docker速查
- docker 免root
sudo groupadd docker #添加docker用户组
sudo gpasswd -a $USER docker #将登陆用户加入到docker用户组中
newgrp docker #更新用户组
docker ps #测试docker命令是否可以使用sudo正常使用
- 创建docker image
docker run -it --entrypoint "/bin/bash" ubuntu:20.04
- 进入镜像
[zqs@gp-seg2 star]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu 20.04 3bc6e9f30f51 8 days ago 72.8MB
[zqs@gp-seg2 star]$ docker run -it --name zqs ubuntu:20.04 /bin/bash
// ubuntu
4. 启动并进入已终止镜像
[zqs@gp-seg2 star]$ docker container start zqs
zqs
[zqs@gp-seg2 star]$ docker exec -it 1256611c9844 bash # exit不会杀死container
root@8e1fc642230d:/# ls
// e0fd11c5f8d8
- 退出查看容器
[zqs@gp-seg2 star]$ docker ps -a | grep zqs
8e1fc642230d ubuntu:20.04 "/bin/bash" 4 minutes ago Exited (127) 42 seconds ago zqs
- docker文件传输
[zqs@gp-seg2 ~]$ docker cp star.tar.bz2 zqs:/root/
- 多docker文件共享
$ sudo docker volume create zqs-vol
$ sudo docker volume inspect zqs-vol
$ docker run -it --mount source=zqs-vol,target=/home --cpuset-cpus=0,1,2,3,4,5,6,7 --network host --security-opt seccomp=unconfined --name zqs_0 413366511/ubuntu /bin/bash
sudo scp -r /var/lib/docker/volumes/zqs-vol-01/_data/star zqs@gp-seg3:/home/docker/volumes/zqs-vol/_data/
image重命名
sudo docker tag 6ee91191d78c 413366511/ubuntu:latest
永远不要把库装到vol里…
注意,vol中的内容是独立存在的,故不会随着image一起被上传至docker hub。
backup 方案:https://docs.docker.com/storage/volumes/
# --rm 本次退出后即删除
# --volumes-from 继承和某容器一样的vol
# -v $(pwd):/backup : backup的内容会被同步到当前目录
# tar cvf /backup/backup.tar /usr 打包
# 本指令作用: 把 docker 里的 内容拷贝出来至$(pwd)!
docker run --rm --volumes-from dbstore -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /usr
容器转镜像
- 容器导出镜像为文件(https://blog.csdn.net/jianxuan/article/details/121777006)
[zqs@gp-seg2 packages]$ docker container ls | grep zqs
8e1fc642230d ubuntu:20.04 "/bin/bash" 31 minutes ago Up 23 minutes zqs
[zqs@gp-seg2 packages]$ docker export 8e1fc642230d > zqs.tar
[zqs@gp-seg2 packages]$ cat zqs.tar | docker import - zqs/ubuntu:v1.0
sha256:67bda18e2789789b9e3c9007dcf1726d24d128aedf657ae7558cf9fe4b89a18f
[zqs@gp-seg2 packages]$ docker image ls | grep zqs
zqs/ubuntu v1.0 67bda18e2789 51 seconds ago 635MB
- 容器制作镜像
docker commit <exiting-Container> <hub-user>/<repo-name>[:<tag>]
docker commit -m "env done" 192e3462d13e 413366511/ubuntu
docker push 413366511/ubuntu:latest
- 镜像上传(已存在的镜像)
docker tag <existing-image> <hub-user>/<repo-name>[:<tag>] # 这里的tag默认latest
docker push 413366511/ubuntu:latest
2,保存镜像
(1)下面使用 docker save 命令根据 ID 将镜像保存成一个文件。
docker save 0fdf2b4c26d3 > hangge_server.tar
1
(2)我们还可以同时将多个 image 打包成一个文件,比如下面将镜像库中的 postgres 和 mongo 打包:
docker save -o images.tar postgres:9.6 mongo:3.4
1
3,载入镜像
使用 docker load 命令则可将这个镜像文件载入进来。
docker load < hangge_server.tar
vscode 远程调试
sudo chmod 777 /var/run/docker.sock
https://blog.csdn.net/qq_44716044/article/details/125460237
网络通信
https://juejin.cn/post/6844903847383547911
[zqs@gp-seg2 ~]$ docker network create zqs-net
[zqs@gp-seg2 ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
e886be26eec8 zqs-net bridge local
[zqs@gp-seg2 ~]$ docker network connect zqs-net zqs
[zqs@gp-seg2 ~]$ docker network inspect zqs-net
...
