一、DockerFile
1.概述
DockerFile是用来构建Docker镜像的文本文件,是由一条条构建镜像所需的指令和参数构成的脚本
1)镜像构建三步骤
213
- 编写Dockerfile文件
- docker build命令构建镜像
- docker run 镜像运行容器实例
2)DockerFile基础知识
- 每条保留字指令都必须为大写字母且后面要跟随至少一个参数
- 指令按照从上到下,顺序执行
- #表示注释
每条指令都会创建一个新的镜像层并对镜像进行提交
3)DockerFile执行大概流程
- docker从基础镜像运行一个容器
- 执行一条指令并对容器作为修改
- 执行类似docker commit的操作提交一个新的镜像层
- docker再基于刚提交的镜像运行一个新容器
- 执行dockerfile中的下一条指令直到所有指令都执行完成
4)DockerFile、镜像、容器三者关系
Dockerfile、Docker镜像与Docker容器分别代表软件的三个不同阶段,
- Dockerfile是软件的原材料
- Docker镜像是软件的交付品
- Docker容器则可以认为是软件镜像的运行态,也即依照镜像运行的容器实例
Dockerfile面向开发,Docker镜像成为交付标准,Docker容器则涉及部署与运维,三者缺一不可,合力充当Docker体系的基石。
1 Dockerfile,需要定义一个Dockerfile,Dockerfile定义了进程需要的一切东西。Dockerfile涉及的内容包括执行代码或者是文件、环境变量、依赖包、运行时环境、动态链接库、操作系统的发行版、服务进程和内核进程(当应用进程需要和系统服务和内核进程打交道,这时需要考虑如何设计namespace的权限控制)等等;
2 Docker镜像,在用Dockerfile定义一个文件之后,docker build时会产生一个Docker镜像,当运行 Docker镜像时会真正开始提供服务;
3 Docker容器,容器是直接提供服务的。
2.指令
| 指令 | 解释 |
|---|---|
| FROM | 基础镜像,当前新镜像是基于哪个镜像的,第一条必须是FROM |
| MAINTAINER | 镜像维护者的姓名和邮箱地址 |
| RUN | 容器构建docker build时需要运行的命令 |
| WORKDIR | 登陆进容器后的工作目录 |
| ENV | 构建镜像过程中设置环境变量 |
| ADD | 将文件和目录拷贝进容器,并且可将压缩文件解压 |
| COPY* | 将文件和目录拷贝进容器,不会解压文件 |
| VOLUME | 容器数据卷,用于数据保存和持久化工作 |
| CMD* | 容器运行docker run时,指定一个容器启动要运行的命令,Dockerfile 中可以有多个 CMD 指令,但只有最后一个生效,CMD 会被 docker run 之后的参数替换 |
| ENTRYPOINT* | 容器运行docker run时,指定一个容器启动时要运行的命令,ENTRYPOINT 的目的和 CMD 一样,都是在指定容器启动程序及参数 |
| EXPOSE | 当前容器对外暴露出的端口 |
3.Docker构建/运行命令
| 功能 | 命令 |
|---|---|
| 构建 | docker build -t 新镜像名字:TAG . |
| 运行 | docker run -it 新镜像名字:TAG |
4.案例
目的:下载Centos系统,默认不携带ifconfig、vim等命令,创建新镜像,安装这些命令的同时,配置JDK8
1) 配置
[root@localhost /]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@localhost myfile]# pwd
/usr/local/myfile
[root@localhost myfile]# touch Dockerfile #文件名首字母D大写
[root@localhost myfile]# 通过其它工具上传JDK的压缩包
[root@localhost myfile]# ll
总用量 177108
-rw-r--r--. 1 root root 738 4月 9 10:35 Dockerfile
-rw-r--r--. 1 root root 181352138 4月 9 10:26 jdk-8u101-linux-x64.tar.gz
[root@localhost myfile]# vi Dockerfile 编写DockerFile文件
2) Dockerfile
FROM centos
# 作者
MAINTAINER wang xxxqq.com
ENV MYPATH /usr/local
WORKDIR $MYPATH
# 安装vim编辑器
RUN yum -y install vim
# 安装ifconfig命令查看网络IP
RUN yum -y install net-tools
# 安装java8及lib库
RUN yum -y install glibc.i686
RUN mkdir /usr/local/java
# ADD 是相对路径jar,把jdk-8u171-linux-x64.tar.gz添加到容器中,安装包必须要和Dockerfile文件在同一位置
ADD jdk-8u101-linux-x64.tar.gz /usr/local/java/
# 配置java环境变量
ENV JAVA_HOME /usr/local/java/jdk1.8
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH
ENV PATH $JAVA_HOME/bin:$PATH
EXPOSE 80
CMD echo $MYPATH
CMD echo "success--------------ok"
CMD /bin/bash
3) 构建
构建命令:docker build -t 新镜像名称:Tag .
