Docker
官网:https://docs.docker.com/ (需要VPN)
文档: http://www.docker.org.cn/book/docker.html
why docker
docker可以粗略地理解为轻量级虚拟机
概念
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
容器虚拟化,比传统的虚拟化轻量
Redhat在6.5版本开始支持docker
使用go语言开发,基于apache2.0协议
开源软件,项目代码在github维护
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
1. 镜像 是一个只读的模板,类似于安装系统用到的那个iso文件,我们通过镜像来完成各种应用的部署。 2. docker容器 镜像类似于操作系统,而容器类似于虚拟机本身。它可以被启动、开始、停止、删除等操作,每个容器都是相互隔离的。 3. docker仓库 存放镜像的一个场所,仓库分为公开仓库和私有仓库。 最大的公开仓库是Docker hub(hub.docker.com),国内公开仓库http://dockerpool.com/ 4.与KVM比 Docker并不是全能的,设计之初也不是KVM之类虚拟化手段的替代品,Docker的初衷也就是将各种应用程序和他们所依赖的运行环境打包成标准的container/image,进而发布到不同的平台上运行; 简单的说Docker是一个构建在LXC之上的,基于进程容器(Processcontainer)的轻量级VM解决方案; Docker核心解决的问题是利用LXC来实现类似VM的功能, LXC 其并不是一套硬件虚拟化方法 - 无法归属到全虚拟化、部分虚拟化和半虚拟化中的任意一个,而是一个操作系统级虚拟化方法安装 5.容器和虚拟机的概念并不相同,容器也并不能取代虚拟机。在容器力所不能及的地方,虚拟机可以大显身手。例如:宿主机是 Linux,只能通过虚拟机运行 Windows,Docker 便无法做到。再例如,宿主机是 Windows,Windows 并不能直接运行 Docker,Windows上的 Docker 其实是运行在 VirtualBox 虚拟机里的。
多数操作可以通过镜像ID或镜像名实现,使用镜像ID可简写
在线docker环境
去docker官网注册一个账号,然后到下面的网址登录,每个linux都安装好了docker,但是每个docker的有效期为4h
https://labs.play-with-docker.com
升级内核
CentOS6.X 升级内核 至 3.10
Docker 运行在 CentOS 7 上,要求系统为64位、系统内核版本为 3.10 以上。 Docker 运行在 CentOS-6.5 或更高的版本的 CentOS 上,要求系统为64位、系统内核版本为 2.6.32-431 或者更高版本 CentOS 7 的内核一般都是3.10的,而CentOS 6.X 的内核一般都是2.6,在2.6的内核下,Docker运行会比较卡,所以一般会选择升级到3.10版本。
查看当前内核版本
[root@iZm5e0bf6o9xfyes2a6s2xZ ~]# cat /etc/issue CentOS release 6.9 (Final) Kernel \r on an \m [root@iZm5e0bf6o9xfyes2a6s2xZ ~]# uname -r 2.6.32-642.6.1.el6.x86_64
导入public key
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
安装ELRepo到CentOS
可以去http://elrepo.org/tiki/tiki-index.php 选择要安装的ELRepo
rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm
重启
安装Docker
预操作
centos7 上安装(6.5之前版本需要升级一下 yum update ) yum install -y epel-release
安装docker
yum install -y yum-utils \ device-mapper-persistent-data \ lvm2 yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo yum install docker-ce # ce是社区版 systemctl start docker # 启动docker
配置 Docker 加速器
文档 https://www.daocloud.io/mirror#accelerator-doc
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://addad01f.m.daocloud.io 重启docker服务
docker目录
/var/lib/docker
镜像管理
下载安装镜像
从这个网址https://hub.docker.com下载镜像
等效于
#从docker仓库搜索docker镜像 docker search centos docker pull centos:6
查看下载的镜像
docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos latest bac949ce964b 10 days ago 192.5 MB
更改镜像Tag
(复制镜像): docker tag centos:latest centos:hy
[root@centos6 ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos latest bac949ce964b 10 days ago 192.5 MB centos hy bac949ce964b 10 days ago 192.5 MB
删除镜像
[root@centos6 ~]# docker rmi centos:hy Untagged: centos:hy [root@centos6 ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos latest bac949ce964b 10 days ago 192.5 MB docker rmi 镜像ID/镜像REPOSITORY/镜像REPOSITORY:TAG (注:如果镜像有容器未删除,首先要删除容器,docker rm 容器名) 用来删除指定镜像, 其中后面的参数可以是tag,如果是tag时,实际上是删除该tag,只要该镜像还有其他tag,就不会删除该镜像。 当后面的参数为镜像ID时,则会彻底删除整个镜像,连通所有标签一同删除
镜像信息
docker history 镜像 # 镜像历史信息 docker inspect 镜像 # 镜像详细信息
容器管理
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
Usage: docker COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: config Manage Docker configs container Manage containers image Manage images network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes
创建容器
