docker
1.Docker是什么
Docker是一个开源的容器引擎,可以打包方式封装应用以及依赖包到一个可移植的镜像中,然后发布到任何Linux或者windows上,也可以实现虚拟化。容器是完全使用隔离机制,相互之间不会有任何接口。docker以提供标准化的运行时环境为目标,做到了“构建一次,所有地方运行”,可以讲同一个构建版本用于任何环境,并且做到了于底层操作系统的解耦,也就是只要能够安装docker的引擎就可以使用,在此基础上进一步发展出了CaaS(容器即服务)。
2.Docker底层原理
- docker的底层原理就是cgroup(资源控制)于namespaces结合管理了6个名称空间资源。
2.1Control groups(控制组)
linux上的docker引擎还依赖于另一种称为控制组的技术,将应用程序限制为一组特定的资源,控制组允许docker引擎将可用的硬件资源共享给容器,并有选择的实施限制和约束。
2.2namespaces(名称空间)
docker使用一种称为namespaces提供容器的隔离工作区的技术,运行容器时,docker会为该容器创建一组名称空间,这些名称空间提供了一层隔离,容器的每个方面都在单独的名称空间中运行,并且访问仅限于该名称空间。
容器隔离了6个名称空间分别为
- mount- 管理文件系统挂载点 :文件系统,也就是挂载点,一个文件系统内不能重复挂在一个指定目录
- user:操作进程的用户和用户组
- pid-进程隔离:进程编号
- ipc-管理访问IPC资源:信号量、消息队列,共享内存
- uts-隔离内核和版本标识符:主机名和主机域
- net- 管理网络接口:网络设备、网络协议、端口等
3.Docker引擎
Docker 引擎(Engine)是具有以下主要组件的C/S客户端-服务器应用程序
- server端:服务器是一种长期运行的程序,称为守护程序进程
- client端:指定程序可以用来于守护进程通信并知识其操作的接口
- 命令行界面
- docker run
- docker start
- docker rm
4.docker和虚拟机的区别
| 不同点 | container | VM |
|---|---|---|
| 启动速度 | 秒级 | 分钟 |
| 运行性能 | 在内核中运行趋近于90% | 50%左右损失 |
| 磁盘占用 | MB | GB |
| 进程数量 | 成百上千 | 几十台 |
| 隔离性 | 进程级别 | 系统级别 |
| 操作系统 | 主要支持Linux | 几乎所有 |
| 封装程度 | 只打包项目代码和依赖关系,共享宿主机内核 | 完整的操作系统,和宿主机隔离 |
5.Docker架构
docker使用客户端-服务器架构(server-client)docker客户端于docker守护进程进行对话,该守护进程完成了构建,运行和发布docker容器的工作,docker区别于传统的虚拟化,不需要虚拟硬件资源,直接使用容器引擎,所以比传统的虚拟化要更快。
- docker client:客户端提供一个于用户交互和展示的平台、管理、控制服务器的工具
- docker客户端是许多docker用户和docker交互的主要方式,当使用命令时客户端会将这些命令发送到dockerd,以执行这些命令,那么这个命令使用docker API,docker客户端可以和多个守护程序通信
- Docker daemon:守护进程
- Docker images:镜像
- Docker container:容器
- Docker registry:仓库
其中镜像、容器以及仓库组成了docker的三大组件
5.1三大组件
- 镜像:一组资源集合,包含了应用程序软件包、应用程序相关的依赖包、运行应用程序所需要的基础环境
- 容器:基于镜像的一种运行时状态
- 仓库:存放image镜像,分为公共仓库-docker hub和私有仓库-registry harbor
6.部署Docker
[root@docker ~]# yum -y install yum-utils device-mapper-persistent-data lvm2 //下载驱动
[root@docker ~]# cd /etc/yum.repos.d/ //变更yum源
[root@docker yum.repos.d]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo //改为阿里源
[root@docker yum.repos.d]# setenforce 0 //关闭核心防护
[root@docker yum.repos.d]# yum -y install docker-ce
[root@docker yum.repos.d]# systemctl start docker //开启
[root@docker yum.repos.d]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
- 设置镜像加速(可以在阿里云官方网站上,只要注册了用户在容器镜像服务中会自动分配加速地址)
[root@docker ~]# cd /etc/docker
[root@docker docker]# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://k79j39r9.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://k79j39r9.mirror.aliyuncs.com"]
}
[root@docker docker]# systemctl daemon-reload
[root@docker docker]# systemctl restart docker
- 优化网络
[root@docker docker]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1 //末尾插入
[root@docker docker]# sysctl -p
net.ipv4.ip_forward = 1
[root@docker docker]# systemctl restart network
[root@docker docker]# systemctl restart docker
[root@docker docker]# ls
daemon.json key.json
[root@server docker]# cat daemon.json //在这个文件里也可以配置一些自己想定义的如:仓库、地址等
{
"registry-mirrors": ["https://k79j39r9.mirror.aliyuncs.com"]
}
7.docker镜像操作
- 查看docker版本
[root@docker ~]# docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:49 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:54:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@docker ~]# docker info //可以查看版本,也可以查看关于容器的信息
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 1 //几个容器
