一、Docker概述
1.简介
Docker是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的Linux机器或Windows机器上,也可以实现虚拟化。容器时完全使用沙箱机制,相互之间不会有任何接口。
2.特点
- 服务彼此之间相互独立(服务之间的解耦)
- 服务可以灵活迁移
耦合是指两个或两个以上的体系或两种运动形式通过相互作用而彼此影响以至联合起来的现象
解耦是指用数学方法讲两种运动分离开来处理问题,常用解耦方法就是忽略或简化对所研究问题影响较小的一种运动,之分析主要的运动(便于管理,防止数据过多的积累在一个文件中)
3.与虚拟机的区别
- 虚拟机容量占用打,容器不需要装系统,占用容量小
- 虚拟机安全,容器不安全(共享内核资源),攻击一个内核,其他全部瘫痪
| 特性 | 虚拟机 | 容器 |
|---|---|---|
| 隔离级别 | 操作系统级 | 进程级 |
| 系统资源 | Hypervisor | CGroups |
| 系统资源 | 5-15% | 0-5% |
| 启动时间 | 分钟级 | 秒级 |
| 镜像存储 | GB | MB |
| 群集规模 | 一般几十台 | 成百上千 |
| 封装程度 | 完整的操作系统 | 只打包醒目代码和依赖关系,共享宿主机内核 |
4.使用Docker的意义
- Docker解决了传统虚拟机环境孤岛的问题
- Docker把容器化技术做成了标准化平台
docker引擎统一了基础设施环境
docker引擎统一了程序打包方式
docker引擎统一了程序部署方式
5.namespace:名称空间
| mount | 文件系统,挂载点 |
|---|---|
| user | 操作进程的用户和用户组 |
| pid | 进程编号 |
| uts | 主机名和主机域 |
| ipc | 信号量、消息队列、共享内存 |
| net | 网络设备、网络协议栈、端口等 |
- 应用与应用的隔离
应用A与应用B隔离,在操作系统中式通过namaspace实现的,只有通过以上六个空间隔离,才能认为两个应用实现了完全隔离
6.CGroups:控制组
linux上的Docker引擎还依赖于另一种称为控制组的技术。控制允许Docker引擎将可用的硬件资源共享给容器,并有选择的实现限制和约束
二、Docker的核心概念与安装
1.镜像:image
Docker镜像是创建容器的基础,类似于虚拟机的快照,可以理解为是一个面向Docker引擎的只读模板
Docker提供了简单的机制来创建和更新现有的镜像,也可以从网上下载已经做好的应用镜像来直接使用
2.容器:container
Docker的容器是从镜像创建的运行实例,它可以被启动、停止和删除。所创建的每一个容器都是相互隔离、互不可见的,可以保证平台的安全性、还可以把容器看成是一个简易的Linux环境,Docker利用容器来运行和隔离应用
3.仓库:repository
Docker仓库是用来集中保存镜像的地方,当创建了自己的镜像之后,可以使用push命令将他上传到公共仓库或者私有仓库,当下次需要在另一台机器上使用这个镜像的时候这个镜像时候,只需要从仓库上pull下来即可
4.安装Docker
4.1 安装依赖包
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
软件包 yum-utils-1.1.31-54.el7_8.noarch 已安装并且是最新版本
软件包 device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 已安装并且是最新版本
软件包 7:lvm2-2.02.187-6.el7_9.5.x86_64 已安装并且是最新版本
无须任何处理
[root@localhost ~]#
4.2 设置阿里云镜像源
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
已加载插件:fastestmirror, langpacks
adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[root@localhost ~]#
4.3 安装docker社区版
[root@localhost ~]# yum -y install docker-ce
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
软件包 3:docker-ce-20.10.8-3.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@localhost ~]#
4.4 启动docker
[root@localhost ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@localhost ~]# systemctl start docker
[root@localhost ~]#
4.5 查看docker服务
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:49 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:54:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@localhost ~]#
4.6 镜像加速
[root@localhost ~]# sudo mkdir -p /etc/docker
[root@localhost ~]# sudo tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"]
> }
> EOF
[root@localhost ~]# sudo systemctl daemon-reload
[root@localhost ~]# sudo systemctl restart docker
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"]
}
镜像加速注册地址:https://help.aliyun.com/product/60716.html
三、Docker镜像操作
1.搜索镜像
[root@localhost ~]# docker search hello-world
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hello-world Hello World! (an example of minimal Dockeriz… 1519 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr… 150
tutum/hello-world Image to test docker deployments. Has Apache… 84 [OK]
dockercloud/hello-world Hello World! 19 [OK]
crccheck/hello-world Hello World web server in under 2.5 MB 15 [OK]
vad1mo/hello-world-rest A simple REST Service that echoes back all t… 5 [OK]
arm32v7/hello-world Hello World! (an example of minimal Dockeriz… 3
ppc64le/hello-world Hello World! (an example of minimal Dockeriz… 2
markmnei/hello-world-java-docker Hello-World-Java-docker 1 [OK]
ansibleplaybookbundle/hello-world-apb An APB which deploys a sample Hello World! a… 1 [OK]
thomaspoignant/hello-world-rest-json This project is a REST hello-world API to bu… 1
datawire/hello-world Hello World! Simple Hello World implementati… 1 [OK]
ansibleplaybookbundle/hello-world-db-apb An APB which deploys a sample Hello World! a… 1 [OK]
souravpatnaik/hello-world-go hello-world in Golang 1
strimzi/hello-world-streams 0
strimzi/hello-world-producer 0
strimzi/hello-world-consumer 0
burdz/hello-world-k8s To provide a simple webserver that can have … 0 [OK]