[root@localhost myfile]# docker build -t centosjava8:1.5 .
Sending build context to Docker daemon 181.4MB
Step 1/14 : FROM centos
---> 5d0da3dc9764
Step 2/14 : MAINTAINER wang xxxqq.com
---> Using cache
---> 375e94f40f2a
Step 3/14 : ENV MYPATH /usr/local
---> Using cache
---> 432de48e379c
Step 4/14 : WORKDIR $MYPATH
---> Using cache
---> ac3dd4d6aae2
Step 5/14 : RUN mkdir /usr/local/java
---> Running in 7c5b7fd76465
Removing intermediate container 7c5b7fd76465
---> ebbf73d9288d
Step 6/14 : ADD jdk-8u101-linux-x64.tar.gz /usr/local/java/
---> d89cfc2c386c
Step 7/14 : ENV JAVA_HOME /usr/local/java/jdk1.8
---> Running in eb354c97b752
Removing intermediate container eb354c97b752
---> 05041c1edfb2
Step 8/14 : ENV JRE_HOME $JAVA_HOME/jre
---> Running in ea628258c72a
Removing intermediate container ea628258c72a
---> 66149fd1f3c8
Step 9/14 : ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH
---> Running in 1c0b502bba17
Removing intermediate container 1c0b502bba17
---> 07ab45bb1898
Step 10/14 : ENV PATH $JAVA_HOME/bin:$PATH
---> Running in d75fe028140f
Removing intermediate container d75fe028140f
---> 0ec1d821aff3
Step 11/14 : EXPOSE 80
---> Running in a0b173667afa
Removing intermediate container a0b173667afa
---> 29f94732eef3
Step 12/14 : CMD echo $MYPATH
---> Running in 2c205bd28f1d
Removing intermediate container 2c205bd28f1d
---> 35b32de0a9ff
Step 13/14 : CMD echo "success--------------ok"
---> Running in b7410e84a412
Removing intermediate container b7410e84a412
---> abe2bec57d8d
Step 14/14 : CMD /bin/bash
---> Running in 14065fd0a2a8
Removing intermediate container 14065fd0a2a8
---> a38ae32cd3f8
Successfully built a38ae32cd3f8
Successfully tagged centosjava8:1.5
4) 运行
[root@localhost myfile]# docker run -it centosjava8:1.5 /bin/bash
5.虚悬镜像
仓库名和标签都是的镜像被称为虚悬镜像,一般就是一些有问题的镜像,没啥用,之前有的面试官问过,虚悬镜像直接删除即可
下面通过Dockerfile创建一个虚悬镜像测试
[root@localhost myxx]# pwd
/usr/local/myxx
[root@localhost myxx]# touch Dockerfile
[root@localhost myxx]# vi Dockerfile
[root@localhost myxx]# cat Dockerfile
from ubuntu
CMD echo 'action is success'
[root@localhost myxx]# docker build .
Sending build context to Docker daemon 2.048kB
Step 1/2 : from ubuntu
---> ba6acccedd29
Step 2/2 : CMD echo 'action is success'
---> Running in 240b7fcd62b2
Removing intermediate container 240b7fcd62b2
---> 1b9536b6a2d2
Successfully built 1b9536b6a2d2
[root@localhost myxx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 1b9536b6a2d2 5 seconds ago 72.8MB
查看所有的虚悬镜像
[root@localhost myxx]# docker image ls -f dangling=true
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 1b9536b6a2d2 50 seconds ago 72.8MB
虚悬镜像删除
[root@localhost myxx]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Deleted Images:
deleted: sha256:1b9536b6a2d26270b57c09e92aa5883e75e2bd9317d09e02c85d11efa1a7fe8c
Total reclaimed space: 0B
[root@localhost myxx]# docker image ls -f dangling=true
REPOSITORY TAG IMAGE ID CREATED SIZE
二、Docker微服务实战
1.创建微服务
简单通过IDEA创建一个SpringBoot工程,端口号6001,然后写几个简单的接口,打成jar包
@RestController
public class TestController {
@Value("${server.port}")
private String port;
@GetMapping(value = "/docker/index")
public String m1() {
return port + ":微服务 " + UUID.randomUUID().toString();
}
@GetMapping(value = "/docker/order")
public String m2() {
return port + ":微服务 " + UUID.randomUUID().toString();
}
}
2.微服务Docker部署
[root@localhost mydocker]# 将之前打成jar包的微服务上传
[root@localhost mydocker]# pwd
/usr/local/mydocker
[root@localhost mydocker]# touch Dockerfile
[root@localhost mydocker]# ll
总用量 17128
-rw-r--r--. 1 root root 17538487 4月 9 11:27 docker-boot.jar
