docker 入门指南

docker

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code quickly, you can significantly reduce the delay between writing code and running it in production.

docker 是一个加速应用开发、分发、部署的平台，使用沙盒机制，可移植性很好、占用计算机资源小。具体而言，docker 提供了打包应用运行所需的环境到一个镜像里的能力，并提供一系列应用的生命周期管理工具。用户基于这个镜像可以在同一台机器上同时运行多个实例，使用同一个镜像的应用所获取的执行环境是一致的。这使得我们的应用易于分发，快速验证。

基本概念

镜像 Image：镜像包含了创建一个容器的命令等东西，它是只读的
容器 Container：镜像运行起来后称为容器，我们可以基于当前容器的运行状态创建新的镜像

可以理解成类和实例，可执行文件和进程的关系 😃

结构

docker 采用的是CS（客户端-服务器）的架构。客户端就是 docker 命令行程序，服务端是后台的 dockerd 守护进程，守护进程接收客户端的命令，负责创建、运行容器。除此之外，还有镜像仓库 registry，仓库可以是公有的，大家都能访问，也能创建小范围分享的私有仓库。

安装

Ubuntu Jammy 22.04 (LTS)
Ubuntu Focal 20.04 (LTS)
Ubuntu Bionic 18.04 (LTS)

deb 包安装

以 20.04 为例，https://download.docker.com/linux/ubuntu/dists/focal/pool/stable/amd64/。

• 安装

# install .deb
$ sudo dpkg -i /path/to/*.deb

# start dockerd
$ sudo systemctl start docker

# check the docker daemon status
$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-08-17 09:51:59 CST; 33min ago
     Docs: https://docs.docker.com
 Main PID: 31757 (dockerd)
    Tasks: 21
   CGroup: /system.slice/docker.service
           └─31757 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
           ...

# check the installation
$ sudo docker run hello-world

• 如果要卸载的话

$ sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin
$ sudo rm -rf /var/lib/docker
$ sudo rm -rf /var/lib/containerd

二进制安装

例如 https://download.docker.com/linux/static/stable/x86_64/docker-20.10.9.tgz

解压后放到 /usr/bin 目录即可。

基本的配置

大部分的设置都能通过/etc/docker/daemon.json文件完成，一个例外是代理。

• 首先添加用户到 docker 组，这样就不需要每次执行 docker 命令都带上 sudo 了。

# 安装过程中默认已经创建了docker组，如果没创建的话
$ sudo groupadd docker

# 增加用户 $USER 到 docker组
$ sudo usermod -aG docker ${USER}
$ newgrp docker

# 启动自动运行 docker 服务
$ sudo systemctl enable docker.service
$ sudo systemctl enable containerd.service

• 设置代理

$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo vi /etc/systemd/system/docker.service.d/http-proxy.conf

# edit the http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"

# flush changes and restart docker
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

# verify the configuration
$ sudo systemctl show --property=Environment docker

• 设置镜像地址

/etc/docker/daemon.json

{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

问题定位

如果遇到 docker 后台进程启动失败，可以手动启动，带上 --debug 选项，通过错误日志定位问题。

$ sudo dockerd --debug

常用命令

docker run

The following command runs an ubuntu container, attaches interactively to your local command-line session, and runs /bin/bash. $ docker run -i -t ubuntu /bin/bash

When you run this command, the following happens (assuming you are using the default registry configuration):

1. If you do not have the ubuntu image locally, Docker pulls it from your configured registry, as though you had run docker pull ubuntu manually.
2. Docker creates a new container, as though you had run a docker container create command manually.
3. Docker allocates a read-write filesystem to the container, as its final layer. This allows a running container to create or modify files and directories in its local filesystem.
4. Docker creates a network interface to connect the container to the default network, since you did not specify any networking options. This includes assigning an IP address to the container. By default, containers can connect to external networks using the host machine’s network connection.
5. Docker starts the container and executes /bin/bash. Because the container is running interactively and attached to your terminal (due to the -i and -t flags), you can provide input using your keyboard while the output is logged to your terminal.
6. When you type exit to terminate the /bin/bash command, the container stops but is not removed. You can start it again or remove it.

管理容器

命令很多，可以通过 help 查看。

# show all the commands
docker --help

# show specific command
docker [commands] --help
# e.g., docker run --help

# 查看活动的容器
docker ps
# 查看所有容器（活动和非活动）
docker ps -a
# 查看最后创建的容器
docker ps -l

# 启动已停止的容器
docker start [container_id or container_name]

# 停止容器运行
docker stop [container_id or container_name]

# 删除容器
docker rm [container_id or container_name]

# 查看镜像
docker images
...

上传镜像到仓库

启动 Docker 镜像时，可以像使用虚拟机一样创建，修改和删除文件。我们所做的更改将仅应用于在这个容器里。当我们在容器中安装好各种软件，我们想把它保存成一个新镜像供以后使用时，我们应该怎么做。

docker 官方维护了一个公共仓库，https://hub.docker.com/，我们需要在这儿免费注册一个账号。

# repository 一般是Docker Hub 上你的用户名，如果创建了其他仓库的话指明仓库名即可。
docker commit -m "What you did to the image" -a "Author Name" container_id repository/new_image_name

# login to the registry
docker login -u docker-registry-username

# tag the image
docker tag src_docker_image_name docker_image_name

# push to the registry
docker push docker-registry-username/docker-image-name

# pull the new image
docker pull docker-registry-username/docker-image-name