简介 这篇文章主要介绍了Docker&K8s---Docker的安装、部署、镜像管理、容器操作、Dockerfile以及相关的经验技巧,文章约54164字,浏览量284,点赞数9,值得推荐!
Docker&K8s—Docker的安装、部署、镜像管理、容器操作、Dockerfile
容器概述
容器是一种基础工具。泛指任何可以用于容纳其它物品的工具,可以部分或完全封闭,被用于容纳、存储、运输物品。物体可以被放置在容器中,而容器则可以保护内容物。
— 维基百科
避免进程之间的可能的影响,我们分别把不同环境的进程再不同的容器种运行。在同一台宿主机但又相互隔离—虚拟化技术,类似于装虚拟机,然后在系统上装虚拟机上装操作系统,再装环境。这样太麻烦,容器技术相应出现—直接在系统安装Dockers Engine并在其上安装环境。
满足隔离条件:
容器发展历程
Docker简介
2013年Docker正式发布,早在2010年,几个大胡子就在旧金山成立了一家Paas平台的公司—dotCloud。2013 年 3 月,dotCloud 公司的创始人之一,Docker 之父,28 岁的 Solomon Hykes 正式决定,将 Docker 项目开源。
Build Once, Run Anywhere.
—Solomon Hykes
- Docker基于容器技术的轻量级虚拟化解决方案
- Docker是容器引擎,为用户提供了创建和管理容器的便捷界面(包括命令行和API)
- 开源,基于Go语言实现
- 大部分厂商都支持
- 整套的容器管理的生态系统
Docker引擎主要有两个版本:企业版(EE)和社区版(CE)。
Docker安装和部署
安装
阿里云ECS
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# uname -a
Linux iZuf6g4e6vhdv58sz2z1klZ 4.18.0-193.28.1.el8_2.x86_64 #1 SMP Thu Oct 22 00:20:22 UTC 2020 x86_64 x86_64 x
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# getenforce
Disabled
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl stop firewalld
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# free -m
total used free shared buff/cache available
Mem: 1723 1115 139 3 468 440
Swap: 1024 301 723
# epel源
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install epel-release -y
Repository epel is listed more than once in the configuration
Last metadata expiration check: 2:47:33 ago on Wed 16 Jun 2021 03:07:22 PM CST.
Package epel-release-8-10.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
# 安装docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install -y yum-utils
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum list docker-ce --showduplicate
Repository epel is listed more than once in the configuration
Docker CE Stable - x86_64 78 kB/s | 14 kB 00:00
Available Packages
docker-ce.x86_64 3:19.03.13-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.14-3.el8 docker-ce-stable
docker-ce.x86_64 3:19.03.15-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.0-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.1-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.2-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.3-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.4-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.5-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.6-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.7-3.el8 docker-ce-stable
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install docker-ce -y
部署
# 开机自启动
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
# 启动docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl start docker
# 配置
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#vi /etc/docker/daemon.json
配置文件
{
"graph": "/mydata/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com", "quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com/"],
"bip": "172.17.0.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore":true
}
docker info
查看容器信息和启动是否正常
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl restart docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-193.28.1.el8_2.x86_64
Operating System: CentOS Linux 8 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.683GiB
Name: iZuf6g4e6vhdv58sz2z1klZ
ID: T3TJ:BJTA:U5PY:ZX74:K57G:7CDR:RMCT:CSBG:JLFG:FXPQ:KUB6:MVJT
Docker Root Dir: /mydata/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
quay.io
registry.access.redhat.com
127.0.0.0/8
Registry Mirrors:
https://q2gr04ke.mirror.aliyuncs.com/
Live Restore Enabled: true
第一个命令hello world
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:9f6ad537c5132bcce57f7a0a20e317228d382c3cd61edae14650eec68b2b345c
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Docker典型的C/S架构引擎
To generate this message, Docker took the following steps:
- The Docker client contacted the Docker daemon.
