Docker入门(一)

docker run -i -t ubuntu /bin/bashdocker run -i -t ubuntu /bin/bash
  • 如果本地没有ubuntu镜像,docker会从registry中pull下来,就像手动执行了docker pull ubuntu。

  • 创建一个新的容器,相当于执行docker container create

  • Docker将一个可读写文件系统分配给容器作为它的最后一层。这样就允许正在运行的容器在其本地文件系统中创建或修改文件和目录

  • Docker创建一个网络接口来将容器连接到默认网络,因为您没有指定任何网络选项。这包括为容器分配一个IP地址。默认情况下,容器可以使用主机的网络连接连接到外部网络

  • Docker启动容器并执行/bin/bash

  • 当你输入exit时将结束/bin/bash,容器会stop但是不会被删除。你可以重新start容器或者remove。

SERVICES

服务允许您跨多个Docker守护进程扩展容器,这些守护进程与多个管理器和工作人员一起工作。集群中的每个成员都是一个Docker守护进程,这些守护进程都使用Docker API进行通信。服务允许您定义所需的状态,例如在任何给定时间必须可用的服务副本的数量。默认情况下,服务跨所有工作节点进行负载平衡。对于使用者来说,Docker服务似乎是一个单独的应用程序。Docker引擎在Docker 1.12及更高版本中支持集群模式.。

Docker底层技术

Docker是用Go编写的,它利用了Linux内核的几个特性来交付其功能

Namespaces

docker 利用namespace的技术来隔离workspace。运行容器时,Docker为该容器创建一组名称空间。

这些名称空间提供了一层隔离。每个容器都在一个单独的名称空间中运行,它的访问仅限于该名称空间。

Docker Engine uses namespaces such as the following on Linux:

  • The pid namespace: Process isolation (PID: Process ID).
  • The net namespace: Managing network interfaces (NET: Networking).
  • The ipc namespace: Managing access to IPC resources (IPC: InterProcess Communication).
  • The mnt namespace: Managing filesystem mount points (MNT: Mount).
  • The uts namespace: Isolating kernel and version identifiers. (UTS: Unix Timesharing System).

Union file systems(UnionFS)

Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker Engine uses UnionFS to provide the building blocks for containers. Docker Engine can use multiple UnionFS variants, including AUFS, btrfs, vfs, and DeviceMapper.

联合文件系统,或UnionFS,是通过创建层来操作的文件系统,使它们非常轻量级和快速。Docker引擎使用UnionFS为容器提供构建块。Docker引擎可以使用多个UnionFS变体,包括AUFS、btrfs、vfs和DeviceMapper。

Container format

Docker Engine combines the namespaces, control groups, and UnionFS into a wrapper called a container format. The default container format is libcontainer. In the future, Docker may support other container formats by integrating with technologies such as BSD Jails or Solaris Zones

Docker引擎将名称空间、控制组和UnionFS组合成称为容器格式的包装器。默认的容器格式是libcontainer。将来,Docker可能通过与BSD监狱或Solaris区域等技术集成来支持其他容器格式

Image 和containers

Fundamentally, a container is nothing but a running process, with some added encapsulation features applied to it in order to keep it isolated from the host and from other containers. One of the most important aspects of container isolation is that each container interacts with its own, private filesystem;this filesystem is provided by a Docker mage。. An image includes everything needed to run an application – the code or binary, runtimes, dependencies, and any other filesystem objects required

本质上,容器就是一个正在运行的进程,添加了一些封装特性,以使其与主机和其他容器隔离。

容器隔离最重要的特性之一是,每个容器都与容器它自己的私有文件系统进行交互。An image includes everything needed to run an application – the code or binary, runtimes, dependencies, and any other filesystem objects required。

Containers and virtual machines

A container runs natively on Linux and shares the kernel of the host machine with other containers. It runs a discrete process, taking no more memory than any other executable, making it lightweight.

By contrast, a virtual machine (VM) runs a full-blown “guest” operating system with virtual access to host resources through a hypervisor. In general, VMs incur a lot of overhead beyond what is being consumed by your application logic.
在这里插入图片描述

构建自己的应用镜像

  1. 创建Docker映像,创建单独的容器测试应用的每个组件

  2. Assemble your containers and supporting infrastructure into a complete application, expressed either as a Docker stack file or in Kubernetes YAML.

  3. Test, share and deploy your complete containerized application.

构建自己的应用镜像

  1. 下载一个examp
git clone -b v1 https://github.com/docker-training/node-bulletin-board
cd node-bulletin-board/bulletin-board-app
  1. 编辑Dockerfile
FROM node:6.11.5    

WORKDIR /usr/src/app
COPY package.json .
RUN npm install    
COPY . .

CMD [ "npm", "start" ]    

上面的Dockerfile会有下面几个步骤:

  • Start FROM the pre-existing node:6.11.5 image. This is an official image, built by the node.js vendors and validated by Docker to be a high-quality image containing the node 6.11.5 interpreter and basic dependencies.
  • Use WORKDIR to specify that all subsequent actions should be taken from the directory /usr/src/app in your image filesystem (never the host’s filesystem).
  • COPY the file package.json from your host to the present location (.) in your image (so in this case, to /usr/src/app/package.json)
  • RUN the command npm install inside your image filesystem (which will read package.json to determine your app’s node dependencies, and install them)
  • COPY in the rest of your app’s source code from your host to your image filesystem
  • CMD has three forms:
    • CMD ["executable","param1","param2"] (exec form, this is the preferred form)
    • CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
    • CMD command param1 param2 (shell form)
  • 具体参考Dockerfile reference.

Build and Test Your Image

  1. 构建一个名字为bulletinboard,版本为1.0的镜像
docker image build -t bulletinboard:1.0 .
  1. 基于你的新镜像start一个容器
docker container run --publish 8000:8080 --detach --name bb bulletinboard:1.0
  • --publish 告诉docker服务映射本地的8000端口到容器的8080端口。

  • --detach 告诉docker服务在后台分离启动

  • --name 给启动的容器取一个名字为bb

    注意:在这里我们并没有指定容器运行什么进程。这是因为在build的时候在Dockerfile中用CMD指定了要运行什么程序。上面的Dockerfile中指出:在容器起来的时候,要运行npm start命令。

  1. 删除容器
docker container rm --force bb删除容器并不会

删除容器并不会将镜像删除,可以理解为:容器是一个集装箱进程,它可以start也可以stop,它也有status。

发布了119 篇原创文章 · 获赞 44 · 访问量 23万+
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 编程工作室 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览