目录
一.关于docker
docker是管理容器的引擎(镜像打包,镜像上传下载)而非单纯的虚拟化技术。
1.传统虚拟化与容器技术对比:
虚拟机 | docker容器 | |
操作系统 | 宿主机上运行虚拟机的OS | 共享宿主机OS |
存储 | 镜像较大(GB) | 镜像小(MB) |
性能 | 操作系统额外的CPU,内存消耗 | 几乎无性能损耗 |
移植性 | 笨重,与虚拟化技术耦合度高 | 轻量,灵活迁移 |
隔离性 | 完全隔离 | 安全隔离 |
部署 | 慢,分钟级 | 快速,秒级 |
运行密度 | 一般几十个 | 单机支持上千容器 |
2.docker的优势:
二,安装docker
docker-ce镜像_docker-ce下载地址_docker-ce安装教程-阿里巴巴开源镜像站 (aliyun.com)
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
mv docker-ce.repo /etc/yum.repos.d/
cd /etc/yum.repos.d/
vim docker-ce.repo
cd /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 在阿里云安装依赖性centos
vim CentOS-Base.repo
yum install -y docker-ce
2.初始化
systemctl enable --now docker.service
vim /etc/sysctl.d/docker.conf
sysctl --system 使之生效
sysctl -a | grep bridge.bridge-nf-call-iptables 过滤查看
docker info 查看docker的详细信息
docker ps 查看容器
docker ps -a 列出所有容器
docker images 查看镜像
docker pull 拉取镜像
docker search 搜索镜像
docker rm -f 释放容器
3.部署nginx
docker run -d --name demo -p 80:80 nginx
-d 打入后台
-p 端口映射
三,docker镜像
1.关于镜像:
1)镜像的分层结构共享的是宿主机内核
2)镜像层是只读的,容器层是可写的
3)docker从上往下依次查找文件
docker pull ubuntu
docker run -it --rm ubuntu 执行后会进入容器内
-i 交互式
-rm 回收
uname -r 查看内核
2.镜像的构建
1)容器层的数据如何保存
[root@servr4 ~]# docker run -it --rm ubuntu 在运行时不给名字,会随机命名
root@e345733a5f86:/# touch file1
root@e345733a5f86:/# touch file2
root@e345733a5f86:/# touch file3
root@e345733a5f86:/# ls
bin dev file1 file3 lib lib64 media opt root sbin sys usr
boot etc file2 home lib32 libx32 mnt proc run srv tmp var
root@e345733a5f86:/# [root@servr4 ~]# docker ps ctrl+p+q 后容器会被打入后台
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e345733a5f86 ubuntu "bash" About a minute ago Up About a minute 始终是 up状态ecstatic_sinoussi
[root@servr4 ~]# docker commit -m "add files" e345733a5f86 ubuntu:v1 提交( docker commit ) v1指定版本
sha256:37587ee0b76d562238920ff14b435d5d2fc6e56cf9790256a308e2f0f41bf020
[root@servr4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v1 37587ee0b76d About a minute ago 77.8MB
nginx latest 2b7d6430f78d 10 hours ago 142MB
nginx v1 2b7d6430f78d 10 hours ago 142MB
ubuntu latest df5de72bdb3b 3 weeks ago 77.8MB
[root@servr4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e345733a5f86 ubuntu "bash" 15 minutes ago Up 15 minutes ecstatic_sinoussi
[root@servr4 ~]# docker attach reverent_torvalds 再次进入容器
[root@servr4 ~]# docker run -it --rm ubuntu:v1 进入打包的镜像
root@7d4e74e94192:/# ls
bin dev file1 file3 lib lib64 media opt root sbin sys usr
boot etc file2 home lib32 libx32 mnt proc run srv tmp var
[root@servr4 ~]# docker history ubuntu:v1 多了一层
IMAGE CREATED CREATED BY SIZE COMMENT
37587ee0b76d 42 minutes ago bash 0B add files
df5de72bdb3b 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:396eeb65c8d737180… 77.8MB
[root@servr4 ~]# docker history ubuntu
IMAGE CREATED CREATED BY SIZE COMMENT
df5de72bdb3b 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:396eeb65c8d737180… 77.8MB
2)Dockerfile声明式构建
[root@servr4 ~]# mkdir docker
[root@servr4 ~]# cd docker/
[root@servr4 docker]# ls
[root@servr4 docker]# vim Dockerfile (Dockerfile要放在一个空目录下)
FROM ubuntu
RUN mkdir /data
RUN touch /data/file1
[root@servr4 docker]# docker build -t ubuntu:v2 . 提交
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM ubuntu
---> df5de72bdb3b
Step 2/3 : RUN mkdir /data
---> Running in 8e8d811466a6
Removing intermediate container 8e8d811466a6
---> 37ae750d5906
Step 3/3 : RUN touch /data/file1
---> Running in 5ad2ca1d97ed
Removing intermediate container 5ad2ca1d97ed
---> 42995257e09d
Successfully built 42995257e09d
Successfully tagged ubuntu:v2
[root@servr4 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu v2 42995257e09d 16 seconds ago 77.8MB
