Docker-compose 基本语法

最新推荐文章于 2024-03-17 19:10:14 发布

Yulooy

最新推荐文章于 2024-03-17 19:10:14 发布

阅读量155

点赞数

分类专栏：语法部署文章标签： docker Powered by 金山文档

本文链接：https://blog.csdn.net/Selinu/article/details/129123897

版权

部署同时被 2 个专栏收录

6 篇文章 0 订阅

订阅专栏

语法

1 篇文章 0 订阅

订阅专栏

version: '2'
services:
  web:
    image: dockercloud/hello-world
    ports:
      - 8080
    networks:
      - front-tier
      - back-tier
 
  redis:
    image: redis
    links:
      - web
    networks:
      - back-tier
 
  lb:
    image: dockercloud/haproxy
    ports:
      - 80:80
    links:
      - web
    networks:
      - front-tier
      - back-tier
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock 
 
networks:
  front-tier:
    driver: bridge
  back-tier:
driver: bridge

1、image

services:
  web:
    image: hello-world

# 镜像可用格式

image: redis
image: ubuntu:14.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd

2、build

服务除了可以基于指定的镜像，还可以基于一份 Dockerfile，在使用 up 启动之时执行构建任务，这个构建标签就是 build，它可以指定 Dockerfile 所在文件夹的路径。Compose 将会利用它自动构建这个镜像，然后使用这个镜像启动服务容器

 build: /path/to/build/dir

也可以是相对路径，只要上下文确定就可以读取到 Dockerfile

 build: ./dir

 build:
   context: ../
   dockerfile: path/of/Dockerfile
    args:
     buildno: 1
     password: secret
 image: webapp:tag

3、command

 command: bundle exec thin -p 3000
 # == 
 command: [bundle, exec, thin, -p, 3000]

4、container_name：<项目名称><服务名称><序号>

给当前运行的容器起一个名字

 container_name: app

5、depends_on

确定启动顺序

 version: '2'
 services:
   web:
     build: .
     depends_on:
       - db
       - redis
   redis:
     image: redis
   db:
     image: postgres

6、dns

 dns: 8.8.8.8
 
 dns:
   - 8.8.8.8
   - 9.9.9.9

7、tmpfs

在容器启动时临时创建一个目录

 tmpfs: /run
 tmpfs:
   - /run
   - /tmp

8、 entrypoint

替换系统的启动命令

 entrypoint: /code/entrypoint.sh

9、env_file

向这个容器中注入环境变量--可以修改镜像的运行状态

 env_file: .env
 
 .env
 aa=bb
 cc=dd
 
 env_file:
   - ./common.env
   - ./apps/web.env
   - /opt/secrets.env

10、environment：镜像变量

少量的环境变量用此，大量的环境变量用↑env_file

 environment:
   RACK_ENV: development
   SHOW: 'true'
   SESSION_SECRET: aa
  
 environment:
   - RACK_ENV=development
   - SHOW=true
   - SESSION_SECRET=123

11、expose

告诉管理员当前有哪些端口比较重要

 expose:
  - "3000"
  - "8000"

12、 external_links：链接外部容器

 external_links:
  - redis_1
  - project_db_1:mysql
  - project_db_1:postgresql

13、extra_hosts

添加一个外部的解析域名

 extra_hosts:
  - "somehost:162.242.195.82"
  - "otherhost:50.31.209.229"

14、labels - docker-swarm

 labels:
   com.example.description: "Accounting webapp"
   com.example.department: "Finance"
   com.example.label-with-empty-value: ""
 labels:
   - "com.example.description=Accounting webapp"
   - "com.example.department=Finance"
   - "com.example.label-with-empty-value"

15、links：与 Docker client 的 --link 一样效果，会连接到其它服务中的容器

 links:
  - db
  - db:database
  - redis

16、 logging

指定当前的日志

 logging:
   driver: syslog
   options:
     syslog-address: "tcp://192.168.0.42:123"

17、pid

 pid: "host"

18、port

端口的暴露

 ports:
  - "3000"           会在物理机的所有网卡的某一个随机端口映射至容器的 3000
  - "8000:8000"   docker run  -p
  - "49100:22"
  - "127.0.0.1:8001:8001"

