Docker Troubleshooting and CLI

From DikapediaV2
Revision as of 14:48, 21 August 2024 by Ardika Sulistija (talk | contribs) (Created page with "* <b>Docker</b> (Main page) * <b>ECR</b> ---- ====<u>Common Docker CLI commands and troubleshooting concepts</u>==== * The <b>$ docker pull</b> command allows you to download an image or set of images (i.e. repository). * The <b>$ docker images</b> command allows you to list the currently downloaded images. * The <b>$ docker build</b> command builds an image from a Dockerfile and a context. The build's context is processed...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search




Common Docker CLI commands and troubleshooting concepts

  • The $ docker pull command allows you to download an image or set of images (i.e. repository).
  • The $ docker images command allows you to list the currently downloaded images.
  • The $ docker build command builds an image from a Dockerfile and a context. The build's context is processed recursively and refers to the set of files in the specified location PATH or URL.
  • The $ docker push command allows you to push an Image or repository to a registry.
  • The $ docker rmi command allows you to delete an image.
  • The $ docker ps command allows you to list the currently running docker processes.
  • The $ docker run command allows you to start a new container. Often, this will be done in the "detached" (-d) mode to run the process in the background.
  • The $ docker stop command allows you to stop a currently running container.
  • The $ docker rm command allows you to remove one or more containers.
  • The $ docker exec command allows you to run a command inside a running container. This is useful for troubleshooting the container.
  • The $ docker logs command allows you to view the log output (stdout and stderr) of a container.
  • The $ docker inspect command allows you to get details about any Docker object. It is most commonly used to inspect a container to get information like the environment variables, network configuration, etc.
  • The $ docker info command allows you to get details about the currently running Docker Daemon.
  • The $ nsenter command executes program in different namespaces.
  • The $ lsns command lists namespaces. It lists information about all the currently accessible namespaces or about the given namespace.
  • The $ docker volume command to create a docker volume or list volumes.
  • Netshoot is a container image that allows you to launch in the same network namespace of a running container, so you can troubleshoot using tools in the Netshoot container. This helps prevent you from installing tools on your running container in order to keep it light. (Github link)


How to start the Docker Daemon

If you don’t want to use a system utility to manage the Docker daemon, or just want to test things out, you can manually run it using the $ dockerd command.

When you start Docker this way, it runs in the foreground and sends its logs directly to your terminal.

$ dockerd 

INFO[0000] +job init_networkdriver()
INFO[0000] +job serveapi(unix:///var/run/docker.sock)
INFO[0000] Listening for HTTP on unix (/var/run/docker.sock)

To stop Docker when you have started it manually, issue a Ctrl+C in your terminal.


Container exits unexpectedly

  • Memory exhaustion (OOM error)
    • Possible resolutions:
      • Setting hard memory ceiling by increasing the memory value in your $ docker run comman using the -m option, and
      • Setting a soft-limit for memory usage, which is activated when the Docker daemon detects contention or low host memory. This can be set during $ docker run using the --memory-reservation option, which must have a value lower than the value set with the -m option.
  • Application failure
  • Out of Disk space
    • Possible causes:
      • Containers that have been stopped for an extended period of time.
      • Images that belong to containers that are no longer active on the host.
    • To clean up disk space:
$ docker system prune -a

Things to check when Container exits unexpectedly:

$ docker ps -a
    • This command can be used to check the container exit code.
    • An exit code is the code returned to a parent process by an executable. Where 0 is the exit code for success and any non-zero indicates a failure of some kind.
$ docker logs -t <containerID>
  • This command can help provide visibility into the events of the application running inside the container if the logging driver being used is json file. (which is the default logging driver for Docker on Linux).
$ docker info | grep -i "data space"
  • THis command is very useful when needing to determine available disk space on a system configured wth an LVM partition (devicemapper as Docekr storage driver).


Cannot connect to application

  • Application not listening on configured port
  • Host and/or container port misconfigured
  • Firewall/Antivirus on host machine

Things to check when cannot connect to application:

$ docker ps -a
  • Check the port configurations for the container when you can't reach the service inside a running container.
$ docker logs --tail <containerid>
  • To view stdout and stderr output from the application running in a container.
$ docker exec -it <containerid> bash/<command>
  • If the container is running, you can start a shell session by using the above command to troubleshoot application inside running container.
  • This provides access to view logs not exported to the host instance.
  • Please note a shell session might or might not be available depending upon the image being used.
$ docker inspect <containerid> --format 'Template:Range.NetworkSettings.NetworksTemplate:.IPAddressTemplate:End'
  • This comman provides detailed information in a json format for the specified container ID. The format option can be used to get specific inofmration from the json body.
$ curl -I <containerIP>:<containerPort> 
  • If the port mapping is correct and you have shell access on the container host, this comman will return the HTTP status code returned by your application, if it is running.
$ netstat -nota
  • Use this command to check if the host port is listening on the container instance.

