docker容器基础不包括Dockerfile
Docker简介:
Docker通过内核虚拟化技术(namespaces及cgroups等)来提供容器的资源隔离与安全保障等。由于Docker通过操作系统层的虚拟化实现隔离,所有Docker容器在运行时,不需要类似虚拟机(VM)额外的操作系统开销,提高资源利用率。
Docker特性:
Docker的三大特性为BUILD(构建)、SHIP(运输)、RUN(运行)。(一次构建多处运 行,像不像JAVA呢)。docker是传统的CS架构分为docker client和docker server,主要分 为三大组件 镜像(image)、容器(container)、仓库(Repository)。
#docker不是一个虚拟机,它是一个内核级虚拟化。KVM通过模拟方式创建虚拟机,docker是通过隔离来进行创建容器。
#docker本质上就是宿主机上的一个进程,docker通过namespace实现了资源隔离,通过cgroup实现了资源限制,通过写时复制技术(copy-on-write)实现了高效的文件操作
docker安装:
本次笔记使用测试机器为:
1 2 3 | [root@localhost ~]# uname -a && cat /etc/redhat-release Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/LinuxCentOS Linux release 7.5.1804 (Core) |
yum源的问题自己解决:
yum install -y docker #yum安装
systemctl start docker #启动
systemctl enable docker #开机自启动
1 2 | [root@localhost system]# docker --version #docker 版本Docker version 1.13.1, build 7f2769b/1.13.1 |
docker网桥:理解成docker网络
1 2 3 4 5 6 7 8 | [root@localhost system]# ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 ether 02:42:5d:b8:c9:45 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
为了方便我们下载,一般情况都不会使用官方下载地址:
需要修改配置文件: /usr/lib/systemd/system/docker.service 这个方法有几种,我建议修改启动文件加入: 记得修改完毕后 systemctl daemon-reload systemctl start docker
1 | ExecStart=/usr/bin/dockerd-current --registry-mirror=https://a14c78qe.mirroryuncs.com \ |
更换存储目录
--graph=/opt/docker #docker存储路径
dns服务:默认采用宿主机的dns,也可以采用--dns=xxxx的方式指定
其他清关注 docker daemon --help #查看所有参数
1 2 3 4 5 6 7 8 9 10 11 | drwx------ 2 root root 6 11月 8 09:00 containers #用于存储容器信息drwx------ 3 root root 22 10月 29 10:04 image #用来存储镜像中间件及本身信息,大小,依赖信息drwxr-x--- 3 root root 19 10月 29 10:04 network drwx------ 25 root root 4096 11月 8 09:00 overlay2drwx------ 4 root root 32 10月 29 10:04 pluginsdrwx------ 2 root root 6 10月 29 10:04 swarmdrwx------ 2 root root 6 11月 6 13:50 tmp #docker临时目录drwx------ 2 root root 6 10月 29 10:04 trust #docker信任目录drwx------ 4 root root 169 10月 30 20:42 volumes #docker卷目录[root@localhost docker]# pwd/var/lib/docker |
docker镜像管理命令:
🦍搜索docker镜像命令:docker search + 镜像名字
1 2 3 4 5 6 7 8 9 10 11 12 | [root@localhost system]# docker search redis #下载redis镜像INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATEDdocker.io docker.io/redis Redis is an open source key-value store th... 7456 [OK] docker.io docker.io/bitnami/redis Bitnami Redis Docker Image 130 [OK]docker.io docker.io/sameersbn/redis 78 [OK]docker.io docker.io/grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 61 docker.io docker.io/rediscommander/redis-commander Alpine image for redis-commander - Redis m... 31 [OK]NAME # 镜像仓库DESCRIPTION # 镜像描述信息STARS # 镜像收藏数OFFICIAL # 是否为docker官方发布的镜像AUTOMATED # 是否为自动化构建的镜像,关于自动化构建,可以查看官方文档: |
🦍下载docker镜像命令:docker pull + 要下载的镜像名字