- The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)- The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.- The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
Docker的镜像管理
远端仓库
注册dockerhub: https://hub.docker.com/repositories
登录: docker login docker.io
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker login docker.io
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: dachongming
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#
# 信息存储在
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cat /root/.docker/config.json
搜索镜像
docker search alpine
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker search alpine
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
alpine A minimal Docker image based on Alpine Linux… 7551 [OK]
mhart/alpine-node Minimal Node.js built on Alpine Linux 484
anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC 2.28 over A… 470 [OK]
frolvlad/alpine-glibc Alpine Docker image with glibc (~12MB) 261 [OK]
alpine/git A simple git container running in alpine li… 183 [OK]
yobasystems/alpine-mariadb MariaDB running on Alpine Linux [docker] [am… 89 [OK]
alpine/socat Run socat command in alpine container 68 [OK]
davidcaste/alpine-tomcat Apache Tomcat 7/8 using Oracle Java 7/8 with… 44 [OK]
kiasaki/alpine-postgres PostgreSQL docker image based on Alpine Linux 44 [OK]
jfloff/alpine-python A small, more complete, Python Docker image … 41 [OK]
byrnedo/alpine-curl Alpine linux with curl installed and set as … 34 [OK]
zenika/alpine-chrome Chrome running in headless mode in a tiny Al… 34 [OK]
hermsi/alpine-sshd Dockerize your OpenSSH-server with rsync and… 33 [OK]
hermsi/alpine-fpm-php FPM-PHP 7.0 to 8.0, shipped along with tons … 25 [OK]
etopian/alpine-php-wordpress Alpine WordPress Nginx PHP-FPM WP-CLI 25 [OK]
bashell/alpine-bash Alpine Linux with /bin/bash as a default she… 18 [OK]
davidcaste/alpine-java-unlimited-jce Oracle Java 8 (and 7) with GLIBC 2.21 over A… 13 [OK]
roribio16/alpine-sqs Dockerized ElasticMQ server + web UI over Al… 13 [OK]
spotify/alpine Alpine image with `bash` and `curl`. 11 [OK]
cfmanteiga/alpine-bash-curl-jq Docker Alpine image with Bash, curl and jq p… 6 [OK]
bushrangers/alpine-caddy Alpine Linux Docker Container running Caddys… 1 [OK]
ellerbrock/alpine-mysql-client MySQL Client based on Alpine Linux 1 [OK]
apteno/alpine-jq Weekly build of alpine image with curl, wget… 1
dwdraju/alpine-curl-jq Alpine Docker Image with curl, jq, bash 1 [OK]
goodguykoi/alpine-curl-internal simple alpine image with curl installed no C… 1 [OK]
也可在dockerhub上搜索,有可视化界面
下载一个镜像
docker pull alpine
docker pull alpine 默认下载最新版
docker pull alpine:3.10.1 下载指定tag
docker pull docker.io/library/alpine:3.10.1 完整路径,其他仓库不可省,只有dockerhub可省
镜像结构: registry_name/repository_name/image_name:tag_name
例如:docker.io/library/alpine:3.10.1
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
5843afab3874: Pull complete
Digest: sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
查看本地镜像
docker image ls
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest d4ff818577bc 14 hours ago 5.6MB
hello-world latest d1165f221234 3 months ago 13.3kB
给镜像打标签
docker tag IMAGE ID registry_name/repository_name/image_name:tag_name
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker tag d4ff818577bc docker.io/dachongming/alpine:v3.14.0
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
dachongming/alpine v3.14.0 d4ff818577bc 14 hours ago 5.6MB
alpine latest d4ff818577bc 14 hours ago 5.6MB
hello-world latest d1165f221234 3 months ago 13.3kB
推送镜像
docker push docker.io/dachongming/alpine:v3.14.0
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker push docker.io/dachongming/alpine:v3.14.0
The push refers to repository [docker.io/dachongming/alpine]
72e830a4dff5: Mounted from library/alpine
v3.14.0: digest: sha256:1775bebec23e1f3ce486989bfc9ff3c4e951690df84aa9f926497d82f2ffca9d size: 528
删除镜像
docker rmi docker.io/dachongming/alpine:v3.14.0
只是删除标签
docker rmi -f IMAGE ID
强制删除所有
docker hub 上依然存在,想再有,直接pull即可
镜像只第一次拉取比较多,以后每次只拉取增量部分.