-rw-r--r--. 1 root root 0 4月 9 11:28 Dockerfile
[root@localhost mydocker]# vi Dockerfile
Dockerfile
# 基础镜像使用java
FROM java:8
# 作者
MAINTAINER wang
# VOLUME 指定临时文件目录为/tmp,在主机/var/lib/docker目录下创建了一个临时文件并链接到容器的/tmp
VOLUME /tmp
# 将jar包添加到容器中并更名为docker_boot_6001.jar
ADD docker_boot.jar docker_boot_6001.jar
# 运行jar包
RUN bash -c 'touch /docker_boot_6001.jar'
ENTRYPOINT ["java","-jar","/docker_boot_6001.jar"]
#暴露6001端口作为微服务
EXPOSE 6001
构建/运行
[root@localhost mydocker]# docker build -t wang-docker:1.6 . #注意:最后面有个点
Sending build context to Docker daemon 17.54MB
Step 1/7 : FROM java:8
---> d23bdf5b1b1b
Step 2/7 : MAINTAINER wang
---> Using cache
---> 2b008d4e648c
Step 3/7 : VOLUME /tmp
---> Using cache
---> d4647e658bc9
Step 4/7 : ADD docker_boot.jar docker_boot_6001.jar
---> c3bc2caad1a8
Step 5/7 : RUN bash -c 'touch /docker_boot_6001.jar'
---> Running in 1cdbc5d41cdb
Removing intermediate container 1cdbc5d41cdb
---> bb3ac09a6537
Step 6/7 : ENTRYPOINT ["java","-jar","/docker_boot_6001.jar"]
---> Running in 2de424071939
Removing intermediate container 2de424071939
---> 465a4e256351
Step 7/7 : EXPOSE 6001
---> Running in d2bf767190cc
Removing intermediate container d2bf767190cc
---> 715ec2c3a847
Successfully built 715ec2c3a847
Successfully tagged wang-docker:1.6
[root@localhost mydocker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wang-docker 1.6 715ec2c3a847 57 seconds ago 678MB
[root@localhost mydocker]# docker run -d -p 6001:6001 wang-docker:1.6
3358618df7d8909c5f72983a137e3cefc52cc83c22ba0da4f080c5c010dbc6aa
docker: Error response from daemon: driver failed programming external connectivity on endpoint priceless_kare (0740a1c5dfacb03fee3e92ca0798a85e5ffe5f7245d344c6576113ebcf1496f8): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 6001 -j DNAT --to-destination 172.17.0.3:6001 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
[root@localhost mydocker]# systemctl stop firewalld
[root@localhost mydocker]# systemctl restart docker #上面运行碰到报错了,关闭防火墙,重启一下
[root@localhost mydocker]# docker run -d -p 6001:6001 wang-docker:1.6
2a8188d0604bf54685566df3a863c32f5a4e4cbab70edff391e61a6576b15feb
[root@localhost mydocker]# curl 127.0.0.1:6001/docker/order #可以通过命令/网页测试接口
6001:微服务 be2bb438-2082-4382-bb16-f5f84e57d2dc
三、Docker网络
1.基础介绍
首先学习Docker网络为了解决的问题:
1.容器之间互联和通信以及端口映射。容器可能在多个服务器上
2.容器IP变动的时候,可以通过服务名直接网络通信而不受到影响
2.Docker network 命令
[root@localhost mydocker]# docker network
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network #连接网络
create Create a network #创建
disconnect Disconnect a container from a network #断开网络
inspect Display detailed information on one or more networks #查看网络详情
ls List networks #查看网络
prune Remove all unused networks #删除所有未使用的网络
rm Remove one or more networks #删除网络
Run 'docker network COMMAND --help' for more information on a command.
3.Docker network网络模式
| 网络模式 | 简介 | |
|---|---|---|
| bridge | 常用 | 为每一个容器分配、设置IP等,并将容器连接到一个docker 虚拟网桥, 默认为该模式 |
| host | 常用 | 容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口 |
| none | 几乎不用 | 容器有独立的Network namespace,但并没有对其进行任何网络设置,如分配veth pair和网络连接,IP等 |
| container | 新创建的容器不会创建自己的网卡和配置自己的IP,而是和一个指定的容器共享IP、端口范围等 |
1)bridge网络模式
a)概念
1 Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。
[root@localhost mydocker]# ifconfig #如果安装了Docker,那么ifconfig会出现一个docker0网桥
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:fff:fe7b:c329 prefixlen 64 scopeid 0x20<link>
ether 02:42:0f:7b:c3:29 txqueuelen 0 (Ethernet)
RX packets 165 bytes 11925 (11.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118 bytes 9814 (9.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 后面的省略了...
