docker容器基础不包括Dockerfile
Docker简介:
Docker通过内核虚拟化技术(namespaces及cgroups等)来提供容器的资源隔离与安全保障等。由于Docker通过操作系统层的虚拟化实现隔离,所有Docker容器在运行时,不需要类似虚拟机(VM)额外的操作系统开销,提高资源利用率。
Docker特性:
Docker的三大特性为BUILD(构建)、SHIP(运输)、RUN(运行)。(一次构建多处运 行,像不像JAVA呢)。docker是传统的CS架构分为docker client和docker server,主要分 为三大组件 镜像(image)、容器(container)、仓库(Repository)。
#docker不是一个虚拟机,它是一个内核级虚拟化。KVM通过模拟方式创建虚拟机,docker是通过隔离来进行创建容器。
#docker本质上就是宿主机上的一个进程,docker通过namespace实现了资源隔离,通过cgroup实现了资源限制,通过写时复制技术(copy-on-write)实现了高效的文件操作
docker安装:
本次笔记使用测试机器为:
[root@localhost ~]# uname -a && cat /etc/redhat-release
Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.5.1804 (Core)
yum源的问题自己解决:
yum install -y docker #yum安装
systemctl start docker #启动
systemctl enable docker #开机自启动
[root@localhost system]# docker --version #docker 版本
Docker version 1.13.1, build 7f2769b/1.13.1
docker网桥:理解成docker网络
[root@localhost system]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:5d:b8:c9:45 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
为了方便我们下载,一般情况都不会使用官方下载地址:
需要修改配置文件: /usr/lib/systemd/system/docker.service 这个方法有几种,我建议修改启动文件加入: 记得修改完毕后 systemctl daemon-reload systemctl start docker
ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirroryuncs.com \
更换存储目录
--graph=/opt/docker #docker存储路径
dns服务:默认采用宿主机的dns,也可以采用--dns=xxxx的方式指定
其他清关注 docker daemon --help #查看所有参数
drwx------ 2 root root 6 11月 8 09:00 containers #用于存储容器信息 drwx------ 3 root root 22 10月 29 10:04 image #用来存储镜像中间件及本身信息,大小,依赖信息 drwxr-x--- 3 root root 19 10月 29 10:04 network drwx------ 25 root root 4096 11月 8 09:00 overlay2 drwx------ 4 root root 32 10月 29 10:04 plugins drwx------ 2 root root 6 10月 29 10:04 swarm drwx------ 2 root root 6 11月 6 13:50 tmp #docker临时目录 drwx------ 2 root root 6 10月 29 10:04 trust #docker信任目录 drwx------ 4 root root 169 10月 30 20:42 volumes #docker卷目录 [root@localhost docker]# pwd /var/lib/docker
docker镜像管理命令:
🦍搜索docker镜像命令:docker search + 镜像名字
[root@localhost system]# docker search redis #下载redis镜像
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/redis Redis is an open source key-value store th... 7456 [OK]
docker.io docker.io/bitnami/redis Bitnami Redis Docker Image 130 [OK]
docker.io docker.io/sameersbn/redis 78 [OK]
docker.io docker.io/grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 61
docker.io docker.io/rediscommander/redis-commander Alpine image for redis-commander - Redis m... 31 [OK]
NAME # 镜像仓库
DESCRIPTION # 镜像描述信息
STARS # 镜像收藏数
OFFICIAL # 是否为docker官方发布的镜像
AUTOMATED # 是否为自动化构建的镜像,关于自动化构建,可以查看官方文档:
🦍下载docker镜像命令:docker pull + 要下载的镜像名字
[root@localhost system]# docker pull ubuntu #下载ubuntu镜像 Using default tag: latest Trying to pull repository docker.io/library/ubuntu ... latest: Pulling from docker.io/library/ubuntu 22e816666fd6: Pull complete 079b6d2a1e53: Pull complete 11048ebae908: Pull complete c58094023a2e: Pull complete Digest: sha256:a7b8b7b33e44b123d7f997bd4d3d0a59fafc63e203d17efedf09ff3f6f516152 Status: Downloaded newer image for docker.io/ubuntu:latest #下载过程中会有百分之提示 [root@localhost system]# docker images #查看机器上所有的镜像 REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB [root@localhost system]#