Docker容器的基本操作
查看本地的容器进程
docker ps -a
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3f98566b856 hello-world "/hello" 2 hours ago Exited (0) 2 hours ago gallant_kepler
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#
启动容器(运行镜像)
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run --help
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
OPTIONS:选项
-i:表示启动一个可交互的容器,并持续打开标准输入
-t:表示使用终端关联到容器的标准输入输出上
-d:表示将容器放置在后台运行
-rm:退出后即删除容器
-name:表示定义容器唯一名称
IMAGE:表示要运行的镜像
COMMAND:表示启动容器时要运行的命令
- 交互式启动一个容器
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -it docker.io/dachongming/alpine:v3.14.0 /bin/sh
/ # cat /etc/issue
Welcome to Alpine Linux 3.14
Kernel \\r on an \\m (\\l)
/ # exit
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#
- 非交互式启动一个容器
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -rm docker.io/dachongming/alpine:v3.14.0 /bin/echo hello
- 后台运行
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -d docker.io/dachongming/alpine:v3.14.0 /bin/sleep 300
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50d3d748b4f2 dachongming/alpine:v3.14.0 "/bin/sleep 300" 4 seconds ago Up 3 seconds nervous_lumiere
aaed2bd3a058 dachongming/alpine:v3.14.0 "/bin/sh" 10 minutes ago Exited (0) 9 minutes ago nervous_allen
d3f98566b856 hello-world "/hello" 2 hours ago Exited (0) 2 hours ago gallant_kepler
进入容器
docker exec -ti CONTAINER ID /bin/sh
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker exec -ti --name myalphin 50d3d748b4f2 /bin/sh
/ # cat /etc/issue
Welcome to Alpine Linux 3.14
Kernel \\r on an \\m (\\l)
/ #
停止容器
docker stop CONTAINER ID
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker stop 50d3d748b4f2
50d3d748b4f2
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50d3d748b4f2 dachongming/alpine:v3.14.0 "/bin/sleep 300" 4 minutes ago Exited (137) 14 seconds ago nervous_lumiere
aaed2bd3a058 dachongming/alpine:v3.14.0 "/bin/sh" 15 minutes ago Exited (0) 14 minutes ago nervous_allen
d3f98566b856 hello-world "/hello" 2 hours ago Exited (0) 2 hours ago gallant_kepler
重启
docker restart CONTAINER ID
删除容器
docker rm CONTAINER ID
or
docker rm -f CONTAINER_NAME
写入文件持久保存
docker commit -p CONTAINER ID docker.io/dachongming/alpine:v3.14.0_with_1.txt
导入/导出镜像
-
导出
docker save IMAGE_ID > name:tag.tar
-
导入
docker load < name\\:tag.tar
查看容器的日志
docker logs CONTAINER_ID
Docker容器的高级操作
下载Nginx镜像
docker pull nginx:tag
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
69692152171a: Pull complete
30afc0b18f67: Pull complete
596b1d696923: Pull complete
febe5bd23e98: Pull complete
8283eee92e2f: Pull complete
351ad75a6cfa: Pull complete
Digest: sha256:6d75c99af15565a301e48297fa2d121e15d80ad526f8369c526324f0f7ccb750
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
端口映射
docker run --rm --name mynginx -d -p81:80 dachongming/nginx:latest
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker tag d1a364dc548d dachongming/nginx:latest
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run --rm --name mynginx -d -p81:80 dachongming/nginx:latest
48c64b903bb2a260de104be1fa4c8597d291083d6edcff6b19f1a41d10ef7582
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48c64b903bb2 dachongming/nginx:latest "/docker-entrypoint.…" 6 seconds ago Up 4 seconds 0.0.0.0:81->80/tcp, :::81->80/tcp mynginx
50d3d748b4f2 dachongming/alpine:v3.14.0 "/bin/sleep 300" 18 hours ago Exited (137) 18 hours ago nervous_lumiere
aaed2bd3a058 dachongming/alpine:v3.14.0 "/bin/sh" 18 hours ago Exited (0) 18 hours ago nervous_allen
d3f98566b856 hello-world "/hello" 20 hours ago Exited (0) 20 hours ago gallant_kepler
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#
在浏览器输入:IP:81
挂载数据卷
docker run -d --rm --name nginx_baidu -p81:80 -v/mydata/html:/usr/share/nginx/html dachongming/nginx:latest
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cd /mydata/
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# ls
bill BlogLee blogleev2 docker
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mkdir html
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# ls
bill BlogLee blogleev2 docker html
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# wget www.baidu.com -O index.html
--2021-06-17 14:50:48-- http://www.baidu.com/
Resolving www.baidu.com (www.baidu.com)... 112.80.248.76, 112.80.248.75
Connecting to www.baidu.com (www.baidu.com)|112.80.248.76|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2381 (2.3K) [text/html]
Saving to: ‘index.html’
index.html 100%[========================================>] 2.33K --.-KB/s in 0s
2021-06-17 14:50:48 (171 MB/s) - ‘index.html’ saved [2381/2381]
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# ls
bill BlogLee blogleev2 docker html index.html
