目录
概述
Docker运行容器前,本地需要存在镜像,如果镜像不存在,会从默认镜像仓库中下载。也可自定义镜像仓库。
获取镜像 docker pull
命令:
docker pull [OPTIONS] NAME[:TAG|@DIGEST]
[root@VCentOS8-181 ~]# docker pull -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST]
Pull an image or a repository from a registry
Options:
-a, --all-tags Download all tagged images in the repository
--disable-content-trust Skip image verification (default true)
--platform string Set platform if server is multi-platform capable
-q, --quiet Suppress verbose output
- 如果不指定TAG,默认选择latest标签。
- 生产环境中,不建议使用默认标签,需要增加版本号。
- 镜像文件由若干层(layer)组成
- 完整id包括256比特,64个十六进制字符串组成。
查看镜像信息 docker images
命令:
docker images
等价于
docker image ls
[root@VCentOS8-181 ~]# docker images -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
-a, --all Show all images (default hides intermediate images)
--digests Show digests
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
--no-trunc Don't truncate output
-q, --quiet Only show numeric IDs
[root@VCentOS8-181 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 74d107221092 7 hours ago 104MB
tomcat latest b7370dcde632 18 hours ago 649MB
ccr.ccs.tencentyun.com/dockerpracticesig/docker_practice vuepress 8bcffb1e46ed 9 days ago 48.1MB
portainer/portainer-ce latest a0a227bf03dd 2 months ago 196MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
默认字段信息:
- 来自那个仓库
- 标签
- 镜像ID
- 创建时间
- 镜像大小
添加镜像标签 docker tag
命令:
docker tag
[root@VCentOS8-181 ~]# docker tag --help
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
#添加标签前查看镜像
[root@VCentOS8-181 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis latest 74d107221092 7 hours ago 104MB
tomcat latest b7370dcde632 18 hours ago 649MB
ccr.ccs.tencentyun.com/dockerpracticesig/docker_practice vuepress 8bcffb1e46ed 9 days ago 48.1MB
portainer/portainer-ce latest a0a227bf03dd 2 months ago 196MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
#添加标签
[root@VCentOS8-181 ~]# docker tag redis:latest myredis:latest
#添加后查看
[root@VCentOS8-181 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myredis latest 74d107221092 7 hours ago 104MB
redis latest 74d107221092 7 hours ago 104MB
tomcat latest b7370dcde632 18 hours ago 649MB
ccr.ccs.tencentyun.com/dockerpracticesig/docker_practice vuepress 8bcffb1e46ed 9 days ago 48.1MB
portainer/portainer-ce latest a0a227bf03dd 2 months ago 196MB
hello-world latest bf756fb1ae65 10 months ago 13.3kB
可看到增加了myredis镜像。
注意,myredis与redis的ID相同,他们都指向了同一个镜像文件,只是别名不同。
类似于连接的作用。
查看镜像详细信息 docker inspect
可获取的镜像的制作者、架构、各层次数字摘要,看起来更像是Dockerfile文件。
[root@VCentOS8-181 ~]# docker inspect --help
Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Return low-level information on Docker objects
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container
--type string Return JSON for specified type
[root@VCentOS8-181 ~]# docker inspect 74d107221092
[
{
"Id": "sha256:74d107221092875724ddb06821416295773bee553bbaf8d888ababe9be7b947f",
"RepoTags": [
"myredis:latest",
"redis:latest"
],
"RepoDigests": [
"redis@sha256:dd83e4a31d6b18dcd06f9add212cbb431fd844e2e29522f8a778b2457807ff20"
],
"Parent": "",
"Comment": "",
"Created": "2020-11-18T08:28:42.383873008Z",
"Container": "1a904a9885d0bdcb73bbb4899df9632a1f89a75c6bee47c55981e4834124c3cf",
"ContainerConfig": {
"Hostname": "1a904a9885d0",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.12",
"REDIS_VERSION=6.0.9",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.0.9.tar.gz",
"REDIS_DOWNLOAD_SHA=dc2bdcf81c620e9f09cfd12e85d3bc631c897b2db7a55218fd8a65eaa37f86dd"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"redis-server\"]"
],
"Image": "sha256:3129f46cf7326567bd079d151ef8562bb1d32a04b8dba5ebee2827e15712d076",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "19.03.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.12",
"REDIS_VERSION=6.0.9",
"REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-6.0.9.tar.gz",
"REDIS_DOWNLOAD_SHA=dc2bdcf81c620e9f09cfd12e85d3bc631c897b2db7a55218fd8a65eaa37f86dd"
],
"Cmd": [
"redis-server"
],
