Docker-day01
[TOC]
1. 容器化概述
容器:泛指可以存放其他物品的一种容纳工具,部分和完全封闭的
单台服务器运行多个环境程序
假如想让不同的环境程序运行在不同环境中 容器中
怎么实现:
通过虚拟化实现
通过容器实现
容器实现名称空间隔离 NameSpace 资源隔离
PID 进程编号 2.6.24+
NET 网络设备、网络协议栈 端口等 2.26.29+
IPC 信息量 消息队列 共享内存 2.6.19+
Mount 文件系统 挂载点 2.4.19+
UTS 主机名和主机域 2.6.19+
USER 操作进程的用户和用户组 3.8+
[root@docker01 ~]# uname -r
3.10.0-957.el7.x86_64
2. 容器的历史
k8s == kuberneters
Docker的介绍
提示:“Docker”一词来自英国口语,意为码头工人(Dock Worker),即从船上装卸货物的人。
build once run Anywhere
一次构建,随处运行
一个容器包含了完整的运行环境:除了应用程序本身以外 将所需的依赖 库 二进制文件 配置文件 都统一打包到一个叫容器镜像的包中
容器的优点
敏捷环境 创建速度快
提高生产力
运行环境可移植
标准化
版本控制
安全
容器缺点
复杂性增加 平台工具 k8s Mesos
不成熟 随着时间,这个就是不是问题
容器化和虚拟化区别
相对于虚拟机来说更加的轻量级
构建一套能够不依赖于具体环境而运行的应用程序
虚拟化需要 hypervisor 作为虚拟机监视器 中间层 虚拟机启动都是hypervisor 进行分配资源
容器不需要hypervisor
3. Docker介绍
Docker是基于容器技术的轻量级虚拟化的解决方案
容器引擎
基于go语言实现的
Docker引入了一整套容器管理的生态系统 包括分层的镜像模型 容器的注册库 API
C/S架构 容器 镜像
容器是隔离的,但是共享操作系统和适当的库和二进制文件 bins libs
4. Docker安装部署
企业版EE 支持12个月的技术支持 社区版 CE 只支持4个月的技术支持
2017年第一季度 使用YY.MM-xx格式
Docker-1.13 老格式
4G内存 >50G硬盘
#环境
[root@docker01 ~]# iptables-save
[root@docker01 ~]# getenforce
Disabled
[root@docker01 ~]# date
Tue Jun 2 11:26:13 CST 2020
[root@docker01 ~]# uname -r
3.10.0-957.el7.x86_64
[root@docker01 ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@docker01 ~]# ping baidu.com
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148 (220.181.38.148): icmp_seq=1 ttl=128 time=38.1 ms
^C
--- baidu.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.125/38.125/38.125/0.000 ms
[root@docker01 ~]# cat /etc/yum.repos.d/
cat: /etc/yum.repos.d/: Is a directory
[root@docker01 ~]# ll /etc/yum.repos.d/
total 8
-rw-r--r--. 1 root root 2523 2019-05-08 18:36 CentOS-Base.repo
-rw-r--r--. 1 root root 664 2019-05-08 18:36 epel.repo
#官方安装文档
https://docs.docker.com/engine/install/centos/
#查看系统中默认docker软件
[root@docker01 ~]# yum list docker --show-duplicates
#使用存储库安装
在新主机上首次安装Docker Engine之前,需要设置Docker存储库。之后,您可以从存储库安装和更新Docker。
设置存储库
安装yum-utils软件包(提供yum-config-manager 实用程序)并设置稳定的存储库。
[root@docker01 ~]# yum install -y yum-utils
[root@docker01 ~]# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#检查版本
[root@docker01 ~]# yum list docker-ce --show-duplicates
#安装最新版本
[root@docker01 ~]# yum install -y docker-ce #直接yum安装时使用
[root@docker01 ~]# systemctl start docker.service
[root@docker01 ~]# systemctl enable docker.service
#配置docker
vim /etc/docker/daemon.json
{
"graph": "/data/docker", #指定工作目录
"storage-driver": "overlay2", #存储驱动
"insecure-registries": ["registry.access.redhat.com","quay.io"], #仓库
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"], #镜像加速源
"bip": "172.0.181.1/24", #docker容器IP地址
"exec-opts": ["native.cgroupdriver=systemd"], #本地的驱动
"live-restore": true #docker服务以外重启时容器自启动 故障自动恢复
}
[root@docker01 ~]# systemctl restart docker.service
#检查docker版本相关的信息
[root@docker01 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
[root@docker01 ~]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.84GiB
Name: docker01
ID: FVIV:VB2Z:NKEN:UNQU:EL5J:D2AS:TY7T:TUTU:22IL:PQFW:ELAU:QWHY
Docker Root Dir: /data/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
quay.io
registry.access.redhat.com
127.0.0.0/8
Registry Mirrors:
https://q2gr04ke.mirror.aliyuncs.com/
Live Restore Enabled: true
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
#查看镜像
[root@docker01 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
#显示所有的容器
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
#启动第一个容器
[root@docker01 ~]# docker run hello-world
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
#翻译
为了生成这个消息,Docker采取了以下步骤:
1. Docker客户端联系Docker守护进程。
2. Docker守护进程从Docker中心提取“hello-world”映像。
(amd64)