"Containers": {
"192e3462d13efd3b5970da4ed03c8d041e3dde908a2d5f4e7f53d088505180fe": {
"IPv4Address": "172.18.0.2/16",
"e0fd11c5f8d82d0415c8d04fb1e18f079b1d25568384392fea72c7d2a0395658": {
"IPv4Address": "172.18.0.3/16",
...
参考资料:https://yeasy.gitbook.io/docker_practice/container/import_export
lscpu
限制资源
https://www.cnblogs.com/sparkdev/p/8052522.html
修改docker的默认路径
sudo vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"registry-mirrors": [
"https://9cpn8tt6.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"https://registry.cn-hangzhou.aliyuncs.com"],
"graph": "/home/docker"
}
sudo systemctl stop docker
sudo systemctl start docker
3. 程序运行与编译
新增接口pb更新go文件remake the proto
protoc --go_out . --go-grpc_out . --grpc-gateway_out . ./pb/*.proto
调试将launch.json设置如此即可
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "grpc Server",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "/Users/qiushi/Project/morningstar/cmd/resource-viewer/main.go",
"cwd": "/Users/qiushi/Project/morningstar/"
}
]
}
运行成功后可以测试接口
http and grpc test
// debug mode
// grpc test
grpcurl -plaintext 0.0.0.0:10000 pb.ResourceViewerService.GetClusterResourceStatistics
// http test
curl -X GET http://0.0.0.0:10000/v1/resource/GetClusterResourceStatistics
wget -q -O - http://0.0.0.0:10000/v1/resource/GetClusterResourceStatistics
4. 如何部署
4.1 打包镜像
build the docker image
# 可以在开发机上build 并 push 到 docker hub
docker build -f build/resource-viewer/server/Dockerfile -t docker-reg.devops.xiaohongshu.com/shequ/zqs_resource-viewer-server:v0.1 .
docker push docker-reg.devops.xiaohongshu.com/shequ/zqs_resource-viewer-server:v0.1
# 进入容器看是否正常运作
docker run -d -p 10000:10000 --name zqs resource-viewer-server:latest # test at local if you need
4.2 部署服务
4.2.1 本地部署 - on MacOS
deploy the k8s
采用minikube进行模拟 参考链接:https://minikube.sigs.k8s.io/docs/handbook/accessing/
minikube start # 启动集群
minikube tunnel # 打开代理,不然 service external ip 绑不上
# 先部署pod
# 需要修改 其中的 image: 和push 上去的image 保持一致
kubectl apply -f ./deploy/resource-viewer/resource-viewer-dep-local.yaml
kubectl get pod -n tahiti-system
kubectl get deploy -n tahiti-system
# 进去检查一下 服务是否可以连接
kubectl exec -it tahiti-rednodefolio-resource-viewer-5576dc8cf5-ckd9h -n tahiti-system -- /bin/sh
# 然后部署service
kubectl apply -f ./deploy/resource-viewer/resource-viewer-svc-sit.yaml
kubectl get service -n tahiti-system
# other command for test
kubectl delete deployment tahiti-rednodefolio-resource-viewer -n tahiti-system
kubectl delete service tahiti-rednodefolio-resource-viewer -n tahiti-system
# kubectl create deployment tahiti-rednodefolio-resource-viewer --image=docker-reg.devops.xiaohongshu.com/shequ/zqs_resource-viewer-server:v0.1 -n tahiti-system
apt-get install cgroupfs-mount
cgroupfs-umount
cgroupfs-mount
vim /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --data-root /home/docker
ExecReload=/bin/kill -s HUP $MAINPID
docker pull 413366511/ubuntu