For a misconfigured Host/Container port:

  • If the host and/or container ports are misconfigured, stop the currently running container then start a new container using the same image, but with the correct port mapping.

For applications not listening on port specfied by Docker run, either:

  • Modify the container application's configuration to listen on the desired port.
  • Correct Dockerfile expose port and rebuild/push the Docker image.


Check if Docker is running

$ ps aux | grep -i docker
$ docker info
$ sudo systemctl status docker
$ sudo systemctl is-active docker
$ sudo service docker status


Docker info

$ docker info
Client:
 Debug Mode: false

Server:
 Containers: 3
  Running: 0
  Paused: 0
  Stopped: 3
 Images: 4
 Server Version: 19.03.6-ce
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ff48f57fc83a8c44cf4ad5d672424a98ba37ded6
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.14.193-149.317.amzn2.x86_64
 Operating System: Amazon Linux 2
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 983.3MiB
 Name: ip-172-31-63-97.ec2.internal
 ID: M4YS:RHVD:QMWR:F6EY:EB7L:XA7U:ZWK4:22VI:I22D:NSN7:SYS5:IWSW
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false


How to run a docker container

  • If you want to keep the container and current terminal session separate, you can run the container in the background using the -d attribute. Using detached mode also allows you to close the opened terminal session without stopping the container.
$ docker run -d nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
bf5952930446: Pull complete 
cb9a6de05e5a: Pull complete 
9513ea0afb93: Pull complete 
b49ea07d2e93: Pull complete 
a5e4a503d449: Pull complete 
Digest: sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661
Status: Downloaded newer image for nginx:latest
80984b890f33b27fd2fab0cfc307cd8ed8096e15e86d75522ef27ca719550e80

To run a docker container and have the mapping port 8080 of the HOST ENI to port 80 of the docker container:

$ docker run -d -p 8080:80 nginx:latest
e892531ea4a62495dd86f3e874e3eea242df7d983faabf6957b6b0fa8e4ef256

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
e892531ea4a6        nginx:latest        "/docker-entrypoint.…"   3 minutes ago       Up 3 minutes        0.0.0.0:8080->80/tcp   sharp_panini


Check Docker Images

$ docker images


List all containers

By default only shows 'running' containers

$ docker ps 

--all containers including stopped ones

$ docker ps -a

--quiet; only IDs

$ docker ps -aq


Stop a container

$ docker stop my_container


Stop all running containers/images

Stop all running containers

$ docker stop $(docker ps -aq)


How to remove a docker container

Remove a container

$ docker rm <container ID>

Remove all containers

$ docker rm $(docker ps -aq)


To run a command inside of a running container

$ docker exec
  • This comman comes in handy if you need to connect to the container to troubleshoot the application within.
$ docker exec -it <containerid> bash
$ docker exec -ti 96cc52ffd1b0 mount
  • If the container is running, you can start a bash shell session by using the above command to troubleshoot application inside running container.
  • This provides access to view logs not exported to the host instance.
  • Please note a shell session might or might not be available depending upon the image being used.


To find detailed information on Constructs controlled by Docker

This command is especially useful to find the container's IP address, the container status, exit code, and errors to name a few.

You can also use this command to view additional details of an image, such as its size and layers.

$ docker inspect

To get an instances IP address:

$ docker inspect <containerid> --format 'Template:Range.NetworkSettings.NetworksTemplate:.IPAddressTemplate:End'

Inspect details of a docker image:

$ docker inspect image_id


How to find the PID of a docker container (Two ways)

Simpler way: $ docker top <container ID:

$ docker top 80a282dff43f
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                11944               11909               0                   21:40               ?                   00:00:00            nginx: master process nginx -g daemon off;
101                 12003               11944               0                   21:40               ?                   00:00:00            nginx: worker process


To find the PID of a docker container, run $ docker ps to get the container ID:

[ec2-user@ip-172-31-63-97 proc]$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
80a282dff43f        nginx:latest        "/docker-entrypoint.…"   21 minutes ago      Up 21 minutes       80/tcp              demo

