文章目录
Docker入门
Docker概述
技能列表
- Docker概述
- Docker安装
- 镜像命令
- 容器命令
- 操作命令
- …
- Docker镜像!
- 容器数据卷!
- DockerFile
- Docker网络原理
- Docker Compose
- Docker Swarm
- CI\CD jenkins
docker run image
本地寻找镜像,判断是否存在,若没有从Docker Hub下载,Docker Hub 可以找到,下载镜像,回至本地镜像仓库,运行当前镜像。
工作目录
/var/lib/docker/
C\S结构,Docker Daemon(守护进程)运行在宿主机器上,客户机借助Socket访问Server;Server负责接收,执行指令。
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-PW8WujYr-1609034086723)(Docker.assets/image-20201222213050171.png)]
Docker拥有更少的抽象层,docker利用的是Host的内核,vm需要Guest OS!
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-eDqOWylI-1609034086726)(Docker.assets/image-20201222214233615.png)]
![image-20201222214631921](Docker.assets/image-20201222214631921.png)
阿里内网加速
- 安装/升级Docker客户端
推荐安装1.10.0以上版本的Docker客户端,参考文档 docker-ce
- 配置镜像加速器(AlibabaCloud)
针对Docker客户端版本大于 1.10.0 的用户
您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://abe2v8fb.mirror.aliyuncs.com"] 别复制,不同主机内网地址不同,阿里控制台获取
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
docker命令
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Y8BUx9BX-1609034086727)(Docker.assets/image-20201225101902259.png)]
状态类命令
docker run -it --name hw hello-world[:15.20] /bin/bash
-i : 允许对容器内地STDIN交互
-t : 在创建定容器内指定终端
–name : 为容器指定名字
[:15.20] : 版本号
/bin/bash or /bin/sh or any starting process command : 交互式命令,表示载入容器后运行bash
[root@iZwz92te2l9m024kfad1qsZ ~]# docker run -itd centos top
[root@iZwz92te2l9m024kfad1qsZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff53fa142c7c centos "top" 4 seconds ago Up 3 seconds festive_swanson
docker中必须要保持一个进程的运行,要不然整个容器启动后就会马上kill itself
docker run -d hello-world -c "while true; do echo hello-world; sleep 1; done"
-d : daemon以守护进程方式工作
-c : 启动容器时运行的命令
以静态方式查看所有存在过的容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a0bdd2d75ba7 hello-world "/bin/bash -c 'while…" 20 seconds ago Created sleepy_albattani
a77a692408f0 hello-world "-c 'while true; do …" 2 minutes ago Created vigilant_panini
以动态方式查看运行中的容器
[root@localhost ~]# docker top --help
Usage: docker top CONTAINER [ps OPTIONS]
Status状态有7种:
- created(已创建)
- restarting(重启中)
- running 或 Up(运行中)
- removing(迁移中)
- paused(暂停)
- exited(停止)
- dead(死亡)
docker run images_name
运行一个镜像
docker stop container_id
终止容器进程
docker start container_id
启动容器
docker rm [-f] container_id
移除容器
docker restart <container_id>
重启容器
docker kill <container_id>
杀死容器进程
在使用 -d 参数时,容器启动后会进入后台。此时想要进入容器,可以通过以下指令进入:
-
docker attach
-
Attach local standard input, output, and error streams to a running container
-
Usage:
docker attach [OPTIONS] CONTAINER
-
exit 容器则容器停止(ctrl+p+q可退出而不停止)
-
[root@iZwz92te2l9m024kfad1qsZ ~]# docker attach 9cb2c6310220
[root@9cb2c6310220 /]# ls
bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
- docker exec:推荐使用 docker exec 命令,因为此退出容器终端,不会导致容器的停止;但是,attach是进入容器当前终端,而exec会在容器内生成新的终端
- Run a command in a running container
- Usage:
docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
[root@iZwz92te2l9m024kfad1qsZ ~]# docker exec 9cb2c6310220 ps
PID TTY /*Teletype控制终端*/ TIME CMD
22 ? 00:00:00 ps
拷贝文件
[root@iZwz92te2l9m024kfad1qsZ ~]# docker cp 9fffc87fbc0a:/home/ /home/centos_docker
[root@iZwz92te2l9m024kfad1qsZ ~]# cd /home/
