文章目录
1.镜像的分层结构
1)docker容器启动之后是共享宿主机的。
- 查看当前的docker信息。
[root@docker docker]# docker info # 查看docker信息
………………
WARNING: bridge-nf-call-iptables is disabled # 出现两个错误
WARNING: bridge-nf-call-ip6tables is disabled
[root@docker docker]# sysctl -a | grep bridge # 查看内核有关参数
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-pass-vlan-input-dev = 0
[root@docker docker]# cd /etc/sysctl.d/ # 将它写入那个子目录配置文件
[root@docker docker]# vim docker.conf # 建立一个docker文件,表示为docker专门修改的。
inet.bridge.bridge-nf-call-ip6tables = 1 # 写入内容修改为1
net.bridge.bridge-nf-call-iptables = 1
[root@docker docker]# sysctl --system # 重新加载所有子目录,使其生效。
- docker所有的数据存放在:尽量不要动
[root@docker sysctl.d]# cd /var/lib/docker
[root@docker docker]# ls
builder buildkit containers image network overlay2 plugins runtimes swarm tmp trust volumes
- 测试是共享内核:
[root@docker docker]# docker pull ubuntu # 利用阿里云镜像加速器拉取ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
54ee1f796a1e: Pull complete
f7bfea53ad12: Pull complete
46d371e02073: Pull complete
b66c17bbf772: Pull complete
Digest: sha256:31dfb10d52ce76c5ca0aa19d10b3e6424b830729e32a89a7c6eee2cda2be67a5
Status: Downloaded newer image for ubuntu:latest
[root@docker docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 4e2eef94cd6b 2 weeks ago 73.9MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
[root@docker docker]# docker run -it --name ubuntu-vm1 ubuntu # 使用交互式运行容器,运行很快秒级的启动
root@e2f653224e43:/# ls
bin dev home lib32 libx32 mnt proc run srv tmp var
boot etc lib lib64 media opt root sbin sys usr
root@e2f653224e43:/# uname -r # 查看内核版本与宿主机相同,可以证明。
3.10.0-862.el7.x86_64
2)base镜像提供最小的linux发行版:
[root@docker docker]# docker run -it --name u