2 docker run 的时候,没有指定network的话默认使用的网桥模式就是bridge,使用的就是docker0。在宿主机ifconfig,就可以看到docker0和自己create的network(后面讲)eth0,eth1,eth2……代表网卡一,网卡二,网卡三……,lo代表127.0.0.1,即localhost,inet addr用来表示网卡的IP地址
3 网桥docker0创建一对对等虚拟设备接口一个叫veth,另一个叫eth0,成对匹配。
- 整个宿主机的网桥模式都是docker0,类似一个交换机有一堆接口,每个接口叫veth,在本地主机和容器内分别创建一个虚拟接口,并让他们彼此联通(这样一对接口叫veth pair);
- 每个容器实例内部也有一块网卡,每个接口叫eth0;
- docker0上面的每个veth匹配某个容器实例内部的eth0,两两配对,一一匹配。
通过上述,将宿主机上的所有容器都连接到这个内部网络上,两个容器在同一个网络下,会从这个网关下各自拿到分配的ip,此时两个容器的网络是互通的。
b)案例
上面介绍docker0上面的veth0和容器内部的eth0是两两配对的,那么验证一下
[root@localhost mydocker]# docker run -d -p 8081:8080 --name tomcat81 billygoo/tomcat8-jdk8
01d73fb64a63f64a11a3db903e0c49bb377b90a8e190ed8364c34288a80b73d3
[root@localhost mydocker]# docker run -d -p 8082:8080 --name tomcat82 billygoo/tomcat8-jdk8
22229272719db15494e1a577e7bc0284e844875bd698e2d91ac86bfbb7de189b
[root@localhost mydocker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
22229272719d billygoo/tomcat8-jdk8 "catalina.sh run" 2 minutes ago Up 2 minutes 0.0.0.0:8082->8080/tcp, :::8082->8080/tcp tomcat82
01d73fb64a63 billygoo/tomcat8-jdk8 "catalina.sh run" 3 minutes ago Up 2 minutes 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp tomcat81
在宿主机查看网络
[root@localhost mydocker]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d8:4d:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.146.144/24 brd 192.168.146.255 scope global dynamic ens33
valid_lft 1171sec preferred_lft 1171sec
inet6 fe80::6fa4:e745:1e09:25bb/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:0f:7b:c3:29 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fff:fe7b:c329/64 scope link
valid_lft forever preferred_lft forever
27: vethc7067a2@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 9a:f8:e8:6d:14:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::98f8:e8ff:fe6d:1409/64 scope link
valid_lft forever preferred_lft forever
# 备注: 看到名称29: veth4e385db@if28,代表宿主机的veth29对应容器内的eth0 28
29: veth4e385db@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether 4e:45:d3:92:57:4f brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::4c45:d3ff:fe92:574f/64 scope link
valid_lft forever preferred_lft forever
# 备注: veth 31匹配eth0 30
31: veth5aa4302@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
link/ether de:98:51:56:f7:73 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::dc98:51ff:fe56:f773/64 scope link
valid_lft forever preferred_lft forever
[root@localhost mydocker]# docker inspect tomcat82 | tail -n 20
"Networks": {
"bridge": { #模式为bridge
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "d465af915f3662feb877915190ef94e4d11aee857ef342842d5c634f2ec07bd7",
"EndpointID": "f924ba305576beb8542a16c1cdb3377ba4bf8b9534e2b8da1de876d83e34379f",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"DriverOpts": null
}
}
}
}
]
tomcat81查看网络
[root@localhost ~]# docker exec -it tomcat81 /bin/bash
root@01d73fb64a63:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
# 备注: 看到名称,代表eth0 28对应veth 29,和上面两两配对
28: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@01d73fb64a63:/usr/local/tomcat#
tomcat82查看网络
[root@localhost ~]# docker exec -it tomcat82 /bin/bash
root@22229272719d:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
# 备注: eth0 30匹配veth 31
30: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
2)host网络模式
a)概念
容器将不会获得一个独立的Network Namespace, 而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡而是使用宿主机的IP和端口。
b)案例
[root@localhost mydocker]# docker run -d -p 8083:8080 --network host --name tomcat83 billygoo/tomcat8-jdk8
WARNING: Published ports are discarded when using host network mode #这里的警告是我们既然使用host模式,那么自定义的端口映射就无所谓了,建议删除
937164c67b2ff4754b42d5f8e29d8e2edd0de7568c1329fd222084326e0da6a3