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mv index.html ./html
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# ls
bill BlogLee blogleev2 docker html
[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# cd html/
[root@iZuf6g4e6vhdv58sz2z1klZ html]# LS
-bash: LS: command not found
[root@iZuf6g4e6vhdv58sz2z1klZ html]# ls
index.html
[root@iZuf6g4e6vhdv58sz2z1klZ html]# cat index.html
[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run -d --rm --name nginx_baidu -p81:80 -v/mydata/html:/usr/share/nginx/html dachongming/nginx:latest
ef46c492a7d8bb60311b56e6685c77e72eda70bac0ed702e85f1696763e5fcc8
[root@iZuf6g4e6vhdv58sz2z1klZ html]#
此时访问:IP:81
传递环境变量
docker run --rm -e KEY=VALUE alpine:latest printenv
[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run --rm -e KEY=VALUE alpine:latest printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=6075948f8101
KEY=VALUE
HOME=/root
[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run --rm alpine:latest printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ec1fbe854da2
HOME=/root
[root@iZuf6g4e6vhdv58sz2z1klZ html]#
容器内安装软件(工具)
tee /etc/apt/sources.list << EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
EOF
[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker exec -ti nginx_baidu /bin/bash
root@ef46c492a7d8:/# pwd
/
root@ef46c492a7d8:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@ef46c492a7d8:/# tee /etc/apt/sources.list << EOF
> deb http://mirrors.163.com/debian/ jessie main non-free contrib
> deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
> EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
root@ef46c492a7d8:/# apt-get update && apt-get install curl -y
Ign:1 http://mirrors.163.com/debian jessie InRelease
Get:2 http://mirrors.163.com/debian jessie-updates InRelease [16.3 kB]
Get:3 http://mirrors.163.com/debian jessie Release [77.3 kB]
Get:4 http://mirrors.163.com/debian jessie Release.gpg [1652 B]
Err:2 http://mirrors.163.com/debian jessie-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010
Ign:4 http://mirrors.163.com/debian jessie Release.gpg
Reading package lists... Done
W: GPG error: http://mirrors.163.com/debian jessie-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010
E: The repository 'http://mirrors.163.com/debian jessie-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://mirrors.163.com/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
E: The repository 'http://mirrors.163.com/debian jessie Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@ef46c492a7d8:/# curl
curl: try 'curl --help' or 'curl --manual' for more information
root@ef46c492a7d8:/#
容器的生命周期
- 检测本地是否存在镜像,如果不存在即从远端仓库检索
- 利用镜像启动容器
- 分配一个文件系统,并在只读的镜像层外挂载一层可读写层
- 从宿主机配置的网桥接口种桥接一个虚拟接口到容器
- 从地址池配置一个ip地址给容器
- 执行用户指定的命令
- 执行完毕后容器终止
Dockerfile构建镜像
规则
- 格式
#
注释- 指令(大写)内容(小写) 实际上时不区分大小写的,但是尽量遵循
- 从上到下按顺序执行指令
- 第一个非注释行必须时FROM指令
4组核心的Dockerfile指令
构建:docker build . -t docker.io/dachongming/nginx:myfile
-
USER/WORKDIR
使用哪个用户 / 相当于cd,进到某个目录
[root@iZuf6g4e6vhdv58sz2z1klZ html]# cd /mydata/ [root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mkdir dockerfile [root@iZuf6g4e6vhdv58sz2z1klZ mydata]# cd dockerfile/ [root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# ls '[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# vim Dockerfile FROM docker.io/dachongming/nginx:latest USER nginx WORKDIR /usr/share/nginx/html # 构建 [root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker build . -t docker.io/dachongming/nginx:myfile Sending build context to Docker daemon 2.048kB Step 1/3 : FROM docker.io/dachongming/nginx:latest ---> d1a364dc548d Step 2/3 : USER nginx ---> Running in 050b6999cd9c Removing intermediate container 050b6999cd9c ---> 106250864654 Step 3/3 : WORKDIR /usr/share/nginx/html ---> Running in 616a745ff982 Removing intermediate container 616a745ff982 ---> 95fe2fbc39a9 Successfully built 95fe2fbc39a9 Successfully tagged dachongming/nginx:myfile [root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker run -rm -ti dachongming/nginx:myfile /bin/bash unknown shorthand flag: 'r' in -rm See 'docker run --help'. [root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker run --rm -ti dachongming/nginx:myfile /bin/bash nginx@8bd7d3174e01:/usr/share/nginx/html$ pwd /usr/share/nginx/html nginx@8bd7d3174e01:/usr/share/nginx/html$ whoami nginx nginx@8bd7d3174e01:/usr/share/nginx/html$
-
ADD/EXPOSE
添加文件到容器 / 暴露哪个端口
FROM docker.io/dachongming/nginx:latest ADD index.html /usr/share/nginx/html/index.html EXPOSE 80
-
RUN/ENV
执行命令在镜像种安装 / 环境变量
FROM centos:7 ENV VER 9.9.4-74.e17_6.1 RUN yum install bind-$VER -y
-
CMD/ENTRYPOINT
启动容器时执行命令 /