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [root@localhost system]# docker pull ubuntu #下载ubuntu镜像Using default tag: latestTrying to pull repository docker.io/library/ubuntu ... latest: Pulling from docker.io/library/ubuntu22e816666fd6: Pull complete 079b6d2a1e53: Pull complete 11048ebae908: Pull complete c58094023a2e: Pull complete Digest: sha256:a7b8b7b33e44b123d7f997bd4d3d0a59fafc63e203d17efedf09ff3f6f516152Status: Downloaded newer image for docker.io/ubuntu:latest#下载过程中会有百分之提示[root@localhost system]# docker images #查看机器上所有的镜像REPOSITORY TAG IMAGE ID CREATED SIZEdocker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB[root@localhost system]# |
🦍查看docker镜像命令:docker images
1 2 3 4 5 6 7 8 9 10 | [root@localhost system]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdocker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MBdocker.io/redis latest de25a81a5a0b 12 days ago 98.2 MBEPOSITORY:表示镜像的仓库源TAG:镜像的标签IMAGE ID:镜像IDCREATED:镜像创建时间SIZE:镜像大小 |
🦍删除docker镜像命令:docker rmi + 镜像id(镜像 ID 如果镜像创建了容器 则无法删除)
1 2 3 4 5 6 7 8 9 10 | [root@localhost opt]# docker rmi redis #因为此镜像文件没有创建容器 所有可以删除Untagged: redis:latestUntagged: docker.io/redis@sha256:fe80393a67c7058590ca6b6903f64e35b50fa411b0496f604a85c526fb5bd2d2Deleted: sha256:de25a81a5a0b6ff26c82bab404fff5de5bf4bbbc48c833412fb3706077d31134Deleted: sha256:b39d98a508cb9ecec080e09606005660caa3d3d8dd00083e333e6536114d531bDeleted: sha256:8232e1dcaa8e9392b2532e88f908e2d17a59203d1bc873d0f8cdbed68dfaeb4fDeleted: sha256:9064b95e7336eaeb34e78f6144214770b77319ddd2a185e8259becbc48a124a1Deleted: sha256:9be905466faa79aaf23c765addb691915a3a6f44e214cfde3707d24f99d304d0Deleted: sha256:c2aceb594f2f81781fb2afc198bde3f54de46a05666e33eab254e56b3396770fDeleted: sha256:b67d19e65ef653823ed62a5835399c610a40e8205c16f839c5cc567954fcf594 |
🦍倒入docker镜像命令:docker load --input centos.tar 或者 docker load < nginx.tar
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | [root@localhost opt]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdocker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MB[root@localhost opt]# docker load --input redis.tar b67d19e65ef6: Loading layer [==================================================>] 72.5 MB/72.5 MB49e8cbd510cb: Loading layer [==================================================>] 338.4 kB/338.4 kB3a473dd4661e: Loading layer [==================================================>] 4.081 MB/4.081 MB7d5a57ef0021: Loading layer [==================================================>] 24.66 MB/24.66 MB03d2cf48f68d: Loading layer [==================================================>] 1.536 kB/1.536 kB9a7a0e85c0df: Loading layer [==================================================>] 3.584 kB/3.584 kBLoaded image: docker.io/redis:latest[root@localhost opt]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdocker.io/ubuntu latest cf0f3ca922e0 10 days ago 64.2 MBdocker.io/redis latest de25a81a5a0b 12 days ago 98.2 MB |
🦍导出docker镜像命令:docker save -o centos.tar centos
1 2 3 | [root@localhost opt]# docker save -o redis.tar redis #导出redis镜像[root@localhost opt]# lsredis.tar |
docker 容器管理命令:
🦍启动容器:docker run 镜像名字 /bin/echo “hello world”
1 2 3 4 | [root@localhost ~]# docker run centos /bin/echo “hello world”“hello world”#centos 是镜像名称#启动了一个容器 echo hello world 运行完毕就退出 |