ubuntu v1 37587ee0b76d 49 minutes ago 77.8MB
nginx latest 2b7d6430f78d 11 hours ago 142MB
nginx v1 2b7d6430f78d 11 hours ago 142MB
ubuntu latest df5de72bdb3b 3 weeks ago 77.8MB
[root@servr4 docker]# docker history ubuntu:v2 会告诉每一层干了什么事情
IMAGE CREATED CREATED BY SIZE COMMENT
42995257e09d 28 seconds ago /bin/sh -c touch /data/file1 0B
37ae750d5906 29 seconds ago /bin/sh -c mkdir /data 0B
df5de72bdb3b 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:396eeb65c8d737180… 77.8MB
3)copy
Dockerfile当中一旦启用copy,index.html一定要在当前目录,不能调用构建目录意外的路径,相对路径
vim Dockerfile
FROM ubuntu
RUN mkdir /data
RUN touch /data/file1
COPY index.html /data
[root@servr4 docker]# echo www.westos.org > index.html
[root@servr4 docker]# ls
Dockerfile index.html
[root@servr4 docker]# docker build -t ubuntu:v3 .
Sending build context to Docker daemon 3.072kB
Step 1/4 : FROM ubuntu
---> df5de72bdb3b
Step 2/4 : RUN mkdir /data
---> Using cache
---> 37ae750d5906
Step 3/4 : RUN touch /data/file1
---> Using cache
---> 42995257e09d
Step 4/4 : COPY index.html /data
---> a2cdcefc6e25
Successfully built a2cdcefc6e25
Successfully tagged ubuntu:v3
[root@servr4 docker]# docker history ubuntu:v3
IMAGE CREATED CREATED BY SIZE COMMENT
a2cdcefc6e25 11 seconds ago /bin/sh -c #(nop) COPY file:89a58ee0b2565a73… 15B
42995257e09d 5 minutes ago /bin/sh -c touch /data/file1 0B
37ae750d5906 5 minutes ago /bin/sh -c mkdir /data 0B
df5de72bdb3b 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:396eeb65c8d737180… 77.8MB
[root@servr4 docker]# docker run -it --rm ubuntu:v3
root@e90838a09528:/# ls
bin boot data dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
root@e90838a09528:/# cd /data/
root@e90838a09528:/data# ls
file1 index.html
4)add
下载nginx的包
[root@servr4 docker]# vim Dockerfile
FROM ubuntu
RUN mkdir /data
RUN touch /data/file1
COPY index.html /data
ADD nginx-1.21.6.tar.gz /data add会完成自动解压,(如果改变add的之前的,就不能使用缓存)
[root@servr4 docker]# docker build -t ubuntu:v4 .
Sending build context to Docker daemon 1.077MB
Step 1/5 : FROM ubuntu
---> df5de72bdb3b
Step 2/5 : RUN mkdir /data
---> Using cache
---> 37ae750d5906
Step 3/5 : RUN touch /data/file1
---> Using cache
---> 42995257e09d
Step 4/5 : COPY index.html /data
---> Using cache
---> a2cdcefc6e25
Step 5/5 : ADD nginx-1.21.6.tar.gz /data
---> ac06ecd481ca
Successfully built ac06ecd481ca
Successfully tagged ubuntu:v4
[root@servr4 docker]# docker history ubuntu:v4
IMAGE CREATED CREATED BY SIZE COMMENT
ac06ecd481ca 11 seconds ago /bin/sh -c #(nop) ADD file:8e86f7dae7bf3e74b… 6.46MB
a2cdcefc6e25 22 minutes ago /bin/sh -c #(nop) COPY file:89a58ee0b2565a73… 15B
42995257e09d 28 minutes ago /bin/sh -c touch /data/file1 0B
37ae750d5906 28 minutes ago /bin/sh -c mkdir /data 0B
df5de72bdb3b 3 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 3 weeks ago /bin/sh -c #(nop) ADD file:396eeb65c8d737180… 77.8MB
[root@servr4 docker]# docker run -it --rm ubuntu:v4
root@0973d0a75b40:/# ls
bin boot data dev etc home lib lib32 lib64 libx32 media mnt opt proc root run sbin srv sys tmp usr var
root@0973d0a75b40:/# cd /data/
root@0973d0a75b40:/data# ls
file1 index.html nginx-1.21.6
root@0973d0a75b40:/data# cd nginx-1.21.6/
root@0973d0a75b40:/data/nginx-1.21.6# ls
CHANGES CHANGES.ru LICENSE README auto conf configure contrib html man src
root@0973d0a75b40:/data/nginx-1.21.6#
4)ENV环境变量
vim Dockerfile
FROM ubuntu
RUN mkdir /data
RUN touch /data/file1
COPY index.html /data
ADD nginx-1.21.6.tar.gz /data
ENV HOSTNAME server4 变量
EXPOSE 3306 容器内服务运行的端口,便于端口映射
VOLUME ["/www"] 数据卷挂载,会帮我们在容器内自动创建 释放容器时数据还在
[root@servr4 docker]# docker build -t ubuntu:v5 .