🦍查看docker镜像命令:docker images
[root@localhost system]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB
docker.io/redis latest de25a81a5a0b 12 days ago 98.2 MB
EPOSITORY:表示镜像的仓库源
TAG:镜像的标签
IMAGE ID:镜像ID
CREATED:镜像创建时间
SIZE:镜像大小
🦍删除docker镜像命令:docker rmi + 镜像id(镜像 ID 如果镜像创建了容器 则无法删除)
[root@localhost opt]# docker rmi redis #因为此镜像文件没有创建容器 所有可以删除
Untagged: redis:latest
Untagged: docker.io/redis@sha256:fe80393a67c7058590ca6b6903f64e35b50fa411b0496f604a85c526fb5bd2d2
Deleted: sha256:de25a81a5a0b6ff26c82bab404fff5de5bf4bbbc48c833412fb3706077d31134
Deleted: sha256:b39d98a508cb9ecec080e09606005660caa3d3d8dd00083e333e6536114d531b
Deleted: sha256:8232e1dcaa8e9392b2532e88f908e2d17a59203d1bc873d0f8cdbed68dfaeb4f
Deleted: sha256:9064b95e7336eaeb34e78f6144214770b77319ddd2a185e8259becbc48a124a1
Deleted: sha256:9be905466faa79aaf23c765addb691915a3a6f44e214cfde3707d24f99d304d0
Deleted: sha256:c2aceb594f2f81781fb2afc198bde3f54de46a05666e33eab254e56b3396770f
Deleted: sha256:b67d19e65ef653823ed62a5835399c610a40e8205c16f839c5cc567954fcf594
🦍倒入docker镜像命令:docker load --input centos.tar 或者 docker load < nginx.tar
[root@localhost opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB
[root@localhost opt]# docker load --input redis.tar
b67d19e65ef6: Loading layer [==================================================>] 72.5 MB/72.5 MB
49e8cbd510cb: Loading layer [==================================================>] 338.4 kB/338.4 kB
3a473dd4661e: Loading layer [==================================================>] 4.081 MB/4.081 MB
7d5a57ef0021: Loading layer [==================================================>] 24.66 MB/24.66 MB
03d2cf48f68d: Loading layer [==================================================>] 1.536 kB/1.536 kB
9a7a0e85c0df: Loading layer [==================================================>] 3.584 kB/3.584 kB
Loaded image: docker.io/redis:latest
[root@localhost opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB
docker.io/redis latest de25a81a5a0b 12 days ago 98.2 MB
🦍导出docker镜像命令:docker save -o centos.tar centos
[root@localhost opt]# docker save -o redis.tar redis #导出redis镜像 [root@localhost opt]# ls redis.tar
docker 容器管理命令:
🦍启动容器:docker run 镜像名字 /bin/echo “hello world”
[root@localhost ~]# docker run centos /bin/echo “hello world”
“hello world”
#centos 是镜像名称
#启动了一个容器 echo hello world 运行完毕就退出
🦍长久启动容器:docker run --name 容器名称 -t -i 镜像名字 /bin/bash
[root@localhost ~]# docker run --name mydocker -t -i centos /bin/bash [root@d1911da390b5 /]#
#注意标识符 已经变了 说明已经进入容器啦 exit 退出容器 容器停止
#如果容器镜像不存在 docker 也会自动pull镜像下载,之后在启动容器
🦍启动docker容器:docker start 容器名称
[root@localhost ~]# docker start mydocker mydocker [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d1911da390b5 centos "/bin/bash" 15 minutes ago Up 8 seconds mydocker
🦍启动docker容器,返回容器id:docker run -d 镜像名字
[root@localhost ~]# docker run -d nginx 86e4690a149bb41a84bb67ef9608406b4a996724cf6cba61f1b4c2fbb0d5871b
-d:后台运行
🦍进入docker容器:docker attach 容器名称
[root@localhost ~]# docker attach mydocker