businessgeeks00/hello-world-nodejs 0
koudaiii/hello-world 0
nirmata/hello-world 0 [OK]
freddiedevops/hello-world-spring-boot 0
infrastructureascode/hello-world A tiny "Hello World" web server with a healt… 0 [OK]
dandando/hello-world-dotnet 0
garystafford/hello-world Simple hello-world Spring Boot service for t… 0 [OK]
[root@localhost ~]#
2.获取镜像
[root@localhost ~]# docker pull hello-world //默认下载最新的镜像
Using default tag: latest
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
3.查看镜像信息
[root@localhost ~]# docker images //查看所有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 6 months ago 13.3kB
[root@localhost ~]# docker inspect d1165f221234
[
{
"Id": "sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726",
"RepoTags": [
"hello-world:latest"
],
"RepoDigests": [
"hello-world@sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1"
],
"Parent": "",
"Comment": "",
"Created": "2021-03-05T23:25:25.230064203Z",
"Container": "f5a78ef54769bb8490754e9e063a89f90cc8eee6a6c5a0a72655826e99df116e",
"ContainerConfig": {
"Hostname": "f5a78ef54769",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"/hello\"]"
],
"Image": "sha256:77fe0a37fa6ce641a004815f2761a9042618557d253f312cd3da61780e372c8f",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "19.03.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/hello"
],
"Image": "sha256:77fe0a37fa6ce641a004815f2761a9042618557d253f312cd3da61780e372c8f",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 13336,
"VirtualSize": 13336,
"GraphDriver": {
"Data": {
"MergedDir": "/var/lib/docker/overlay2/53c816c452bcf1d941be373ed946d3fd81d146b609ed1aa52ed33acdf1fe68ad/merged",
"UpperDir": "/var/lib/docker/overlay2/53c816c452bcf1d941be373ed946d3fd81d146b609ed1aa52ed33acdf1fe68ad/diff",
"WorkDir": "/var/lib/docker/overlay2/53c816c452bcf1d941be373ed946d3fd81d146b609ed1aa52ed33acdf1fe68ad/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:f22b99068db93900abe17f7f5e09ec775c2826ecfe9db961fea68293744144bd"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
[root@localhost ~]#
4.为本地镜像添加新的标签
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 6 months ago 13.3kB
[root@localhost ~]# docker tag hello-world hello-world:new
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 6 months ago 13.3kB
hello-world new d1165f221234 6 months ago 13.3kB
5.删除镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 6 months ago 13.3kB
hello-world new d1165f221234 6 months ago 13.3kB
[root@localhost ~]# docker rmi hello-world:latest //如果该镜像被容器使用,则应该先删除容器,再删除镜像
Untagged: hello-world:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world new d1165f221234 6 months ago 13.3kB
[root@localhost ~]#
6.存出和载入镜像
[root@localhost ~]# docker save -o hello hello-world //存出镜像到文件hello
[root@localhost ~]# ls -l hello
-rw------- 1 root root 24576 9月 4 21:54 hello
[root@localhost ~]# docker rmi hello-world:new //删除镜像
Untagged: hello-world:new
Untagged: hello-world@sha256:7d91b69e04a9029b99f3585aaaccae2baa80bcf318f4a5d2165a9898cd2dc0a1
Deleted: sha256:d1165f2212346b2bab48cb01c1e39ee8ad1be46b87873d9ca7a4e434980a7726
Deleted: sha256:f22b99068db93900abe17f7f5e09ec775c2826ecfe9db961fea68293744144bd
[root@localhost ~]# docker images //已无镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# docker load < hello //载入镜像
f22b99068db9: Loading layer [==================================================>] 15.36kB/15.36kB
Loaded image: hello-world:new
[root@localhost ~]# docker images //已有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world new d1165f221234 6 months ago 13.3kB
7.上传镜像
下次再说
四、Docker容器操作
1.创建与启动容器
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world new d1165f221234 6 months ago 13.3kB
[root@localhost ~]# docker run centos:7 //本地无镜像会自动从仓库拉取,并创建和启动容器,并在命令结束后关闭容器
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world new d1165f221234 6 months ago 13.3kB
centos 7 8652b9f0cb4c 9 months ago 204MB
