/gpg.1.sh --keyserver-options http-proxy=http://sample.proxy.com:80 --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF gpg: key A6A19B38D3D831EF: 2 signatures not checked due to missing keys gpg: key A6A19B38D3D831EF: public key "Xamarin Public Jenkins (auto-signing) <releng@xamarin.com>" imported gpg: Total number processed: 1 gpg: imported: 1 gpg: keybox '/tmp/tmp.jad0qVCQ6v/pubring.kbx' created gpg: WARNING: nothing exported Warning: apt-key output should not be parsed (stdout is not a terminal)
docker for osx
[!TIP|label:references:]
docker: command cannot be found
using user
$ export $HOME/.docker/bin:$PATHusing system
$ ln -sf $HOME/.docker/bin/docker /usr/local/bin/docker # or $ ln -s /Applications/Docker.app/Contents/Resources/bin/docker /usr/local/bin/docker $ sudo ln -s -f $HOME/.docker/run/docker.sock /var/run/docker.sock- modify
~/.docker/config.jsonif necessary{ "auths": {}, - "credsStore": "desktop", + "credStore": "desktop", "currentContext": "desktop-linux" }
- modify
command-line auto completion
[!TIP] reference:
Linux
$ dpkg -L docker-ce-cli | grep completion
/usr/share/bash-completion
/usr/share/bash-completion/completions
/usr/share/bash-completion/completions/docker
/usr/share/fish/vendor_completions.d
/usr/share/fish/vendor_completions.d/docker.fish
/usr/share/zsh/vendor-completions
/usr/share/zsh/vendor-completions/_docker
- rpm
$ rpm -ql docker-ce | grep completion /usr/share/bash-completion/completions/docker /usr/share/fish/vendor_completions.d/docker.fish /usr/share/zsh/vendor-completions/_docker
setup in bashrc
source /usr/share/bash-completion/completions/docker
alias d='docker'
alias dp='docker ps'
while read -r _i; do
complete -F _docker "${_i}"
done < <(alias | grep docker | sed '/^alias /!d;s/^alias //;s/=.*$//')
- more info
$ source /usr/share/bash-completion/completions/docker $ type _docker | head _docker is a function _docker () { local previous_extglob_setting=$(shopt -p extglob); shopt -s extglob; }
osx
$ la '/Applications/Docker.app/Contents/Resources/etc'
total 332K
-rwxr-xr-x 1 marslo admin 124K Nov 9 21:50 docker.zsh-completion
-rwxr-xr-x 1 marslo admin 51K Nov 9 21:50 docker.fish-completion
-rwxr-xr-x 1 marslo admin 114K Nov 9 21:50 docker.bash-completion
-rw-r--r-- 1 marslo admin 18K Nov 9 21:50 docker-compose.zsh-completion
-rw-r--r-- 1 marslo admin 1.7K Nov 9 21:50 docker-compose.fish-completion
-rwxr-xr-x 1 marslo admin 13K Nov 9 21:50 docker-compose.bash-completion
$ ln -sf '/Applications/Docker.app/Contents/Resources/etc/docker.bash-completion' $(brew --prefix)/etc/bash_completion.d/docker
$ ln -sf '/Applications/Docker.app/Contents/Resources/etc/docker-compose.bash-completion' $(brew --prefix)/etc/bash_completion.d/docker-compose
- setup in bashrc
dockerComp="$(brew --prefix)/etc/bash_completion.d/docker"
dockerComposeComp="$(brew --prefix)/etc/bash_completion.d/docker-compose"
[ -f "${dockerComp}" ] && source "${dockerComp}"
[ -f "${dockerComposeComp}" ] && source "${dockerComposeComp}"
alias d='docker'
alias dp='docker ps'
alias dls='docker ps -l -q'
alias dps='docker ps -l -a'
alias di='docker images'
alias dip="docker inspect --format '{{ .NetworkSettings.IPAddress }}'"
while read -r _i; do
complete -F _docker "${_i}"
done < <(alias | grep docker | sed '/^alias /!d;s/^alias //;s/=.*$//')
others
_completion_loader_completion_loader() { . "/etc/bash_completion.d/$1.sh" >/dev/null 2>&1 && return 124 } complete -D -F _completion_loader
complete alias
# for Linux
$ sudo curl -sSLg https://raw.githubusercontent.com/cykerway/complete-alias/master/complete_alias \
-o /etc/bash_completion.d/complete_alias
# for osx
$ sudo curl -sSLg https://raw.githubusercontent.com/cykerway/complete-alias/master/complete_alias \
-o $(brew --prefix)/etc/bash_completion.d/complete_alias
setup in bash
source /etc/bash_completion.d/complete_alias # source $(brew --prefix)/etc/bash_completion.d/complete_alias while read -r _i; do complete -F _complete_alias "${_i}" done < <(alias | grep -E 'docker|kubectl' | sed '/^alias /!d;s/^alias //;s/=.*$//')
get tags
from artifactory
- list repos
example: the docker registry in artifactory named
docker
$ curl -sS https://artifactory.sample.com/v2/docker/_catalog |
jq -r .repositories[]
or
$ curl -sS -X GET https://artifactory.sample.com/artifactory/api/docker/docker/v2/_catalog | jq -r .repositories[]-
example: get tags from repo