[root@d1911da390b5 /]#
🦍另一种进入docker容器方式(推荐企业常用)(重点)
使用nsenter命令 #如果没有的需要自己安装 yum install util-linux
首先先获取容器pid:
[root@localhost ~]# docker start mydocker #开启一个容器mydocker mydocker [root@localhost ~]# [root@localhost ~]# docker inspect -f "{{ .State.Pid}}" mydocker #获取mydocker的pid 2326 [root@localhost ~]# nsenter -t 2326 -m -u -i -n -p /bin/bash [root@d1911da390b5 /]# #已经进入容器中了
nsenter 参数
-t :要获取名字空间的目标进程
-m:命名空间
-u:UTC名称空间(主机名等)
-i:IPC名称空间
-n:网络名称空间
-p:pid名称空间
此方法进入容器是不是很麻烦,所以写成脚本才是线上操作:
#!/bin/bash
docker_in(){
NAME_IN=$1
PID=$(docker inspect -f "{{ .State.Pid}}" $NAME_IN)
nsenter -t $PID -m -u -i -n -p /bin/bash
}
docker_in $1
然后加入把脚本加入$PATH里面
[root@localhost ~]# ls anaconda-ks.cfg docker-in [root@localhost ~]# which docker-in /usr/local/sbin/docker-in
🦍不想进入容器,但想执行命令:docker exec 容器名称 命令
[root@localhost ~]# docker exec mydocker whoami
root
🦍命令:docker ps -a 查看运行的容器
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5d33cb0f5fd2 ubuntu "/bin/bash" 6 seconds ago Up 5 seconds gs_ub
🦍命令:docker rm + 容器名称 | docker rm -f 强制删除 (运行的也删除)删除容器
[root@localhost opt]# docker run --name "xiaoqi" ubuntu /bin/echo "hello" #创建一个name叫xiaoqi容器运行ubuntu镜像执行 echo hello hello [root@localhost opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 121b5b31b014 ubuntu "/bin/echo hello" 4 seconds ago Exited (0) 3 seconds ago xiaoqi [root@localhost opt]# docker rm xiaoqi #删除 xiaoqi [root@localhost opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
docker网络访问:
默认情况下docker会创建一个桥接的网卡(网桥 docker0)
🦍随机映射命令:docker run -d -P 镜像名字 #生产上很少用 这个P 是大P
[root@localhost ~]# docker run -d -P nginx 733320de22295b2bae20a9c5f9ce02379ea356790078cf17c79e3cf8d19a5725 #此乃容器唯一id [root@localhost ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 902/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1050/master tcp6 0 0 :::32768 :::* LISTEN 3307/docker-proxy-c tcp6 0 0 :::22 :::* LISTEN 902/sshd tcp6 0 0 ::1:25 :::* LISTEN 1050/master [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 733320de2229 nginx "nginx -g 'daemon ..." 59 seconds ago Up 58 seconds 0.0.0.0:32768->80/tcp upbeat_dijkstra
🦍指定映射命令:docker run -d -p 本地端口:容器端口 镜像 #此处是小p
-p hostPort:containerPort #本地端口 跟 容器端口映射
-p ip:hostPort:containerPort #指定ip地址加端口号 跟 容器端口映射
-p ip::containerPort #指定本地ip随机端口 跟 容器端口映射
-p hostPort:containerPort:udp #指定本地端口 跟 容器端口定义的协议映射
[root@localhost ~]# docker run -d -it -p 8080:80 --name mynginx nginx #本地8080端口 提供容器80端口的服务 d9154cf4fb235a22f43d2c86f5558e1ff01bc86be7618509db7965ce4126f459 [root@localhost ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 902/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1050/master tcp6 0 0 :::8080 :::* LISTEN 3475/docker-proxy-c tcp6 0 0 :::22 :::* LISTEN 902/sshd tcp6 0 0 ::1:25 :::* LISTEN 1050/master [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d9154cf4fb23 nginx "nginx -g 'daemon ..." 44 seconds ago Up 43 seconds 0.0.0.0:8080->80/tcp mynginx
docker 数据管理:
数据卷的概念:我把物理主机的一个目录 mount(挂载) 到容器中,在容器里面写,其实在物理主机的目录,设计目的就是数据持久化,完全独立于容器的生存周期,因此Docker不会在容器删除时,删除其挂载的数据卷
🦍挂载一个docker数据卷(目录)命令:docker run -d --name 容器名字 -v 本地全路径位置:容器目录 镜像名字