[root@iZwz92te2l9m024kfad1qsZ home]# ls
aliyun aliyun-cli-linux-latest-amd64.solitairetheme8 centos_docker fastcgi.php log.txt memcached redis www
- Usage: **
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-
**容器内文件至宿主机
**docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
**宿主机到容器内 - Copy files/folders between a container and the local filesystem
导出和导入容器
导出容器
$ docker export -o hello-world.tar 9ead75336e51
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9ead75336e51 hello-world "/hello" 36 seconds ago Exited (0) 35 seconds ago wizardly_gates
22f9136e8c97 centos "/bin/bash" 9 minutes ago Up 9 minutes boring_jackson
[root@localhost ~]# docker export -o hello-world.tar 9ead75336e51
[root@localhost ~]# ls
anaconda-ks.cfg hello-world.tar
导入容器快照
#本地文件
$ cat docker/ubuntu.tar | docker import - test/ubuntu:v1
#通过url
$ docker import http://example.com/exampleimage.tgz example/imagerepo
[root@localhost ~]# cat hello-world.tar | docker import - import/hello-world:v1
[root@localhost ~]# docker import hello-world.tar hello-world:import
#注意:运行导入的镜像的时候必须带command,否则启动报如下错误
[root@localhost ~]# docker run hello-world:import `exec cmd`
sha256:fcf33f8a5101a658
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world import 25a329a88b17 About a minute ago 13.3kB
centos latest 300e315adb2f 2 weeks ago 209MB
hello-world latest bf756fb1ae65 11 months ago 13.3kB
打标签
- Usage:
docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
[root@iZwz92te2l9m024kfad1qsZ ~]# docker image tag hello-world hello-world:v1
[root@iZwz92te2l9m024kfad1qsZ ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 300e315adb2f 2 weeks ago 209MB
hello-world latest bf756fb1ae65 11 months ago 13.3kB
hello-world v1 bf756fb1ae65 11 months ago 13.3kB
批量处理
停用全部运行中的容器:
docker stop $(docker ps -q)
删除全部容器:
docker rm $(docker ps -aq)
一条命令实现停用并删除容器:
docker stop $(docker ps -q) & docker rm $(docker ps -aq)
日志
Usage: docker logs [OPTIONS] CONTAINER
Fetch the logs of a container
Options:
--details Show extra details provided to logs
-f, --follow Follow log output #跟踪日志输出
--since string Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes) #显示某个开始时间的所有日志
-n, --tail string Number of lines to show from the end of the logs (default "all")#仅列出最新N条容器 日志
-t, --timestamps Show timestamps # 显示时间戳
--until string Show logs before a timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)
[root@iZwz92te2l9m024kfad1qsZ ~]# docker logs -f ff53
top - 15:54:17 up 34 days, 1:35, 0 users, load average: 0.42, 0.62, 0.69
Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie
%Cpu(s): 7.0 us, 5.0 sy, 0.0 ni, 87.9 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 3789.4 total, 166.6 free, 1034.6 used, 2588.2 buff/cache
MiB Swap: 1025.0 total, 1025.0 free, 0.0 used. 2409.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 49060 2188 1580 R 0.0 0.1 0:00.20 top
镜像搜索
Usage: docker search [OPTIONS] TERM
名称,简写 | 默认 | 描述 |
---|---|---|
--automated | false | 仅显示自动构建 |
--filter, -f | 根据提供的条件过滤输出 | |
--limit | 25 | 最大搜索结果数 |
--no-trunc | false | 不要截断输出 |
--stars, -s | 0 | 只显示至少有x颗星 |