🦍长久启动容器:docker run --name 容器名称 -t -i 镜像名字 /bin/bash
1 2 | [root@localhost ~]# docker run --name mydocker -t -i centos /bin/bash[root@d1911da390b5 /]# #注意标识符 已经变了 说明已经进入容器啦 exit 退出容器 容器停止#如果容器镜像不存在 docker 也会自动pull镜像下载,之后在启动容器 |
🦍启动docker容器:docker start 容器名称
1 2 3 4 5 | [root@localhost ~]# docker start mydockermydocker[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESd1911da390b5 centos "/bin/bash" 15 minutes ago Up 8 seconds mydocker |
🦍启动docker容器,返回容器id:docker run -d 镜像名字
1 2 | [root@localhost ~]# docker run -d nginx86e4690a149bb41a84bb67ef9608406b4a996724cf6cba61f1b4c2fbb0d5871b<br>-d:后台运行 |
🦍进入docker容器:docker attach 容器名称
1 2 | [root@localhost ~]# docker attach mydocker[root@d1911da390b5 /]# |
🦍另一种进入docker容器方式(推荐企业常用)(重点)
使用nsenter命令 #如果没有的需要自己安装 yum install util-linux
首先先获取容器pid:
1 2 3 4 5 6 7 | [root@localhost ~]# docker start mydocker #开启一个容器mydockermydocker[root@localhost ~]# [root@localhost ~]# docker inspect -f "{{ .State.Pid}}" mydocker #获取mydocker的pid2326[root@localhost ~]# nsenter -t 2326 -m -u -i -n -p /bin/bash[root@d1911da390b5 /]# #已经进入容器中了 |
nsenter 参数
-t :要获取名字空间的目标进程
-m:命名空间
-u:UTC名称空间(主机名等)
-i:IPC名称空间
-n:网络名称空间
-p:pid名称空间
此方法进入容器是不是很麻烦,所以写成脚本才是线上操作:
1 2 3 4 5 6 7 | #!/bin/bashdocker_in(){ NAME_IN=$1 PID=$(docker inspect -f "{{ .State.Pid}}" $NAME_IN) nsenter -t $PID -m -u -i -n -p /bin/bash}docker_in $1 |
然后加入把脚本加入$PATH里面
1 2 3 4 | [root@localhost ~]# lsanaconda-ks.cfg docker-in[root@localhost ~]# which docker-in/usr/local/sbin/docker-in |
🦍不想进入容器,但想执行命令:docker exec 容器名称 命令
1 2 | [root@localhost ~]# docker exec mydocker whoamiroot |
🦍命令:docker ps -a 查看运行的容器
1 2 3 | [root@localhost ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES5d33cb0f5fd2 ubuntu "/bin/bash" 6 seconds ago Up 5 seconds gs_ub |
🦍命令:docker rm + 容器名称 | docker rm -f 强制删除 (运行的也删除)删除容器
1 2 3 4 5 6 7 8 9 | [root@localhost opt]# docker run --name "xiaoqi" ubuntu /bin/echo "hello" #创建一个name叫xiaoqi容器运行ubuntu镜像执行 echo hellohello[root@localhost opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES121b5b31b014 ubuntu "/bin/echo hello" 4 seconds ago Exited (0) 3 seconds ago xiaoqi[root@localhost opt]# docker rm xiaoqi #删除xiaoqi[root@localhost opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES |
docker网络访问:
默认情况下docker会创建一个桥接的网卡(网桥 docker0)
🦍随机映射命令:docker run -d -P 镜像名字 #生产上很少用 这个P 是大P
1 2 3 4 5 6 7 8 9 10 11 12 13 | [root@localhost ~]# docker run -d -P nginx733320de22295b2bae20a9c5f9ce02379ea356790078cf17c79e3cf8d19a5725 #此乃容器唯一id[root@localhost ~]# netstat -tnlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 902/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1050/master tcp6 0 0 :::32768 :::* LISTEN 3307/docker-proxy-ctcp6 0 0 :::22 :::* LISTEN 902/sshd tcp6 0 0 ::1:25 :::* LISTEN 1050/master [root@localhost ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES733320de2229 nginx "nginx -g 'daemon ..." 59 seconds ago Up 58 seconds 0.0.0.0:32768->80/tcp upbeat_dijkstra |