Then run $ docker inspect --format ' { { .State.Pid } } ' <container ID>:

[ec2-user@ip-172-31-63-97 proc]$ docker inspect --format 'Template:.State.Pid' 80a282dff43f
11944


How to manage containers in namespaces by using nsenter

How to view the network namespace of the Docker container using $ nsenter -t <container PID> -n <command>:

  • n = Network namespace
$ sudo nsenter -t 11944 -n bash

[root@ip-172-31-63-97 ec2-user]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 20  bytes 1592 (1.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

OR you can simply do this: $ sudo nsenter -t 11944 -n ifconfig,

# sudo nsenter -t 11944 -n ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 20  bytes 1592 (1.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  • You are now viewing the network configuration as perceived from INSIDE the running container. This is the internal IP on the other side of the network bridge.
  • You can now run network tools without having to run the actual commands from within the container. In other words, you dont have to load up and install the container with troubleshooting tools in order to troubleshoot since you always want the container to be as light as possible.


How to view the namespaces associated to a container

You can use $ lsns -p <container pid> command, which lists the namespaces.

  • Note, you can see these namespaces in the /proc/<container pid> directory as well.
# lsns -p 11944
        NS TYPE   NPROCS   PID USER COMMAND
4026531835 cgroup    104     1 root /usr/lib/systemd/systemd --switched-root --system --deserialize 21
4026531837 user      104     1 root /usr/lib/systemd/systemd --switched-root --system --deserialize 21
4026532220 mnt         2 11944 root nginx: master process nginx -g daemon off
4026532221 uts         2 11944 root nginx: master process nginx -g daemon off
4026532222 ipc         2 11944 root nginx: master process nginx -g daemon off
4026532223 pid         2 11944 root nginx: master process nginx -g daemon off
4026532225 net         3 11944 root nginx: master process nginx -g daemon off

# ls /proc/11944/ns
cgroup  ipc  mnt  net  pid  pid_for_children  user  uts


Building an Image

Prerequisites: First create an index.html file, then create Dockerfile:

$ cat index.html 
hello

$ cat <<EOF> Dockerfile
> FROM nginx
> COPY index.html /usr/share/nginx/html/index.html
> EXPOSE 80
> EOF
$ cat Dockerfile
FROM nginx
COPY index.html /usr/share/nginx/html/index.html
EXPOSE 80


Tell Docker daemon to use the current directory as context:

$ docker build

Tell Docker daemon to create an image called "my_image" while using the current directory as the context.

$ docker build -t my_image .
Sending build context to Docker daemon  10.75kB
Step 1/3 : FROM nginx
 ---> 4bb46517cac3
Step 2/3 : COPY index.html /usr/share/nginx/html/index.html
 ---> d642224125aa
Step 3/3 : EXPOSE 80
 ---> Running in 13ce51f632e1
Removing intermediate container 13ce51f632e1
 ---> b10d01f10725
Successfully built b10d01f10725
Successfully tagged my_image:latest
  • Now your image is created and you can see it in Docker:
$ docker images
REPOSITORY                TAG                 IMAGE ID            CREATED              SIZE
my_image                  latest              b10d01f10725        About a minute ago   133MB

Tell Docker daemoin to create an image called "my_image" while using the context from the path specified to find the necessary Dockerfile.

$ docker build -t my_image -f /path/to/dockerfile

Pushing an Image

You can use the $ docker push command to push an Image or repository to a registry. You can share images to Docker Hub registry, ECR, or to a self-hosted one.

Progress bars shown when running $ docker push show the uncompressed size. The actual amount of data that's pushed will be compressed before sending, so the uploaded size will not be reflected by the progress bar.

Registry credentials are managed by the $ docker login command.

Example:

$ docker tag docker_image:latest ardika0011/dockerimage:latest
 
$ docker push ardika0011/dockerimage:latest
The push refers to repository [docker.io/ardika0011/dockerimage]
1h2k3mn4n5b6: Pushed
mf83jfdh2o4j: Pushed
734hjkgdsk23: Pushed
lfkjwd209jfl: Pushed
flk2jr3oif2j: Pushed
latest: digest: sha256:007a1cebb6c292c2d54f6d39159fdkjsahflhafhekalhfdfdskafkh22h3 size: 2200
  • In this example, you can see the image is being pushed to Docker Hub. * We have created a repository in the Docker Hub registry (docker.io/ardika0011/dockerimage?)
  • After creating the repository, we tagged the image that we built locally using the $ docker tag command, to refer to the Docker Hub repository.
  • Upon completion of tagging, we then pushed the image to the repository using the $ docker push command.


