Working with Docker

In this section, we will look at a few more advanced examples of working with container images that are available on Docker Hub. We will run commands using the containerized assets both interactively and non-interactively.

Pull An Official Image

One powerful aspect of developing with containers and the Docker ecosystem is the large collection of container images freely available. There are 10s of millions of images on Docker Hub alone, but beware: using an image that you don’t know anything about comes with the same risks involved with running any software.

Warning

Be careful running container images that you are not familiar with. Some could contain security vulnerabilities or, even worse, malicious code like viruses or ransomware.

To combat this, Docker Hub provides “Official Images”, a well-maintained set of container images providing high-quality installations of operating systems, programming language environments and more.

We can search through the official images on Docker Hub here.

Scroll down to find the Python official image called python, then click on that image.

We see a lot of information about how to use the image, including information about the different “tags” available. We see tags such as 3.12-rc, 3.11.2, 3.11, 3, etc. We’ll discuss tags in detail later, but for now, does anyone have a guess as to what the Python tags refer to?

We can pull the official Python image using command, then check to make sure it is available locally:

$ docker pull python
...
$ docker images
...
$ docker inspect python
...

Tip

Use docker inspect to find some metadata available for each image.

Start an Interactive Shell Inside a Container

Using an interactive shell is a great way to poke around inside a container and see what is in there. Imagine you are ssh-ing to a different Linux server, have root access, and can see what files, commands, environment, etc., is available.

Before starting an interactive shell inside the container, execute the following commands on your local device (we will see why in a minute):

$ whoami
wallen

$ pwd
/Users/wallen

$ uname -a
Darwin wireless-10-147-13-120.public.utexas.edu 22.1.0 Darwin Kernel Version 22.1.0: Sun Oct  9 20:14:54 PDT 2022; root:xnu-8792.41.9~2/RELEASE_X86_64 x86_64

Now start the interactive shell inside a Python container:

$ docker run --rm -it python /bin/bash
root@fc5b620c5a88:/#

Here is an explanation of the command options:

docker run       # run a container
--rm             # remove the container when we exit
-it              # interactively attach terminal to inside of container
python           # use the official python image
/bin/bash        # execute the bash shell program inside container

Try the following commands - the same commands you did above before staring the interactive shell in the container - and note what has changed:

root@fc5b620c5a88:/# whoami
root

root@fc5b620c5a88:/# pwd
/

root@fc5b620c5a88:/# uname -a
Linux e8bdfbf0fad7 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 GNU/Linux

Now you are the root user on a different operating system inside a running Linux container! You can type exit to escape the container.

EXERCISE

Before you exit the container, try running the command python. What happens? Compare that with running the command python directly on your local device.

Run a Command Inside a Container

Back out on your local device, we now know we have a container image called python that has a particular version of Python (3.11.x) that may not otherwise be available on your local device. The 3.11.x Python interpreter, it’s standard library, and all of the dependencies of those are included in the container image and are isolated from everything else. This image (python) is portable and will run the exact same way on any OS that Docker supports.

In practice, though, we don’t want to start interactive shells each time we need to use a software application inside an image. Docker allows you to spin up an ad hoc container to run applications from outside. For example, try:

$ docker run --rm python whoami
root

$ docker run --rm python pwd
/

$ docker run --rm python uname -a
Linux e8bdfbf0fad7 5.10.104-linuxkit #1 SMP Thu Mar 17 17:08:06 UTC 2022 x86_64 GNU/Linux

$ docker run -it --rm python
Python 3.11.2 (main, Feb 11 2023, 02:24:27) [GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> # type exit() to escape

The first three commands above omitted the -it flags because they did not require an interactive terminal to run. On each of these commands, Docker finds the image the command refers to, spins up a new container based on that image, executes the given command inside, prints the result, and exits and removes the container.

The last command, which did not specify a command to run inside the container, uses the container’s default command. We don’t know ahead of time what (if any) default command is provided for any given image, but what default command was provided for the python image?

Yes, it was the python command itself, and that requires an interactivity to use, so we provide the -it flags.

If all else fails, display the help text:

$ docker --help
shows all docker options and summaries

$ docker COMMAND --help
shows options and summaries for a particular command

Additional Resources

• Docker Docs
• Best practices for writing Dockerfiles
• Docker Hub
• Docker for Beginners
• Play with Docker