Running: 0 //运行中的容器
Paused: 0 //基础容器
Stopped: 1 //未运行的容器
Images: 1 //多少个镜像
Server Version: 20.10.8
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: e25210fe30a0a703442421b0f60afac609f950a3
runc version: v1.0.1-0-g4144b63
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.683GiB
Name: server
ID: 4SN3:4RTI:DQVT:TWEI:EV4U:VFMF:GRR5:MUV2:PWL5:SLMM:YOMY:WBCR
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://k79j39r9.mirror.aliyuncs.com/
Live Restore Enabled: false
- 搜索镜像
[root@docker ~]# docker search nginx
NAME DESCRIPTION STARS OFFICIAL A
nginx Official build of Nginx. 15394 [OK]
jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 2061 [
richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 816 [
jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 239
linuxserver/nginx An Nginx container, brought to you by LinuxS… 152
tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 140 [
jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 135 [
alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 106 [
nginxdemos/hello NGINX webserver that serves a simple page co… 72 [
privatebin/nginx-fpm-alpine PrivateBin running on an Nginx, php-fpm & Al… 56 [
nginx/nginx-ingress NGINX and NGINX Plus Ingress Controllers fo… 55
nginxinc/nginx-unprivileged Unprivileged NGINX Dockerfiles 47
staticfloat/nginx-certbot Opinionated setup for automatic TLS certs lo… 24 [
nginx/nginx-prometheus-exporter NGINX Prometheus Exporter for NGINX and NGIN… 19
schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 19 [
nginxproxy/nginx-proxy Automated Nginx reverse proxy for docker con… 18
centos/nginx-112-centos7 Platform for running nginx 1.12 or building … 15
centos/nginx-18-centos7 Platform for running nginx 1.8 or building n… 13
bitwarden/nginx The Bitwarden nginx web server acting as a r… 11
flashspys/nginx-static Super Lightweight Nginx Image 10 [
mailu/nginx Mailu nginx frontend 9 [
sophos/nginx-vts-exporter Simple server that scrapes Nginx vts stats a… 7 [
ansibleplaybookbundle/nginx-apb An APB to deploy NGINX 2 [
wodby/nginx Generic nginx 1 [
arnau/nginx-gate Docker image with Nginx with Lua enabled on … 1
- 拉取镜像
[root@docker ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
e1acddbe380c: Pull complete
e21006f71c6f: Pull complete
f3341cc17e58: Pull complete
2a53fa598ee2: Pull complete
12455f71a9b5: Pull complete
b86f2ba62d17: Pull complete
Digest: sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
- 查看已有镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest dd34e67e3371 2 weeks ago 133MB
hello-world latest d1165f221234 6 months ago 13.3kB
- 查看镜像详细信息
[root@docker ~]# docker inspect dd34e67e3371
- 打标签,相当于给已有的镜像打一层标签
[root@docker ~]# docker tag nginx:latest nginx:lnmp
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest dd34e67e3371 2 weeks ago 133MB
nginx lnmp dd34e67e3371 2 weeks ago 133MB
hello-world latest d1165f221234 6 months ago 13.3kB
- 删除标签(也可以跟ID删除,不过所有标签都会删除)
[root@docker ~]# docker rmi nginx:lnmp
Untagged: nginx:lnmp
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest dd34e67e3371 2 weeks ago 133MB
hello-world latest d1165f221234 6 months ago 13.3kB
[root@docker ~]# docker rmi nginx:latest
Untagged: nginx:latest