[root@iZwz92te2l9m024kfad1qsZ ~]# docker search -f stars=100 centos
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
centos The official build of CentOS. 6336 [OK]
ansible/centos7-ansible Ansible on Centos7 132 [OK]
consol/centos-xfce-vnc Centos container with "headless" VNC session… 124 [OK]
jdeathe/centos-ssh OpenSSH / Supervisor / EPEL/IUS/SCL Repos - … 117 [OK]
运行一个 web 应用
[root@localhost ~]# docker pull training/webapp
Using default tag: latest
latest: Pulling from training/webapp
e190868d63f8: Pull complete
909cd34c6fd7: Pull complete
0b9bfabab7c1: Pull complete
a3ed95caeb02: Pull complete
10bbbc0fc0ff: Pull complete
fca59b508e9f: Pull complete
e7ae2541b15b: Pull complete
9dd97ef58ce9: Pull complete
a4c1b0cb7af7: Pull complete
Digest: sha256:06e9c1983bd6d5db5fba376ccd63bfa529e8d02f23d5079b8f74a616308fb11d
Status: Downloaded newer image for training/webapp:latest
[root@localhost ~]# docker run -d -P training/webapp python app.py
5d6100ff5bc275d4d6dc222047ae068c4c2dd30a923916cf2f490d261b8a2e20
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d6100ff5bc2 training/webapp "python app.py" 4 seconds ago Up 3 seconds 0.0.0.0:32768->5000/tcp focused_mestorf
[root@localhost ~]# docker run -d -p 5000:5000 training/webapp[/udp] python app.py
dbd2e62e8ef75febeb58c916d3b74c42f6ebadf2a0ba103e37ef5b5bb7438060
[root@localhost ~]# docker port 97cf182c867d
5000/tcp -> 0.0.0.0:80
[root@localhost ~]# docker logs -t --details 97cf182c867d
2020-12-25T02:28:37.966887108Z * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
2020-12-25T02:28:45.655452961Z 192.168.56.1 - - [25/Dec/2020 02:28:45] "GET /favicon.ico HTTP/1.1" 404 -
2020-12-25T02:28:46.687248424Z 192.168.56.1 - - [25/Dec/2020 02:28:46] "GET /favicon.ico HTTP/1.1" 404 -
2020-12-25T02:28:50.040089655Z 192.168.56.1 - - [25/Dec/2020 02:28:50] "GET / HTTP/1.1" 200 -
2020-12-25T02:28:50.458071205Z 192.168.56.1 - - [25/Dec/2020 02:28:50] "GET /favicon.ico HTTP/1.1" 404 -
2020-12-25T02:30:21.927939969Z 192.168.56.1 - - [25/Dec/2020 02:30:21] "GET / HTTP/1.1" 200 -
2020-12-25T02:32:10.484857726Z 192.168.56.1 - - [25/Dec/2020 02:32:10] "GET / HTTP/1.1" 200 -
2020-12-25T02:32:11.444579995Z 192.168.56.1 - - [25/Dec/2020 02:32:11] "GET / HTTP/1.1" 200 -
[root@localhost ~]# show clock
-bash: show: command not found
[root@localhost ~]# clock
Fri 25 Dec 2020 10:34:13 AM CST -0.756723 seconds
#web记录的是UTC世界协调时间,与本时区时间相差8小时,分析日志前要做本地化处理
docker top <container_id>
:来查看容器内部运行的进程
docker inspect <container_id>
:查看Docker容器的底层信息
参数说明:
- **-d:**让容器在后台运行。
- **-P:**将容器内部使用的网络端口随机映射到我们使用的宿主主机上。
- -p:将容器内的使用端口映射到宿主机的指定端口。(宿主机:容器)
- 0.0.0.0:与客户机有关的所有网卡
- /udp:默认绑定tcp端口,可以指定/udp端口
Docker Network
[root@localhost ~]# docker network create -d bridge test-net
fbfcbd297c600efcb4c326faef1c7b7f0ae9b61c3387b82392f1ee3b77e2037c
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
58b30159c818 bridge bridge local
61b059bcd34c host host local
999fcaff2725 none null local
fbfcbd297c60 test-net bridge local
#使用指定网络运行
[root@localhost ~]# docker run -itd --name test1 --network test-net centos /bin/bash
7a223d7000663c68d731a8419211d17c1fcc9a453c7197c6376b2f10d55c4a34
