Docker is a containerization platform that allows you to easily package, deploy, and run applications in a portable container. We hve many benifits runing applications in docker.

  • Multiple containers run on the same hardware
  • Maintains isolated applications
  • Enables high productivity
  • Quick and easy to configure

Before learning about docker technology, the first step is to install it, so lets start.

To set up Docker on Ubuntu, you can follow these steps:

  1. Update your existing list of packages: sudo apt update
  2. Install the package management system for Docker: sudo apt install apt-transport-https ca-certificates curl software-properties-common
  3. Add the Docker GPG key: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
  4. Add the Docker repository to your system’s software sources: sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  5. Update your package lists: sudo apt update
  6. Install Docker: sudo apt install docker-ce
  7. Start the Docker service: sudo systemctl start docker
  8. Verify that Docker is running: sudo systemctl status docker
  9. Pull an image from the Docker hub using the following command: sudo docker run hello-world
  10. Here, hello-world is the docker image present on the Docker hub.
  11. Check if the docker image has been pulled and is present in your system using the following command: sudo docker images
  12. To display all the containers pulled, use the following command: sudo docker ps -a
  13. To check for containers in a running state, use the following command: sudo docker ps

Congratulations! You’ve just successfully installed Docker on Ubuntu! You can run command docker --version to check the version of docker installed and you’re ready to start using Docker on your Ubuntu system.

For details please visit https://docs.docker.com/engine/install/ubuntu/

Troubleshoot Docker Engine installation

Docker Engine installation may encounter some issues that need troubleshooting. Here are some common problems and solutions for Docker Engine installation:

  • Kernel compatibility: Docker can’t run correctly if your kernel is older than version 3.10, or if it’s missing kernel modules. To check kernel compatibility, you can download and run the check-config.sh script.  The script only works on Linux.

$ curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh > check-config.sh

$ bash ./check-config.sh

  • Docker Repository not found: If you see an error message saying that the Docker repository could not be found, it is possible that the repository URL is incorrect. Verify the URL and make sure that it points to the correct location.
  • Package not found: If you see an error message saying that the Docker package could not be found, it is possible that your system does not support the package. Verify the system architecture and make sure that you are trying to install the correct package.
  • Package dependencies not met: If you see an error message saying that the Docker package dependencies could not be met, it is possible that you need to install additional packages to satisfy the dependencies. Use the following command to see the dependencies: apt-cache depends docker-ce
  • Docker service not starting: If the Docker service is not starting, use the following command to check the status of the Docker service: systemctl status docker If the status shows that there is an error, check the Docker logs for more information: journalctl -u docker
  • Docker network not working: If you have trouble with Docker network, try the following commands: docker network ls, docker network inspect <network_name>
  • Docker images or containers not starting: If you are having trouble starting Docker images or containers, try the following commands to see what is causing the issue: docker ps -a, docker logs <container_id>

These are some common issues that you may encounter during Docker Engine installation and possible solutions for them. If you are still having trouble, you can consult the Docker documentation or seek assistance from the Docker community.

Uninstall old versions

Older versions of Docker went by the names of docker or docker-engine. Uninstall any such older versions before attempting to install a new version, along with associated dependencies:

$ sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine

To install Docker Engine on CentOS, you can follow these steps:

  1. Update your existing list of packages: sudo yum update
  2. Add the Docker repository to your system’s software sources: sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  3. Set up the stable Docker repository: sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  4. Update your package lists: sudo yum update
  5. Install Docker Engine: sudo yum install docker-ce
  6. Start the Docker service: sudo systemctl start docker
  7. Verify that Docker is running: sudo systemctl status docker

You can run the command docker --version to check the version of Docker installed and you’re ready to start using Docker on your CentOS system.

Docker Networking is a key aspect of container orchestration and management. It enables containers to communicate with each other and with the host system, as well as with external networks. This topic defines some basic Docker networking concepts and prepares you to design and deploy your applications to take full advantage of these capabilities.