3.Docker守护进程从运行的映像创建了一个新容器
可执行文件,生成当前正在读取的输出。
4. Docker守护进程将输出流到发送它的Docker客户机
你的终端。
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest bf756fb1ae65 5 months ago 13.3kB
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db3c7b6d2174 hello-world "/hello" 5 minutes ago Exited (0) 5 minutes ago xenodochial_burnell
5. Docker镜像介绍
镜像 images
容器 container
仓库 repository repositories registry
镜像的结构
注册表/仓库名称/镜像名称:版本号
docker.io/library/hello-word:latest
${registry_name}/${repository_name}/${image_name}:${tag_name}
https://hub.docker.com/ == https://dockerhub.com/
dockerhub 是一个提供docker镜像的仓库 提供了针对每个镜像的解决方案
github gitee dockerhub 账户要注册
6. Docker镜像命令使用
#登录docker.io 官方的镜像仓库
[root@docker01 ~]# docker login docker.io
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: qls123
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#退出登录
[root@docker01 ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
[root@docker01 ~]# cat /root/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "cWxzMTIzOnF6ajE4MjE3MTE0OTg1"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
#搜索镜像
[root@docker01 ~]# docker search alpine
#下载一个镜像
[root@docker01 ~]# docker pull alpine:3.12.0
3.12.0: Pulling from library/alpine
3.12.0: Pulling from library/alpine
df20fa9351a1: Pull complete
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:3.12.0
docker.io/library/alpine:3.12.0
#下载最新版本
[root@docker01 ~]# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine 3.12.0 a24bb4013296 3 days ago 5.57MB
alpine latest a24bb4013296 3 days ago 5.57MB
hello-world latest bf756fb1ae65 5 months ago 13.3kB
#给镜像打标签
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine 3.12.0 a24bb4013296 3 days ago 5.57MB
alpine latest a24bb4013296 3 days ago 5.57MB
hello-world latest bf756fb1ae65 5 months ago 13.3kB
[root@docker01 ~]# docker image tag a24bb4013296 docker.io/qls123/alpine:v3.12.0
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine 3.12.0 a24bb4013296 3 days ago 5.57MB
alpine latest a24bb4013296 3 days ago 5.57MB
qls123/alpine v3.12.0 a24bb4013296 3 days ago 5.57MB
hello-world latest bf756fb1ae65 5 months ago 13.3kB
#推送镜像到自己的官方仓库
[root@docker01 ~]# docker push docker.io/qls123/alpine:v3.12.0
#删除镜像
[root@docker01 ~]# docker rmi alpine:latest
Untagged: alpine:latest
#强制删除
[root@docker01 ~]# docker rmi -f hello-world:latest
Untagged: hello-world:latest
Untagged: hello-world@sha256:6a65f928fb91fcfbc963f7aa6d57c8eeb426ad9a20c7ee045538ef34847f44f1
Deleted: sha256:bf756fb1ae65adf866bd8c456593cd24beb6a0a061dedf42b26a993176745f6b
#从私有仓库进行下载镜像
[root@docker01 ~]# docker pull docker.io/qls123/alpine:v3.10.5
7. Docker的镜像特性
Docker镜像位于bootfs或者rootfs之上 文件系统
每层镜像的下面一层镜像称为其父镜像(父子关系)
第一层镜像都是为Base image
容器在最顶层 容器是有状态的 running exited UP
其下的镜像的所有层都是readonly
Docker将readonly的fs层称之为image
8. Docker容器的基础操作
#查看本地容器的列表
[root@docker01 ~]# docker ps -all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db3c7b6d2174 bf756fb1ae65 "/hello" 4 hours ago Exited (0) 4 hours ago xenodochial_burnell
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
db3c7b6d2174 bf756fb1ae65 "/hello" 4 hours ago Exited (0) 4 hours ago xenodochial_burnell
#启动容器 (运行镜像)
docker run
命令格式
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
选项:
-i #表示启动一个可交互式的容器 并能持续打开进行输入
-t #表示使用终端关联到容器的输出输入
-d #将容器放入到后台运行
--rm #退出后即删除容器
--name #给容器起个名字
#启动一个容器
[root@docker01 ~]# docker run -ti docker.io/qls123/alpine:v3.12.0 /bin/sh
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ #
#放入到后台 起个名称
[root@docker01 ~]# docker run -ti -d --name test qls123/alpine:v3.12.0 /bin/sh
WARNING: IPv4 forwarding is disabled. Networking will not work.
