Container Management Cheat Sheet

Updated 2026-04-29

Next Topic: Container Networking Cheat Sheet

Container management encompasses the complete lifecycle of container operations—from image creation and registry storage to runtime configuration, networking, persistent storage, and resource control. While containers provide lightweight application isolation through Linux namespaces and cgroups, effective management requires understanding how to build, distribute, run, and monitor containerized workloads at scale. Modern container management spans multiple layers: image optimization for fast deployments, registry authentication for secure distribution, volume strategies for data persistence, network drivers for connectivity, and resource limits to prevent contention—all critical for running reliable production workloads.

What This Cheat Sheet Covers

This topic spans 22 focused tables and 167 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Container RegistriesTable 2: Image Building and OptimizationTable 3: Image Tagging and VersioningTable 4: Container Lifecycle StatesTable 5: Restart PoliciesTable 6: Volume Types and Data PersistenceTable 7: Networking DriversTable 8: Port PublishingTable 9: Resource LimitsTable 10: Environment Variables and SecretsTable 11: Health ChecksTable 12: Logging DriversTable 13: Image ManagementTable 14: Container Inspection and DebuggingTable 15: Cleanup and MaintenanceTable 16: Dockerfile InstructionsTable 17: Security Best PracticesTable 18: Multi-Container ManagementTable 19: Container RuntimesTable 20: Advanced NetworkingTable 21: Labels and MetadataTable 22: Resource Isolation (cgroups)

Table 1: Container Registries

Type	Example	Description
Docker Hub	`docker pull nginx:latest`	• Public container registry hosting millions of images • supports automated builds, webhooks, and free public repositories with rate limiting (100 pulls/6h unauthenticated).
Harbor	`docker push harbor.example.com/myproject/app:v1.0.0`	Open-source OCI-compliant registry with vulnerability scanning, policy enforcement, replication, and RBAC—ideal for on-premises enterprise use.
Amazon ECR	`aws ecr get-login-password \| docker login` `docker push 123456.dkr.ecr.us-east-1.amazonaws.com/app`	AWS-managed private registry with IAM integration, image scanning, lifecycle policies, and tight integration with ECS/EKS.
Google Artifact Registry	`gcloud auth configure-docker` `docker push us-docker.pkg.dev/project/repo/image`	Unified registry for Docker images, Helm charts, and language packages with vulnerability scanning and SLSA provenance support.
Azure Container Registry	`az acr login --name myregistry` `docker push myregistry.azurecr.io/app:latest`	Azure-managed registry with geo-replication, content trust, webhooks, and integration with Azure services.

Table 1: Container Registries

Type	Example	Description
Docker Hub	`docker pull nginx:latest`	• Public container registry hosting millions of images • supports automated builds, webhooks, and free public repositories with rate limiting (100 pulls/6h unauthenticated).
Harbor	`docker push harbor.example.com/myproject/app:v1.0.0`	Open-source OCI-compliant registry with vulnerability scanning, policy enforcement, replication, and RBAC—ideal for on-premises enterprise use.
Amazon ECR	`aws ecr get-login-password \| docker login` `docker push 123456.dkr.ecr.us-east-1.amazonaws.com/app`	AWS-managed private registry with IAM integration, image scanning, lifecycle policies, and tight integration with ECS/EKS.
Google Artifact Registry	`gcloud auth configure-docker` `docker push us-docker.pkg.dev/project/repo/image`	Unified registry for Docker images, Helm charts, and language packages with vulnerability scanning and SLSA provenance support.
Azure Container Registry	`az acr login --name myregistry` `docker push myregistry.azurecr.io/app:latest`	Azure-managed registry with geo-replication, content trust, webhooks, and integration with Azure services.