🦍指定映射命令:docker run -d -p 本地端口:容器端口 镜像 #此处是小p
-p hostPort:containerPort #本地端口 跟 容器端口映射
-p ip:hostPort:containerPort #指定ip地址加端口号 跟 容器端口映射
-p ip::containerPort #指定本地ip随机端口 跟 容器端口映射
-p hostPort:containerPort:udp #指定本地端口 跟 容器端口定义的协议映射
1 2 3 4 5 6 7 8 9 10 11 12 13 | [root@localhost ~]# docker run -d -it -p 8080:80 --name mynginx nginx #本地8080端口 提供容器80端口的服务d9154cf4fb235a22f43d2c86f5558e1ff01bc86be7618509db7965ce4126f459[root@localhost ~]# netstat -tnlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 902/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1050/master tcp6 0 0 :::8080 :::* LISTEN 3475/docker-proxy-ctcp6 0 0 :::22 :::* LISTEN 902/sshd tcp6 0 0 ::1:25 :::* LISTEN 1050/master [root@localhost ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESd9154cf4fb23 nginx "nginx -g 'daemon ..." 44 seconds ago Up 43 seconds 0.0.0.0:8080->80/tcp mynginx |
docker 数据管理:
数据卷的概念:我把物理主机的一个目录 mount(挂载) 到容器中,在容器里面写,其实在物理主机的目录,设计目的就是数据持久化,完全独立于容器的生存周期,因此Docker不会在容器删除时,删除其挂载的数据卷
🦍挂载一个docker数据卷(目录)命令:docker run -d --name 容器名字 -v 本地全路径位置:容器目录 镜像名字
1 2 3 4 5 6 7 8 9 10 | [root@localhost volumes]# docker run -d -it --name mynginx -v /data:/data nginx #创建一个容器 本地/data 挂载容器/data83b2031a1245d56d33db880b10aecd0c5fe3a887df897b122b4ffbb5cc79a72c[root@localhost volumes]# cd /data/[root@localhost data]# ls22.txt dir1 dir10 dir2 dir3 dir4 dir5 dir6 dir7 dir8 dir9[root@localhost data]# docker-in mynginx #进入容器root@83b2031a1245:/# cd /data/root@83b2031a1245:/data# ls22.txt dir1 dir10 dir2 dir3 dir4 dir5 dir6 dir7 dir8 dir9root@83b2031a1245:/data# |
🦍挂载单个文件命令:docker run -d -it --name 容器名字 -v 本地全路径文件:容器全路径文件 镜像名字
1 2 3 4 5 6 | [root@localhost data]# docker run -d -it --name mynginx1 -v /root/.bash_history:/.bash_history nginxc7d302a36d173779f611366542fe373c94f46013f3b3435a55a18c34ff600b4a[root@localhost data]# docker-in mynginx1root@c7d302a36d17:/# ls -a. .. .bash_history .dockerenv bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr varroot@c7d302a36d17:/# |
🦍两个容器共享一个物理目录 命令:docker -run -d -it --name 容器名字 -v /data/gongxiang:/data 镜像名字
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@localhost ~]# docker run -d -it --name mynginx1 -v /data/gongxiang/:/data/ nginx #容器mynginx141fbf01d44d65a569a1f81adca71a61ae3b92b7bc9e57c168dee2a185619b814[root@localhost ~]# docker run -d -it --name mynginx2 -v /data/gongxiang/:/data/ nginx #容器mynginx243b34cc8bbbb797a9380323cc42b217baf7fdff461db323659ae8e7663934c7b[root@localhost ~]# cd /data/gongxiang/[root@localhost gongxiang]# touch file{1..5}[root@localhost gongxiang]# lsfile1 file2 file3 file4 file5[root@localhost gongxiang]# docker exec mynginx ls /dataError response from daemon: No such container: mynginx[root@localhost gongxiang]# docker exec mynginx1 ls /data #容器mynginx1file1file2file3file4file5[root@localhost gongxiang]# docker exec mynginx2 ls /data #容器mynginx2file1file2file3file4file5 |
🦍 查看容器挂载位置 docker inspect -f {{.Mounts}} 容器名称
