Docker Cheatsheet

What is Docker?

Docker is an open-source containerization platform that packages applications and their dependencies into lightweight, portable containers. It ensures consistent behavior across development, testing, and production environments.

📦 Docker - Install & Runtime Info

Verify Docker installation and daemon status.

docker --version
docker info

🐳 Docker - Run Containers

Run container in detached mode with port mapping.

docker run -d -p 8080:8080 --name my-app my-app:1.0

Run with environment variables.

docker run -d \
  -e SPRING_PROFILES_ACTIVE=prod \
  -p 8080:8080 \
  my-app:1.0

🔍 Docker - List, Inspect & Logs

List containers.

docker ps
docker ps -a

Inspect container.

docker inspect my-app

View logs.

docker logs my-app
docker logs -f my-app

⏸️ Docker - Start, Stop & Restart

docker stop my-app
docker start my-app
docker restart my-app

Graceful stop.

docker stop -t 30 my-app

📦 Docker - Image Lifecycle

Build and list images.

docker build -t my-app:1.0 .
docker images

Remove images.

docker rmi my-app:1.0
docker image prune -a

📂 Docker - Volumes & Persistence

Create and attach volumes.

docker volume create app-data
docker run -d -v app-data:/var/lib/app my-app:1.0

🌐 Docker - Networking Basics

docker network ls
docker network create app-network

Attach network.

docker run -d --network app-network my-app:1.0

🧱 Dockerfile - Best Practices

Minimal production Dockerfile.

FROM eclipse-temurin:17-jre-alpine
WORKDIR /app
COPY target/app.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","app.jar"]

⚡ Dockerfile - Multi Stage Build

FROM maven:3.9-eclipse-temurin-17 AS build
WORKDIR /build
COPY . .
RUN mvn clean package -DskipTests

FROM eclipse-temurin:17-jre-alpine
WORKDIR /app
COPY --from=build /build/target/app.jar app.jar
ENTRYPOINT ["java","-jar","app.jar"]

🔒 Docker - Run as Non Root

RUN addgroup -S app && adduser -S app -G app
USER app

🛡️ Docker - Read Only Containers

docker run -d \
  --read-only \
  --tmpfs /tmp \
  my-app:1.0

🔐 Docker - Secrets Handling

docker run -d \
  -e DB_PASSWORD_FILE=/run/secrets/db_password \
  my-app:1.0

🔍 Docker - Image Vulnerability Scan

docker scan my-app:1.0
trivy image my-app:1.0

📊 Docker - Resource Monitoring

docker stats

⏱️ Docker - CPU & Memory Limits

docker run -d \
  --memory=512m \
  --cpus=1.5 \
  my-app:1.0

🚨 Docker - Restart Policies

docker run -d \
  --restart unless-stopped \
  my-app:1.0

🚀 Docker - CI Build Pattern

docker build -t my-app:${GIT_COMMIT} .
docker tag my-app:${GIT_COMMIT} my-app:latest

🔁 Docker - Tagging Strategy

my-app:1.2.4
my-app:1.2
my-app:latest
my-app:git-<sha>

🧪 Docker - Test Inside Container

docker run --rm my-app:test mvn test

🧰 Docker Compose - Basics

docker compose up -d
docker compose down

services:
  app:
    image: my-app
    ports:
      - "8080:8080"

🧰 Docker Compose - Profiles

services:
  app:
    profiles: ["prod"]
  mock:
    profiles: ["dev"]

docker compose --profile dev up

🚫 Troubleshoot - Restart Loop

docker logs my-app
docker inspect my-app --format='{{.State.ExitCode}}'

🚫 Troubleshoot - Disk Full

docker system df
docker system prune -a

💡 Enterprise Docker Golden Rules

• One container = one responsibility
• Never store secrets in images
• Always define resource limits
• Logs go to stdout/stderr
• Immutable builds only
• Scan images in CI
• Delete before debugging