#创建但不启动 docker create -it centos_with_nettool #创建后启动但不进入(推荐写法) docker run -itd --name hy_centos1 centos /bin/bash #docker run=docker create + docker start #创建后启动并进入,退出后容器关闭,-i表示让容器的标准输入打开,-t表示分配一个伪终端 docker run -it centos /bin/bash [root@930883200a20 /]# #启动后,主机名是镜像ID docker run --name hy_centos1 -it centos /bin/bash #创建时命名 [root@centos6 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f18132a1cd5a centos "/bin/bash" 5 seconds ago Up 5 seconds hy_centos1
查看正在运行的容器
#加上-a选项可以查看没有运行的容器
[root@centos6 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 930883200a20 centos "/bin/bash" 9 minutes ago Up 9 minutes trusting_turing
容器的 停止\启动\退出\进入\删除
docker start 930883200a20 #启动已经创建或关闭的的容器 docker stop 930883200a20 #停止容器 docker attach 930883200a20 #进入容器,exit退出容器也就停止了容器 docker exec -it hy_centos1 /bin/bash #交互式进入运行中的容器,exit退出容器不会停止容器 docker exec -d dameon_dave touch /etc/new_config_file #后台式进入运行中的容器,但不进入shell exit 或ctrl + d #退出容器 docker rm # 容器的删除(前提是已关闭)
容器重命名
docker rename 容器id或容器名 新容器名
获取容器日志
docker logs -t 930883200a20 > 1.txt
获取容器内部进程
[root@centos6 ~]# docker top 930883200a20 UID PID PPID C STIME TTY TIME CMD root 7965 6505 0 23:39 pts/3 00:00:00 /bin/bash
查看容器信息
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
[root@centos6 ~]# docker info Containers: 2 Images: 4 Storage Driver: devicemapper Pool Name: docker-202:1-1574041-pool Pool Blocksize: 65.54 kB Backing Filesystem: extfs Data file: /dev/loop0 Metadata file: /dev/loop1 Data Space Used: 700.6 MB Data Space Total: 107.4 GB Data Space Available: 39.81 GB Metadata Space Used: 1.114 MB Metadata Space Total: 2.147 GB Metadata Space Available: 2.146 GB Udev Sync Supported: true Deferred Removal Enabled: false Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Library Version: 1.02.117-RHEL6 (2016-04-01) Execution Driver: native-0.2 Logging Driver: json-file Kernel Version: 2.6.32-642.13.1.el6.x86_64 Operating System: <unknown> CPUs: 1 Total Memory: 994.5 MiB Name: centos6 ID: TYF4:MDG3:XFO6:2JVY:N66B:CO3L:DMTK:YURX:J2IL:TA7Z:JR7H:LY6L
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
[root@centos6 ~]# docker inspect hy_centos1 [ { "Id": "f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4", "Created": "2017-03-26T15:56:19.083645054Z", "Path": "/bin/bash", "Args": [], "State": { "Running": true, "Paused": false, "Restarting": false, "OOMKilled": true, "Dead": false, "Pid": 8594, "ExitCode": 0, "Error": "", "StartedAt": "2017-03-26T16:07:51.77801308Z", "FinishedAt": "2017-03-26T16:05:24.569155761Z" }, "Image": "bac949ce964bd3ccf89104b91b589a0b662ebb90648c60d70d61febdb5be8535", "NetworkSettings": { "Bridge": "", "EndpointID": "5bbced07f8872aaba1e243193224800e10f6607aacf3880e6abcdd67837481f6", "Gateway": "192.168.42.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "192.168.42.7", "IPPrefixLen": 24, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "02:42:c0:a8:2a:07", "NetworkID": "6e022f1545fc8fe7e5f0a7026e9d431cdb9c2f0ab49bdc254d0cbc48bb1605e5", "PortMapping": null, "Ports": {}, "SandboxKey": "/var/run/docker/netns/f18132a1cd5a", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null }, "ResolvConfPath": "/var/lib/docker/containers/f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4/resolv.conf", "HostnamePath": "/var/lib/docker/containers/f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4/hostname", "HostsPath": "/var/lib/docker/containers/f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4/hosts", "LogPath": "/var/lib/docker/containers/f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4/f18132a1cd5ab3bd45ce11379d213101a35c2149a9ef7f6398e7899bc56edea4-json.log", "Name": "/hy_centos1", "RestartCount": 