How to create an image of running container and Push Image to ECR


This instructions is to create image of an existing container, and push that image to ECR. If you have a repository created already, follow the steps to Push an Image to ECR.

  • This utilizes "docker commit" command, and not the "docker build" command.

1) List docker containers and identify the container ID:

$ docker ps -a

2) To create a new image from a container’s changes:

$ docker commit <container-id>

3) List docker images and identify the image ID:

$ docker images

4) Create a tag for the target image to refer to the source image id:

$ docker tag <source-image-id> <aws_account_id>.dkr.ecr.region.amazonaws.com/<repository-name>:<tag>

#Example: 
$ docker tag c4257e433c9e 648818476623.dkr.ecr.us-east-1.amazonaws.com/myimagehello:test

5) From here you simply have to follow the rest of the ECR push commands. To push the image to ECR.

$ aws ecr get-login-password | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com

#Example: 
$ aws ecr get-login-password | docker login --username AWS --password-stdin 648818476623.dkr.ecr.us-east-1.amazonaws.com

6) Push to ECR

$ docker push <aws_account_id>.dkr.ecr.<region>.amazonaws.com/<repository-name>
 
#Example: 
$ docker push 648818476623.dkr.ecr.us-east-1.amazonaws.com/myimagehello 


Click here for more details about pushing an image to ECR

How to Remove Docker Images

To remove a docker image, you must first remove the docker containers which are using that image (even if they are stopped). Run:

  • $ docker rm <container id
  • $ docker rmi <image Id
$ docker rmi 6d7e8891c980
Error response from daemon: conflict: unable to delete 6d7e8891c980 (must be forced) - image is being used by stopped container 5218f09f2897

$ docker rm 5218f09f2897
5218f09f2897

$ docker rmi 6d7e8891c980
Untagged: nicolaka/netshoot:latest
Untagged: nicolaka/netshoot@sha256:04786602e5a9463f40da65aea06fe5a825425c7df53b307daa21f828cfe40bf8
Deleted: sha256:6d7e8891c980fc1be88cff226843e8e08537c27879faa14452ceaa3d0300adcb
Deleted: sha256:9e2a80b1e7f476596dba3bf86251fa56a48164cb476d04ee65131ab2d21ebf7b
Deleted: sha256:34ea08a72d7cb2938fe9dcb7806abafa610a9fa1ba22b80c0bb3642b21531ea2
Deleted: sha256:b7cf6552f05366a23e6ceb0f497cc818b2a03543a3201cbb97d168ba03f86686
Deleted: sha256:427184531f9586d2e9108e3c51f67be351da0f76d2b41c82051297adcb504653
Deleted: sha256:c670afd31f5a21622c21de7bc137b2ef689ef63dd0c7a48fb18b0e8bf929577e
Deleted: sha256:057c21b72198a13054d683694c03ab2858e301e65faee8c50363220ddf9f3136
Deleted: sha256:bb428feaff128280eecd5ed6cee6fd96f4c9011bf0b9eed93dc41234d086050a
Deleted: sha256:3e207b409db364b595ba862cdc12be96dcdad8e36c59a03b7b3b61c946a5741a


Use the $ docker images command with the -a flag to locate the ID of the images you want to remove. This will show you every image, including intermediate image layers. When you've located the ID of the image, you can pass their ID or tag to $ docker rmi command:

$ docker images -a
$ docker rmi Image ImageID/name

Dangling images are layers that have no relationship to any tagged images. They no longer serve a purpose and consume disk space. They can be located by adding the filter flag, -f with a valure of dangling=true to $ docker images command. When you're sure you want to delete them, use the $ docker images purge command.

$ docker images -f dangling=true
$ docker images purge

Remove all images

$ docker rmi $(docker images -q)


How to remove exited containers

You can filter the results of $ docker ps command based on container status. Those status include:

  • created
  • restarting
  • running
  • paused
  • exited.

To review the list of exited containers use the -f flag.

$ docker ps -a -f status=exited

When you've verified the containers you want to remove, use the -q to pass the container IDs to the $ docker rm command.