In Docker, a container can be connected to one or more networks, each of which can have different settings for things like IP addresses, DNS resolution, and network traffic routing.

Docker provides several networking options to suit different use cases, including:

  1. Bridge Networking: This is the default network driver and is used for containers that need to communicate with each other on the same host. It creates a virtual Ethernet bridge (docker0) on the host and assigns IP addresses to containers from a subnet defined on the bridge.
  2. Host Networking: This network driver connects containers directly to the host network stack. This option is useful for containers that need to access the host’s network directly.
  3. Overlay Networking: This network driver enables multi-host networking, allowing containers to communicate across multiple Docker hosts. It uses the Docker swarm mode to create a virtual network that spans multiple hosts.
  4. Macvlan Networking: This network driver provides the ability to assign a MAC address to a container, allowing it to appear as a physical device on the network.
  5. Third-party Networking Plugins: Docker also supports third-party network plugins that can provide additional networking options and features. These plugins are available from Docker Hub or from third-party vendors. See the vendor’s documentation for installing and using a given network plugin.
  6. none: For this container, disable all networking. Usually used in conjunction with a custom network driver. none is not available for swarm services. See disable container networking.

These are the main Docker Networking options, and choosing the right one depends on your specific use case. Docker Networking provides a flexible and scalable way to manage and connect containers, and is an important aspect of deploying and managing containers in production.

Docker and iptables are related in the context of network traffic control and management in a Docker environment. iptables is a Linux firewall that allows you to manage incoming and outgoing network traffic by defining rules for network packets.

When Docker is installed, it creates its own set of iptables rules DOCKER-USER and DOCKER to manage the traffic between containers and the host. These rules are managed by the Docker daemon, and they ensure that containers can communicate with each other and with the host as needed.

All of Docker’s iptables rules are added to the DOCKER chain. Do not manipulate this chain manually. If you need to add rules which load before Docker’s rules, add them to the DOCKER-USER chain. These rules are applied before any rules Docker creates automatically.

For example, when a container is started, Docker automatically creates a new iptables rule that forwards incoming traffic to the container’s network namespace. This allows the container to receive incoming traffic and communicate with the host and other containers.

In some cases, you may need to modify the iptables rules for your Docker environment to meet specific security or network requirements. For example, you may need to allow incoming traffic to a container from a specific IP address, or restrict outgoing traffic from a container to a specific port.

To modify the iptables rules for your Docker environment, you can use the docker run command with the --iptables option. For example, to allow incoming traffic to a container from a specific IP address, you can use the following command: docker run --iptables -p <host_ip>:<host_port>:<container_port> <image_name>

Restrict connections to the Docker host

By default, all external source IPs are allowed to connect to the Docker host. To allow only a specific IP or network to access the containers, insert a negated rule at the top of the DOCKER-USER filter chain. For example, the following rule restricts external access from all IP addresses except 192.168.1.1:

 iptables -I DOCKER-USER -i ext_if ! -s 192.168.1.1 -j DROP

Please note that you will need to change ext_if to correspond with your host’s actual external interface. You could instead allow connections from a source subnet. The following rule only allows access from the subnet 192.168.1.0/24:

 iptables -I DOCKER-USER -i ext_if ! -s 192.168.1.0/24 -j DROP

Finally, you can specify a range of IP addresses to accept using --src-range (Remember to also add -m iprange when using --src-range or --dst-range):

 iptables -I DOCKER-USER -m iprange -i ext_if ! --src-range 192.168.1.1-192.168.1.3 -j DROP

You can combine -s or --src-range with -d or --dst-range to control both the source and destination. For instance, if the Docker daemon listens on both 192.168.1.99 and 10.1.2.3, you can make rules specific to 10.1.2.3 and leave 192.168.1.99 open.

iptables is complicated and more complicated rules are out of scope for this topic. See the Netfilter.org HOWTO for a lot more information.

In summary, iptables is an important component of network traffic control and management in a Docker environment, and can be used to manage the traffic between containers and the host. Understanding how iptables works with Docker can help you better manage and secure your Docker deployments.