0, "Driver": "devicemapper", "ExecDriver": "native-0.2", "MountLabel": "", "ProcessLabel": "", "Volumes": {}, "VolumesRW": {}, "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LxcConf": [], "Memory": 0, "MemorySwap": 0, "CpuShares": 0, "CpuPeriod": 0, "CpusetCpus": "", "CpusetMems": "", "CpuQuota": 0, "BlkioWeight": 0, "OomKillDisable": false, "Privileged": false, "PortBindings": {}, "Links": null, "PublishAllPorts": false, "Dns": null, "DnsSearch": null, "ExtraHosts": null, "VolumesFrom": null, "Devices": [], "NetworkMode": "bridge", "IpcMode": "", "PidMode": "", "UTSMode": "", "CapAdd": null, "CapDrop": null, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "SecurityOpt": null, "ReadonlyRootfs": false, "Ulimits": null, "LogConfig": { "Type": "json-file", "Config": {} }, "CgroupParent": "" }, "Config": { "Hostname": "f18132a1cd5a", "Domainname": "", "User": "", "AttachStdin": true, "AttachStdout": true, "AttachStderr": true, "PortSpecs": null, "ExposedPorts": null, "Tty": true, "OpenStdin": true, "StdinOnce": true, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "Image": "centos", "Volumes": null, "VolumeDriver": "", "WorkingDir": "", "Entrypoint": null, "NetworkDisabled": false, "MacAddress": "", "OnBuild": null, "Labels": { "build-date": "20170315", "license": "GPLv2", "name": "CentOS Base Image", "vendor": "CentOS" } } } ]
看一下网卡
新安装的centos默认没有ifconfig命令,yum install net-tools wget
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
veth2f1f4b0 Link encap:Ethernet HWaddr 36:82:16:E9:02:60 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
[root@centos6 ~]# ifconfig docker0 Link encap:Ethernet HWaddr 9A:49:BF:18:5B:11 inet addr:192.168.42.1 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11504 errors:0 dropped:0 overruns:0 frame:0 TX packets:31279 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:566213 (552.9 KiB) TX bytes:43404283 (41.3 MiB)
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.42.20 netmask 255.255.255.0 broadcast 0.0.0.0 ether 02:42:c0:a8:2a:14 txqueuelen 0 (Ethernet) RX packets 7769 bytes 11539616 (11.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2754 bytes 184091 (179.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
用容器制作镜像 #一般不这样制作,用dockerfile制作
docker commit -m "install net-tools and wget" -a "hy" centos1 centos_with_nettool # docker commit -m "修改了什么" -a "作者" 旧容器 新镜像名 [root@centos6 ~]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos_with_nettool latest 2b79fe26bfbc 4 minutes ago 274 MB centos latest bac949ce964b 10 days ago 192.5 MB
镜像 压缩解压
https://openvz.org/Download/template/precreated openvz同样也是一种容器虚拟化,和docker容器技术类似,但是有很大的不同。而openvz的这个模板,你可以理解为类似于docker的这种镜像,格式肯定是不一样的。虽然,docker可以使用openvz的模板。 wget http://download.openvz.org/template/precreated/centos-6-x86_64-devel.tar.gz #下载了一个centos的模板(镜像的压缩文件) cat centos-6-x86_64-devel.tar.gz | docker import - centos-6-x86_64 #导入该镜像,就是解压模板文件 # docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE centos_with_nettool latest 2b79fe26bfbc 13 hours ago 274 MB centos latest bac949ce964b 11 days ago 192.5 MB 把现有镜像,导出为一个文件:压缩镜像 docker save -o centos_with_nettool.tar centos_with_nettool 用该文件恢复本地镜像:解压镜像 docker load --input centos_with_nettool.tar docker load < centos_with_nettool.tar
仓库管理
提交镜像到私有仓库
