1.镜像分层技术
2.创建镜像
3.下载镜像到主机
4.删除镜像
5.上传镜像到registry
docker镜像:
早在集装箱没有出现的时候,码头上还有许多搬运的工人在搬运货物,在集装箱出现以后,码头上看到更多的不是工人,而且集装箱的搬运模式更加单一,更加高效,还有其他的好处,比如:货物多打包在集装箱里面,可以防止货物之前相互影响。并且到了另外一个码头需要转运的话,有了在集装箱以后,直接把它运送到另一个容器内即可,完全可以保证里面的货物是整体的搬迁,并且不会损坏货物本身。那么docker 镜像在IT行业中也扮演着非常重要的形象。
什么是docker 镜像
就是把业务代码,可运行环境进行整体的打包
如何创建docker镜像:
现在docker官方公有仓库里面有大量的镜像,所以最基础的镜像,我们可以在公有仓库直接拉取,因为这些镜像都是原厂维护,可以得到及时的更新和修护。
Dockerfile:
我们如果想去定制这些镜像,我们可以去编写Dockerfile,然后重新bulid,最后把它打包成一个镜像,这种方式是最为推荐的方式包括我们以后去企业当中去实践应用的时候也是推荐这种方式。
Commit :
当然还有另外一种方式,就是通过镜像启动一个容器,然后进行操作,最终通过commit这个命令commit一个镜像,但是不推荐这种方式,虽然说通过commit这个命令像是操作虚拟机的模式,但是容器毕竟是容器,它不是虚拟机,所以大家还是要去适应用Dockerfile去定制这些镜像这种习惯。
镜像的概念主要就是把把运行环境和业务代码进行镜像的打包,我们这个课重点是了解镜像的分层技术,我们先来看一个Ubuntu系统的镜像。
我们看见镜像可以分层很多个layer,并且他们都有大小和ID,我们可以看到这里有4个layer ID号,最终这个镜像是由他们layer组合而成,并且这个镜像它是只读的,它不能往里面写数据,如果想写数据怎么办呢?我们会在镜像上启一层contain layer,其实就是相当于把镜像启动成一个容器,那么在容器这一层,我们是可写的。
比如我们想在Ubuntu这个系统上加一层,只能在上面继续叠加,这些工作其实都是由cow,写字库下的机制来实现的。
子镜像
下载的时候只会下载子镜像最上面的一层,因为其它层已经有了,那么它可以起到一个节约空间的作用。
父镜像
最为典型的就是镜像的分层技术——aufs
Aufs是Another Union File System的缩写,支持将多个目录挂载到同一个虚拟目录下。
已构建的镜像会设置成只读模式,read-write写操作是在read-only上的一种增量操作,固不影响read-only层。
这个研究有一个好处,比如我们现在可以看到手机里面的APP,在命令里面都会用APP字段下回来,在下回来之前它就是一个静态的,我们没有往里面写东西,但是我们启动起来以后,我们就可以往里面写东西,进行各种各样的操作。但是如果我们把它关掉了以后,或者删除了以后,它的这个镜像是存在远端的,所以在这个镜像里面是不会去修改的。并且这样也会有一个非常好的地方,这个场景非常适合我们去实现测试环境,因为我们的测试环境经常会有一个操作就是灌数据,我们可以提前把这个镜像数据打包到测试里面,那么这个镜像软件里面包含了,最上面是nginx,比如它里面会有一些数据,我们可以在往上面打一层数据,打完之后把它起成一个容器就可以去测试,测试完之后这个容器里面会生成各种各样的数据,也就是脏数据,这样的话,我们就可以把这个容器删掉,删掉以后我们镜像里面的容器是不会受影响的。如果说它想再创建一套,我们可以把这个镜像再启一个容器,就可以是一个一模一样的,并且是一个干净的环境。
上述转载于:http://www.maiziedu.com/wiki/cloud/dockerupload/
Docker Registry分类
Registry用于保存docker镜像,包括镜像的层次结构和元数据
用户有可自建Registry,也可使用官方的Docker Hub
分类
Sponsor Registry: 第三方的registry,供客户和Docker社区使用
Mirror Registry: 第三方的registry,只让客户使用
Vendor Registry: 由发布Docker镜像的供应商提供的registry
Private Registry: 通过设有防火墙和额外的安全层的私有实体提供的registry
Registry(repository and index)
Docker Regist
Docker Hub
下载镜像
此次下载镜像站点:https://quay.io
下载镜像:flannel
查看镜像
镜像相关的操作
基于容器制作镜像
[root@node1 ~]# docker run --name b1 -it busybox
/ # ls /
bin dev etc home proc root sys tmp usr var
/ # mkdir -p /data/html
/ # vi /data/html/index.html
/ # cat /data/html/index.html
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 3 weeks ago 1.15MB
[root@node1 ~]# docker commit -h //制作镜像
-a, --author string Author (e.g., "John Hannibal Smith
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[root@node1 ~]# docker commit -p b1 //制作完成
sha256:8845554479c155727900149ea8e988423421a83292f919fbed71d1d05c9627ae
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@node1 ~]# docker tag --help //打标签
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
[root@node1 ~]# docker tag 8845554479c1 zisefeizhu/httpd:v0.1-1
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.1-1 8845554479c1 About a minute ago 1.15MB
[root@node1 ~]# docker tag zisefeizhu/httpd:v0.1-1 zhujingxing/httpd:latest //还可以根据已有标签再做,相当于硬链接
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zhujingxing/httpd latest 8845554479c1 2 minutes ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 2 minutes ago 1.15MB
[root@node1 ~]# docker image rm zhujingxing/httpd:latest //删除镜像
Untagged: zhujingxing/httpd:latest
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.1-1 8845554479c1 4 minutes ago 1.15MB
[root@node1 ~]# docker tag zisefeizhu/httpd:v0.1-1 zhujingxing/httpd:latest
