docker安装:
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
docker image ls 查看镜像
hello-world的镜像
docker pull hello-world
docker run hello-world
输出hello,world
制作一个hello,world的image
vim hello.c
#include
int main()
{
printf("hello,jesse"\n);
}
gcc -static hello.c -o hello
vim Dockerfile
FROM scratch
ADD hello /
CMD ["/hello"]
开始构建:
docker build -t jesse/hello-word
通过docker image ls 查看是否构建成功
运行:
docker run jesse/hello-word
什么是Container
1,通过Image 创建
2,在Image layer 建立一个container layer (可以读写)
3,类比面向对象:类和实例
4,Image负载app的存储和分发,Container负责运行app
命令:
docker container ls 查看正在运行的container容器
docker ls -a 查看所有的运行和没有运行的容器
docker run -it centos 直接进入容器,退出容器就退出了
docker container rm [容器ID或者容器名] 删除容器
docker rmi [idID或者镜像] 删除image
docker 命名空间 namespace
linux和容器的namespace网络的隔离
docker run -d --name test2 busybox /bin/sh -c "while true; do sleep 3600; done"
docker run -d --name test1 busybox /bin/sh -c "while true; do sleep 3600; done"
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c49f056b4a2d busybox "/bin/sh -c 'while t…" 2 seconds ago Up 2 seconds test1
e77c81b22847 busybox "/bin/sh -c 'while t…" 2 minutes ago Up 2 minutes test2
docker network ls
[root@docker-node1 vagrant]# docker network ls
NETWORK ID NAME DRIVER SCOPE
bc09f52c660b bridge bridge local
022dc4f6024c host host local
ece3e2f6126f none null local
查看 bc09f52c660b bridge的网络详情
docker network inspect bc09f52c660b
我们会发现:
"Containers": {
"c49f056b4a2d4d01e7ad0c5f4661ffc0a4982ad23f2c1563c25bfcc6b38602d8": {
"Name": "test1",
"EndpointID": "aa94a60ba56e2967d547f530580ed72ed560dae663db015fd4b02e448ff5d397",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
说明:"IPv4Address": "172.17.0.3/16" 链接到了bridge 上面了
vath是链接到docker0上面的,下面开始验证:
使用brctl工具
yum install bridge-utils
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02428143bc79 no veth0b277e8
veth0b277e8这是docker0的接口,看看上面的ip a 的第十条数据
10: veth0b277e8 是不是docker0的接口呢?
现在,我们在创立一个容器:
docker run -d --name test2 busybox /bin/sh -c "while true; do sleep 3000;done"
docker network inspect bridge
"Containers": {
"c3ea5d284e9ac34843dda43b9d24b0570dec9dceb8e65fc18c4fc2473200ca8f": {
"Name": "test2",
"EndpointID": "13c202260334af4fd6e765e8f5156308646252a6fcaecbfb4ac3252b7ad111b4",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"c49f056b4a2d4d01e7ad0c5f4661ffc0a4982ad23f2c1563c25bfcc6b38602d8": {
"Name": "test1",
"EndpointID": "aa94a60ba56e2967d547f530580ed72ed560dae663db015fd4b02e448ff5d397",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
发现containers又多了一个链接
ip a查看
10: veth0b277e8@if9:
link/ether 3a:20:a7:29:46:d8 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::3820:a7ff:fe29:46d8/64 scope link
valid_lft forever preferred_lft forever
14: veth91f5757@if13:
link/ether d6:fe:1a:49:5d:7b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::d4fe:1aff:fe49:5d7b/64 scope link
valid_lft forever preferred_lft forever
veth这个线链接上了
[root@docker-node1 vagrant]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02428143bc79 no veth0b277e8
veth91f5757
我们发现docker0有两个接口了
容器是如何访问外网的?