Sending build context to Docker daemon 1.077MB
Step 1/8 : FROM ubuntu
---> df5de72bdb3b
Step 2/8 : RUN mkdir /data
---> Using cache
---> 37ae750d5906
Step 3/8 : RUN touch /data/file1
---> Using cache
---> 42995257e09d
Step 4/8 : COPY index.html /data
---> Using cache
---> a2cdcefc6e25
Step 5/8 : ADD nginx-1.21.6.tar.gz /data
---> Using cache
---> ac06ecd481ca
Step 6/8 : ENV HOSTNAME server1
---> Using cache
---> 23de2939254e
Step 7/8 : EXPOSE 3306
---> Using cache
---> 5432d2850eee
Step 8/8 : VOLUME ["/www"]
---> Using cache
---> 900c7f32064a
Successfully built 900c7f32064a
Successfully tagged ubuntu:v5
[root@servr4 docker]# docker run -it --rm ubuntu:v5
root@42e1fdc6cffc:/# env
HOSTNAME=server1
PWD=/
HOME=/root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
TERM=xterm
SHLVL=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
root@42e1fdc6cffc:/# cd /www/
root@42e1fdc6cffc:/www# ls
root@42e1fdc6cffc:/www# pwd
/www
root@42e1fdc6cffc:/www#
四,docker仓库
配置镜像加速器
- 进入阿里云官网,登录阿里云,搜索栏 搜索容器镜像服务
- 容器镜像服务 ——>立即开通——>点击镜像工具
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://r9421rou.mirror.aliyuncs.com"]
}
重载docker服务:
systemctl daemon—reload
systemctl restart docker
docker info 查看仓库是否生效
1.搭建私有仓库
docker hub虽然方便,但是还是有限制。需要internet连接,速度慢 所有人都可以访问 由于安全原因企业不允许将镜像放到外网 。docker公司已经将registry开源,我们可以快速构建企业私有 仓库
1,下载registry镜像:docker pull registry
2,运行registry容器
[root@servr4 docker]# docker run -d --name registry1 -p 5000:5000 -v /opt/registry:/var/lib/registry registry
ce4c61962ab885ff69858eeb0ff2b04b2a79cb2b8ea39fced697536e3f44eb92
-d:打入后台 -p:端口映射 (5000:5000 容器内:宿主机)
-v:手动指定挂在路径给容器,不给的话会自动创建
[root@servr4 docker]# docker ps 查看容器是否运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce4c61962ab8 registry "/entrypoint.sh /etc…" 7 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp registry1
3,上传镜像到本地仓库
[root@servr4 docker]# docker tag nginx:latest localhost:5000/nginx:latest
本地镜像在命名时需要加上仓库的ip和端口
[root@servr4 docker]# docker push localhost:5000/nginx:latest
The push refers to repository [localhost:5000/nginx]
73993eeb8aa2: Layer already exists
2c31eef17db8: Layer already exists
7b9055fc8058: Layer already exists
04ab349b7b3b: Layer already exists
226117031573: Layer already exists
6485bed63627: Layer already exists
latest: digest: sha256:89020cd33be2767f3f894484b8dd77bc2e5a1ccc864350b92c53262213257dfc size: 1570
[root@servr4 docker]# curl http://localhost:5000/v2/_catalog
{"repositories":["nginx"]}
4,修改镜像名称
[root@servr4 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> ec2c6593c61e 3 months ago 84.3MB
localhost:5000/nginx latest 2b7d6430f78d 3 months ago 142MB
ubuntu latest df5de72bdb3b 3 months ago 77.8MB
mysql 5.7 c20987f18b13 11 months ago 448MB
registry latest b8604a3fe854 12 months ago 26.2MB
centos 7 eeb6ee3f44bd 14 months ago 204MB
[root@servr4 docker]# docker tag localhost:5000/nginx:latest nginx:latest
[root@servr4 docker]# docker rmi localhost:5000/nginx:latest
Untagged: localhost:5000/nginx:latest
Untagged: localhost:5000/nginx@sha256:89020cd33be2767f3f894484b8dd77bc2e5a1ccc864350b92c53262213257dfc
[root@servr4 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> ec2c6593c61e 3 months ago 84.3MB
nginx latest 2b7d6430f78d 3 months ago 142MB
ubuntu latest df5de72bdb3b 3 months ago 77.8MB
mysql 5.7 c20987f18b13 11 months ago 448MB
registry latest b8604a3fe854 12 months ago 26.2MB
centos 7 eeb6ee3f44bd 14 months ago 204MB
2.搭建harbor仓库
1,软件下载 :https://github.com/goharbor/harbor/releases
2,解压:
[root@server5 ~]# tar zxf harbor-offline-installer-v2.5.0.tgz
[root@server5 ~]# cd harbor/
[root@server5 harbor]# ls
common.sh harbor.v2.5.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
自带镜像
[root@server5 harbor]# mkdir /data
[root@server5 harbor]# cd
[root@server5 ~]# ls
auth certs harbor harbor-offline-installer-v2.5.0.tgz openssl11-1.1.1k-2.el7.x86_64.rpm openssl11-libs-1.1.1k-2.el7.x86_64.rpm