[root@localhost mydocker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
937164c67b2f billygoo/tomcat8-jdk8 "catalina.sh run" 10 seconds ago Up 10 seconds tomcat83
[root@localhost mydocker]# docker inspect tomcat83 | tail -n 20 #查看状态
"Networks": {
"host": { #模式为host模式
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "8a75ca97127fefe8c42def9a3c850f796ad425748ec2e6a9770de8c5490d38c5",
"EndpointID": "47ba09d49e2a639eb04485fc618c3c32bfe74d8aed483a50651141d733f933d3",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
3)none网络模式
禁用网络功能,只有lo标识,就是127.0.0.1本地回环,只能自己访问
[root@localhost mydocker]# docker run -d -p 8084:8080 --network none --name tomcat84 billygoo/tomcat8-jdk8
7924c129d0d7dd400152ccc1f3849e5b7679371170fa6d3a8040b8abc2a87d5c
[root@localhost mydocker]# docker exec -it tomcat84 bash
root@7924c129d0d7:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4)container网络模式
a)概念
新建的容器和已经存在的一个容器共享一个网络ip配置而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的IP,而是和一个指定的容器共享IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。
b)案例
这里再次使用tomcat演示,会报错,因为两个共用同一个ip,会导致端口冲突,所以这里使用Alpine演示,Alpine操作系统是一个面向安全的轻型Linux发行版
启动alpine1
[root@localhost mydocker]# docker run -it --name alpine1 alpine
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
启动alpine2
可以看到两个容器共用同一组eth和evth
[root@localhost ~]# docker run -it --network container:alpine1 --name alpine2 alpine /bin/sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
此时停掉alpine1
[root@localhost ~]# docker stop alpine1
alpine1
查看alpine2
发现alpine2只有lo了
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
/ #
4.自定义网络
我们两个容器实例,相互之间,可以根据ip来ping通,那么一旦容器的ip发生变化,那么我们的配置也要更改,那么就需要根据容器实例名称来ping通,那么就需要借助自定义网络来实现
before
启动两个容器实例
[root@localhost mydocker]# docker run -d -p 8091:8080 --name tomcat91 billygoo/tomcat8-jdk8
1f5f099f432de34032c89ef0124211238dc672c58567a1d5e94be85110618b72
[root@localhost mydocker]# docker run -d -p 8092:8080 --name tomcat92 billygoo/tomcat8-jdk8
c98db87419676303021443ae0fd84a9383678e9e3b4c5c00150ce68d82d1d8d6
进入到tomcat91,
- 通过ip地址来ping容器tomcat92,
可以ping通 - 通过容器实例名称来ping,
无法ping通
[root@localhost mydocker]# docker exec -it tomcat91 /bin/bash
root@1f5f099f432d:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@1f5f099f432d:/usr/local/tomcat# ping 127.17.0.6
PING 127.17.0.6 (127.17.0.6) 56(84) bytes of data.
64 bytes from 127.17.0.6: icmp_seq=1 ttl=64 time=0.062 ms
64 bytes from 127.17.0.6: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 127.17.0.6: icmp_seq=3 ttl=64 time=0.078 ms
64 bytes from 127.17.0.6: icmp_seq=4 ttl=64 time=0.073 ms
64 bytes from 127.17.0.6: icmp_seq=5 ttl=64 time=0.074 ms
64 bytes from 127.17.0.6: icmp_seq=6 ttl=64 time=0.032 ms
64 bytes from 127.17.0.6: icmp_seq=7 ttl=64 time=0.074 ms
64 bytes from 127.17.0.6: icmp_seq=8 ttl=64 time=0.075 ms
64 bytes from 127.17.0.6: icmp_seq=9 ttl=64 time=0.028 ms
64 bytes from 127.17.0.6: icmp_seq=10 ttl=64 time=0.076 ms
64 bytes from 127.17.0.6: icmp_seq=11 ttl=64 time=0.076 ms
^C
--- 127.17.0.6 ping statistics ---
11 packets transmitted, 11 received, 0% packet loss, time 10029ms
rtt min/avg/max/mdev = 0.028/0.063/0.078/0.019 ms
root@1f5f099f432d:/usr/local/tomcat# ping tomcat92
ping: tomcat92: Name or service not known
root@1f5f099f432d:/usr/local/tomcat#
进入到tomcat92
- 通过ip地址来ping容器tomcat91,
可以ping通 - 通过容器实例名称来ping,
无法ping通
[root@localhost ~]# docker exec -it tomcat92 /bin/bash
root@c98db8741967:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
38: eth0@if39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:06 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.6/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@c98db8741967:/usr/local/tomcat# ping 127.17.0.5
PING 127.17.0.5 (127.17.0.5) 56(84) bytes of data.