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zhujingxing/httpd latest 8845554479c1 4 minutes ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 4 minutes ago 1.15MB
[root@node1 ~]# docker inspect busybox
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"sh\"]"
],
//启动镜像默认运行的命令
[root@node1 ~]# docker inspect nginx:1.14-alpine
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
[root@node1 ~]# docker inspect zisefeizhu/httpd:v0.1-1
"Cmd": [
"sh"
],
[root@node1 ~]# docker run --name t1 -it zisefeizhu/httpd:v0.1-1
/ # ls /
bin data dev etc home proc root sys tmp usr var
/ # cat /data/html/index.html
//修改原有默认运行的命令
[root@node1 ~]# docker commit -h
Flag shorthand -h has been deprecated, please use --help
Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
Create a new image from a container's changes
Options:
-a, --author string Author (e.g., "John Hannibal Smith
-c, --change list Apply Dockerfile instruction to the created image
-m, --message string Commit message
-p, --pause Pause container during commit (default true)
[root@node1 ~]# docker commit -a "zisefeizhu
sha256:7a7ec147af347119f298e7fee394a2fb4550f2f464bf54e572cecb27afab7989
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 4 seconds ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[root@node1 ~]# docker run --name t2 zisefeizhu/httpd:v0.2
[root@node1 ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
99383dc328f6 zisefeizhu/httpd:v0.2 "/bin/httpd -f -h /d…" 10 seconds ago Up 9 seconds t2
585a259d5bae busybox "sh" 5 hours ago Up 7 minutes b1
[root@node1 ~]# docker inspect t2
"Cmd": [
"/bin/httpd",
"-f",
"-h",
"/data/html"
],
"IPAddress": "172.17.0.3",
[root@node1 ~]# curl 172.17.0.3
共享镜像
推到Docker Hub 上
[root@node1 ~]# docker login -u zisefeizhu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node1 ~]# docker push zisefeizhu/httpd
The push refers to repository [docker.io/zisefeizhu/httpd]
推到阿里云上
阿里云:https://cr.console.aliyun.com/cn-qingdao/mirrors
镜像加速: 阿里云镜像加速有详细使用方法
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{ "registry-mirrors": ["https://llpuz83z.mirror.aliyuncs.com"] }
EOF
systemctl daemon-reload
systemctl restart docker
操作指南里有详解
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 28 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[root@node1 ~]# docker tag zisefeizhu/httpd:v0.2 registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd:v0.2
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 29 minutes ago 1.15MB
registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd v0.2 7a7ec147af34 29 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 5 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 5 hours ago 1.15MB
[root@node1 ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
[root@node1 ~]# docker login --username=zisefeizhu registry.cn-qingdao.aliyuncs.com
Password: //此出的密码是您单独设置的密码
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node1 ~]# docker push registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd:v0.2
The push refers to repository [registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd]
21dd534cb929: Pushed
8a788232037e: Pushed
v0.2: digest: sha256:5e21ef98f8c05f2481b5aea1ff7d7569bc512520c05a1051d9af4f1bc8c80d9e size: 734
镜像的导入和导出
[root@node1 ~]# docker save --help //save 保存打包文件,镜像导入
Usage: docker save [OPTIONS] IMAGE [IMAGE...]