$ docker rm $(docker ps -a -f status=exited -q)


How to purge all dangling or unused Images, containers, volumes, and networks

Clean up dangling images:

$ docker system prune

Remove Unused Images:

$ docker system prune -a


Check for mapped ports on the container instance to docker container

Another cool feature from docker is the capability to show all the mapped ports that a docker container maps to the container instance.

# Obtain a container ID:
$ docker ps

#Take the PID #
$ docker inspect -f '{ { .state.Pid } }' <container id>
$ nsenter -t <PID> -n netstat -tunlp
$ nsenter -t <PID> -n ifconfig -a
  • Note the netstat and ifconfig commands do not need to exist in the container


Netshoot

Github link

How to run the netshoot image on the same network namespace of your running container using the $ docker run -it --net container:<container ID> nicolaka/netshoot command:

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
80a282dff43f        nginx:latest        "/docker-entrypoint.…"   About an hour ago   Up About an hour    80/tcp              demo

$ docker run -it --net container:80a282dff43f nicolaka/netshoot
Unable to find image 'nicolaka/netshoot:latest' locally
latest: Pulling from nicolaka/netshoot
cbdbe7a5bc2a: Pull complete 
fa7edde5704a: Pull complete 
d142e371ed28: Pull complete 
7bc9cb006bce: Pull complete 
a4d2c327d444: Pull complete 
428e55c983a8: Pull complete 
1209022df24d: Pull complete 
b74093e72c31: Pull complete 
Digest: sha256:04786602e5a9463f40da65aea06fe5a825425c7df53b307daa21f828cfe40bf8
Status: Downloaded newer image for nicolaka/netshoot:latest
                    dP            dP                           dP   
                    88            88                           88   
88d888b. .d8888b. d8888P .d8888b. 88d888b. .d8888b. .d8888b. d8888P 
88'  `88 88ooood8   88   Y8ooooo. 88'  `88 88'  `88 88'  `88   88    
88    88 88.  ...   88         88 88    88 88.  .88 88.  .88   88   
dP    dP `88888P'   dP   `88888P' dP    dP `88888P' `88888P'   dP   
                                                                    
Welcome to Netshoot! (github.com/nicolaka/netshoot)                                                                   
root @ / 
 [1] 🐳  →
  • The Netshoot container is launch as an interactive shell, and is started in the same network namespace as your nginx container.
  • Netshoot is loaded with tools such as iperf, tcpdump, and other troubleshooting tools. That way you won't have to load up your nginx container image as you want to keep it lightweight.
  • Once you exit the container, the container will stop. It only runs when your in the container. See $ docker ps -a to view the stopped Netshoot container.


How to check iptables for the container port mapping information

$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
DNAT       tcp  --  0.0.0.0/0            169.254.170.2        tcp dpt:80 to:127.0.0.1:51679

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL
REDIRECT   tcp  --  0.0.0.0/0            169.254.170.2        tcp dpt:80 redir ports 51679 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3           tcp dpt:80
MASQUERADE  tcp  --  172.17.0.4           172.17.0.4           tcp dpt:80  

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.17.0.3:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8181 to:172.17.0.4:80


How to list docker networks

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
86dc53b80450        bridge              bridge              local
a8decea1c41f        host                host                local
cb822f1d004d        none                null                local

Then you can run the below command to check a lot of networking information such as driver, subnet, mac addresses, ipv4 addresses, etc.

$ docker inspect 86dc53b80450


How to create docker volume

To create a volume: $ docker volume create <volname>

$ docker volume create my-vol
my-vol

To list volumes: $ docker volume ls

$ docker volume ls
DRIVER              VOLUME NAME
local               my-vol

To start container with volume:

  • Here you are mounting my-vol volume to /app inside of the container.
$ docker run -d --name devtest --mount source=my-vol,target=/app nginx:latest
2b8b4734db022263319b8c11c2760f685304a291e22d1683dd1ffe7c073256c7

Docker volumes are located in: /var/lib/docker/volumes/<volume_name>/_data/

To check volume mount point:

# docker inspect my-vol
[
    {
        "CreatedAt": "2020-09-10T00:56:37Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
        "Name": "my-vol",
        "Options": {},
        "Scope": "local"
    }
]


How to start a container with a bind mount

$ docker run -d -it --name devtest --mount type=bind,source="$(pwd)"/target,target=/app nginx:latest
  • The location that your binding must exist or else you'll get an error.


How to start a container with a tmpfs mount

$ docker run -d -it --name -tmptest --mount type=tmpfs,destination=/app nginx:latest
324237498939b797989B979237923f