"Image": "sha256:3129f46cf7326567bd079d151ef8562bb1d32a04b8dba5ebee2827e15712d076",
"Volumes": {
"/data": {}
},
"WorkingDir": "/data",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 104269429,
"VirtualSize": 104269429,
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/81b431db3808400a38dc83258aeadf722e61f3a2f6a32a1549409942aa97fce8/diff:/var/lib/docker/overlay2/61a83d29103980e191c3383e4b2ac9ab3ce97d406bef30270d379bdb5949f060/diff:/var/lib/docker/overlay2/2b10462a89dc5cfd9fc25b24da62b6e44f7b998b6c26498932d7d3fcc9428b66/diff:/var/lib/docker/overlay2/dd602d73d2303d262c2a6d0c94a4e77b9367c3afc7ca558f3d9b4dfc661e8f10/diff:/var/lib/docker/overlay2/69828662da5a17de41373cf7d3839da25b7936265787db4e263d04b95eda0bba/diff",
"MergedDir": "/var/lib/docker/overlay2/7164f7ec7671dbed75db4a4f0dd8d8e281639f3c1b305021f2ca24af8a3a0552/merged",
"UpperDir": "/var/lib/docker/overlay2/7164f7ec7671dbed75db4a4f0dd8d8e281639f3c1b305021f2ca24af8a3a0552/diff",
"WorkDir": "/var/lib/docker/overlay2/7164f7ec7671dbed75db4a4f0dd8d8e281639f3c1b305021f2ca24af8a3a0552/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:f5600c6330da7bb112776ba067a32a9c20842d6ecc8ee3289f1a713b644092f8",
"sha256:c492b4fe510f674e04af29c5a8be4d0104a53e82e68ae98a3f9a0dd385263b7c",
"sha256:60f4b166131fd0c3b925a04e4976fbc43525e289e5edab72ffc4b7196085905f",
"sha256:4bc5e04ae88961aa002128a1873888ad4adf5ce11712d601fec6ad5f280c547d",
"sha256:06d5c35d63a8e4066ca996005b118a6051d2323c4af64c0fc2be014b4da7740e",
"sha256:d3fc9f08141a1377e718b8a29fd94a8c46793b88efdbed4ad02cbe3a3d91de10"
]
},
"Metadata": {
"LastTagTime": "2020-11-18T10:22:12.394072552-05:00"
}
}
]
-f 过滤信息
其中包含了众多信息,如果只需要其中一项时,可使用-f参数。
[root@VCentOS8-181 ~]# docker inspect 74d107221092 -f {{".RepoTags"}} [myredis:latest redis:latest] [root@VCentOS8-181 ~]#
查看镜像历史 docker history
[root@VCentOS8-181 ~]# docker history -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker history [OPTIONS] IMAGE
Show the history of an image
Options:
--format string Pretty-print images using a Go template
-H, --human Print sizes and dates in human readable format (default true)
--no-trunc Don't truncate output
-q, --quiet Only show numeric IDs
[root@VCentOS8-181 ~]# docker history redis
IMAGE CREATED CREATED BY SIZE COMMENT
74d107221092 7 hours ago /bin/sh -c #(nop) CMD ["redis-server"] 0B
<missing> 7 hours ago /bin/sh -c #(nop) EXPOSE 6379 0B
<missing> 7 hours ago /bin/sh -c #(nop) ENTRYPOINT ["docker-entry… 0B
<missing> 7 hours ago /bin/sh -c #(nop) COPY file:df205a0ef6e6df89… 374B
<missing> 7 hours ago /bin/sh -c #(nop) WORKDIR /data 0B
<missing> 7 hours ago /bin/sh -c #(nop) VOLUME [/data] 0B
<missing> 7 hours ago /bin/sh -c mkdir /data && chown redis:redis … 0B
<missing> 7 hours ago /bin/sh -c set -eux; savedAptMark="$(apt-m… 30.5MB
<missing> 7 hours ago /bin/sh -c #(nop) ENV REDIS_DOWNLOAD_SHA=dc… 0B
<missing> 7 hours ago /bin/sh -c #(nop) ENV REDIS_DOWNLOAD_URL=ht… 0B
<missing> 7 hours ago /bin/sh -c #(nop) ENV REDIS_VERSION=6.0.9 0B
<missing> 7 hours ago /bin/sh -c set -eux; savedAptMark="$(apt-ma… 4.15MB
<missing> 7 hours ago /bin/sh -c #(nop) ENV GOSU_VERSION=1.12 0B
<missing> 7 hours ago /bin/sh -c groupadd -r -g 999 redis && usera… 329kB
<missing> 19 hours ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 19 hours ago /bin/sh -c #(nop) ADD file:d2abb0e4e7ac17737… 69.2MB
--no-trunc 显示完整内容
如果结果过长,会比自动截断。可使用--no-trunc输出完整命令。
搜索镜像docker search
使用docker search 可以搜索Docker Hub上的镜像,与直接登录hub.docker.com搜索的结果相同。
[root@VCentOS8-181 ~]# docker search -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker search [OPTIONS] TERM
Search the Docker Hub for images
Options:
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print search using a Go template
--limit int Max number of search results (default 25)
--no-trunc Don't truncate output
过滤搜索 --filter
搜索官方的
docker search nginx --filter=is-official=true
搜索收藏数超过4的
docker search nginx --filter=stars=4
默认输出按照星级评价排序。
删除镜像 docker rmi
docker rmi与docker image rm命令相同