[root@localhost volumes]# docker run -d -it --name mynginx -v /data:/data nginx #创建一个容器 本地/data 挂载容器/data 83b2031a1245d56d33db880b10aecd0c5fe3a887df897b122b4ffbb5cc79a72c [root@localhost volumes]# cd /data/ [root@localhost data]# ls 22.txt dir1 dir10 dir2 dir3 dir4 dir5 dir6 dir7 dir8 dir9 [root@localhost data]# docker-in mynginx #进入容器 root@83b2031a1245:/# cd /data/ root@83b2031a1245:/data# ls 22.txt dir1 dir10 dir2 dir3 dir4 dir5 dir6 dir7 dir8 dir9 root@83b2031a1245:/data#
🦍挂载单个文件命令:docker run -d -it --name 容器名字 -v 本地全路径文件:容器全路径文件 镜像名字
[root@localhost data]# docker run -d -it --name mynginx1 -v /root/.bash_history:/.bash_history nginx
c7d302a36d173779f611366542fe373c94f46013f3b3435a55a18c34ff600b4a
[root@localhost data]# docker-in mynginx1
root@c7d302a36d17:/# ls -a
. .. .bash_history .dockerenv bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@c7d302a36d17:/#
🦍两个容器共享一个物理目录 命令:docker -run -d -it --name 容器名字 -v /data/gongxiang:/data 镜像名字
[root@localhost ~]# docker run -d -it --name mynginx1 -v /data/gongxiang/:/data/ nginx #容器mynginx1 41fbf01d44d65a569a1f81adca71a61ae3b92b7bc9e57c168dee2a185619b814 [root@localhost ~]# docker run -d -it --name mynginx2 -v /data/gongxiang/:/data/ nginx #容器mynginx2 43b34cc8bbbb797a9380323cc42b217baf7fdff461db323659ae8e7663934c7b [root@localhost ~]# cd /data/gongxiang/ [root@localhost gongxiang]# touch file{1..5} [root@localhost gongxiang]# ls file1 file2 file3 file4 file5 [root@localhost gongxiang]# docker exec mynginx ls /data Error response from daemon: No such container: mynginx [root@localhost gongxiang]# docker exec mynginx1 ls /data #容器mynginx1 file1 file2 file3 file4 file5 [root@localhost gongxiang]# docker exec mynginx2 ls /data #容器mynginx2 file1 file2 file3 file4 file5
🦍 查看容器挂载位置 docker inspect -f {{.Mounts}} 容器名称
[root@localhost gongxiang]# docker inspect -f {{.Mounts}} mynginx2
[{bind /data/gongxiang /data true rprivate}]
docker 镜像构造(重点)
插曲:为了构造镜像我要删除我所有建立容器命令:
杀死所有运行的容器:docker kill $(docker ps -a -q)
删除所有的容器:docker rm $(docker ps -a -q)
由于docker默认下载centos最新版本8,本次实验需要centos7,所以自己打包了镜像教程如下
1)基于CentOS7 Linux纯净系统(初始化安装完成),将Linux整个系统打包成tar文件即可;
2)tar --numeric-owner --exclude=/proc --exclude=/sys -cvf centos7-base.tar /
3)cat centos7-base.tar | docker import - centos7-mini2
第一步: 使用基础镜像 centos7-mini2 创建docker容器并进入容器
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos7-mini2 latest 12b2faae8c61 4 hours ago 823 MB data/mynginx v1 520deccc8f5e 8 days ago 293 MB docker.io/nginx latest 540a289bab6c 2 weeks ago 126 MB docker.io/ubuntu latest cf0f3ca922e0 2 weeks ago 64.2 MB docker.io/redis latest de25a81a5a0b 3 weeks ago 98.2 MB docker.io/centos latest 0f3e07c0138f 5 weeks ago 220 MB docker.io/nodesource/centos7 latest b87ca5bebf5e 3 years ago 621 MB [root@localhost ~]# [root@localhost ~]# docker run -it centos7-mini2 bash [root@5ba5aeada25a /]#
第二部: 配置基本服务 wget命令 yum源的配置
[root@5ba5aeada25a yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo [root@5ba5aeada25a yum.repos.d]# yum install wget 已加载插件:fastestmirror ...
