Docker 官网:https://www.docker.com
Github Docker 源码:https://github.com/docker/docker-ce
OCI
由linux软件基金会主导于2015年6月成立
这个基金会成立的目的在于定义一个开放工业化的标准,定义围绕容器格式和运行时的一个标准规范,和镜像的规范
runC
遵循OCI标准规范的一种格式,是一种命令行工具 ,停止,创建一个容器、提供API接口。
dock架构
docker 是c/s架构,c端是docker客户端,s端docker daemon ,称为docker守护进程,docker daemon提供容器运行时环境,以便容器运行,提供镜像存储环境。镜像采用分层构建的机制,如果镜像要想保存下来,需要一个独特的问题件系统
overlayfs:镜像文件系统:目前centos已经支持
docker 内的每个组件都称为object
Registy 镜像仓库类似svn,里面可以有很多仓库,dcok仓库默认指向docker的官方仓库,docker hub。
docker 分为两个版本:docker-ce 社区版:docker-ee 企业版
Container
容器是镜像的可运行实例。镜像和容器的关系有点类似于面向对象中,类和对象的关系。可通过 Docker API或者 CLI命令来启停、移动、删除容器。
Namespaces
(详细信息可以参考这篇文档https://cizixs.com/2017/08/29/linux-namespace/)
linux 内核首先引入名称空间的概念
用来封装全局级别的资源,在抽象层上从而进行切分
每个进程都有一个 /proc/[pid]/ns 的目录,里面保存了该进程所在对应 namespace 的链接:➜ namespace git:(uts-demo) ✗ ls -l /proc/$$/ns/total 0lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 cgroup -> cgroup:[4026531835]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 ipc -> ipc:[4026531839]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 mnt -> mnt:[4026531840]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 net -> net:[4026531969]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 pid -> pid:[4026531836]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 user -> user:[4026531837]lrwxrwxrwx 1 cizixs cizixs 0 12月 21 15:36 uts -> uts:[4026531838]docker
docker-machine
Docker Machine 是一种可以让您在虚拟主机上安装 Docker 的工具,并可以使用 docker-machine 命令来管理主机。
Docker Machine 也可以集中管理所有的 docker 主机,比如快速的给 100 台服务器安装上 docker。
Docker Machine 管理的虚拟主机可以是机上的,也可以是云供应商,如阿里云,腾讯云,AWS,或 DigitalOcean。
使用 docker-machine 命令,您可以启动,检查,停止和重新启动托管主机,也可以升级 Docker 客户端和守护程序,以及配置 Docker 客户端与您的主机进行通信。
docker-swarm
Swarm是Docker公司推出的用来管理docker集群的平台,几乎全部用GO语言来完成的开发的,代码开源在https://github.com/docker/swarm, 它是将一群Docker宿主机变成一个单一的虚拟主机,Swarm使用标准的Docker API接口作为其前端的访问入口,换言之,各种形式的Docker
Client(compose,docker-py等)均可以直接与Swarm通信,甚至Docker本身都可以很容易的与Swarm集成,这大大方便了用户将原本基于单节点的系统移植到Swarm上,同时Swarm内置了对Docker网络插件的支持,用户也很容易的部署跨主机的容器集群服务。
Docker Swarm 和 Docker Compose 一样,都是 Docker 官方容器编排项目,但不同的是,Docker Compose 是一个在单个服务器或主机上创建多个容器的工具,而 Docker Swarm 则可以在多个服务器或主机上创建容器集群服务,对于微服务的部署,显然 Docker Swarm 会更加适合。
从 Docker 1.12.0 版本开始,Docker Swarm 已经包含在 Docker 引擎中(docker swarm),并且已经内置了服务发现工具,我们就不需要像之前一样,再配置 Etcd 或者 Consul 来进行服务发现配置了。
Swarm deamon只是一个调度器(Scheduler)加路由器(router),Swarm自己不运行容器,它只是接受Docker客户端发来的请求,调度适合的节点来运行容器,这就意味着,即使Swarm由于某些原因挂掉了,集群中的节点也会照常运行,放Swarm重新恢复运行之后,他会收集重建集群信息。
docker-compose Docker Compose 与 Docker Stack 非常类似。它能够在 Docker 节点上,以单引擎模式(Single-Engine Mode)进行多容器应用的部署和管理。
dock的基本用法
1、安装docker-ce最新版,首先配置docker yum源[root@controller2 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo[root@controller2 yum.repos.d]# yum -y install docker-ce2、配置docker 镜像加速,阿里云需要注册,这时使用的是docker cn镜像加速[root@controller2 ~]# mkdir /etc/docker[root@controller2 ~]# vi /etc/docker/daemon.json{ "registry-mirrors": ["https://registry.docker-cn.com"]}3、启动docker [root@controller2 ~]# systemctl daemon-reload[root@controller2 ~]# systemctl start docker[root@controller2 ~]# docker versionClient: Docker Engine - Community Version: 19.03.12 #客户端版本 API version: 1.40 Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:46:54 2020 OS/Arch: linux/amd64 Experimental: falseServer: Docker Engine - Community Engine: Version: 19.03.12 #服务端版本 API version: 1.40 (minimum version 1.12) Go version: go1.13.10 Git commit: 48a66213fe Built: Mon Jun 22 15:45:28 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.13 GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc: Version: 1.0.0-rc10 GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd docker-init: Version: 0.18.0 GitCommit: fec3683 #查看doker的描述信息 [root@controller2 ~]# docker infoClient: Debug Mode: falseServer: Containers: 0 一共多少运行 Running: 0 运行态多少 Paused: 0 暂停的多个 Stopped: 0 停止态多少个 Images: 0 当前系统有多少镜像 Server Version: 19.03.12 Storage Driver: devicemapper #存储驱动 Pool Name: docker-8:3-26995-pool Pool Blocksize: 65.54kB Base Device Size: 10.74GB Backing Filesystem: xfs Udev Sync Supported: true Data file: /dev/loop0 Metadata file: /dev/loop1 Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 11.8MB Data Space Total: 107.4GB Data Space Available: 102.6GB Metadata Space Used: 581.6kB Metadata Space Total: 2.147GB Metadata Space Available: 2.147GB Thin Pool Minimum Free Space: 10.74GB Deferred Removal Enabled: true Deferred Deletion Enabled: true Deferred Deleted Device Count: 0 Library Version: 1.02.107-RHEL7 (2015-10-14) Logging Driver: json-file Cgroup Driver: cgroupfs # Plugins: #插件 Volume: local 存储插件 Network: bridge host ipvlan macvlan null overlay #网络插件 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive #docker 集成swarm Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-327.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.782GiB Name: controller2 ID: BGXP:HHB2:CITX:6WSR:QICL:C3IQ:RCRX:KOKT:DZE3:SMG3:W7NJ:C67U Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://registry.docker-cn.com/ Live Restore Enabled: false docker 常用操作
docker 管理两类资源
image 资源
要么本地自己制作一个镜像,要么远程下载一个镜像。
container 容器管理
#查看关于docker image 操作 ,要么本地自己做一个镜像,要么远程下载一个镜像。[root@controller2 ~]# docker imageUsage: docker image COMMANDManage imagesCommands: build Build an image from a Dockerfile history Show the history of an image import Import the contents from a tarball to create a filesystem image inspect Display detailed information on one or more images load Load an image from a tar archive or STDIN ls List images prune Remove unused images pull Pull an image or a repository from a registry push Push an image or a repository to a registry rm Remove one or more images save Save one or more images to a tar archive (streamed to STDOUT by default) tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE#删除镜像 两个命令等价,用法相同[root@controller2 ~]# docker image rm =docker rmidocker 容器管理命令[root@controller2 ~]# docker container cUsage: docker container COMMANDManage containersCommands: attach Attach local standard input, output, and error streams to a running container commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem exec Run a command in a running container export Export a container's filesystem as a tar archive inspect Display detailed information on one or more containers kill Kill one or more running containers logs Fetch the logs of a container ls List containers pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container prune Remove all stopped containers rename Rename a container restart Restart one or more containers rm Remove one or more containers run Run a command in a new container start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers wait Block until one or more containers stop, then print their exit codesRun 'docker container COMMAND --help' for more information on a command.