#registy为docker官方提供的一个镜像,我们可以用它来创建本地的docker私有仓库 docker pull registry #以registry镜像启动容器,监听5000端口 docker run -d -p 5000:5000 registry #标记一下tag,必须要带有私有仓库的ip:port docker tag centos 127.0.0.1:5000/centos_registry1 #修改不会出现push报错 vim /etc/init.d/docker 把 $exec -d $other_args 改为 $exec -d --insecure-registry 127.0.0.1:5000 $other_args 然后重启docker service docker restart 再启动registry容器 提交 docker push 127.0.0.1:5000/centos_registry1 # curl http://127.0.0.1/v2/_catalog {"repositories":["centos_registry1"]} #还可以通过公网IP和其它丝网IP查看私有仓库
数据管理
什么是数据卷
就是将宿主机的某个目录,映射到容器中,作为数据存储的目录,我们就可以在宿主机对数据进行存储
数据卷特性:
1.数据卷可以在容器间共享和重用,本地与容器间传递数据更高效;
2.对数据卷的修改会立马有效,容器内部与本地目录均可
3.对数据卷的更新不会影响镜像,对数据与应用进行了解耦操作
4.卷会一直存在,知道没有容器使用
新容器挂载宿主机目录
docker run --name centos2 -tid -v /data/:/data centos bash docker run --name new_docker_name -tid -v 宿主机目录:容器目录 镜像 bash #宿主机目录必须存在,容器目录可不存在
-v 关联宿主机和容器
新容器挂载其它容器目录
docker run --name centos3 -itd --volumes-from centos2 centos bash
--volumes-from 关联容器和容器
创建数据卷容器
#数据卷就是能被挂载的目录
专门用来管理数据卷
docker create -v /data/ --name centos_vol centos docker run -itd -v /data/ --name centos_vol centos bash /data为容器目录 数据卷容器可以不用启动,因此推荐第一种写法
数据卷的备份与恢复
1.备份数据卷 解决的问题:数据卷容器和宿主机没有数据挂载关系,不能直接备份到宿主机 思路:新建一个容器,新容器关联宿主机,同时关联数据卷容器,那么数据卷容器就和宿主机就能手动关联起来了 mkdir /vol_data_backup #宿主机备份目录 docker run --volumes-from centos_vol -v /vol_data_backup/:/backup centos #新容器,关联数据卷容器和宿主机 /# tar cvf /backup/data.tar /data/ #在新容器上 2.恢复数据卷 思路:先新建一个数据卷容器,再建一个新的容器并挂载该数据卷容器,然后再把tar包解包。 docker run -itd -v /data/ --name centos_vol2 centos bash docker run --volumes-from centos_vol2 -v /vol_data_backup/:/backup centos #新容器,关联数据卷容器和宿主机 # tar xvf /backup/data.tar
网络管理
四种默认的网络模式 host模式,使用docker run时使用--net=host指定docker使用的网络实际上和宿主机一样,在容器内看到的网卡ip是宿主机上的ip container模式,使用--net=container:container_id/container_name多个容器使用共同的网络,看到的ip是一样的 none模式,使用--net=none指定 这种模式下,不会配置任何网络 bridge模式,使用--net=bridge指定默认模式,不用指定默认就是这种网络模式。这种模式会为每个容器分配一个独立的Network Namespace。 类似于vmware的nat网络模式。同一个宿主机上的所有容器会在同一个网段下,相互之间是可以通信的。 docker默认没有桥接模式,但可以通过一些工具来实现桥接模式
外部访问容器
docker run -itd -p 5123:80 centos-httpd bash //-p 可以指定端口映射,本例中将容器的80端口映射为本地的5123端口
容器互联
使用link
缺点:只能单向访问
用容器名访问,多此一举,直接用IP
桥接网络
为了使本地网络中的机器和Docker容器更方便的通信,我们经常会有将Docker容器配置到和主机同一网段的需求 cd /etc/sysconfig/network-scripts/; cp ifcfg-eth0 ifcfg-br0 vi ifcfg-eth0 //增加BRIDGE=br0,删除IPADDR,NETMASK,GATEWAY,DNS1 vi ifcfg-br0//修改DEVICE为br0,Type为Bridge,把eth0的网络设置设置到这里来 service network restart 安装pipwork: git clone https://github.com/jpetazzo/pipework;cp ~/pipework/pipework /usr/local/bin/ 开启一个容器: docker run -itd --net=none --name bridge_censtos centos /bin/bash #不安会报错Object "netns" is unknown, try "ip help" rpm -Uvh https://repos.fedorapeople.org/openstack/EOL/openstack-grizzly/epel-6/iproute-2.6.32-130.el6ost.netns.2.x86_64.rpm pipework br0 bridge_censtos 172.7.15.201/24@172.7.15.1 //@后面的ip为网关ip docker exec -it bridge_censtos /bin/bash #进去后ifconfig查看就可以看到新添加的ip
Dockerfile
官方dockerfile https://github.com/docker-library
dcker官方文档 https://docs.docker.com/engine/reference/builder/#parser-directives
docker build -t new_image_name dockfile_path