[root@VCentOS8-181 ~]# docker rmi -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
Options:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents
- 当本地的一个镜像拥有多个标签时,删除一个标签,不会删除镜像。
- 当删除时,该镜像只有一个标签,那么该镜像会被删除。
- 删除镜像前,需要先删除容器,再删除镜像。
清理镜像 docker prune
[root@VCentOS8-181 ~]# docker image prune -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker image prune [OPTIONS]
Remove unused images
Options:
-a, --all Remove all unused images, not just dangling ones
--filter filter Provide filter values (e.g. 'until=<timestamp>')
-f, --force Do not prompt for confirmation
[root@VCentOS8-181 ~]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
删除前会再次提示。
因本环境没有未使用的镜像,所以没有回收空间。
创建镜像
- 基于已有镜像的容器创建
- 基于本地模板导入
- 基于Dockerfile创建
基于已有容器创建 docker commit
可理解为将容器复制成镜像。
[root@VCentOS8-181 ~]# docker commit -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith <hannibal@a-team.com>")
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
举例
[root@VCentOS8-181 ~]# docker commit -m "hello" -a "yeqiyu<yeqiyu@sina.com>" ba3ac1ef16dd yeqiyu/tomcat:1.0
sha256:7084195f2d2d7c6167cc5a03548fa72ff6cd762067d020dae70f5e9becbcf61d
从本地模板导入 docker import
[root@VCentOS8-181 ~]# docker import -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
Import the contents from a tarball to create a filesystem image
Options:
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Set commit message for imported image
--platform string Set platform if server is multi-platform capable
可以使用操作系统模板文件导入镜像。
OpenVZ模板
http://openvz.org/Download/templates/precreated
什么是OpenVZ模板
类似于Docker的虚拟化方案
https://baike.baidu.com/item/openVZ
其他容器方案
https://cloud.tencent.com/developer/article/1422822
以ubuntu为例
wget http://download.openvz.org/template/precreated/ubuntu-16.04-x86_64.tar.gz
cat ubuntu-16.04-x86_64.tar.gz|docker import - ubuntu:16.04
基于Dockerfile创建 docker build
[root@VCentOS8-181 ~]# docker build -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
Options:
--add-host list Add a custom host-to-IP mapping (host:ip)
--build-arg list Set build-time variables
--cache-from strings Images to consider as cache sources
--cgroup-parent string Optional parent cgroup for the container
--compress Compress the build context using gzip
--cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period
--cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota
-c, --cpu-shares int CPU shares (relative weight)
--cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string MEMs in which to allow execution (0-3, 0,1)
--disable-content-trust Skip image verification (default true)
-f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile')
--force-rm Always remove intermediate containers
--iidfile string Write the image ID to the file
--isolation string Container isolation technology
--label list Set metadata for an image
-m, --memory bytes Memory limit
--memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--network string Set the networking mode for the RUN instructions during build (default "default")
--no-cache Do not use cache when building the image
-o, --output stringArray Output destination (format: type=local,dest=path)
--platform string Set platform if server is multi-platform capable
--progress string Set type of progress output (auto, plain, tty). Use plain to show container output (default "auto")
--pull Always attempt to pull a newer version of the image
-q, --quiet Suppress the build output and print image ID on success
--rm Remove intermediate containers after a successful build (default true)
--secret stringArray Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret
--security-opt strings Security options
--shm-size bytes Size of /dev/shm
--squash Squash newly built layers into a single new layer
--ssh stringArray SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|<id>[=<socket>|<key>[,<key>]])
--stream Stream attaches to server to negotiate build context
-t, --tag list Name and optionally a tag in the 'name:tag' format
--target string Set the target build stage to build.
