diff --git a/knowledge base/cloud computing/aws/ecr.md b/knowledge base/cloud computing/aws/ecr.md
index e598348..35839c6 100644
--- a/knowledge base/cloud computing/aws/ecr.md
+++ b/knowledge base/cloud computing/aws/ecr.md
@@ -28,7 +28,7 @@ aws ecr list-images --registry-id '123456789012' --repository-name 'my-image'
# Use ECRs as Docker registries.
aws ecr get-login-password \
-| docker login --username 'AWS' --password-stdin 'aws_account_id.dkr.ecr.region.amazonaws.com' \
+| docker login --username 'AWS' --password-stdin 'aws_account_id.dkr.ecr.region.amazonaws.com'
# Pull images from ECRs.
docker pull 'aws_account_id.dkr.ecr.region.amazonaws.com/repository_name/image_name:tag'
diff --git a/knowledge base/docker.md b/knowledge base/docker.md
index 8d6e311..f612f47 100644
--- a/knowledge base/docker.md
+++ b/knowledge base/docker.md
@@ -15,16 +15,28 @@
## TL;DR
- Installation and configuration
+ Setup
+
+| OS | Setup type | Engine configuration file | Settings | Data directory |
+| -------- | ---------------- | -------------------------------------------------------------------------- | ----------------------------------------------------------------- | ----------------------- |
+| Linux | Engine, regular | `/etc/docker/daemon.json` | | `/var/lib/docker` |
+| Linux | Engine, rootless | `${XDG_CONFIG_HOME}/docker/daemon.json`
`~/.config/docker/daemon.json` | | |
+| Linux | Docker Desktop | `${HOME}/.docker/daemon.json` | `${HOME}/.docker/desktop/settings.json` | |
+| Mac OS X | Docker Desktop | `${HOME}/.docker/daemon.json` | `${HOME}/Library/Group Containers/group.com.docker/settings.json` | |
+| Windows | Docker Desktop | `C:\ProgramData\docker\config\daemon.json` | `C:\Users\UserName\AppData\Roaming\Docker\settings.json` | `C:\ProgramData\docker` |
```sh
-# Install
+# Install.
brew install --cask 'docker'
sudo zypper install 'docker'
+
+# Configure.
+vim '/etc/docker/daemon.json'
+jq -i '."log-level"="info"' '/etc/docker/daemon.json'
+jq -i '.dns=["8.8.8.8", "1.1.1.1"]' "${HOME}/.docker/daemon.json"
```
-
Usage
@@ -35,26 +47,31 @@ docker images -a
# Search for images.
docker search 'boinc'
+# Login to registries.
+docker login
+docker login -u 'username' -p 'password'
+aws ecr get-login-password \
+| docker login --username 'AWS' --password-stdin 'aws_account_id.dkr.ecr.region.amazonaws.com' \
+
# Pull images.
docker pull 'alpine:3.14'
docker pull 'boinc/client:latest'
docker pull 'moby/buildkit@sha256:00d2…'
docker pull 'pulumi/pulumi-nodejs:3.112.0@sha256:37a0…'
+docker pull 'quay.io/strimzi/kafka:latest-kafka-3.6.1'
+docker pull '012345678901.dkr.ecr.eu-west-1.amazonaws.com/example-com/syncthing:1.27.8'
# Remove images.
docker rmi 'node'
docker rmi 'alpine:3.14'
docker rmi 'f91a431c5276'
-# Login to registries.
-docker login
-docker login -u 'username' -p 'password'
-
# Create containers.
-docker create -h 'alpine-test' --name 'alpine-test' 'alpine'
+docker create -h 'alpine-test-host' --name 'alpine-test-container' 'alpine:3.19'
+docker create … 'quay.io/strimzi/kafka:latest-kafka-3.6.1'
# Start containers.
-docker start 'alpine-test'
+docker start 'alpine-test-container'
docker start 'bdbe3f45'
# Create and start containers.
@@ -123,14 +140,12 @@ docker rmi 'alpine'
docker image prune -a
docker system prune -a
-
# List networks.
docker network ls
# Inspect networks.
docker network inspect 'monitoring_default'
-
# Create volumes.
docker volume create 'volume-name'
@@ -140,7 +155,6 @@ docker volume list
# Inspect volumes.
docker volume inspect 'volume-name'
-
# Display a summary of the vulnerabilities in images.
# If not given any input, it targets the most recently built image.
docker scout qv
@@ -159,7 +173,6 @@ docker scout recommendations
docker scout recommendations 'golang:1.19.4' --only-refresh
docker scout recommendations 'golang:1.19.4' --only-update
-
# List builders.
docker buildx ls
@@ -183,7 +196,6 @@ docker buildx build … --push \
# Remove builders.
docker buildx rm 'builder_name'
-
# Pull images used in compositions.
docker compose pull
@@ -203,8 +215,7 @@ docker compose down
```
-
-
+
Real world use cases
```sh
@@ -218,6 +229,13 @@ sudo vim "$(docker volume inspect --format '{{.Mountpoint}}' 'gitea_config')/app
+The Docker engine leverages specific Linux capabilities.
+
+On Windows and Mac OS X the engine runs in Linux VMs.
+Docker's `host` network mode will use the VM's network, and **not** the host's one. Using that mode on those OSes will
+result in the containers being **silently unable** to receive traffic from outside the host.
+To solve this, use a different network mode and **explicitly publish** the ports used.
+
## Gotchas
- Containers created with no specified name will be assigned one automatically:
@@ -280,11 +298,9 @@ Docker mounts specific system files in all containers to forward its settings:
```sh
6a95fabde222$ mount
-…
/dev/disk/by-uuid/1bb…eb5 on /etc/resolv.conf type btrfs (rw,…)
/dev/disk/by-uuid/1bb…eb5 on /etc/hostname type btrfs (rw,…)
/dev/disk/by-uuid/1bb…eb5 on /etc/hosts type btrfs (rw,…)
-…
```
Those files come from the volume the docker container is using for its root, and are modified on the container's startup
@@ -389,6 +405,7 @@ docker load …
- [Configuring HealthCheck in docker-compose]
- [Docker Buildx Bake + Gitlab CI Matrix]
- [How to list the content of a named volume in docker 1.9+?]
+- [Difference between Expose and Ports in Docker Compose]