Untagged: nginx@sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef
Deleted: sha256:dd34e67e3371dc2d1328790c3157ee42dfcae74afffd86b297459ed87a98c0fb
Deleted: sha256:ec6149850eea7af0bfa5f4aa0130d2c3cbae06e4b5da8c748d8b6b1b0cb81d07
Deleted: sha256:2a3d94c7adfe6e94ef038a9b3ea3631168e979f8ddb49a38b203e364627af2d9
Deleted: sha256:2bbff8011bb867605e83fdb8095f94a347307726b8cce81d752886a8af974aea
Deleted: sha256:f151353bef203bd70680578f33abd9667b65434ffadf547f900dca09927cc435
Deleted: sha256:47c01ba78b6d0bdef530c46858d4c83b87452d42dc9faa54b02b3e026107ff27
Deleted: sha256:f68ef921efae588b3dd5cc466a1ca9c94c24785f1fa9420bea15ecc2dedbe781
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 6 months ago 13.3kB
- 导出镜像文件
[root@docker ~]# docker save -o nginx_docker nginx:latest
[root@docker ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg nginx_docker
- 地址
[root@docker ~]# docker save -o /opt/nginx01-docker nginx:latest
[root@docker ~]# ls /opt
containerd nginx01-docker
- 远程导出
[root@docker ~]# scp nginx_docker root@192.168.20.22:/opt
The authenticity of host '192.168.20.22 (192.168.20.22)' can't be established.
ECDSA key fingerprint is SHA256:EJF/ChFA3xatEi7E4/nQiImp/Vtn94mqcgYTm17oJ7Y.
ECDSA key fingerprint is MD5:a9:7f:b8:51:01:2a:c1:c1:fb:a4:24:8c:49:88:2a:bf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.22' (ECDSA) to the list of known hosts.
root@192.168.20.22's password:
nginx_docker 100% 131MB 142.6MB/s 00:00
[root@docker2 opt]# ls
containerd nginx_docker rh
- 导入镜像
[root@docker2 opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker2 ~]# docker load < /opt/nginx_docker
f68ef921efae: Loading layer 72.53MB/72.53MB
d1279c519351: Loading layer 64.86MB/64.86MB
678bbd796838: Loading layer 3.072kB/3.072kB
009f1d338b57: Loading layer 4.096kB/4.096kB
8f736d52032f: Loading layer 3.584kB/3.584kB
fb04ab8effa8: Loading layer 7.168kB/7.168kB
Loaded image: nginx:latest
[root@docker2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest dd34e67e3371 2 weeks ago 133MB
8.Docker容器操作
- 查看容器信息
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
96a7de1b716a nginx "/docker-entrypoint.…" 27 minutes ago Exited (0) 27 minutes ago ecstatic_satoshi
b971de7a042d hello-world "/hello" 42 hours ago Exited (0) 42 hours ago cool_curran
- 加(-q)表示只过滤容器ID
[root@docker ~]# docker ps -aq
96a7de1b716a
b971de7a042d
- 启动容器并执行命令(持续在后台运行)
[root@docker2 ~]# docker run -d centos:7 /bin/bash -c "while true;do echo hello;done"
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
af74134c304aa0f7e3082ec2f98d47ecb59a5126de8ac4b33351028100785e06
- 创建容器
[root@docker2 ~]# docker create -it nginx:latest /bin/bash
9eec2f9cb5f3605879e36ce74f11fff6c63359389bc94410c8b31eb732eff31d
-i让容器的标准输入保持打开
-t让容器分配一个伪终端
-d保持后台运行
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9eec2f9cb5f3 nginx:latest "/docker-entrypoint.…" 3 minutes ago Created nifty_cannon
- 运行容器
[root@docker2 ~]# docker start 9eec2f9cb5f3
9eec2f9cb5f3
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9eec2f9cb5f3 nginx:latest "/docker-entrypoint.…" 5 minutes ago Up 18 seconds 80/tcp nifty_cannon
- 停止容器
[root@docker2 ~]# docker stop 9eec2f9cb5f3
9eec2f9cb5f3
