Docker Config Reference (docker search / docker secret / docker service)

Examples of the Docker Search Command

The docker search command queries Docker Hub for images matching a specified term, returning a list of relevant images with details such as name, description, star count, official status, and automated build indicator. This facilitates discovery of publicly available images for various applications, aiding in selection based on popularity and maintenance.

docker search nginx

This command searches Docker Hub for images containing the term "nginx". It retrieves and displays a list of matching images, including official and community-maintained variants, enabling users to identify suitable web server images based on stars and descriptions for informed pulling decisions.

docker search --limit 5 ubuntu

Utilizing the --limit flag set to 5, this command searches for "ubuntu" images and restricts the output to the top five results. It prioritizes highly rated or official images, streamlining the discovery process for base operating system images in constrained query scenarios.

docker search --format "{{.Name}} {{.StarCount}}" mysql

This command searches for "mysql" images and customizes the output using a Go template to show only the image name and star count. It provides a concise popularity metric, assisting in evaluating database image reliability without full descriptive details.

docker search --no-trunc redis

With the --no-trunc flag, this command searches for "redis" images and displays full, untruncated descriptions. It ensures complete visibility of image details, which is beneficial for assessing caching server variants with lengthy feature summaries.

docker search --filter stars=100 golang

Employing the --filter flag with a minimum star count of 100, this command searches for "golang" images and filters results to those meeting the popularity threshold. It helps in selecting well-maintained programming runtime images based on community endorsement.

docker search --filter is-official=true alpine

This command searches for "alpine" images and filters for official ones using the --filter is-official=true. It isolates verified, maintainer-backed lightweight base images, ensuring trustworthiness for minimalistic container builds.

docker search --filter is-automated=true jenkins

Using the --filter is-automated=true, this command searches for "jenkins" images and restricts to those with automated builds. It identifies CI/CD tool images that are regularly updated via automation, supporting reliable deployment pipelines.

docker search --format "table {{.Name}}\t{{.Description}}" postgres

This command searches for "postgres" images and formats the output as a table with name and description columns. It enhances readability for database image selection, allowing quick comparison of features.

docker search --limit 10 mongodb

This command searches for "mongodb" images and limits results to 10. It provides a balanced overview of NoSQL database options, useful for initial exploration without overwhelming output.

docker search --no-trunc --filter stars=50 python

Combining --no-trunc for full descriptions and --filter stars=50, this command searches for "python" images meeting the star threshold. It delivers detailed, filtered results for scripting runtime selection, prioritizing popular variants.

Examples of the Docker Secret Command

The docker secret command manages sensitive data, such as passwords or keys, in Docker Swarm mode by creating, listing, inspecting, or removing secrets. These are stored encrypted in the Raft log and made available only to authorized services, enhancing security in orchestrated environments.

docker secret create mysecret /path/to/secretfile

This command creates a secret named "mysecret" from the contents of a local file at "/path/to/secretfile". It encrypts and stores the data in the Swarm cluster, making it accessible to services for secure configuration without exposing sensitive information in image layers.

docker secret ls

This command lists all secrets available in the Swarm cluster, displaying details such as ID, name, creation timestamp, and update information. It provides an inventory for management, ensuring oversight of sensitive data assets.

docker secret inspect mysecret

This command inspects the specified secret "mysecret", outputting metadata in JSON format including its ID, version, and labels. It allows verification of secret properties without revealing the encrypted content, supporting auditing and configuration checks.

docker secret rm mysecret

This command removes the secret "mysecret" from the Swarm cluster, provided no services reference it. It enhances security by eliminating unused sensitive data, preventing potential exposure in long-term storage.

docker secret create --label env=prod prodsecret -

Using stdin (denoted by -) and a label "env=prod", this command creates "prodsecret" from piped input. It categorizes the secret for production use, facilitating organized access control in multi-environment clusters.

docker secret ls --quiet

With the --quiet flag, this command lists only the IDs of all secrets. It offers minimal output for scripting, such as integrating with automation tools for batch operations without parsing extraneous details.

docker secret inspect --pretty mysecret

This command inspects "mysecret" and formats the output in a human-readable structure instead of JSON. It improves usability for administrators reviewing secret metadata in console-based workflows.

docker secret create tlskey /path/to/keyfile

This command creates a secret "tlskey" from a TLS key file, encrypting it for secure distribution to services requiring SSL/TLS configurations, such as web servers in a Swarm.

docker secret ls --format "{{.Name}} {{.CreatedAt}}"

This command lists secrets with a custom format showing name and creation time. It enables chronological tracking, useful for compliance or rotation policies.

docker secret rm oldsecret1 oldsecret2

This command removes multiple secrets, "oldsecret1" and "oldsecret2", in one operation. It streamlines cleanup of obsolete sensitive data, ensuring efficient resource management.

Examples of the Docker Service Command

The docker service command manages services in Docker Swarm mode, allowing creation, scaling, updating, and removal of replicated tasks across nodes. Services define desired states for containerized applications, ensuring high availability and load balancing.

docker service create --name web nginx:latest

This command creates a service named "web" using the "nginx:latest" image, deploying one replica by default. It orchestrates the web server across the Swarm, providing automatic scheduling and failover.

docker service ls

This command lists all services in the Swarm cluster, showing ID, name, mode, replicas, image, and ports. It offers a cluster-wide overview for monitoring deployment status and resource allocation.

docker service inspect web

This command inspects the "web" service, returning detailed JSON metadata including configuration, endpoints, and task states. It supports in-depth analysis for troubleshooting or configuration verification.

docker service rm web

This command removes the "web" service, terminating all associated tasks and replicas. It is used for decommissioning applications, freeing cluster resources without affecting other services.

docker service scale web=5

This command scales the "web" service to five replicas, distributing tasks across nodes. It adjusts capacity for load handling, enabling dynamic response to demand in scalable architectures.

docker service update --image nginx:1.25 web

This command updates the "web" service to use "nginx:1.25", rolling out changes gradually. It supports zero-downtime upgrades by replacing tasks sequentially.

docker service ps web

This command lists tasks for the "web" service, detailing node assignment, status, and errors. It aids in diagnosing distribution and health across the cluster.

docker service create --publish 8080:80 --name app customimage

This command creates the "app" service from "customimage", publishing port 8080 to container port 80. It exposes the service externally via Swarm's routing mesh.

docker service update --replicas 3 --env-add DEBUG=true web

This command updates "web" to three replicas and adds an environment variable "DEBUG=true". It modifies runtime behavior without full redeployment.

docker service logs web

This command retrieves logs from all tasks of the "web" service. It aggregates output for centralized monitoring, essential for debugging distributed applications.