Docker cheat sheet

Check Version



Starting and Stopping

CPU Constraints

You can limit CPU, either using a percentage of all CPUs, or by using specific cores.

For example, you can tell the cpu-shares setting. The setting is a bit strange -- 1024 means 100% of the CPU, so if you want the container to take 50% of all CPU cores, you should specify 512:

docker run -it -c 512 agileek/cpuset-test

You can also only use some CPU cores using cpuset-cpus:

docker run -it --cpuset-cpus=0,4,6 agileek/cpuset-test

Note that Docker can still see all of the CPUs inside the container -- it just isn't using all of them.

Memory Constraints

You can also set memory constraints on Docker:

docker run -it -m 300M ubuntu:14.04 /bin/bash


Import / Export

  • docker cp copies files or folders between a container and the local filesystem.

  • docker export turns container filesystem into tarball archive stream to STDOUT.

Import/Export container

Import a container as an image from file:

cat my_container.tar.gz | docker import - my_image:my_tag

Export an existing container:

docker export my_container | gzip > my_container.tar.gz

Executing Commands



  • docker images shows all images.

  • docker import creates an image from a tarball.

  • docker build creates image from Dockerfile.

  • docker commit creates image from a container, pausing it temporarily if it is running.

  • docker rmi removes an image.

  • docker load loads an image from a tar archive as STDIN, including images and tags (as of 0.7).

  • docker save saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7).


Load/Save image

Load an image from file:

docker load < my_image.tar.gz

Save an existing image:

docker save my_image:my_tag | gzip > my_image.tar.gz



  • FROM Sets the Base Image for subsequent instructions.

  • MAINTAINER (deprecated - use LABEL instead) Set the Author field of the generated images.

  • RUN execute any commands in a new layer on top of the current image and commit the results.

  • CMD provide defaults for an executing container.

  • EXPOSE informs Docker that the container listens on the specified network ports at runtime. NOTE: does not actually make ports accessible.

  • ENV sets environment variable.

  • ADD copies new files, directories or remote file to container. Invalidates caches. Avoid ADD and use COPY instead.

  • COPY copies new files or directories to container. By default this copies as root regardless of the USER/WORKDIR settings. Use --chown=<user>:<group> to give ownership to another user/group. (Same for ADD.)

  • ENTRYPOINT configures a container that will run as an executable.

  • VOLUME creates a mount point for externally mounted volumes or other containers.

  • USER sets the user name for following RUN / CMD / ENTRYPOINT commands.

  • WORKDIR sets the working directory.

  • ARG defines a build-time variable.

  • ONBUILD adds a trigger instruction when the image is used as the base for another build.

  • STOPSIGNAL sets the system call signal that will be sent to the container to exit.

  • LABEL apply key/value metadata to your images, containers, or daemons.

  • SHELL override default shell is used by docker to run commands.

  • HEALTHCHECK tells docker how to test a container to check that it is still working.

Registry & Repository






  • docker network create NAME Create a new network (default type: bridge).

  • docker network rm NAME Remove one or more networks by name or identifier. No containers can be connected to the network when deleting it.







Last updated