内部的容器链接上docker0,docker通过NAT和外部相链接
===============Docker link机制=============
创建第二个容器的时候可以link到第一个容器上
docker run -d --name test1 busybox /bin/sh -c "while true; do sleep 3000; done"
docker run -d --name test2 --link test1 busybox /bin/sh -c "while true; do sleep 3000;
test1:172.17.0.3
docker exec -it test2 /bin/sh
ping 172.17.0.3 yes
ping test1 yes
通过--link的方式相当于给test2添加了一个DNS解析记录
link只能是单向的链接2->1,2可以链接1,但是1不能链接2,可以ping
=======新建立一个bridge,让容器可以链接========
创建一个bridge
docker network create -d bridge my-bridge
查看是否生效:
[root@docker-node1 vagrant]# docker network ls
NETWORK ID NAME DRIVER SCOPE
568ffe71f516 bridge bridge local
022dc4f6024c host host local
d38c463485d0 my-bridge bridge local
ece3e2f6126f none null local
[root@docker-node1 vagrant]# brctl show
bridge name bridge id STP enabled interfaces
br-d38c463485d0 8000.0242c1e917f6 no
docker0 8000.02428143bc79 no veth0a65b32
vethe487c80
br-d38c463485d0就是新创建的
创建一个容器,链接到指定的刚刚创建的my-bridge
docker run -d --name test3 --network my-bridge busybox /bin/sh -c "while true; do sleep 3000; done"
查看bridge的链接情况:
发现br-d38c463485d0有新的链接
[root@docker-node1 vagrant]# brctl show
bridge name bridge id STP enabled interfaces
br-d38c463485d0 8000.0242c1e917f6 no veth3bd9f01
docker0 8000.02428143bc79 no veth0a65b32
vethe487c80
568ffe71f516 bridge bridge local
022dc4f6024c host host local
d38c463485d0 my-bridge bridge local
ece3e2f6126f none null local
docker network inspect d38c463485d0
[
{
"Name": "my-bridge",
"Id": "d38c463485d09b3b88ac4f7d27e2f0358f3e1b958d63ab7b59e06589ee824fd1",
"Created": "2018-08-14T18:26:32.540856161+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"f77a7bc3f18386607bf50ca806a86d9123dfb257338f721be563245fd40a0edc": {
"Name": "test3",
"EndpointID": "b765427a577931e7a64b230a953e2a8295aeb71f6f245dbc4df1e19b4800d5ed",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
以上说明test3 链接上了my-bridge ip:172.18.0.2/16
将原来正在运行的容器网络更改一下。
例如之前链接的是docker0,现在改到my-bridge上
docker network connect my-bridge test2
这个时候再看:
意义:不能随着容器得删除而把数据删除
创建一个mysql
docker run -d --name mysql -e MYSQL_ALLOW_EMPTY_PASSWORD=true mysql
查看volume
[root@docker-node1 vagrant]# docker volume ls
DRIVER VOLUME NAME
local f60b9180661fe1335c4837b9ca0cb44e7555dcc8888849797e0345c7aa61a802
[root@docker-node1 vagrant]# docker volume inspect f60b9180661fe1335c4837b9ca0cb44e7555dcc8888849797e0345c7aa61a802
[
{
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/f60b9180661fe1335c4837b9ca0cb44e7555dcc8888849797e0345c7aa61a802/_data",
"Name": "f60b9180661fe1335c4837b9ca0cb44e7555dcc8888849797e0345c7aa61a802",
"Options": {},
"Scope": "local"
}
]
实验发现,删除docker的容器之后,volume并没有删除
docker volume ls
还是存在的
docker volume 默认不友好
删除docker volume
docker volume rm [volume id]
docker volume ls 这是为空
创建一个指定位置的docker 存储
docker run -d -v mysql:/var/lib/mysql --name mysql1 -e MYSQL_ALLOW_EMPTY_PASSWORD=true mysql
[root@docker-node1 vagrant]# docker volume ls
DRIVER VOLUME NAME
local mysql
[root@docker-node1 vagrant]# docker volume inspect mysql
[
{
"Driver": "local",
"Labels": null,
"Mountpoint": "/var/lib/docker/volumes/mysql/_data",
"Name": "mysql",
"Options": {},
"Scope": "local"
}
]
进入容器:
[root@docker-node1 vagrant]# docker exec -it mysql1 /bin/bash
root@23e96f17ca27:/# musql -uroot
创建一个数据库
create database docker;
create database jesse;
退出容器,删除容器
[root@docker-node1 vagrant]# docker volume ls
DRIVER VOLUME NAME
local mysql
再次创建一个容器,并且进入
docker run -d -v mysql:/var/lib/mysql --name mysql3 -e MYSQL_ALLOW_EMPTY_PASSWORD=true mysql
docker run -d -v mysql:/var/lib/mysql --name mysql3 -e MYSQL_ALLOW_EMPTY_PASSWORD=true mysql
进入容器之后,show databases;
还会发现刚刚创建的两个docker容器。
docker 数据虚拟化二:docker bind Mouting
文件夹目录下:
Dockerfile
index.html
目的:可以替换docker内部的docker
需要的docker images :nginx
dockerfile源码:
[root@docker-node1 docker-nginx]# cat Dockerfile
# this same shows how we can extend/change an existing official image from Docker Hub
FROM nginx:latest
# highly recommend you always pin versions for anything beyond dev/learn
WORKDIR /usr/share/nginx/html
# change working directory to root of nginx webhost
# using WORKDIR is prefered to using 'RUN cd /some/path'
COPY index.html index.html
# I don't have to specify EXPOSE or CMD because they're in my FROM
同级目录下新建一个index.html
内容:hello,word
dockerfile开始构建;
docker build -t jesse/nginx .
查看docker images是否生成
第一次开始构建:
docker run -d -p 80:80 --name web jesse/nginx
curl 127.0.0.1 测试是否打开成功
删除容器
第二次开始构建
docker run -d -v $(pwd):/usr/share/nginx/html -p 80:80 --name web jesse/nginx
curl 127.0.0.1 测试是否打开成功
思考:
1.通过宿主机可以共享docker内部的文件,实现docker内部的文件实现和宿主机文件共享
2.宿主机由于是通过vagrant创建的,也可以宿主机和本地的开发环境相关联
https://blog.csdn.net/weixin_36171533/article/details/81780558 原文链接地址