64 bytes from 127.17.0.5: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 127.17.0.5: icmp_seq=2 ttl=64 time=0.106 ms
64 bytes from 127.17.0.5: icmp_seq=3 ttl=64 time=0.100 ms
64 bytes from 127.17.0.5: icmp_seq=4 ttl=64 time=0.071 ms
^C
--- 127.17.0.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.040/0.079/0.106/0.027 ms
root@c98db8741967:/usr/local/tomcat# ping tomcat91
ping: tomcat91: Name or service not known
root@c98db8741967:/usr/local/tomcat#
自定义桥接网络
自定义桥接网络,自定义网络默认使用的是桥接网络bridge
[root@localhost ~]# docker network create wang_network
dc3f93953365d7f0509fa1642ae0bed7286426a0068a0925bcceeb9e1d327c0a
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
d465af915f36 bridge bridge local
8a75ca97127f host host local
e593b981f4cd none null local
dc3f93953365 wang_network bridge local
after
创建容器实例,指定网络模式为自定义的wang_network
[root@localhost mydocker]# docker run -d -p 8093:8080 --network wang_network --name tomcat93 billygoo/tomcat8-jdk8
a4daff881e51f9cf52f46a52b2e2757a63fc27f18d60b75e78367364196f84dd
[root@localhost mydocker]# docker run -d -p 8094:8080 --network wang_network --name tomcat94 billygoo/tomcat8-jdk8
2594522015d3eb11ffe0abc0bf61fcd5bdbd4ad436f6458e7c144060402145e4
进入到tomcat93
- 可以通过ip来ping通
- 可以通过容器实例名称来ping通
root@localhost ~]# docker exec -it tomcat93 /bin/bash
root@a4daff881e51:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@a4daff881e51:/usr/local/tomcat# ping 172.18.0.3
PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data.
64 bytes from 172.18.0.3: icmp_seq=1 ttl=64 time=0.087 ms
64 bytes from 172.18.0.3: icmp_seq=2 ttl=64 time=0.079 ms
64 bytes from 172.18.0.3: icmp_seq=3 ttl=64 time=0.135 ms
64 bytes from 172.18.0.3: icmp_seq=4 ttl=64 time=0.090 ms
^C
--- 172.18.0.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.079/0.097/0.135/0.025 ms
root@a4daff881e51:/usr/local/tomcat# ping tomcat94
PING tomcat94 (172.18.0.3) 56(84) bytes of data.
64 bytes from tomcat94.wang_network (172.18.0.3): icmp_seq=1 ttl=64 time=0.047 ms
64 bytes from tomcat94.wang_network (172.18.0.3): icmp_seq=2 ttl=64 time=0.137 ms
64 bytes from tomcat94.wang_network (172.18.0.3): icmp_seq=3 ttl=64 time=0.136 ms
64 bytes from tomcat94.wang_network (172.18.0.3): icmp_seq=4 ttl=64 time=0.164 ms
^C
--- tomcat94 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 0.047/0.121/0.164/0.044 ms
root@a4daff881e51:/usr/local/tomcat#
进入到tomcat94
- 可以通过ip来ping通
- 可以通过容器实例名称来ping通
[root@localhost ~]# docker exec -it tomcat94 /bin/bash
root@2594522015d3:/usr/local/tomcat# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
43: eth0@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
root@2594522015d3:/usr/local/tomcat# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.093 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.076 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.092 ms
^C
--- 172.18.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.048/0.077/0.093/0.019 ms
root@2594522015d3:/usr/local/tomcat# ping tomcat93
PING tomcat93 (172.18.0.2) 56(84) bytes of data.