... 1/1 已安装: wget.x86_64 0:1.14-18.el7_6.1 完毕! [root@5ba5aeada25a yum.repos.d]# ls CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo [root@5ba5aeada25a yum.repos.d]# mkdir backup [root@5ba5aeada25a yum.repos.d]# ls backup CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo [root@5ba5aeada25a yum.repos.d]# mv * backup/ mv: 无法将目录"backup" 移动至自身的子目录"backup/backup" 下 #这个报错没事 因为目的达到了 [root@5ba5aeada25a yum.repos.d]# ls backup [root@5ba5aeada25a yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo --2019-11-08 20:19:00-- http://mirrors.aliyun.com/repo/Centos-7.repo 正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 140.249.158.242, 140.249.158.241, 140.249.158.244, ... 正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|140.249.158.242|:80... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:2523 (2.5K) [application/octet-stream] 正在保存至: “/etc/yum.repos.d/CentOS-Base.repo” 100%[===================================================================================================>] 2,523 --.-K/s 用时 0s 2019-11-08 20:19:00 (295 MB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523]) [root@5ba5aeada25a yum.repos.d]# ls backup CentOS-Base.repo [root@5ba5aeada25a yum.repos.d]# wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo --2019-11-08 20:25:15-- http://mirrors.aliyun.com/repo/epel-7.repo 正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 119.167.173.240, 119.167.173.242, 119.167.173.238, ... 正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|119.167.173.240|:80... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:664 [application/octet-stream] 正在保存至: “/etc/yum.repos.d/epel-7.repo” 100%[===================================================================================================>] 664 --.-K/s 用时 0s 2019-11-08 20:25:15 (87.2 MB/s) - 已保存 “/etc/yum.repos.d/epel-7.repo” [664/664]) [root@5ba5aeada25a yum.repos.d]#
第三部: 安装nginx 修改nginx配置文件 使其前台运行
yum install nginx -y 此处刷屏了,就不展示了 只要把epel源安装好就能下载成
[root@5ba5aeada25a yum.repos.d]# yum install nginx -y 已加载插件:fastestmirror epel | 5.3 kB 00:00:00 (1/3): epel/x86_64/group_gz | 90 kB 00:00:00 (2/3): epel/x86_64/updateinfo ... ... perl-macros.x86_64 4:5.16.3-294.el7_6 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 作为依赖被升级: freetype.x86_64 0:2.8-14.el7 openssl.x86_64 1:1.0.2k-19.el7 openssl-libs.x86_64 1:1.0.2k-19.el7 完毕! root@5ba5aeada25a yum.repos.d]# [root@5ba5aeada25a yum.repos.d]# vi /etc/nginx/nginx.conf
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; daemon off; #添加这一行 因为默认是后台运行 docker是不允许的 修改成前台 worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; .... ... [root@5ba5aeada25a yum.repos.d]# nginx -t #测试配置文件修改是否正确 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@5ba5aeada25a yum.repos.d]# nginx #启动 发现终端被占用 表示成启动前台
第四部:我们克隆一个窗口 执行命令提交命令
[root@localhost ~]# docker commit -m "my nginx" 5ba5aeada25a data/mynginx:v1 sha256:cdea42920e4d55341304520d7afb495c5862cf9acd4e4eebe5bb672d71eca2d2 commit #提交 -m #描述 5ba5aeada25a #容器id date/ #名称 仓库的名称 mynginx #镜像名称 v1 #标签
制作成功:
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE data/mynginx v1 cdea42920e4d 3 minutes ago 1 GB #因为我打包的基础镜像比较大 centos7-mini2 latest 12b2faae8c61 5 hours ago 823 MB
启动: 启动新创建的镜像 映射本机81端口 容器80端口
[root@localhost ~]# docker run -d --name "mynginxtest" -p 81:80 data/mynginx:v1 nginx #这条不懂往上翻
190b71ed89d527502224b1f35e85b408999dbebf7e969f2324cbd2eca986d23f
打开网页测试宿主机ip+端口访问是否正常打开nginx服务
build构建ubuntu镜像 需要update时候,需要修改源
RUN sed -i 's/http:\/\/archive\.ubuntu\.com\/ubuntu\//http:\/\/mirrors\.163\.com\/ubuntu\//g' /etc/apt/sources.list