1 2 | [root@localhost gongxiang]# docker inspect -f {{.Mounts}} mynginx2 [{bind /data/gongxiang /data true rprivate}] |
docker 镜像构造(重点)
插曲:为了构造镜像我要删除我所有建立容器命令:
杀死所有运行的容器:docker kill $(docker ps -a -q)
删除所有的容器:docker rm $(docker ps -a -q)
由于docker默认下载centos最新版本8,本次实验需要centos7,所以自己打包了镜像教程如下
1)基于CentOS7 Linux纯净系统(初始化安装完成),将Linux整个系统打包成tar文件即可;
2)tar --numeric-owner --exclude=/proc --exclude=/sys -cvf centos7-base.tar /
3)cat centos7-base.tar | docker import - centos7-mini2
第一步: 使用基础镜像 centos7-mini2 创建docker容器并进入容器
1 2 3 4 5 6 7 8 9 10 11 12 | [root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEcentos7-mini2 latest 12b2faae8c61 4 hours ago 823 MBdata/mynginx v1 520deccc8f5e 8 days ago 293 MBdocker.io/nginx latest 540a289bab6c 2 weeks ago 126 MBdocker.io/ubuntu latest cf0f3ca922e0 2 weeks ago 64.2 MBdocker.io/redis latest de25a81a5a0b 3 weeks ago 98.2 MBdocker.io/centos latest 0f3e07c0138f 5 weeks ago 220 MBdocker.io/nodesource/centos7 latest b87ca5bebf5e 3 years ago 621 MB[root@localhost ~]# [root@localhost ~]# docker run -it centos7-mini2 bash[root@5ba5aeada25a /]# |
第二部: 配置基本服务 wget命令 yum源的配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | [root@5ba5aeada25a yum.repos.d]# lsCentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo [root@5ba5aeada25a yum.repos.d]# yum install wget 已加载插件:fastestmirror...... 1/1已安装: wget.x86_64 0:1.14-18.el7_6.1 完毕![root@5ba5aeada25a yum.repos.d]# lsCentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo[root@5ba5aeada25a yum.repos.d]# mkdir backup[root@5ba5aeada25a yum.repos.d]# lsbackup CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Vault.repo[root@5ba5aeada25a yum.repos.d]# mv * backup/mv: 无法将目录"backup" 移动至自身的子目录"backup/backup" 下 #这个报错没事 因为目的达到了[root@5ba5aeada25a yum.repos.d]# lsbackup [root@5ba5aeada25a yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo--2019-11-08 20:19:00-- http://mirrors.aliyun.com/repo/Centos-7.repo正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 140.249.158.242, 140.249.158.241, 140.249.158.244, ...正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|140.249.158.242|:80... 已连接。已发出 HTTP 请求,正在等待回应... 200 OK长度:2523 (2.5K) [application/octet-stream]正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”100%[===================================================================================================>] 2,523 --.-K/s 用时 0s 2019-11-08 20:19:00 (295 MB/s) - 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2523/2523])[root@5ba5aeada25a yum.repos.d]# lsbackup CentOS-Base.repo[root@5ba5aeada25a yum.repos.d]# wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo --2019-11-08 20:25:15-- http://mirrors.aliyun.com/repo/epel-7.repo正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 119.167.173.240, 119.167.173.242, 119.167.173.238, ...正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|119.167.173.240|:80... 已连接。已发出 HTTP 请求,正在等待回应... 200 OK长度:664 [application/octet-stream]正在保存至: “/etc/yum.repos.d/epel-7.repo”100%[===================================================================================================>] 664 --.-K/s 用时 0s 2019-11-08 20:25:15 (87.2 MB/s) - 已保存 “/etc/yum.repos.d/epel-7.repo” [664/664])[root@5ba5aeada25a yum.repos.d]# |