[root@server5 ~]# cp -r certs/ /data/
[root@server5 ~]# cd /data/
[root@server5 data]# ls
certs
[root@server5 data]# cd certs/
[root@server5 certs]# ls
westos.org.crt westos.org.key
[root@server5 harbor]# vim harbor.yml
hostname: reg.westos.org
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/certs/westos.org.crt
private_key: /data/certs/westos.org.key
harbor_admin_password: westos
3.安装docker-compose,
docker-compose 是用来维护多个容器的,是docker内负责容器编排的工具,彼此整合,对外发布整体的服务。
[root@server5 harbor]# cd
[root@server5 ~]# ls
auth docker-compose-linux-x86_64-v2.5.0 harbor-offline-installer-v2.5.0.tgz openssl11-libs-1.1.1k-2.el7.x86_64.rpm
certs harbor openssl11-1.1.1k-2.el7.x86_64.rpm
[root@server5 ~]# mv docker-compose-linux-x86_64-v2.5.0 /usr/local/bin/docker-compose
[root@server5 ~]# chmod +x /usr/local/bin/docker-compose
[root@server5 ~]# cd harbor/
[root@server5 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 23.0.1
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.5.0
[Step 2]: loading Harbor images ...
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 0.0s
⠿ Container harbor-log Started 0.4s
⠿ Container redis Started 1.0s
⠿ Container harbor-portal Started 1.7s
⠿ Container registryctl Started 1.7s
⠿ Container registry Started 1.7s
⠿ Container harbor-db Started 1.7s
⠿ Container harbor-core Started 2.2s
⠿ Container nginx Started 4.0s
⠿ Container harbor-jobservice Started 4.0s
✔ ----Harbor has been installed and started successfully.----
[root@server5 harbor]# ls
common common.sh docker-compose.yml harbor.v2.5.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@server5 harbor]# docker-compose ps
NAME COMMAND SERVICE STATUS PORTS
harbor-core "/harbor/entrypoint.…" core running (healthy)
harbor-db "/docker-entrypoint.…" postgresql running (healthy)
harbor-jobservice "/harbor/entrypoint.…" jobservice running (healthy)
harbor-log "/bin/sh -c /usr/loc…" log running (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal "nginx -g 'daemon of…" portal running (healthy)
nginx "nginx -g 'daemon of…" proxy running (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp, :::80->8080/tcp, :::443->8443/tcp
redis "redis-server /etc/r…" redis running (healthy)
registry "/home/harbor/entryp…" registry running (healthy)
registryctl "/home/harbor/start.…" registryctl running (healthy)
4.访问:172.25.77.5 账号:admin 密码:westos
5.上传镜像:
[root@server5 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 0d153fadf70b 5 weeks ago 24.2MB
nginx latest 3f8a00f137a0 6 weeks ago 142MB
mysql latest 57da161f45ac 6 weeks ago 517MB
ubuntu latest 58db3edaf2be 8 weeks ago 77.8MB
goharbor/harbor-exporter v2.5.0 36396f138dfb 11 months ago 86.7MB
goharbor/chartmuseum-photon v2.5.0 eaedcf1f700b 11 months ago 225MB
goharbor/redis-photon v2.5.0 1e00fcc9ae63 11 months ago 156MB
goharbor/trivy-adapter-photon v2.5.0 4e24a6327c97 11 months ago 164MB
goharbor/notary-server-photon v2.5.0 6d5fe726af7f 11 months ago 112MB
goharbor/notary-signer-photon v2.5.0 932eed8b6e8d 11 months ago 109MB
goharbor/harbor-registryctl v2.5.0 90ef6b10ab31 11 months ago 136MB
goharbor/registry-photon v2.5.0 30e130148067 11 months ago 77.5MB
goharbor/nginx-photon v2.5.0 5041274b8b8a 11 months ago 44MB
goharbor/harbor-log v2.5.0 89fd73f9714d 11 months ago 160MB
goharbor/harbor-jobservice v2.5.0 1d097e877be4 11 months ago 226MB
goharbor/harbor-core v2.5.0 42a54bc05b02 11 months ago 202MB
goharbor/harbor-portal v2.5.0 c206e936f4f9 11 months ago 52.3MB
goharbor/harbor-db v2.5.0 d40a1ae87646 11 months ago 223MB
goharbor/prepare v2.5.0 36539574668f 11 months ago 268MB
centos latest 5d0da3dc9764 18 months ago 231MB
[root@server5 ~]# docker tag nginx:latest reg.westos.org/library/nginx:latest
[root@server5 ~]# docker push reg.westos.org/library/nginx:latest
The push refers to repository [reg.westos.org/library/nginx]
3ea1bc01cbfe: Pushed
a76121a5b9fd: Pushed
2df186f5be5c: Pushed
21a95e83c568: Pushed