[root@localhost ~]# docker run -itd --name test2 --network test-net centos /bin/bash
4f51f2f5ab058e4e38ec000009b129e2fe373b73d834d48f380bf720e862d197
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f51f2f5ab05 centos "/bin/bash" 6 seconds ago Up 5 seconds test2
7a223d700066 centos "/bin/bash" 14 seconds ago Up 13 seconds test1
[root@localhost ~]# docker exec -it test1 /bin/bash
[root@7a223d700066 /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# docker exec -it test2 /bin/bash
[root@4f51f2f5ab05 /]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
19: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@4f51f2f5ab05 /]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.052 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.052 ms
^C
--- 172.18.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.040/0.048/0.052/0.005 ms
- -d:指定网络类型:bridge,overlay
为所有容器指定DNS
在宿主机的 /etc/docker/daemon.json 文件中增加以下内容来设置全部容器的 DNS:
{
"dns" : [
"223.6.6.6",#Alibaba DNS
"114.114.114.114",
"8.8.8.8"
]
}
设置后,启动容器的 DNS 会自动配置为 114.114.114.114 和 8.8.8.8。
配置完,需要重启 docker 才能生效。
查看容器的 DNS 是否生效可以使用以下命令,它会输出容器的 DNS 信息:
[root@localhost ~]# docker run -it --rm centos cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 223.6.6.6
参数说明:
- –rm : Automatically remove the container when it exits
手动指定容器的配置
如果只想在指定的容器设置 DNS,则可以使用以下命令:
$ docker run -it --rm -h host_ubuntu --dns=114.114.114.114 --dns-search=test.com ubuntu
参数说明:
–rm:容器退出时自动清理容器内部的文件系统。
-h HOSTNAME 或者 --hostname=HOSTNAME: 设定容器的主机名,它会被写到容器内的 /etc/hostname 和 /etc/hosts。
–dns=IP_ADDRESS: 添加 DNS 服务器到容器的 /etc/resolv.conf 中,让容器用这个服务器来解析所有不在 /etc/hosts 中的主机名。
–dns-search=DOMAIN: 设定容器的搜索域,当设定搜索域为 .example.com 时,在搜索一个名为 host 的主机时,DNS 不仅搜索 host,还会搜索 host.example.com。
Docker Hub
[root@localhost ~]# docker login
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 300e315adb2f 2 weeks ago 209MB
alifys/hello-world latest bf756fb1ae65 11 months ago 13.3kB
hello-world latest bf756fb1ae65 11 months ago 13.3kB
[root@localhost ~]# docker push alifys/hello-world:latest
[root@localhost ~]# docker pull alifys/hello-world
Using default tag: latest
latest: Pulling from alifys/hello-world
Digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042
Status: Downloaded newer image for alifys/hello-world:latest
[root@localhost ~]# docker logout
commit
**docker commit:**从容器创建一个新的镜像。
语法
docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
OPTIONS说明:
- **-a:**提交的镜像作者;
- **-c:**使用Dockerfile指令来创建镜像;
- **-m:**提交时的说明文字;
- **-p:**在commit时,将容器暂停。
实例
将容器a404c6c174a2 保存为新的镜像,并添加提交人信息和说明信息。
[root@localhost ~]# docker commit -a "allfys" -m "commit hello-world:latest" 05b5671a6f4c hello-world:v1
sha256:1243b85f36c5801e83563561761e029bd71469bedf14d112f72b0c71beb11112
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world v1 1243b85f36c5 4 seconds ago 13.3kB
*-p:**在commit时,将容器暂停。
实例
将容器a404c6c174a2 保存为新的镜像,并添加提交人信息和说明信息。
[root@localhost ~]# docker commit -a "allfys" -m "commit hello-world:latest" 05b5671a6f4c hello-world:v1
sha256:1243b85f36c5801e83563561761e029bd71469bedf14d112f72b0c71beb11112
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world v1 1243b85f36c5 4 seconds ago 13.3kB