第三部: 安装nginx 修改nginx配置文件 使其前台运行
yum install nginx -y 此处刷屏了,就不展示了 只要把epel源安装好就能下载成
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | [root@5ba5aeada25a yum.repos.d]# yum install nginx -y 已加载插件:fastestmirrorepel | 5.3 kB 00:00:00 (1/3): epel/x86_64/group_gz | 90 kB 00:00:00 (2/3): epel/x86_64/updateinfo ...... perl-macros.x86_64 4:5.16.3-294.el7_6 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 作为依赖被升级: freetype.x86_64 0:2.8-14.el7 openssl.x86_64 1:1.0.2k-19.el7 openssl-libs.x86_64 1:1.0.2k-19.el7 完毕!root@5ba5aeada25a yum.repos.d]# [root@5ba5aeada25a yum.repos.d]# vi /etc/nginx/nginx.conf# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;daemon off; #添加这一行 因为默认是后台运行 docker是不允许的 修改成前台worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;.......[root@5ba5aeada25a yum.repos.d]# nginx -t #测试配置文件修改是否正确nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[root@5ba5aeada25a yum.repos.d]# nginx #启动 发现终端被占用 表示成启动前台 |
第四部:我们克隆一个窗口 执行命令提交命令
1 2 3 4 5 6 7 8 9 | [root@localhost ~]# docker commit -m "my nginx" 5ba5aeada25a data/mynginx:v1sha256:cdea42920e4d55341304520d7afb495c5862cf9acd4e4eebe5bb672d71eca2d2commit #提交-m #描述5ba5aeada25a #容器iddate/ #名称 仓库的名称mynginx #镜像名称v1 #标签 |
制作成功:
1 2 3 4 | [root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEdata/mynginx v1 cdea42920e4d 3 minutes ago 1 GB #因为我打包的基础镜像比较大centos7-mini2 latest 12b2faae8c61 5 hours ago 823 MB |
启动: 启动新创建的镜像 映射本机81端口 容器80端口
1 2 | [root@localhost ~]# docker run -d --name "mynginxtest" -p 81:80 data/mynginx:v1 nginx #这条不懂往上翻190b71ed89d527502224b1f35e85b408999dbebf7e969f2324cbd2eca986d23f |
打开网页测试宿主机ip+端口访问是否正常打开nginx服务
build构建ubuntu镜像 需要update时候,需要修改源
RUN sed -i 's/http:\/\/archive\.ubuntu\.com\/ubuntu\//http:\/\/mirrors\.163\.com\/ubuntu\//g' /etc/apt/sources.list
[root@k8s-slave4 yum.repos.d]# more Dockerfile # 告诉docker使用哪个基础镜像作为模板,后续命令都以这个镜像为基础 FROM ubuntu RUN sed -i 's/http:\/\/archive\.ubuntu\.com\/ubuntu\//http:\/\/mirrors\.163\.com\/ubuntu\//g' /etc/apt/sources.list # RUN命令会在上面指定的镜像里执行命令 RUN apt-get update && apt install -y nginx #告诉docker,启动容器时执行如下命令 CMD ["/usr/sbin/nginx", "-g","daemon off;"]
[root@k8s-slave4 yum.repos.d]# docker build ./ -t my-nginx:ubuntu -f Dockerfile #./表示当前目录
镜像仓库部署:
[root@k8s-slave4 yum.repos.d]# docker run -d -p 5000:5000 --restart always --name registry registry:2 #使用docker镜像启动镜像仓库服务 --restart always 当docker重启 容器自启动
#默认仓库不带认证,若需要认证,参考https://docs.docker.com/registry/deploying/#restricting-access