--ulimit ulimit Ulimit options (default [])
示例:
这里的Docker只运行了一个命令。
[root@VCentOS8-181 mytomcat]# cat Dockerfile
FROM tomcat
RUN "ls"
构建镜像
[root@VCentOS8-181 mytomcat]# docker build -t mytomcat:0.1 .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM tomcat
---> b7370dcde632
Step 2/2 : RUN "ls"
---> Running in ecc7d69e0dc5
BUILDING.txt
CONTRIBUTING.md
LICENSE
NOTICE
README.md
RELEASE-NOTES
RUNNING.txt
bin
conf
lib
logs
native-jni-lib
temp
webapps
webapps.dist
work
Removing intermediate container ecc7d69e0dc5
---> 92139e3b2e91
Successfully built 92139e3b2e91
Successfully tagged mytomcat:0.1
可看到构建成功。
使用Dockerfile是Docker的基础,后续会详细说明
保存镜像 docker save
将镜像导出到本地
[root@VCentOS8-181 mytomcat]# docker save -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOU
例:
将hello镜像导出
[root@VCentOS8-181 mytomcat]# docker save bf756fb1ae65 -o /home/yeqiyu/Dockerfiles/mytomcat/hello.tar
[root@VCentOS8-181 mytomcat]# ls
Dockerfile hello.tar
载入镜像 docker load
[root@VCentOS8-181 mytomcat]# docker load -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker load [OPTIONS]
Load an image from a tar archive or STDIN
Options:
-i, --input string Read from tar archive file, instead of STDIN
-q, --quiet Suppress the load output
例:导入镜像
[root@VCentOS8-181 mytomcat]# docker load -i hello.tar
9c27e219663c: Loading layer [==================================================>] 15.36kB/15.36kB
Loaded image ID: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b
也可以使用如下方式
docker load < hello.tar
上传镜像 docker push
将镜像上传至镜像仓库。如Docker Hub。
上传前需要登录
登录之后,登录信息会记录到本地 ~/.docker目录下
[root@VCentOS8-181 mytomcat]# docker login -u username-p password
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@VCentOS8-181 mytomcat]# vi /root/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "xxxxxxx"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.13 (linux)"
}
}
上传
[root@VCentOS8-181 mytomcat]# docker push -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker push [OPTIONS] NAME[:TAG]
Push an image or a repository to a registry
Options:
--disable-content-trust Skip image signing (default true)
例:
这里上传了redis,可以看到各层次镜像都已经存在。
同时,也因为认证未通过,被拒绝。
[root@VCentOS8-181 mytomcat]# docker push redis:latest
The push refers to repository [docker.io/library/redis]
d3fc9f08141a: Layer already exists
06d5c35d63a8: Layer already exists
4bc5e04ae889: Layer already exists
60f4b166131f: Layer already exists
c492b4fe510f: Layer already exists
f5600c6330da: Layer already exists
errors:
denied: requested access to the resource is denied
unauthorized: authentication required
命令索引
操作 | 命令 |
查看 | docker images docker image ls |
查看详细信息 | docker inspect |
下载 | docker pull |
上传 | docker push |
导入 | docker load |
导出 | docker save |
搜索 | docker search |
删除 | docker rmi docker image rm |
根据Dockerfile创建 | docker build |
根据模板创建 | docker import |
根据容器创建 | docker commit |
添加标签 | docker tag |
清理 | docker prune |
查看历史 | docker history |