Save one or more images to a tar archive (streamed to STDOUT by default)
Options:
-o, --output string Write to a file, instead of STDOUT
[root@node1 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 36 minutes ago 1.15MB
registry.cn-qingdao.aliyuncs.com/zisefeizhu/httpd v0.2 7a7ec147af34 36 minutes ago 1.15MB
zhujingxing/httpd latest 8845554479c1 6 hours ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 6 hours ago 1.15MB
[root@node1 ~]# docker save -o myimages.gz zisefeizhu/httpd:v0.1-1 zisefeizhu/httpd:v0.2
[root@node1 ~]# ls
64F}O]`Y)AND)}NTYBWIH8B.png bootime.avg myimages.gz
anaconda-ks.cfg bootime.svg ystemd-analyze plot >bootime.avg
[root@node1 ~]# scp myimages.gz 10.0.0.220:/root/
The authenticity of host '10.0.0.220 (10.0.0.220)' can't be established.
ECDSA key fingerprint is SHA256:2RnaJ3JTvB2b5DS4AeWaSlE8Sbh5VJleZFovpaCM6s0.
ECDSA key fingerprint is MD5:93:71:83:c1:20:46:d2:36:bb:67:2f:c7:dc:77:9d:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.220' (ECDSA) to the list of known hosts.
[email protected]'s password:
myimages.gz 100% 1367KB 10.8MB/s 00:00
[root@node1 ~]# cd /etc/yum.repos.d/
[root@node1 yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo docker-ce.repo.cp
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo docker-ce.repo epel.repo
[root@node1 yum.repos.d]# scp docker-ce.repo 10.0.0.220:/etc/yum.repos.d/
[email protected]'s password:
docker-ce.repo 100% 2880 25.0KB/s 00:00
[root@node1 yum.repos.d]# scp /etc/docker/daemon.json 10.0.0.220:/etc/docker/
[email protected]'s password:
daemon.json 100% 100 43.1KB/s 00:00
[root@node2 ~]# yum install docker-ce
[root@node2 ~]# systemctl start docker.service
[root@node2 ~]# docker info
Registry Mirrors: //两个加速器了
https://llpuz83z.mirror.aliyuncs.com/
https://registry.docker-cn.com/
[root@node2 ~]# docker load --help //镜像导出
[root@node2 ~]# docker load -i myimages.gz
8a788232037e: Loading layer 1.37MB/1.37MB
21dd534cb929: Loading layer 5.12kB/5.12kB
Loaded image: zisefeizhu/httpd:v0.2
37fad082c85f: Loading layer 5.12kB/5.12kB
Loaded image: zisefeizhu/httpd:v0.1-1
[root@node2 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
zisefeizhu/httpd v0.2 7a7ec147af34 About an hour ago 1.15MB
zisefeizhu/httpd v0.1-1 8845554479c1 6 hours ago 1.15MB
docker镜像的导入导出,加载保存