[root@k8s-slave4 yum.repos.d]# more Dockerfile # 告诉docker使用哪个基础镜像作为模板,后续命令都以这个镜像为基础 FROM ubuntu RUN sed -i 's/http:\/\/archive\.ubuntu\.com\/ubuntu\//http:\/\/mirrors\.163\.com\/ubuntu\//g' /etc/apt/sources.list # RUN命令会在上面指定的镜像里执行命令 RUN apt-get update && apt install -y nginx #告诉docker,启动容器时执行如下命令 CMD ["/usr/sbin/nginx", "-g","daemon off;"]
[root@k8s-slave4 yum.repos.d]# docker build ./ -t my-nginx:ubuntu -f Dockerfile #./表示当前目录
镜像仓库部署:
[root@k8s-slave4 yum.repos.d]# docker run -d -p 5000:5000 --restart always --name registry registry:2 #使用docker镜像启动镜像仓库服务 --restart always 当docker重启 容器自启动
#默认仓库不带认证,若需要认证,参考https://docs.docker.com/registry/deploying/#restricting-access
Unable to find image 'registry:2' locally 2: Pulling from library/registry cbdbe7a5bc2a: Pull complete 47112e65547d: Pull complete 46bcb632e506: Pull complete c1cc712bcecd: Pull complete 3db6272dcbfa: Pull complete Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d Status: Downloaded newer image for registry:2 2426bb9c4d24c992e8418cfd52588a34994f4272f6c128eae506c50c1b2f7c72 [root@k8s-slave4 yum.repos.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2426bb9c4d24 registry:2 "/entrypoint.sh /etc…" 5 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp registry
[root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# docker tag nginx:alpine localhost:5000/nginx:alpine #类似于别名 [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB
[root@k8s-slave4 yum.repos.d]# docker push localhost:5000/nginx:alpine #push 推 The push refers to repository [localhost:5000/nginx] 2367050c34dd: Pushed 2c8583333eb3: Pushed e2a648dc6400: Pushed 93e19e6dd56b: Pushed ace0eda3e3be: Pushed alpine: digest: sha256:f9ddfb3fd9590a3b6ba095939b7a5aee110a6fb397922e2684d6e189e78329c9 size: 1360
不允许地址访问
[root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker tag nginx:alpine 10.0.0.65:5000/nginx:alpine [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB 10.0.0.65:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker pu pull push [root@k8s-slave4 yum.repos.d]# docker push 10.0.0.65:5000/nginx:alpine The push refers to repository [10.0.0.65:5000/nginx] Get https://10.0.0.65:5000/v2/: http: server gave HTTP response to HTTPS client
## docker默认不允许向http的仓库地址推送,如何做成https的,参考:https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry
## 我们没有可信证书机构颁发的证书和域名,自签名证书需要在每个节点中拷贝证书文件,比较麻烦,因此我们通过配置daemon的方式,来跳过证书的验证:
$ cat /etc/docker/daemon.json { "registry-mirrors": [ "https://8xpk5wnt.mirror.aliyuncs.com" #加速地址 ], "insecure-registries": [ "192.168.136.10:5000" #本地地址 ] } [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB 10.0.0.65:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker push 10.0.0.65:5000/nginx:alpine The push refers to repository [10.0.0.65:5000/nginx] 2367050c34dd: Layer already exists 2c8583333eb3: Layer already exists e2a648dc6400: Layer already exists 93e19e6dd56b: Layer already exists ace0eda3e3be: Layer already exists alpine: digest: sha256:f9ddfb3fd9590a3b6ba095939b7a5aee110a6fb397922e2684d6e189e78329c9 size: 1360 #成功
往容器里面拷贝文件目录
[root@k8s-slave4 yum.repos.d]# docker cp Dockerfile nginx:/opt/my-vol/ [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# docker exec nginx ls /optm/my-vol/ ls: /optm/my-vol/: No such file or directory [root@k8s-slave4 yum.repos.d]# docker exec nginx ls /opt/my-vol/ Dockerfile
[root@k8s-slave4 yum.repos.d]# docker cp nginx:/opt/my-vol/Dockerfile /opt/
[root@k8s-slave4 yum.repos.d]# ls /opt/Dockerfile
/opt/Dockerfile