Unable to find image 'registry:2' locally 2: Pulling from library/registry cbdbe7a5bc2a: Pull complete 47112e65547d: Pull complete 46bcb632e506: Pull complete c1cc712bcecd: Pull complete 3db6272dcbfa: Pull complete Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d Status: Downloaded newer image for registry:2 2426bb9c4d24c992e8418cfd52588a34994f4272f6c128eae506c50c1b2f7c72 [root@k8s-slave4 yum.repos.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2426bb9c4d24 registry:2 "/entrypoint.sh /etc…" 5 seconds ago Up 3 seconds 0.0.0.0:5000->5000/tcp registry
[root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# docker tag nginx:alpine localhost:5000/nginx:alpine #类似于别名 [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB
[root@k8s-slave4 yum.repos.d]# docker push localhost:5000/nginx:alpine #push 推 The push refers to repository [localhost:5000/nginx] 2367050c34dd: Pushed 2c8583333eb3: Pushed e2a648dc6400: Pushed 93e19e6dd56b: Pushed ace0eda3e3be: Pushed alpine: digest: sha256:f9ddfb3fd9590a3b6ba095939b7a5aee110a6fb397922e2684d6e189e78329c9 size: 1360
不允许地址访问
[root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker tag nginx:alpine 10.0.0.65:5000/nginx:alpine [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB 10.0.0.65:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker pu pull push [root@k8s-slave4 yum.repos.d]# docker push 10.0.0.65:5000/nginx:alpine The push refers to repository [10.0.0.65:5000/nginx] Get https://10.0.0.65:5000/v2/: http: server gave HTTP response to HTTPS client
## docker默认不允许向http的仓库地址推送,如何做成https的,参考:https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry
## 我们没有可信证书机构颁发的证书和域名,自签名证书需要在每个节点中拷贝证书文件,比较麻烦,因此我们通过配置daemon的方式,来跳过证书的验证:
$ cat /etc/docker/daemon.json { "registry-mirrors": [ "https://8xpk5wnt.mirror.aliyuncs.com" #加速地址 ], "insecure-registries": [ "192.168.136.10:5000" #本地地址 ] } [root@k8s-slave4 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-nginx ubuntu a83338ef5fce 34 hours ago 156MB 10.0.0.65:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB localhost:5000/nginx alpine e5dcd7aa4b5e 11 days ago 21.8MB ubuntu latest d70eaf7277ea 3 weeks ago 72.9MB registry 2 2d4f4b5309b1 5 months ago 26.2MB [root@k8s-slave4 yum.repos.d]# docker push 10.0.0.65:5000/nginx:alpine The push refers to repository [10.0.0.65:5000/nginx] 2367050c34dd: Layer already exists 2c8583333eb3: Layer already exists e2a648dc6400: Layer already exists 93e19e6dd56b: Layer already exists ace0eda3e3be: Layer already exists alpine: digest: sha256:f9ddfb3fd9590a3b6ba095939b7a5aee110a6fb397922e2684d6e189e78329c9 size: 1360 #成功
往容器里面拷贝文件目录
[root@k8s-slave4 yum.repos.d]# docker cp Dockerfile nginx:/opt/my-vol/ [root@k8s-slave4 yum.repos.d]# [root@k8s-slave4 yum.repos.d]# docker exec nginx ls /optm/my-vol/ ls: /optm/my-vol/: No such file or directory [root@k8s-slave4 yum.repos.d]# docker exec nginx ls /opt/my-vol/ Dockerfile
[root@k8s-slave4 yum.repos.d]# docker cp nginx:/opt/my-vol/Dockerfile /opt/
[root@k8s-slave4 yum.repos.d]# ls /opt/Dockerfile
/opt/Dockerfile
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列:基于图像分类模型对图像进行分类
· go语言实现终端里的倒计时
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 25岁的心里话
· 按钮权限的设计及实现