Containers
Terminology
- Dockerfile → blueprint → Image → running Container
- CRI runtime (containerd) on nodes: check:
kubectl get nodes -o wide
Dockerfile instructions
| Instruction | Purpose |
|---|
FROM | Base image |
WORKDIR | Working dir for subsequent instructions |
COPY | Host files into image |
ENTRYPOINT | Default executable (harder to override) |
CMD | Default args (fully replaced by docker run args) |
EXPOSE | Documents port (does not publish) |
Docker CLI (exam-relevant)
docker build -t name:tag .
docker images
docker run -d -p 8080:8080 image:tag
docker container ls / docker container ls -a
docker logs <id>
docker exec -it <id> bash
docker tag src target
docker push user/image:tag
docker save -o file.tar image:tag
docker load --input file.tar
CMD vs ENTRYPOINT
| Override | Runtime args |
|---|
CMD | Any docker run arg replaces CMD | Replace entirely |
ENTRYPOINT | --entrypoint only | Appended to ENTRYPOINT |
| Both | --entrypoint + args | Args override CMD default |
Kubernetes mapping (memorize)
| Docker | K8s Pod field |
|---|
ENTRYPOINT | command |
CMD | args |
args: ["10"]
command: ["sleep2.0"]
args: ["10"]
kubectl run mypod --image=busybox:1.36.1 -o yaml --dry-run=client \
-- /bin/sh -c "while true; do date; sleep 10; done"
Failures
| Symptom | Cause |
|---|
CrashLoopBackOff | Wrong command / args: container exits immediately |
Exam tips
command = ENTRYPOINT, args = CMD: most common confusion- Containers run as root by default: override in production via
securityContext --privileged removes capability restrictions: never in production