64 bytes from tomcat93.wang_network (172.18.0.2): icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from tomcat93.wang_network (172.18.0.2): icmp_seq=2 ttl=64 time=0.111 ms
64 bytes from tomcat93.wang_network (172.18.0.2): icmp_seq=3 ttl=64 time=0.109 ms
64 bytes from tomcat93.wang_network (172.18.0.2): icmp_seq=4 ttl=64 time=0.110 ms
^C
--- tomcat93 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.035/0.091/0.111/0.033 ms
root@2594522015d3:/usr/local/tomcat#
四、Docker-compose容器编排
1.简介
Docker-compose是Docker官方的开源项目,负责实现对Docker容器集群的快速编排,可以管理多个 Docker 容器组成一个应用。你需要定义一个 YAML 格式的配置文件docker-compose.yml,写好多个容器之间的调用关系。然后,只要一个命令,就能同时启动/关闭这些容器
简单点说:Dockerfile用于构建单个镜像,那么Compose用于多个镜像一键部署
2.下载/安装
https://docs.docker.com/compose/compose-file/compose-file-v3/
https://docs.docker.com/compose/install/
安装步骤很简单,按照官网的说明,两三步就完事
[root@localhost mydocker]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 664 100 664 0 0 983 0 --:--:-- --:--:-- --:--:-- 985
100 12.1M 100 12.1M 0 0 5129k 0 0:00:02 0:00:02 --:--:-- 7466k
[root@localhost mydocker]# chmod +x /usr/local/bin/docker-compose
[root@localhost mydocker]# docker-compose --version
docker-compose version 1.29.2, build 5becea4c
[root@localhost mydocker]#
3.Compose使用三个步骤
- 编写Dockerfile定义各个微服务应用并构建出对应的镜像文件,也就是镜像需要提前准备好
- 使用docker-compose.xml定义一个完整业务单元,安排好整体应用中的各个容器服务
- 最后,执行docker-compose up命令,来启动并运行整个应用程序,完成一件部署上线
4.Compose常用命令
docker-compose -h # 查看帮助
docker-compose up # 启动所有docker-compose服务
docker-compose up -d # 启动所有docker-compose服务并后台运行
docker-compose down # 停止并删除容器、网络、卷、镜像。
docker-compose exec yml里面的服务id # 进入容器实例内部 docker-compose exec docker-compose.yml文件中写的服务id /bin/bash
docker-compose ps # 展示当前docker-compose编排过的运行的所有容器
docker-compose top # 展示当前docker-compose编排过的容器进程
docker-compose logs yml里面的服务id # 查看容器输出日志
docker-compose config # 检查配置
docker-compose config -q # 检查配置,有问题才有输出
docker-compose restart # 重启服务
docker-compose start # 启动服务
docker-compose stop # 停止服务
5.Compose编排微服务测试
为了测试容器编排,那么肯定需要多个容器,这里使用 微服务 + Mysql容器 + Redis容器
然后一个最常见的例子,通过接口查询数据,缓存存在则返回,否则去查询数据库
1)微服务调整
代码很简单,查询Mysql或者Redis,主要调整一下配置
server.port=6001
# ========================alibaba.druid相关配置=====================
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
#spring.datasource.url=jdbc:mysql://192.168.146.144:3306/db01?useUnicode=true&characterEncoding=utf-8&useSSL=false
spring.datasource.url=jdbc:mysql://mysql:3306/db01?useUnicode=true&characterEncoding=utf-8&useSSL=false
spring.datasource.username=root
spring.datasource.password=123456
spring.datasource.druid.test-while-idle=false
# ========================redis相关配置=====================
spring.redis.database=0
spring.redis.host=192.168.146.144
spring.redis.port=6379
spring.redis.password=123456
spring.redis.lettuce.pool.max-active=8
spring.redis.lettuce.pool.max-wait=-1ms
spring.redis.lettuce.pool.max-idle=8
spring.redis.lettuce.pool.min-idle=0
# ========================mybatis相关配置===================
mybatis.mapper-locations=classpath:mapper/*.xml
2)微服务代码生成
创建微服务的镜像
[root@localhost mydocker]# ll
总用量 37056
drwxr-xr-x. 2 root root 6 4月 10 16:25 data
-rw-r--r--. 1 root root 37937917 4月 10 16:54 docker_boot.jar
-rw-r--r--. 1 root root 454 4月 10 16:54 Dockerfile
[root@localhost mydocker]# cat Dockerfile
# 基础镜像使用java
FROM java:8
# 作者
MAINTAINER wang
# VOLUME 指定临时文件目录为/tmp,在主机/var/lib/docker目录下创建了一个临时文件并链接到容器的/tmp
VOLUME /tmp
# 将jar包添加到容器中并更名为docker_boot_6001.jar
ADD docker_boot.jar docker_boot_6001.jar
# 运行jar包
RUN bash -c 'touch /docker_boot_6001.jar'
ENTRYPOINT ["java","-jar","/docker_boot_6001.jar"]
#暴露6001端口作为微服务
EXPOSE 6001
[root@localhost mydocker]# docker build -t docker-boot:1.6 .