devops/ubuntu$ curl -sS https://artifactory.sample.com/artifactory/v2/docker/devops/ubuntu/tags/list [ | jq -r .tags[] ]- or
$ curl -sS -X GET https://artifactory.sample.com/artifactory/api/docker/docker/v2/devops/ubuntu/tags/list
- or
get image:tag via jf cli
$ jf rt search docker/devops/kwciagent/kw23.4-4.0.1** |
jq -r '.[].props | select(."docker.manifest" != null) | [ ."docker.manifest"[0], ."docker.repoName"[0] ] | "\(.[1]):\(.[0])"'
devops/kwciagent:kw23.4-4.0.1-py310-jammy-dind
devops/kwciagent:kw23.4-4.0.1-py310-jammy-dind-v96-906236c7d
from docker hub
$ curl -sS 'https://hub.docker.com/v2/repositories/jenkins/jenkins/tags' |
jq --raw-output .results[].name
jdk8-openj9-windowsservercore-1809
jdk11-hotspot-windowsservercore-1809
jdk11-openj9-windowsservercore-1809
windowsservercore-1809
jdk8-hotspot-windowsservercore-1809
2.249.3-lts-centos7
lts-centos7
centos7
2.249.3-lts-centos
lts-centos
-
$ curl -sS 'https://hub.docker.com/v2/repositories/jenkins/jenkins/tags?page_size=100&ordering=last_updated' | jq --raw-output .results[].name | sort- or
$ curl -sS https://hub.docker.com/v2/repositories/jenkins/jenkins/tags?page=2 | jq '."results"[]["name"]' | sort
- or
get multiple pages
$ while read -r _i; do curl -sSgk "https://registry.hub.docker.com/v2/repositories/jenkins/jenkins/tags?&page=${_i}&page_size=100" | jq -r '.results[] | select( .name | contains("-lts-") ) | .name'; done < <(echo {1..10} | fmt -1)via docker registry tags/list API v2
[!NOTE|label:references:]
$ cat > docker-tags.sh << EOF #!/usr/bin/env bash set -eu -o pipefail docker_tags() { item="$1" case "$item" in */*) : ;; # namespace/repository syntax, leave as is *) item="library/$item" ;; # bare repository name (docker official image); must convert to namespace/repository syntax esac authUrl="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$item:pull" token="$(curl -fsSL "$authUrl" | jq --raw-output '.token')" tagsUrl="https://registry-1.docker.io/v2/$item/tags/list" curl -fsSL -H "Accept: application/json" -H "Authorization: Bearer $token" "$tagsUrl" | jq --raw-output '.tags[]' } docker_tags "$@" EOF $ bash docker-tags.sh jenkins/jenkins | sort -r | grep --color=never -- '-lts-jdk11' | head -3 2.440.2-lts-jdk11 2.440.1-lts-jdk11 2.426.3-lts-jdk11
simple script for get tags
#!/bin/sh
#
# Simple script that will display docker repository tags.
#
# Usage:
# $ docker-show-repo-tags.sh ubuntu centos
for _r in $* ; do
curl -sS "https://registry.hub.docker.com/v2/repositories/library/$_r/tags/" |
sed -e 's/,/,\n/g' -e 's/\[/\[\n/g' |
grep '"name"' |
awk -F\" '{print $4;}' |
sort -fu |
sed -e "s/^/${_r}:/"
done
get current container ID
$ basename $(cat /proc/self/cpuset)
ab8c1732f1a3fdb46b9f9a477f0fbcc1d23c6787d7532648242a76d6eb1e8b84
- or
$ hostname ab8c1732f1a3
get volume from container ID
$ docker inspect -f '{{ .Mounts }}' <container ID>
or
$ docker inspect <container ID> | grep volume-
$ docker ps -a --no-trunc --format "{{.ID}}\t{{.Names}}\t{{.Mounts}}"
- or
$ docker inspect <container ID> | jq --raw-output .[].Mounts -
$ docker ps -q | xargs docker container inspect -f '{{ .Name }} {{ .HostConfig.Binds }}'
mount volume in DinD
reference:
$ cid=$(basename $(cat /proc/self/cpuset))
$ VOLUME_OPTION="--volumes-from ${cid}:rw"
$ docker run <...> ${VOLUME_OPTION}
run inside windows docker image
add contents
> docker exec [-w 'C:\workspace'] <docker-id> powershell "Set-Content -Path '_cmd.ps1' -Value 'python --version'"
- for multiple line contents
> docker exec [-w 'C:\workspace'] <docker-id>' powershell "Set-Content -Path .\test.py -Value '# content of test_sample.py >> def func(x): >> return x + 1 >> >> >> def test_answer(): >> assert func(4) == 5'"
get contents
> docker exec [-w 'C:\workspace'] <docker-id> powershell "Get-Content '_cmd.ps1'"
equivalent
tail -f> docker exec [-w 'C:\workspace'] <docker-id> powershell "Get-Content '_cmd.ps1' -Wait"equivalent
tail -10> docker exec [-w 'C:\workspace'] <docker-id> powershell "Get-Content '_cmd.ps1' -Tail 10"
list item
> docker exec [-w 'C:\workspace'] <docker-id> powershell Get-ChildItem .
> docker exec [-w 'C:\workspace'] <docker-id> powershell Get-ChildItem ..\
execute
> docker exec [-w 'C:\workspace'] <docker-id> powershell .\_cmd.ps1
# or
> docker exec [-w 'C:\workspace'] <docker-id> powershell "Invoke-Expression '.\_cmd.ps1' > log.txt"
# or redirect via `Out-File`
> docker exec [-w 'C:\workspace'] <docker-id> powershell "Invoke-Expression '.\_cmd.ps1' | Out-File -FilePath log.txt"