1. FROM //指定基于哪个基础镜像 格式 FROM <image> 或者 FROM <image>:<tag>, 比如 FROM centos FROM centos:latest 2. MAINTAINER //指定作者信息 格式 MAINTAIN <name> ,比如 MAINTAINER centos_test centos_test@centos_testlinux.com 3. RUN //镜像操作指令 格式为 RUN <command> 或者 RUN [“executable”, “param1”, “param2”],比如 RUN yum install httpd RUN ["/bin/bash", "-c", "echo hello"] 4. CMD // 三种格式: CMD ["executable", "param1", "param2"] CMD command param1 param2 CMD ["param1", "param2"] RUN和CMD看起来挺像,但是CMD是容器启动时默认执行的命令,只能有一条,如果定义了多个只有最后一个会执行。比如 如果docker run指定了其它命令,CMD命令就会被忽略 CMD ["/bin/bash", "/usr/local/nginx/sbin/nginx", "-c", "/usr/local/nginx/conf/nginx.conf"] 5. EXPOSE 格式为 EXPOSE <port> [<port>...] , 比如 EXPOSE 22 80 8443 这个用来指定要映射出去的端口,比如容器内部我们启动了sshd和nginx,所以我们需要把22和80端口暴漏出去。 这个需要配合-P(大写)来工作,也就是说在启动容器时,需要加上-P,让它自动分配。 如果想指定具体的端口,也可以使用-p(小写)来指定。 6. ENV 格式 ENV <key> <value>, 比如 ENV PATH /usr/local/mysql/bin:$PATH 它主要是为后续的RUN指令提供一个环境变量,我们也可以定义一些自定义的变量 ENV MYSQL_version 5.6 # 引用 $MYSQL_version 7. ADD 格式 add <src> <dest> 将本地的一个文件或目录拷贝到容器的某个目录里(如果是压缩文件还会解压)。 其中src为Dockerfile所在目录的相对路径,它也可以是一个url。比如 ADD <conf/vhosts> </usr/local/nginx/conf> 8. COPY 格式同add 使用方法和add一样,不同的是,它不支持url 9. ENTRYPOINT 格式类似CMD 容器启动时要执行的命令,它和CMD很像,也是只有一条生效,如果写多个只有最后一条有效。和CMD不同是: CMD 是可以被 docker run 指令覆盖的,而ENTRYPOINT不能覆盖。比如,容器名字为centos_test 我们在Dockerfile中指定如下CMD: CMD [“/bin/echo”, “test ”] 启动容器的命令是 docker run centos_test 这样会输出 test 假如启动容器的命令是 docker run -it centos_test /bin/bash 什么都不会输出 ENTRYPOINT不会被覆盖,而且会比CMD或者docker run指定的命令要靠前执行 ENTRYPOINT ["echo", "test"] docker run -it centos_test 123 则会输入 test 123 ,这相当于要执行命令 echo test 123 10. VOLUME 格式 VOLUME ["/data"] 创建一个可以从本地主机或其他容器挂载的挂载点。 11. USER 格式 USER daemon 指定运行容器的用户 12. WORKDIR 格式 WORKDIR /path/to/workdir 为后续的RUN、CMD或者ENTRYPOINT指定工作目录
Docker Compose
定义:容器的批处理工具,多个容器难于管理,批处理工具,通过定义一个yml文件+一个命令即可管理
安装docker-compose
pip install docker-compose
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
Usage: docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...] docker-compose -h|--help Options: -f, --file FILE Specify an alternate compose file (default: docker-compose.yml) -p, --project-name NAME Specify an alternate project name (default: directory name) --verbose Show more output --log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL) --no-ansi Do not print ANSI control characters -v, --version Print version and exit -H, --host HOST Daemon socket to connect to --tls Use TLS; implied by --tlsverify --tlscacert CA_PATH Trust certs signed only by this CA --tlscert CLIENT_CERT_PATH Path to TLS certificate file --tlskey TLS_KEY_PATH Path to TLS key file --tlsverify Use TLS and verify the remote --skip-hostname-check Don't check the daemon's hostname against the name specified in the client certificate --project-directory PATH Specify an alternate working directory (default: the path of the Compose file) --compatibility If set, Compose will attempt to convert deploy keys in v3 files to their non-Swarm equivalent Commands: build Build or rebuild services bundle Generate a Docker bundle from the Compose file config Validate and view the Compose file create Create services down Stop and remove containers, networks, images, and volumes events Receive real time events from containers exec Execute a command in a running container help Get help on a command images List images kill Kill containers logs View output from containers pause Pause services port Print the public port for a port binding ps List containers pull Pull service images push Push service images restart Restart services rm Remove stopped containers run Run a one-off command scale Set number of containers for a service start Start services stop Stop services top Display the running processes unpause Unpause services up Create and start containers version Show the Docker-Compose version information
水平扩展scale
负载均衡lb
容器编排
Kubenetes
架构