Sending build context to Docker daemon 37.94MB
Step 1/7 : FROM java:8
---> d23bdf5b1b1b
Step 2/7 : MAINTAINER wang
---> Running in 9dc0bbc28c31
Removing intermediate container 9dc0bbc28c31
---> 3fd2345a2b2b
Step 3/7 : VOLUME /tmp
---> Running in 37fd3a68f844
Removing intermediate container 37fd3a68f844
---> a2a317bea03d
Step 4/7 : ADD docker_boot.jar docker_boot_6001.jar
---> 5a9b3a17f228
Step 5/7 : RUN bash -c 'touch /docker_boot_6001.jar'
---> Running in 414c693f05d5
Removing intermediate container 414c693f05d5
---> a4f9dae9f002
Step 6/7 : ENTRYPOINT ["java","-jar","/docker_boot_6001.jar"]
---> Running in 5e4efb0b311b
Removing intermediate container 5e4efb0b311b
---> a1a744191f83
Step 7/7 : EXPOSE 6001
---> Running in 5e3ca39a95eb
Removing intermediate container 5e3ca39a95eb
---> d37ba7b0e15d
Successfully built d37ba7b0e15d
Successfully tagged docker-boot:1.6
3)镜像准备
之前已经创建了微服务的镜像,接下来在拉取一下Mysql和Redis的镜像
[root@localhost compose]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-boot 1.6 d37ba7b0e15d About a minut 719MB
mysql 5.7 c20987f18b13 3 months ago 448MB
redis 6.0.8 16ecd2772934 17 months ago 104MB
4)docker-compose.yml
[root@localhost compose]# pwd
/usr/local/compose
[root@localhost compose]# ll
总用量 4
-rw-r--r--. 1 root root 980 4月 10 16:28 docker-compose.yml
docker-compose内容
version: "3"
services:
dockerboot:
image: docker-boot:1.6
container_name: boot-compose
ports:
- "6001:6001"
volumes:
- /usr/local/mydocker/data:/data
networks:
- wan_network
depends_on:
- redis
- mysql
redis:
image: redis:6.0.8
container_name: redis-compose
privileged: true
ports:
- "6379:6379"
volumes:
- /usr/local/redis/redis.conf:/etc/redis/redis.conf
- /usr/local/redis/data:/data
networks:
- wan_network
command: redis-server /etc/redis/redis.conf
mysql:
image: mysql:5.7
container_name: mysql-compose
environment:
MYSQL_ROOT_PASSWORD: '123456'
MYSQL_ALLOW_EMPTY_PASSWORD: 'no'
MYSQL_DATABASE: 'db01'
ports:
- "3306:3306"
volumes:
- /usr/local/mysql/data:/var/lib/mysql
- /usr/local/mysql/conf:/etc/mysql/conf.d
- /usr/local/mysql/my.cnf:/etc/mysql/my.cnf
networks:
- wan_network
command: --default-authentication-plugin=mysql_native_password
networks:
wan_network:
5)compose启动
[root@localhost compose]# pwd
/usr/local/compose
[root@localhost compose]# ll
总用量 4
-rw-r--r--. 1 root root 980 4月 10 17:24 docker-compose.yml
[root@localhost compose]# docker-compose up -d
Creating network "compose_wan_network" with the default driver
Creating mysql-compose ... done
Creating redis-compose ... done
Creating boot-compose ... done
[root@localhost compose]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
559738e75210 docker-boot:1.6 "java -jar /docker_b…" 5 seconds ago Up 3 seconds 0.0.0.0:6001->6001/tcp, :::6001->6001/tcp boot-compose
bd0b15d9cf22 mysql:5.7 "docker-entrypoint.s…" 6 seconds ago Up 5 seconds 0.0.0.0:3306->3306/tcp, :::3306->3306/tcp, 33060/tcp mysql-compose
五、Docker轻量级可视化工具Portainer
Portainer 是一款轻量级的应用,它提供了图形化界面,用于方便地管理Docker环境,包括单机环境和集群环境。
1.安装
https://www.portainer.io/
[root@localhost mydocker]# docker pull portainer/portainer
Using default tag: latest
latest: Pulling from portainer/portainer
94cfa856b2b1: Pull complete
49d59ee0881a: Pull complete
a2300fd28637: Pull complete
Digest: sha256:fb45b43738646048a0a0cc74fcee2865b69efde857e710126084ee5de9be0f3f
Status: Downloaded newer image for portainer/portainer:latest
docker.io/portainer/portainer:latest
[root@localhost mydocker]# docker run -d -p 8000:8000 -p 9000:9000 \
--name portainer --restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer
b4593ae49a4be51a82035955989fa73cd9f75715964465f299ce1a1b2780bdbb
[root@localhost mydocker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b4593ae49a4b portainer/portainer "/portainer" 39 seconds ago Up 37 seconds 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp portainer
2.访问
创建成功以后,访问地址: http://192.168.146.144:9000,第一次登陆需要创建用户,输入自己的密码即可,然后登陆访问
3.使用
功能非常强大,可以在界面拉取镜像,创建容器实例,之前都是通过命令来操作,现在界面输入即可
六、Docker重量级容器监控之
CAdvisor监控收集 + Influx存储数据 + Granfana展示图表
小公司无所谓了
使用的时候再去看视频了
737
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