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9eec2f9cb5f3 nginx:latest "/docker-entrypoint.…" 7 minutes ago Exited (137) 18 seconds ago nifty_cannon
- 进入容器
- 一次性,会在输入exit后终止进程
[root@docker2 ~]# docker run -it nginx:latest /bin/bash
root@c780d05b0d85:/#
root@c780d05b0d85:/# exit
exit
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c780d05b0d85 nginx:latest "/docker-entrypoint.…" 4 minutes ago Exited (0) 19 seconds ago eloquent_kalam
- 连接容器退出后不会影响进程
[root@docker2 ~]# docker start c780d05b0d85
c780d05b0d85
[root@docker2 ~]# docker exec -it c780d05b0d85 /bin/bash
root@c780d05b0d85:/# exit
exit
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af74134c304a centos:7 "/bin/bash -c 'while…" 2 minutes ago Exited (137) About a minute ago agitated_taussig
c780d05b0d85 nginx:latest "/docker-entrypoint.…" 11 minutes ago Up 14 seconds 80/tcp eloquent_kalam
- 删除容器
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af74134c304a centos:7 "/bin/bash -c 'while…" 9 minutes ago Exited (137) 7 minutes ago agitated_taussig
c780d05b0d85 nginx:latest "/docker-entrypoint.…" 17 minutes ago Exited (137) 22 seconds ago eloquent_kalam
9eec2f9cb5f3 nginx:latest "/docker-entrypoint.…" 27 minutes ago Exited (137) 7 minutes ago nifty_cannon
[root@docker2 ~]# docker rm af74134c304a
af74134c304a
[root@docker2 ~]# docker rm c780d05b0d85
c780d05b0d85
[root@docker2 ~]# docker rm 9eec2f9cb5f3
9eec2f9cb5f3
[root@docker2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker ~]# docker rm -f `docker ps -aq` //批量删除
f1abc0bc86d3
964a162613ab
3c9295f47a26
29275fc381f9
a3ad108f1a43
5913d9abc742
4c9e8715b0ee
04#批量册删除"exit”状态的容器
for i in 'docker ps -a | grep -i exit | awk ' {print $1} ' ; do docker rm -f $i;done
- 导出容器
[root@docker2 ~]# docker export 9eec2f9cb5f3 > /opt/nginx02
[root@docker2 ~]# cd /opt
[root@docker2 opt]# ls
containerd nginx02 nginx_docker rh
- 导入容器(只会创建镜像,不会创建容器)
[root@docker opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@docker opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 822b7ec2aaf2 2 hours ago 133MB
[root@docker opt]# docker rmi 822b7ec2aaf2
Untagged: nginx:latest
Untagged: nginx@sha256:c442ff5a3d9f6dc92dd8aee388ece42d965e002805e3edaaff34e79d8ee6d0a4
Deleted: sha256:822b7ec2aaf2122b8f80f9c7f45ca62ea3379bf33af4e042b67aafbf6eac1941
Deleted: sha256:47dec9bde9e483e6265a6f52ab1e726724927e2e9d2ac358fdf58fbfcd6cf418
Deleted: sha256:7920a27f48f198550d59f64681b99441bbc3d2ce4778a855ce1ef9bafc96ae69
Deleted: sha256:a3c5a94eb1ea071c73dcea1969e0b71beea445d3b9d0735eaf6715d8e351434c
Deleted: sha256:e73eb58ed241e67a7a2c8589dde85eb72811eac1eb4cf3b586e40d2b9cc9d0c1
Deleted: sha256:b5d976dc9b0fa380affe1f6a17df18f02ab7debec2d35a0407fb863338591ed7
Deleted: sha256:d000633a56813933cb0ac5ee3246cf7a4c0205db6290018a169d7cb096581046
[root@docker opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker opt]# docker import nginx nginx:latest
sha256:d57fe02474690a026494c4978e9ee3c18da74cfa8fd0da8fcdf803862023f0cf
[root@docker opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest d57fe0247469 10 seconds ago 132MB
[root@docker opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- 批量删除处于exit状态的docker
for i in 'docker ps -a / grep -i exit | awk '{print $1} ' `; do docker rm -f $i;done
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