19、security_opt

代表放行的安全组的选项

 # 为每个容器覆盖默认的标签。简单说来就是管理全部服务的标签。比如设置全部服务的user标签值为USER。
  :
   - label:user:USER
   - label:role:ROLE

20、 stop_signal

关闭信号
 stop_signal: SIGUSR1     #默认9    kill -QUIT

21、volumes

 volumes:
   // 只是指定一个路径，Docker 会自动在创建一个数据卷（这个路径是容器内部的）。
   - /var/lib/mysql
  
   // 使用绝对路径挂载数据卷
   - /opt/data:/var/lib/mysql
  
   // 以 Compose 配置文件为中心的相对路径作为数据卷挂载到容器。
   - ./cache:/tmp/cache
  
   // 使用用户的相对路径（~/ 表示的目录是 /home/<用户目录>/ 或者 /root/）。
   - ~/configs:/etc/configs/:ro
  
   // 已经存在的命名的数据卷。
   - datavolume:/var/lib/mysql

22、volumes_from：从其它容器或者服务挂载数据卷，可选的参数是 :ro或者 :rw，前者表示容器只读，后者表示容器对数据卷是可读可写的。默认情况下是可读可写的

 volumes_from:
   - service_name
   - service_name:ro
   - container:container_name
   - container:container_name:rw

23、cap_add, cap_drop

给这个容器添加/移除特殊权限

如：docker run --name test2 --cap-add NET_ADMIN -d wordpress

 cap_add:
   - ALL
  
 cap_drop:
   - NET_ADMIN
   - SYS_ADMIN

 --cap-add    Add Linux capabilities
 --cap-drop    Drop Linux capabilities
 --privileged    Give extended privileges to this container
 --device=[]    Allows you to run devices inside the container without the --privileged flag.

 SYS_MODULE    Load and unload kernel modules.
 SYS_RAWIO    Perform I/O port operations (iopl(2) and ioperm(2)).
 SYS_PACCT    Use acct(2), switch process accounting on or off.
 SYS_ADMIN    Perform a range of system administration operations.
 SYS_NICE    Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes.
 SYS_RESOURCE    Override resource Limits.
 SYS_TIME    Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock.
 SYS_TTY_CONFIG    Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals.
 AUDIT_CONTROL    Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules.
 MAC_ADMIN    Allow MAC configuration or state changes. Implemented for the Smack LSM.
 MAC_OVERRIDE    Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM).
 NET_ADMIN    Perform various network-related operations.
 SYSLOG    Perform privileged syslog(2) operations.
 DAC_READ_SEARCH    Bypass file read permission checks and directory read and execute permission checks.
 LINUX_IMMUTABLE    Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags.
 NET_BROADCAST    Make socket broadcasts, and listen to multicasts.
 IPC_LOCK    Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)).
 IPC_OWNER    Bypass permission checks for operations on System V IPC objects.
 SYS_PTRACE    Trace arbitrary processes using ptrace(2).
 SYS_BOOT    Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution.
 LEASE    Establish leases on arbitrary files (see fcntl(2)).
 WAKE_ALARM    Trigger something that will wake up the system.
 BLOCK_SUSPEND    Employ features that can block system suspend.

24、extends

引用文件服务

 extends:
   file: common.yml
   service: webapp

25、network_mode

 network_mode: "bridge"
 network_mode: "host"
 network_mode: "none"
 network_mode: "service:[service name]"
 network_mode: "container:[container name/id]"

26、 networks

 services:
   some-service:
     networks:
      - some-network
      - other-network

Example

 version: '2'
 
 services:
    db:
      image: mysql:5.7
      restart: always
      environment:
        MYSQL_ROOT_PASSWORD: somewordpress
        MYSQL_DATABASE: wordpress
        MYSQL_USER: wordpress
        MYSQL_PASSWORD: wordpress
 
    wordpress:
      depends_on:
        - db
      image: wordpress:latest
      restart: always
      ports:
        - "8000:80"
      environment:
        WORDPRESS_DB_HOST: db:3306
        WORDPRESS_DB_USER: wordpress
        WORDPRESS_DB_PASSWORD: wordpress

 [root@localhost ~]# chmod +x /usr/local/bin/docker-compose 
 [root@localhost ~]# docker-compose version
 docker-compose version 1.23.1, build b02f1306
 docker-py version: 3.5.0
 CPython version: 3.6.7
 OpenSSL version: OpenSSL 1.1.0f  25 May 2017
 [root@localhost ~]# mkdir /usr/local/wordpress
 [root@localhost ~]# cd /usr/local/wordpress/
 [root@localhost wordpress]# vim docker-compose.yaml
 [root@localhost wordpress]# docker-compose up -d