81e05d8cedf6: Pushed
4695cdfb426a: Pushed
latest: digest: sha256:7f797701ded5055676d656f11071f84e2888548a2e7ed12a4977c28ef6114b17 size: 1570
[root@server5 ~]# docker tag ubuntu:latest reg.westos.org/library/ubuntu:latest
[root@server5 ~]# docker push reg.westos.org/library/ubuntu:latest
The push refers to repository [reg.westos.org/library/ubuntu]
c5ff2d88f679: Pushed
latest: digest: sha256:e6987feeb4f79e553bf07738ec908fde797c008941dcadf569b993c607a9cc55 size: 529
五.docker 网络
1,docker原生网络
[root@server5 harbor]# docker-compose down 停掉容器并且删掉网络
[+] Running 10/9
⠿ Container harbor-jobservice Removed 0.2s
⠿ Container nginx Removed 0.3s
⠿ Container registryctl Removed 10.1s
⠿ Container harbor-core Removed 0.3s
⠿ Container harbor-portal Removed 0.3s
⠿ Container harbor-db Removed 0.3s
⠿ Container registry Removed 0.2s
⠿ Container redis Removed 0.4s
⠿ Container harbor-log Removed 10.1s
⠿ Network harbor_harbor Removed 0.0s
docker安装后会自动创建三种网络:bridge,host,none
[root@server5 harbor]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ef2b35941e43 bridge bridge local
6a8882ea76aa host host local
aa5db2b7b8f4 none null local
docker安装时会创建一个名为docker0的linux bridge,新建的容器会自动桥接到这个接口
[root@server5 harbor]# ip addr
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0d:bd:59:a5 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:dff:febd:59a5/64 scope link
valid_lft forever preferred_lft forever
比如:bridge桥接模式下容器没有一个共有ip,只有宿主机可以直接访问,外部主机不可见。容器通过宿主机的NAT规则后可以访问外网。
[root@server5 harbor]# docker run -d --name demo nginx
0beab9a5969427e86ba15695493922ed57acc5363c1081c864b876b61d60f6fd
[root@server5 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0beab9a59694 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp demo
[root@server5 harbor]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02420dbd59a5 no vethc1ebb2f
[root@server5 harbor]# ip addr
26: vethc1ebb2f@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 0e:ae:87:a8:28:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::cae:87ff:fea8:2886/64 scope link
valid_lft forever preferred_lft forever
host模式可以让容器共享宿主机网络栈,好处是外部主机与容器直接通信,但容器的网络缺少隔离性。
[root@server5 harbor]# docker run -d --name demo --network host nginx
2fc7ea016fc9293e8931a7fefbbc648303f28b5e305c0316dee45d95d74e90bf
[root@server5 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2fc7ea016fc9 nginx "/docker-entrypoint.…" 6 seconds ago Up 5 seconds demo
[root@server5 harbor]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2711/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3115/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3508/master
tcp 0 0 172.25.77.5:22 172.25.77.250:42962 ESTABLISHED 3591/sshd: root@pts
tcp6 0 0 :::80 :::* LISTEN 2711/nginx: master
tcp6 0 0 :::22 :::* LISTEN 3115/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3508/master
在另一台主机访问172.25.77.5,可以直接访问到。
none模式是指禁用网络功能,只有localhost一个回环接口,在容器创建时使用--network=none指定。
[root@server5 harbor]# docker run -it --rm --network none busybox
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
/ #
2,docker自定义网络
自定义网络模式:bridge 常规的,类似默认的bridge网络,区别是多了DNS
overlay 创建跨主机网络
macvlan 创建跨主机网络
[root@server5 harbor]# docker network create -d bridge my_net1 直接创建会自动分配ip
a75bac689fbd1a61ab92cf76d453e98e7a02a984802037c1eddfbbea3f1439f9
[root@server5 harbor]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ef2b35941e43 bridge bridge local
6a8882ea76aa host host local
a75bac689fbd my_net1 bridge local
aa5db2b7b8f4 none null local
[root@server5 harbor]# docker network inspect my_net1
[
{
"Name": "my_net1",
"Id": "a75bac689fbd1a61ab92cf76d453e98e7a02a984802037c1eddfbbea3f1439f9",
"Created": "2023-03-23T16:22:32.149107989Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
此时在创建一个net2,可以发现ip是单调递增的。
[root@server5 harbor]# docker network create -d bridge my_net2
1ed893e29f0e9ba5b4432c17e4257cb502f61f6bce4fc139d152391d609de6e6