#docker run 创建并启动#docker create 创建但是并不启动#搜索一个 镜像仓库, [root@controller2 ~]# docker search nginxNAME DESCRIPTION #未加/表示docker 官方维护的,叫顶层仓库 STARS OFFICIAL AUTOMATEDnginx Official build of Nginx. 13682 [OK] #加/ 表示个人仓库,或公司仓库jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1868 [OK]richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 782 [OK]linuxserver/nginx An Nginx container, brought to you by LinuxS… 127 bitnami/nginx Bitnami nginx Docker Image 89 [OK]tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 88 [OK]jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 82 alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 75 [OK]nginxdemos/hello NGINX webserver that serves a simple page co… 59 [OK]jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 53 [OK]nginx/nginx-ingress NGINX Ingress Controller for Kubernetes 41 privatebin/nginx-fpm-alpine PrivateBin running on an Nginx, php-fpm & Al… 32 [OK]schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 19 [OK]nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 17 nginx/nginx-prometheus-exporter NGINX Prometheus Exporter 15 centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 14 raulr/nginx-wordpress Nginx front-end for the official wordpress:f… 13 [OK]centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 13 mailu/nginx Mailu nginx frontend 7 [OK]bitwarden/nginx The Bitwarden nginx web server acting as a r… 7 sophos/nginx-vts-exporter Simple server that scrapes Nginx vts stats a… 7 [OK]bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 6 [OK]flashspys/nginx-static Super Lightweight Nginx Image 6 [OK]wodby/nginx Generic nginx 1 [OK]ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 1 [OK]#pull 一个镜像;#带 tag 带 alpine image表示精简版,大小只有几兆[root@controller2 ~]# docker pull redis:4-alpine4-alpine: Pulling from library/rediscbdbe7a5bc2a: Pull complete dc0373118a0d: Downloading cfd369fe6256: Download complete 152ffd6a3b24: Download complete 7c01860f13a3: Download complete aa6ecacd3bee: Download complete 4-alpine: Pulling from library/rediscbdbe7a5bc2a: Pull complete dc0373118a0d: Pull complete cfd369fe6256: Pull complete 152ffd6a3b24: Pull complete 7c01860f13a3: Pull complete aa6ecacd3bee: Pull complete Digest: sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20Status: Downloaded newer image for redis:4-alpinedocker.io/library/redis:4-alpine#列出本地镜像[root@controller2 ~]# docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEredis 4-alpine e3dd0e49bca5 4 months ago 20.4MB#删除一个镜像 后面跟上image id就可以了[root@controller2 ~]# docker image rm e3dd0e49bca5 #查看镜像的格式详细信息[root@controller2 ~]# docker image inspect redis:4-alpine[ { "Id": "sha256:e3dd0e49bca555d559ca2e97f06a1efa108ebd230fddcb17606723994f18ae3b", "RepoTags": [ "redis:4-alpine"], "RepoDigests": [ "redis@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20" ], "Parent": "", "Comment": "", "Created": "2020-04-24T19:22:38.07087317Z", "Container": "a73516dde4d2d8dfb7895f138d099de8de449d74b1850693128ad0fb8bd23705", "ContainerConfig": { "Hostname": "a73516dde4d2", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ #启动容器时,默认运行的命令 "/bin/sh", "-c", "#(nop) ", "CMD [\"redis-server\"]" ], "ArgsEscaped": true, "Image": "sha256:80e177936f2141891bfaacb6fdbab7154c6bfcd071aac67fc29a433a4d2870ac", "Volumes": { #存储卷 "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": {} }, "DockerVersion": "18.09.7", "Author": "", "Config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "6379/tcp": {} #运行时的端口 }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REDIS_VERSION=4.0.14", "REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.14.tar.gz", "REDIS_DOWNLOAD_SHA=1e1e18420a86cfb285933123b04a82e1ebda20bfb0a289472745a087587e93a7" ], "Cmd": [ "redis-server" ], "ArgsEscaped": true, "Image": "sha256:80e177936f2141891bfaacb6fdbab7154c6bfcd071aac67fc29a433a4d2870ac", "Volumes": { "/data": {} }, "WorkingDir": "/data", "Entrypoint": [ "docker-entrypoint.sh" ], "OnBuild": null, "Labels": null }, "Architecture": "amd64", "Os": "linux", "Size": 20430174, "VirtualSize": 20430174, "GraphDriver": { "Data": { "DeviceId": "16", "DeviceName": "docker-8:3-26995-839bf02895f1ab0cae7c257b3d019cb948770531d4c48d8a17611dd58c2be3be", "DeviceSize": "10737418240" }, "Name": "devicemapper" }, "RootFS": { "Type": "layers", "Layers": [ "sha256:3e207b409db364b595ba862cdc12be96dcdad8e36c59a03b7b3b61c946a5741a", "sha256:dafc08a3ced41e2f7883c9978480f33a657787441f88173d1916afbcfe01e6ee", "sha256:970c18d5ee5eeea42d19a006c173b4a7426882a1ae8096c2946dfff77f1a92d0", "sha256:00c124c838688cfb84ea11c391dcddd88886ca6b15d6be60906c7b8cbcb11b04", "sha256:ef231a5622425c432a8be4e9e968fcd1bb8c7d4d461d40793a756956258657f7", "sha256:c3bed82731062b2bf840dfc7726164ff856630dbba21f01687046e7d6dafa90a" ] }, "Metadata": { "LastTagTime": "0001-01-01T00:00:00Z" } }]创建运行 docker 的常用选项
-t --tty #启动一个伪终端 -i --interactive #交互式 --name string #指定一个名称,名称不能重名 --network 指定其他网络接口 -d 在后台运行容器并打印容器ID #查看当前的网络接口 #run时候指定-d选线表示 在后台运行容器并打印容器ID [root@controller2 ~]# docker network ls#进入容器内部执行命令[root@controller2 ~]# docker container exec -ti redis /bin/sh#非交互式进入容器执行命令[root@controller2 ~]# docker container exec redis netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN -tcp 0 0 :::6379 :::* LISTEN -#启动一个镜像,并执行初始命令为/bin/sh 表示1号进程为 /bin/sh 而不是默认运行的命令[root@controller2 ~]# docker run --name web rm -it nginx:1.15-alpine /bin/sh#查看daocker 的日志[root@controller2 ~]# docker container logs web#查看docker 所有容器的资源信息[root@controller2 ~]# docker stats#查看指定容器的信息[root@controller2 ~]# docker top web#docker search 搜索镜像的#docker pull 拉取一个镜像到本地#docker crate 创建一个容器不启动#docker run 创建一个容器并启动#dcoker rm 删除一个容器#docker attach name 从新进入容器内部例如;运行一个c7 的镜像,但是启动的时候并未指定启动的命令,这时我们exit 退出容器会自动停止运行,这时我们可以用 ctrl +p 在按ctrl+q 然后退出,容器就不会终止了,然后 我们可以直接用 docker attach name 直接进入容器内部docker 镜像
docker 镜像含有启动容器所需要懂得文件系统及其内容,因此,其用于创建并启动docker容器
采用分层构建机制,最底层为bootfs
bootfs:用于系统引导的文件系统,包括bootloader和kernel,容器启动完成后会被卸载以节约内存资源,
rootfs:位于bootfs之上,表现为docker的根文件系统
传统模式中,系统启动时候,内很挂载bootfs时首先将其挂载为只读模式,完整性自检完成后将其从新挂载为读写模式
docker中,rootfs 有内核挂载为只读模式,而后通过联合挂载技术额外挂载一个可写层
制作镜像
利用已有的镜像层制作镜像