450574aba73208d0f7612543d49f29cde1f877876145ccb4935eda839d4faf79
#启动一个一次性的容器
[root@docker01 ~]# docker run --rm -ti --name oldboy qls123/alpine:v3.12.0 /bin/sh
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # exit
#启动一个非交互式的容器
[root@docker01 ~]# docker run -d --name qls01 qls123/alpine:v3.12.0 /bin/sleep 300
WARNING: IPv4 forwarding is disabled. Networking will not work.
2908f619dfb8e497b522d1d98252cb02e8971c5e5e1d6c4761b1e6bd8aed4ac6
[root@docker01 ~]# docker ps -a | grep qls01
2908f619dfb8 qls123/alpine:v3.12.0 "/bin/sleep 300" 10 seconds ago Up 9 seconds qls01
#进入容器
[root@docker01 ~]# docker exec -ti 450574aba732 /bin/sh
/ #
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # [root@docker01 ~]#
[root@docker01 ~]# docker exec -ti test /bin/sh
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # [root@docker01 ~]#
#启动和停止容器
[root@docker01 ~]# docker stop qls01
qls01
[root@docker01 ~]# docker start qls01
qls01
[root@docker01 ~]# docker restart qls01
qls01
#删除容器
[root@docker01 ~]# docker rm f0bdecf06633
f0bdecf06633
#删除不了正在运行中的容器
[root@docker01 ~]# docker rm test
Error response from daemon: You cannot remove a running container 450574aba73208d0f7612543d49f29cde1f877876145ccb4935eda839d4faf79. Stop the container before attempting removal or force remove
#强制删除在运行中的容器
[root@docker01 ~]# docker rm -f test
test
#批量删除已经死掉的容器
[root@docker01 ~]# for i in $(docker ps -a | grep -i exited |awk '{print $1}');do docker rm -f $i;done
#删除所有容器
[root@docker01 ~]# docker rm -f $(docker ps -a -q)
#修改/提交容器
[root@docker01 ~]# docker run -ti -d --name qls01 qls123/alpine:v3.12.0 /bin/sh
WARNING: IPv4 forwarding is disabled. Networking will not work.
b5a4b587e5621a67b423b03dcb5db0bbd5487b3a7585377a7b86bc8534959f4c
[root@docker01 ~]#
[root@docker01 ~]#
[root@docker01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b5a4b587e562 qls123/alpine:v3.12.0 "/bin/sh" 5 seconds ago Up 5 seconds qls01
[root@docker01 ~]# docker exec -ti qls01 /bin/sh
/ #
/ # ll
/bin/sh: ll: not found
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # echo "test" >> test.txt
/ # exit
[root@docker01 ~]# docker commit -p qls01 docker.io/qls123/alpine:v3.12.0_create_test.txt
sha256:9d3e1d551a9406db1e4f79e04d38f121a9dbc0d5ed4b63229b613fdde87a6293
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
qls123/alpine v3.12.0_create_test.txt 9d3e1d551a94 6 seconds ago 5.57MB
[root@docker01 ~]# docker run --rm docker.io/qls123/alpine:v3.12.0_create_test.txt /bin/cat test.txt
test
#解决这个警告
[root@docker01 ~]# docker run --rm docker.io/qls123/alpine:v3.12.0_create_test.txt /bin/cat test.txt
WARNING: IPv4 forwarding is disabled. Networking will not work.
[root@docker01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@docker01 ~]# sysctl -p
#导入导出镜像
#删除镜像
[root@docker01 ~]# docker rmi -f be4e4bea2c2e
#导出镜像
[root@docker01 ~]# docker save a24bb4013296 > alpine_v3.12.0.tar
[root@docker01 ~]# ll
total 97804
-rw-r--r-- 1 root root 5853184 2020-06-02 17:12 alpine_v3.12.0.tar
[root@docker01 ~]# docker load < alpine_v3.12.0.tar
Loaded image ID: sha256:a24bb4013296f61e89ba57005a7b3e52274d8edd3ae2077d04395f806b63d83e
[root@docker01 ~]# docker load -i alpine_v3.12.0.tar
Loaded image ID: sha256:a24bb4013296f61e89ba57005a7b3e52274d8edd3ae2077d04395f806b63d83e
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> a24bb4013296 3 days ago 5.57MB
[root@docker01 ~]# docker tag a24bb4013296 docker.io/qls123/alpine:v3.12.0
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
qls123/alpine v3.12.0 a24bb4013296 3 days ago 5.57MB
#查看容器的日志
[root@docker01 ~]# docker logs d89fb9626085
[root@docker01 ~]# docker logs -f d89fb9626085