[root@server5 harbor]# docker network inspect my_net2
[
{
"Name": "my_net2",
"Id": "1ed893e29f0e9ba5b4432c17e4257cb502f61f6bce4fc139d152391d609de6e6",
"Created": "2023-03-23T16:25:55.918276949Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.20.0.0/16",
"Gateway": "172.20.0.1"
my_net1和my_net2是不同网段的,不同网段的容器之间相互隔离,不能通信。
比如:
[root@server5 harbor]# docker run -d --name web1 --network my_net1 nginx
6f7f3dd93721194a0349b5e3d4355d511dfd68eb5a60bf278b7888fed6ffe66e
[root@server5 harbor]# docker inspect web1
"EndpointID": "f8c2823ce5f43564c5d3057eb2812956349306654e29422c8c22f018166133a1",
"Gateway": "172.19.0.1",
"IPAddress": "172.19.0.2",
此时web1获取的是私有网段的地址,好处是可以解析。
[root@server5 harbor]# docker run -it --rm --network my_net1 busybox
/ # ip addr 交互式
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
33: eth0@if34: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.3/16 brd 172.19.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping web1
PING web1 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.086 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.187 ms
64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.066 ms
64 bytes from 172.19.0.2: seq=3 ttl=64 time=0.078 ms
^C
--- web1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.066/0.104/0.187 ms
此时在打开一个终端连接server5;
停掉web1,创建web2,可以发现web2抢了web1的ip。
[root@server5 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fabe5ff4f739 busybox "sh" 2 minutes ago Up 2 minutes optimistic_gould
6f7f3dd93721 nginx "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp web1
[root@server5 ~]# docker stop web1 停掉web1
web1
[root@server5 ~]# docker run -d --name web2 --network my_net1 nginx
27f8f7405c89d36396cd580d8e28e2572e5a75386a2eb07ac62c239ee290f146
[root@server5 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27f8f7405c89 nginx "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp web2
fabe5ff4f739 busybox "sh" 27 minutes ago Up 27 minutes optimistic_gould
[root@server5 ~]# docker inspect web2
"EndpointID": "3da6f9a3ccc29d2b51fd7e7755f237da6df43c716dbc486f27681fc95c13ff25",
"Gateway": "172.19.0.1",
"IPAddress": "172.19.0.2",
"IPPrefixLen": 16,
[root@server5 ~]# docker start web1 此时在打开web1
web1
[root@server5 ~]# docker ps 查看容器是否运行
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27f8f7405c89 nginx "/docker-entrypoint.…" 49 seconds ago Up 48 seconds 80/tcp web2
fabe5ff4f739 busybox "sh" 28 minutes ago Up 28 minutes optimistic_gould
6f7f3dd93721 nginx "/docker-entrypoint.…" 30 minutes ago Up 5 seconds 80/tcp web1
在客户端访问web1,发现ip变更
/ # ping web1
PING web1 (172.19.0.4): 56 data bytes
64 bytes from 172.19.0.4: seq=0 ttl=64 time=0.079 ms
64 bytes from 172.19.0.4: seq=1 ttl=64 time=0.109 ms
64 bytes from 172.19.0.4: seq=2 ttl=64 time=0.083 ms
64 bytes from 172.19.0.4: seq=3 ttl=64 time=0.119 ms
^C
--- web1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.079/0.097/0.119 ms
[root@server5 harbor]# docker run -it --rm --network my_net2 busybox
/ # ip addr 此时连接net2,获取的是20 网段
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:14:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.2/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping web1 web1是19网段
ping: bad address 'web1'
/ # ping web2 web2是19网段
ping: bad address 'web2'
容器的网络隔离性。
如何实现容器互通:
在另一台终端:把busybox连接到另一个网络
[root@server5 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f365fd1eee23 busybox "sh" 36 seconds ago Up 36 seconds gallant_morse
27f8f7405c89 nginx "/docker-entrypoint.…" 10 minutes ago Up 10 minutes 80/tcp web2
6f7f3dd93721 nginx "/docker-entrypoint.…" 40 minutes ago Up 9 minutes 80/tcp web1
[root@server5 ~]# docker network connect my_net2 f365fd1eee23
Error response from daemon: endpoint with name gallant_morse already exists in network my_net2
[root@server5 ~]# docker network connect my_net1 f365fd1eee23
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:14:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.2/16 brd 172.20.255.255 scope global eth0