镜像存放的位置docker registry 中的镜像通常由开发人源制作,而后推到公共或者私有的registry保存,供其他人员使用,例如部署到生成环境push 推 pull 下载#docker hub 介绍docker 有个镜像仓库image repositories;automated builds自动构建一个imgage,在本地定义一个文件,然后传到docker hub上 webhooks 钩子文件要使用docker hub的仓库,需要注册一个账号1、制作一个拉取busybox 作为基础镜像层,进入容器里面创建/data/文件做测试 docker container commit b1 tomcatdv/jerry:v0.2 #制作一个镜像文件,名称tomcatdv/jerry:v0.2 其中 tomcatdv/jerry:v0.2 必须和镜像仓库中的一级目录一致 2、将镜像上传到docker hub镜像仓库 [root@controller2 ~]# docker login输入用户名和密码3、上传镜像[root@controller2 ~]# docker image push tomcatdv/jerry:v0.4The push refers to repository [docker.io/tomcatdv/jerry]a3f9f52e95ea: Layer already exists c632c18da752: Layer already exists v0.4: digest: sha256:32f3b9da014b6677113a2a68f938eaedb8c3f5f1e49a8fd670689b7bdba6c092 size: 734docker 提供四种网络
桥网络:bridge docker0 NAT
共享桥:联盟式网络
host网络
none网络(空网络)
空,仅自己通信[root@controller2 ~]# docker run --name b1 -it --rm --network none busybox /bin/sh/ # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) nat桥[root@controller2 ~]# docker run --name b1 -it --rm --network bridge busybox /bin/sh/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:486 (486.0 B) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)/ # hostname 4d4525f228ce/ # ps auxPID USER TIME COMMAND 1 root 0:00 /bin/sh 10 root 0:00 httpd 13 root 0:00 ps aux--network container:b1 联盟式网络,主机名相同:文件系统隔离,进程隔离,拥有同一网络接口设备,同一主机名,同网络协议栈栈,可以基于127.0.0.1通信 [root@controller2 ~]# docker run --name joinb2 -it --network container:b1 --rm busybox /bin/sh/ # / # / # hostname 4d4525f228ce/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:20 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1608 (1.5 KiB) TX bytes:432 (432.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)/ # hostname 4d4525f228ce/ # / # ps axuPID USER TIME COMMAND 1 root 0:00 /bin/sh 12 root 0:00 ps axuhost 共享宿主机的网络[root@controller2 ~]# docker run --name b3 -it --network host --rm busybox /bin/sh/ # ifconfig docker0 Link encap:Ethernet HWaddr 02:42:6A:6B:CD:3F inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:6aff:fe6b:cd3f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:644 (644.0 B) TX bytes:1803 (1.7 KiB)eth0 Link encap:Ethernet HWaddr 00:0C:29:D5:25:66 inet addr:192.168.10.11 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fed5:2566/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2079 errors:0 dropped:0 overruns:0 frame:0 TX packets:1509 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:161816 (158.0 KiB) TX bytes:156014 (152.3 KiB)eth1 Link encap:Ethernet HWaddr 00:0C:29:D5:25:70 inet addr:192.168.1.133 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fed5:2570/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:56 errors:0 dropped:0 overruns:0 frame:0 TX packets:55 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7257 (7.0 KiB) TX bytes:6610 (6.4 KiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)veth3e17428 Link encap:Ethernet HWaddr 5E:C3:61:8B:8C:18 inet6 addr: fe80::5cc3:61ff:fe8b:8c18/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:812 (812.0 B) TX bytes:2283 (2.2 KiB) 容器上启动httpd 服务 在宿主机上即可以查看到运行的服务,这个服务是运行到dock上的,但是在宿主机上监听。 #指定hostname -h[root@controller2 ~]# docker run --name b1 -it --rm -h b1 busybox /bin/sh/ # hostname b1指定hosts文件做域名解析 --add-host 添加hosts 域名解析文件,可以使用多次,生成多条记录[root@controller2 ~]# docker run --name b2 -it --rm -h b2-test --add-host www.b1-test.com:127.0.0.1 --add-host www.b2-test.com:1.1.1.1 busybox/ # cat /etc/hosts 127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters127.0.0.1 www.b1-test.com1.1.1.1 www.b2-test.com172.17.0.2 b2-test#注入自定义的dns地址,--dns --dns-search 指定搜索域[root@controller2 ~]# docker run --name b2 -it --rm -h b2-test --add-host www.b1-test.com:127.0.0.1 --dns 172.0.1.1 --dns 114.114.114.114 --dns-search b1-test.com busybox/ # cat /etc/resolv.conf search b1-test.comnameserver 172.0.1.1nameserver 114.114.114.114映射容器端口,使外部可以访问 四种方式
