Containers have revolutionized application deployment, and Linux is their native home. Whether you’re using Docker, Podman, or containerd, understanding image and container management is crucial. Here’s your comprehensive workflow:
1. Core Concepts Demystified
- Images: Read-only templates with application code, dependencies, and configurations (e.g.,
ubuntu:22.04,nginx:alpine). - Containers: Runnable instances of images – isolated processes with their own filesystem and network.
- Layers: Images are built from stacked read-only layers. Containers add a writable layer on top.
2. Image Management Essentials
▶ Pulling Images
docker pull python:3.11-slim # Official Docker Hub
podman pull quay.io/centos/centos:stream9 # Podman example▶ Listing & Inspecting Images
docker images # Show all images
podman image inspect nginx:alpine | grep -i "created" # Metadata check▶ Cleaning Up Images
docker rmi old-image:tag # Delete single image
docker image prune -a # Remove ALL unused images (stopped containers + unused networks)3. Container Lifecycle Control
▶ Starting Containers
docker run -d --name web1 -p 8080:80 nginx:latest # Run in background
podman run -it ubuntu:22.04 /bin/bash # Interactive shell▶ Monitoring & Troubleshooting
docker ps -a # Show ALL containers (running/stopped)
docker logs web1 # View stdout/stderr
docker exec -it web1 bash # Enter running container▶ Stopping & Removing
docker stop web1 # Graceful shutdown
docker rm web1 # Delete stopped container
docker container prune # Remove ALL stopped containers4. Best Practices for Efficiency
- Tag Wisely: Avoid
latestin production. Use semantic tags (v1.2.3). - Layer Caching: Optimize Dockerfiles to cache dependencies (order matters!).
- Registry Hygiene:
docker login registry.gitlab.com # Private registries docker push myrepo/app:v1.0 - Security Scans:
docker scan nginx:alpine # Snyk vulnerability scan (requires Docker Desktop)
5. Beyond Docker: Podman & Rootless Containers
For enhanced security:
podman run -d --name redis --userns=keep-id redis # Run as non-root user
podman generate systemd --new --files redis # Create systemd service file6. Deep Clean: Reclaim Disk Space
docker system df # Check disk usage
docker system prune -a --volumes # WARNING: Removes EVERYTHING unused (images, containers, volumes, networks)> 💡 Pro Tip: Use docker history IMAGE to audit layer sizes and optimize builds!
Conclusion
Effective container management balances resource efficiency, security, and reproducibility. Start with these fundamentals, then explore orchestration (Kubernetes, Docker Swarm) for scaling. The Linux container ecosystem empowers you to ship faster – master these commands, and you’ll deploy with confidence.
Further Reading:
- Docker Official Documentation
- Podman: A Docker Alternative
man cgroups(Linux kernel control groups)