valid_lft forever preferred_lft forever
43: eth1@if44: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:13:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.3/16 brd 172.19.255.255 scope global eth1
valid_lft forever preferred_lft forever
/ # ping web1
PING web1 (172.19.0.4): 56 data bytes
64 bytes from 172.19.0.4: seq=0 ttl=64 time=0.073 ms
64 bytes from 172.19.0.4: seq=1 ttl=64 time=0.065 ms
^C
--- web1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.065/0.069/0.073 ms
/ # ping web2
PING web2 (172.19.0.2): 56 data bytes
64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.065 ms
64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.190 ms
^C
--- web2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.065/0.127/0.190 ms
/ #
如何在容器内指定ip地址:
[root@server5 harbor]# docker rm -f web1
web1
[root@server5 harbor]# docker rm -f web2
web2
[root@server5 harbor]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ef2b35941e43 bridge bridge local
6a8882ea76aa host host local
a75bac689fbd my_net1 bridge local
1ed893e29f0e my_net2 bridge local
aa5db2b7b8f4 none null local
[root@server5 harbor]# docker network prune 删除没有被占用的网络,原生的不会被删除
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
my_net1
my_net2
[root@server5 harbor]# docker network ls
NETWORK ID NAME DRIVER SCOPE
ef2b35941e43 bridge bridge local
6a8882ea76aa host host local
aa5db2b7b8f4 none null local
[root@server5 harbor]# docker images prune 清理没有使用的镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@server5 harbor]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
[root@server5 harbor]# docker container prune 清理没有使用的容器
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
自己定义子网,网关通常是第一个ip地址。
[root@server5 harbor]# docker network create -d bridge --subnet 10.0.0,0/24 --gateway 10.0.0.1 my_net1
invalid subnet: invalid CIDR address: 0/24
[root@server5 harbor]# docker network create -d bridge --subnet 10.0.0.0/24 --gateway 10.0.0.1 my_net1
55ca28283ccd034460cd74fba88a549acd74effd419166e50bb823b1fb73cbd5
[root@server5 harbor]# docker network inspect my_net1
[
{
"Name": "my_net1",
"Id": "55ca28283ccd034460cd74fba88a549acd74effd419166e50bb823b1fb73cbd5",
"Created": "2023-03-23T17:18:06.951438283Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "10.0.0.0/24",
"Gateway": "10.0.0.1"
[root@server5 harbor]# docker run -it --rm --network my_net1 --ip 10.0.0.10 busybox
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
46: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:00:00:0a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.10/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
如果在自定义网络时加上--subnet 那么创建容器时就可以用--ip来指定静态ip地址。
3,docker容器通信
容器之间除了使用ip通信外,还可以使用容器名称通信。docker1.10开始,内嵌了DNS server。
DNS 解析功能必须在自定义网络中使用,启动时使用--name参数指定容器名称。
[root@server5 ~]# docker run -d --name demo nginx
0cc69d3d1689edd3e75c3687ff652e87b78446ecc7476bc86f99c285a85c73d8
[root@server5 ~]# docker network ls 默认使用的brideg
NETWORK ID NAME DRIVER SCOPE
1babc4c355e1 bridge bridge local
6a8882ea76aa host host local
55ca28283ccd my_net1 bridge local
aa5db2b7b8f4 none null local
[root@server5 ~]# docker run -it --rm --network container:demo busybox
/ # ip addr 网络指的是容器demo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # netstat -antlp 发现本机有一个80,因为busybox的网络就是demo的网络,他们共享一个网络栈
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 :::80 :::* LISTEN -
可以在打开一个终端查看一下demo的网络:
[root@server5 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4aca24e077f4 busybox "sh" 3 minutes ago Up 3 minutes modest_jemison
0cc69d3d1689 nginx "/docker-entrypoint.…" 13 minutes ago Up 13 minutes 80/tcp demo
[root@server5 ~]# docker inspect demo
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
4,docker跨主机容器网络
1,跨主机网络的解决方案:
01, docker原生的overlay和macvlan
02,第三方的flannel,weave,calico
2,众多网络方案是如何与docker集成在一起的
libnetwork docker容器网络库