-p 选项:将容器的端口映射到主机上
第一种
-p 《containerPort》 指定当前容器的端口映射至主机所有地址的一个动态端口,宿主机的端口是随机生成的[root@kvm ~]# docker run --name nginx -d -p 80 nginx2d8b3d6ec54d6755fd326b69572b7d148ec9b9eb8585877baac7e1c4ecebf4a2[root@kvm ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1361/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1262/sshd tcp6 0 0 ::1:25 :::* LISTEN 1361/master tcp6 0 0 :::32769 :::* LISTEN 3156/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1262/sshd第二种
-p:: 将容器的指定端口 映射至主机指定的ip的动态端口[root@kvm ~]# docker run --name nginx -d -p 192.168.10.11::80 nginx154216e35297c0a344ab3e9bd5436e9af713c5ad9ae81bf0b47fd63f9ee55aa3Active Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1361/master tcp 0 0 192.168.10.11:32768 0.0.0.0:* LISTEN 3608/docker-proxy tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1262/sshd tcp6 0 0 ::1:25 :::* LISTEN 1361/master tcp6 0 0 :::22 :::* LISTEN 1262/sshd第三种
-p::将指定的容器端口映射至主机指定的的端口[root@kvm ~]# docker run --name nginx -d -p 192.168.10.11:80:80 nginxef10b7f32368fa62101ec776dd22e66c283da1b4bed35b6f1a0a5860e3c1d7ec[root@kvm ~]# netstat -ltnActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 192.168.10.11:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN第四种
#将该容器的80端口映射到宿主机的80端口-p :《containerPort》将容器的端口《containerPort》映射至指定的主机端口《hostPort》[root@kvm ~]# docker run --name nginx -d -p 80:80 nginx#用iptables 查看规则Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:80[root@kvm ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1361/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1262/sshd tcp6 0 0 ::1:25 :::* LISTEN 1361/master tcp6 0 0 :::80 :::* LISTEN 2960/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1262/sshd容器内的服务监听了多个多端口时 -p 命令是可以指定多次的
[root@kvm ~]# docker run --name nginx -d -p 192.168.10.11::80 -p 444 nginx143bdbe7ecbae0557d0639b1d059e9b1e90de19af43d96e7535c939bed4f172f[root@kvm ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1361/master tcp 0 0 192.168.10.11:32769 0.0.0.0:* LISTEN 3854/docker-proxy tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1262/sshd tcp6 0 0 ::1:25 :::* LISTEN 1361/master tcp6 0 0 :::32770 :::* LISTEN 3843/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1262/sshd [root@kvm ~]# docker port nginx444/tcp -> 0.0.0.0:3277080/tcp -> 192.168.10.11:32769动态端口:指的是随机端口,具体映射的结果可以使用dcoker port 命令查看
查看容器映射到宿主机的端口
[root@kvm ~]# docker port nginx80/tcp -> 192.168.10.11:32768docker 使用自建的网络
[root@kvm ~]# docker network create --subnet 10.10.0.0/24 docker1759f03d7c5139c4037e20d049ca3345c198dcc3b83ecf1d844059768808287ae[root@kvm ~]# docker network lsNETWORK ID NAME DRIVER SCOPE90b01c28691f bridge bridge local759f03d7c513 docker1 bridge local3d31190cda6c host host local6bd135b25f1a none null local[root@kvm ~]# ifconfig br-759f03d7c513: flags=4099 mtu 1500 inet 10.10.0.1 netmask 255.255.255.0 broadcast 10.10.0.255 ether 02:42:bd:04:d5:da txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 1156 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0启动一个容器,指定我们自定义的桥接口[root@kvm ~]# docker run --name nginx --rm --network docker1 -p 80 -p44 -it busybox /bin/sh/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:0A:00:02 inet addr:10.10.0.2 Bcast:10.10.