[root@localhost ~]# docker ps -a //查看所有容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd5ce885913d centos:7 "/bin/bash" 42 seconds ago Exited (0) 41 seconds ago laughing_feynman
[root@localhost ~]# docker create -it hello-world:new /bin/bash //创建容器
dd5043fb886fb95349853ff6a5b29abb652d787c442eee34e0c7ff75fcf1a500
[root@localhost ~]# docker ps //查看所有运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dd5043fb886f hello-world:new "/bin/bash" 6 seconds ago Created hopeful_proskuriakova
fd5ce885913d centos:7 "/bin/bash" 3 minutes ago Exited (0) 3 minutes ago laughing_feynman
- -i :让容器的标准输入保持打开
- -t:分配一个伪终端
- -d:后台守护进程的方式运行
2.启动容器
[root@localhost ~]# docker start 52fb0af2d2f1
52fb0af2d2f1
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52fb0af2d2f1 centos:7 "/bin/bash" 53 seconds ago Up 3 seconds flamboyant_allen
[root@localhost ~]#
3.进入容器
[root@localhost ~]# docker run -it centos:7 /bin/sh //启动并进入容器
sh-4.2# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
sh-4.2# exit //退出容器,退出就是关闭状态
exit
[root@localhost ~]# docker run centos:7 /bin/sh -c ls / //启动并执行一条shell命令
anaconda-post.log
bin
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
[root@localhost ~]#
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52fb0af2d2f1 centos:7 "/bin/bash" 53 seconds ago Up 3 seconds flamboyant_allen
[root@localhost ~]# docker exec -it 52fb0af2d2f1 /bin/bash //进入容器,退出后并不会关闭容器
[root@52fb0af2d2f1 /]# ls
anaconda-post.log bin dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
[root@52fb0af2d2f1 /]#
4.关闭容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52fb0af2d2f1 centos:7 "/bin/bash" 6 minutes ago Up 5 minutes flamboyant_allen
[root@localhost ~]# docker stop 52fb0af2d2f1
52fb0af2d2f1
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52fb0af2d2f1 centos:7 "/bin/bash" 7 minutes ago Exited (137) 2 seconds ago flamboyant_allen
[root@localhost ~]#
5.删除容器
[root@localhost ~]# docker ps -a //每次执行run都会创建一个容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9b8e6b3250f5 centos:7 "/bin/sh -c ls /" 2 minutes ago Exited (0) 2 minutes ago youthful_goodall
ef73d513dbd8 centos:7 "/bin/sh - ls /" 3 minutes ago Exited (126) 3 minutes ago mystifying_spence
10ea3fffb083 centos:7 "-C ls /" 4 minutes ago Created frosty_curie
cee6fe0efbed centos:7 "-c ls /" 5 minutes ago Created tender_wright
5470e08b0029 centos:7 "/bin/sh" 5 minutes ago Exited (0) 5 minutes ago affectionate_hopper
5d261a8819be centos:7 "-c ls /" 6 minutes ago Created boring_jemison
a7ee940fd1cb centos:7 "-c ls /" 9 minutes ago Created frosty_napier
dd5043fb886f hello-world:new "/bin/bash" 14 minutes ago Created hopeful_proskuriakova
fd5ce885913d centos:7 "/bin/bash" 17 minutes ago Exited (0) 10 minutes ago laughing_feynman
[root@localhost ~]# docker rm `docker ps -aq` //删除所有未启动的容器,慎用
9b8e6b3250f5
ef73d513dbd8
10ea3fffb083
cee6fe0efbed
5470e08b0029
5d261a8819be
a7ee940fd1cb
dd5043fb886f
fd5ce885913d
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@localhost ~]#
6.导出与导入容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
52fb0af2d2f1 centos:7 "/bin/bash" 8 minutes ago Exited (137) 56 seconds ago flamboyant_allen
[root@localhost ~]# docker export 52fb0af2d2f1 > centos7.tar //导出容器
[root@localhost ~]# ls -l centos7.tar
-rw-r--r-- 1 root root 211688960 9月 4 22:42 centos7.tar
[root@localhost ~]# cat centos7.tar | docker import - centes7:test //导入容器(生成镜像)
sha256:056d86e02ecb7c2f56601db6cca1dabf6734e65cb2be437506e324c7852d6dac
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centes7 test 056d86e02ecb 10 seconds ago 204MB
hello-world new d1165f221234 6 months ago 13.3kB
centos 7 8652b9f0cb4c 9 months ago 204MB
五、Docker资源控制
1.限制CPU使用速率
[root@localhost ~]# docker run -it --cpu-quota 20000 centos:7 /bin/bash //限制使用率为20%
[root@6e3b35986a4f /]# cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us
20000
[root@6e3b35986a4f /]#
2.对内存使用限制
[root@localhost ~]# docker run -it -m 2000m centos:7 /bin/bash
[root@b88af37318b8 /]# cat /sys/fs/cgroup/memory/memory.limit_in_bytes
2097152000
[root@b88af37318b8 /]#