CNM (Container Network Model) 分三类组件
01,Sandbox: 容器网络栈,包含容器接口,dns,陆游表。 (namespace)
02,Endpoint:作用是将sandbox接入network (veth pair)
03,Network:包含一组endpoint,同一network的endpoint 可以通信。
macvlan的网络模型实现:
linux内核提供的一种网卡虚拟化技术,无需linux bridge,直接使用物理接口性能极好。
在两台docker主机上各添加一块网卡,打开网卡混杂模式:
[root@server5 ~]# ip link set eth0 promisc on 打开混杂模式
[root@server5 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:31:bc:df brd ff:ff:ff:ff:ff:ff
inet 172.25.77.5/24 brd 172.25.77.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe31:bcdf/64 scope link
valid_lft forever preferred_lft forever
[root@server6 ~]# ip link set eth0 promisc on
[root@server6 ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:9e:a2:4f brd ff:ff:ff:ff:ff:ff
inet 172.25.77.6/24 brd 172.25.77.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe9e:a24f/64 scope link
valid_lft forever preferred_lft forever
在两台docker主机各创建macvlan网络:
-o 指定父级接口
[root@server6 ~]# docker network create -d macvlan --subnet 10.0.0.0/24 --gateway 10.0.0.1 -o parent=eth0 macvlan1
ef627575aa644e3ac66e0982f6cff23836b5952787e3476ee4e5118186a7f4ab
六,docker 数据卷管理
为什么要用数据卷:docker分层文件系统(性能差 生命周期与容器相同)
docker数据卷:mount到主机中,绕开分层文件系统;
和主机磁盘性能相同,容器删除后依然保留
仅限本地磁盘,不能随容器迁移)
docker提供了两种卷:bind mount,是将主机上的目录或文件mount到容器里
使用直观高效,易于理解
使用-v选项指定路径,格式< host path>:<container path>
docker managed volume
[root@server5 ~]# docker history nginx:latest
IMAGE CREATED CREATED BY SIZE COMMENT
3f8a00f137a0 6 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 6 weeks ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B
<missing> 6 weeks ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 6 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B
<missing> 6 weeks ago /bin/sh -c #(nop) COPY file:e57eef017a414ca7… 4.62kB
<missing> 6 weeks ago /bin/sh -c #(nop) COPY file:abbcbf84dc17ee44… 1.27kB
<missing> 6 weeks ago /bin/sh -c #(nop) COPY file:5c18272734349488… 2.12kB
<missing> 6 weeks ago /bin/sh -c #(nop) COPY file:7b307b62e82255f0… 1.62kB
<missing> 6 weeks ago /bin/sh -c set -x && addgroup --system -… 61.3MB
<missing> 6 weeks ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~bullseye 0B
<missing> 6 weeks ago /bin/sh -c #(nop) ENV NJS_VERSION=0.7.9 0B
<missing> 6 weeks ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.23.3 0B
<missing> 6 weeks ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
<missing> 6 weeks ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 6 weeks ago /bin/sh -c #(nop) ADD file:3ea7c69e4bfac2ebb… 80.5MB
[root@server5 ~]# docker run -it --rm nginx bash 覆盖掉默认运行的CMD
root@0aa409e448bd:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@0aa409e448bd:/# cd /usr/share/nginx/
root@0aa409e448bd:/usr/share/nginx# ls
html
root@0aa409e448bd:/usr/share/nginx# cd html/
root@0aa409e448bd:/usr/share/nginx/html# ls
50x.html index.html
root@0aa409e448bd:/usr/share/nginx/html# pwd
/usr/share/nginx/html 默认发布目录
root@0aa409e448bd:/usr/share/nginx/html# ls
50x.html index.html
root@0aa409e448bd:/usr/share/nginx/html# cat index.html 所存放的首页
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@server5 ~]# docker run -d --name demo -v /www:/usr/share/nginx/html nginx
db6e76b14405d64e1d06cd38992ebe776fb8f3c1db545f861cb0be711138d3a0
[root@server5 ~]# cd /www/
[root@server5 www]# ls
[root@server5 www]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db6e76b14405 nginx "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 80/tcp demo
[root@server5 www]# docker inspect demo
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
[root@server5 www]# curl 172.17.0.2
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center> 之所以是403,-v覆盖容器内数据路径, -v首先会在宿主机创建路径,然后mount 直接挂接到容器内,直接把容器内数据覆盖掉。
<hr><center>nginx/1.23.3</center>
</body>
</html>
但是给www目录里创建www.westos.org,此时访问到就说明这个目录里的文件被放到容器里了,他们的内容是同步的。
[root@server5 www]# echo www.westos.org > index.html
[root@server5 www]# curl 172.17.0.2
www.westos.org