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:932 (932.0 B) TX bytes:0 (0.0 B)#将容器的桥接口在添加一个桥接口,将busybox 容器在添加一个桥接口,多了个eth1 [root@kvm ~]# docker network connect bridge nginx/ # ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:0A:00:02 inet addr:10.10.0.2 Bcast:10.10.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1086 (1.0 KiB) TX bytes:0 (0.0 B)eth1 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1086 (1.0 KiB) TX bytes:0 (0.0 B)更改docker 默认的IP地址,编辑配置文件[root@kvm ~]# cat /etc/docker/daemon.json { "registry-mirrors":["https://registry.docker-cn.com"], "bip": "172.31.0.1/16"}[root@kvm ~]# systemctl restart docker[root@kvm ~]ifconfig4: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:4b:c5:2c:6e brd ff:ff:ff:ff:ff:ff inet 172.31.0.1/16 brd 172.31.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:4bff:fec5:2c6e/64 scope link valid_lft forever preferred_lft foreverdocker 的卷存储
docker 联合文件系统
0 1 为只读层, 2 为可写层
docker 镜像由多个只读层叠加而成,启动容器时,docker 会加载只读镜像层并在镜像栈顶部填写一个读写层
如果运行中的容器修改了现在有的一个已经存在的文件,那么该文件将会从读写层下面的只读层复制到读写层,该文件的只读版本仍然存在,只是已经被读写层中的文件副本所隐藏,这个过程既为写时复制(cow)机制
为什么要使用docker 存储卷
docker 卷的两种类型,每种类型都在容器中存在一个挂载点,但其在宿主机几的上位置有所不同
第一种:绑定挂载卷
在宿主机的目录用户指定的,在容器中的目录用户指定的
第二种:docker 管理的卷
在容器中的目录用户指定的,在宿主机的目录,容器自动生成的。
第二种 docker 管理的卷
第二种 docker 管理的卷 -v 指定一个卷目录名[root@kvm ~]# docker run --name busybox -it --rm -v /mydata busybox在容器上即可自动生成一个 /mydata目录 / # lsbin dev etc home mydata proc root sys tmp usr var#可以查看这个卷额名称[root@kvm ~]# docker volume lsDRIVER VOLUME NAMElocal db8ed34d4b896454c1423da1f845d4caabb1373c97afd32b00e44ee56ef609ba#可以查看容器卷的详细信息 -f(过滤,还可以指定其他字段)[root@kvm ~]# docker inspect -f {{.Mount}} busybox在宿主机的对应的卷目录下穿件一个文件,写入内容 [root@kvm _data]# cat test.txt 111111111111111111111111111111111#回到容器内也可查看到/mydata # cat test.txt 111111111111111111111111111111111#使用docker rm 删除容器时候,宿主机的存储卷是不回被删除的 第一种:绑定挂载卷 -v
#在本地创建一个目录,用这个目录和容器进行关联关系,容器目录可指定多层/mydata/my1/my2[root@kvm ~]# mkdir /data/vm1 -pvmkdir: created directory ‘/data’mkdir: created directory ‘/data/vm1’[root@kvm ~]# docker run --name busybox -it --rm -v /data/vm1:/mydata busybox#在宿主机上创建个文件 [root@kvm vm1]# touch {1..10}vm1_test[root@kvm vm1]# ls10vm1_test 1vm1_test 2vm1_test 3vm1_test 4vm1_test 5vm1_test 6vm1_test 7vm1_test 8vm1_test 9vm1_test回到容器内查看在宿主机创建的目录容器内也存在/ # ls -l mydata/*-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/10vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/1vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/2vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/3vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/4vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/5vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/6vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/7vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/8vm1_test-rw-r--r-- 1 root root 0 Sep 10 16:27 mydata/9vm1_test删除容器,宿主机上的文件不受到影响,不会被删除,实现了持久挂载存储卷共享 --volumes-from
#新建一个容器,和上面创建的容器使用的是一个存储卷。root@kvm ~]# docker run --name busybox1 -it --rm -volumes-from busybox busybox
扫一扫
5万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
