docker笔记

weixin_44504134

已于 2024-10-10 15:30:26 修改

阅读量1.6k

点赞数 40

文章标签： docker 笔记

于 2024-06-11 11:14:13 首次发布

本文链接：https://blog.csdn.net/weixin_44504134/article/details/139473057

版权

image

通过dockerfile build image

docker build -t my_image[:<tag>] /path/to/dockerfile

不同tag对应不同版本，默认latest

也可以从网上pull images， docker hub连接不了时可以从其他镜像源pull之后tag

container

run

 docker run -ti --name my-container my-image:my-version

-ti: allocate a pseduo-TTY (terminal)

-d: backend run

--rm: cleanup when finished

side: Stop the interactive container session with Ctrl + D.

stop and remove

docker rm -f container-name-or-id

port-fowarding

docker run -dp 0.0.0.0:8080:3000 gettingstartedapp

named volume mounting

Volumes provide the ability to connect specific filesystem paths of the container back to the host machine.

create volume

docker volume create todo-db

inspect

docker volume inspect volume-name

把container内的某个路径下的file system以docker自有的方式存储为volume，存储路径不用指定，下次需要load只需要将同一个volume挂载到指定目录下即可。这样可以将临时开发进度存储但不发布为新的Image。

or use --mount

docker run -dp 0.0.0.0:8000:3000 --mount type=volume,src=todo-db,target=/etc/todos getting-started

bind mounts (host directory mounting)

Use a bind mount to mount source code into the container. The container sees the changes you make to the code immediately, as soon as you save a file. This means that you can run processes in the container that watch for filesystem changes and respond to them.

注：bind mount的时候如果更改挂载本地目录，会马上update到docker app上

docker run -it --mount type=bind,src="$(pwd)",target=/src ubuntu bash

docker run -dp 0.0.0.0:8080:3000 \
    -w /app --mount type=bind,src="$(pwd)",target=/app \
    node:18-alpine \
    sh -c "yarn install && yarn run dev"

使用docker run -v，可以挂载host上的目录(bind mount)或者volume(named volume mount)

docker run -v <host-path>:<container-path> image-name

docker run -v <volume-name>:<container-path> image-name

可以挂载multiple mounts

docker run -v /path/to/host/data1:/path/in/container1 \
           -v /path/to/host/data2:/path/in/container2 -it your_image

注：这里也可以不create，-v会自动创建

summary: bind和volume的方式同样是存储container中的文件，一个是直接挂载为host上的1-to-1方式，不生成 volume，一个是以volume方式存储在docker的文件系统中

Container Networking

how

在容器启动时分发network

在docker中创建network（和volume类似都是docker的对象）

docker network create todo-app

在run container的时候指定--network；同时assign一个network-alias，给此容器指定一个域名

docker run -d \
    --network todo-app --network-alias mysql \
    -v todo-mysql-data:/var/lib/mysql \
    -e MYSQL_ROOT_PASSWORD=secret \
    -e MYSQL_DATABASE=todos \
    mysql:8.0

While mysql isn't normally a valid hostname, Docker was able to resolve it to the IP address of the container that had that network alias.

What this means is that your app only simply needs to connect to a host named mysql and it'll talk to the database.

connect已启动的容器to一个network

Docker Compose

是一个定义和分享多容器应用的工具。通过Compose，您可以创建一个YAML文件来定义服务，只需一个命令，即可启动整个应用或将其全部关闭。

compose.yaml或docker-compose.yml

用docker compse up命令启动，docker compse down关闭

每个container称为service，不需要显式定义network，默认都在一个network下

Image Layering

在dockerfile中把需要安装dependencies的部分和source code部分分开COPY，这样在修改src后安装dependencies部分可以cache

# syntax=docker/dockerfile:1
FROM node:18-alpine
WORKDIR /app
COPY package.json yarn.lock ./    # 安装部分
RUN yarn install --production
COPY . .
CMD ["node", "src/index.js"]

Multi-stage builds

Why

Separate build-time dependencies from runtime dependencies
Reduce overall image size by shipping only what your app needs to run

有的时候需要装依赖来buid，例如maven来compile java的源码，但是在production的时候不需要，称为build-time dependencies。我们不希望把这些依赖也ship到final镜像中

# syntax=docker/dockerfile:1
FROM maven AS build
WORKDIR /app
COPY . .
RUN mvn package

FROM tomcat
COPY --from=build /app/target/file.war /usr/local/tomcat/webapps

上面最后一行：仅把build镜像中（build完后的）路径文件拷贝过来新的final镜像