企业实战-Docker(一)docker的安装及镜像等
Docker
- 1.安装 开启 配置
-
- game2048
- mario
- 2.镜像
-
- 镜像的分层结构
- 镜像的构建
- 3.镜像封装
- 4.镜像优化
-
- 使用多阶段构建镜像
- 选择最精简的基础镜像
- 5.docker常用命令
1.安装 开启 配置
配置仓库并安装docker
[root@server1 yum.repos.d]# vim docker.repo
[docker]
name=docker
baseurl=ftp://172.25.14.250/pub/docs/docker/docker-ce/
gpgcheck=0
[root@server1 yum.repos.d]# yum install -y docker-ce
[root@server1 yum.repos.d]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
查看docker信息
[root@server1 yum.repos.d]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 991.1MiB
Name: server1
ID: B57J:K232:RRPR:6NT7:274L:DOXP:RQVM:ZEJE:B6TA:A37J:YHYX:OSWR
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
如果docker info后出现如下报错
那么编写docker.conf并重启
[root@server1 ~]# sysctl -a| grep bridge-nf-call-iptables
[root@server1 ~]# cd /etc/sysctl.d
[root@server1 ~]#vim docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@server1 ~]# sysctl --system
再次docker info后无报错
game2048
[root@server1 ~]# ls
game2048.tar
[root@server1 ~]# docker load -i game2048.tar #加载镜像
011b303988d2: Loading layer [==================================================>] 5.05MB/5.05MB
36e9226e74f8: Loading layer [==================================================>] 51.46MB/51.46MB
192e9fad2abc: Loading layer [==================================================>] 3.584kB/3.584kB
6d7504772167: Loading layer [==================================================>] 4.608kB/4.608kB
88fca8ae768a: Loading layer [==================================================>] 629.8kB/629.8kB
Loaded image: game2048:latest
[root@server1 ~]# docker images #查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 4 years ago 55.5MB
[root@server1 ~]# docker run -d --name demo -p 80:80 game2048 #运行一个名为demo的容器,容器80端口映射真机80端口
1729eabdfdaa9ba01b0949cdf8e6e136a3f2ad57f365cb2ada412bfedd0f6044
mario
[root@server1 ~]# docker rm -f demo
demo
[root@server1 ~]# lftp 172.25.14.250
lftp 172.25.14.250:~> cd pub/images/
lftp 172.25.14.250:/pub/images> get mario.tar
207414272 bytes transferred
lftp 172.25.14.250:/pub/images> exit
[root@server1 ~]# docker load -i mario.tar
4aeeaca5ce76: Loading layer [==================================================>] 197.2MB/197.2MB
708fd576a927: Loading layer [==================================================>] 208.9kB/208.9kB
90222f49bc4c: Loading layer [==================================================>] 4.608kB/4.608kB
5f70bf18a086: Loading layer [==================================================>] 1.024kB/1.024kB
dbe97b1b7330: Loading layer [==================================================>] 1.536kB/1.536kB
44e5704d49fb: Loading layer [==================================================>] 9.912MB/9.912MB
Loaded image: mario:latest
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 4 years ago 55.5MB
mario latest 9a35a9e43e8c 5 years ago 198MB
[root@server1 ~]# docker run -d --name demo -p 80:8080 mario
129e19133d07a9e74cbaf7c1dcb48e8ded45c52d4b14e293eb9a214f5ff94977
2.镜像
镜像的分层结构
容器层以下所有镜像层都是只读的
docker从上往下依次查找文件
容器层保存镜像变化的部分,并不会对镜像本身进行任何修改
一个镜像最多127层
镜像的构建
构建镜像
docker commit 构建新镜像三部曲
运行容器
修改容器
将容器保存为新的镜像
缺点:
效率低、可重复性弱、容易出错
使用者无法对镜像进行审计,存在安全隐患
[root@server1 docker]# ls
busybox.tar.gz
[root@server1 docker]# docker load -i busybox.tar.gz
8a788232037e: Loading layer [==================================================>] 1.37MB/1.37MB
Loaded image: busybox:latest
[root@server1 docker]# docker ps #查看运行中的docker
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server1 docker]# docker ps -a #查看所有的docker
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@server1 docker]# docker run -it --name demo busybox
/ # ls
bin dev etc home proc root sys tmp usr var
/ # touch file1
/ # touch file2
/ # touch file3
/ # #ctrl+d退出/ctrl+p+q打入后台
[root@server1 docker]#
docker退出后想要再次使用需要先开启
[root@server1 docker]# docker start demo #开启
demo
[root@server1 docker]# docker container attach demo #继续编辑demo
/ # ls
bin dev etc file1 file2 file3 home proc root sys tmp usr var
/ #
[root@server1 docker]# docker commit demo demo:v1 #创建v1镜像
sha256:e88bb21509054358ea9506698a2cf698cfae2333b4322d20d350a2725f0090b9
[root@server1 docker]# docker images #查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
demo v1 e88bb2150905 5 seconds ago 1.15MB
busybox latest 59788edf1f3e 2 years ago 1.15MB
[root@server1 docker]# docker history demo:v1 #查看镜像v1的分层结构
IMAGE CREATED CREATED BY SIZE COMMENT
e88bb2150905 20 seconds ago sh 42B
59788edf1f3e 2 years ago /bin/sh -c #(nop) CMD ["sh"] 0B
2 years ago /bin/sh -c #(nop) ADD file:63eebd629a5f7558c… 1.15MB
[root@server1 docker]# docker history busybox:latest
IMAGE CREATED CREATED BY SIZE COMMENT
59788edf1f3e 2 years ago /bin/sh -c #(nop) CMD ["sh"] 0B
2 years ago /bin/sh -c #(nop) ADD file:63eebd629a5f7558c… 1.15MB
删除镜像v1
[root@server1 docker]# docker rmi demo:v1
Untagged: demo:v1
Deleted: sha256:e88bb21509054358ea9506698a2cf698cfae2333b4322d20d350a2725f0090b9
Deleted: sha256:beaf7dac081d8848268da7bb45dad9d765ac7bc25a03d7195c7d39e9c7dd1760
注意:这样创建后查看镜像v1的分层结构时只能看到sh,并不能得知用户进行了什么操作,故选择接下来的方法。
[root@server1 ~]# mkdir docker
[root@server1 ~]# cd docker/
[root@server1 docker]# ls
[root@server1 docker]# vim Dockerfile
[root@server1 docker]# cat Dockerfile
FROM busybox
RUN echo westos > testfile
[root@server1 docker]# docker build -t demo:v2 .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM busybox
---> 59788edf1f3e
Step 2/2 : RUN echo westos > testfile
---> Running in 931e78c3a51d
Removing intermediate container 931e78c3a51d
---> f1ccdcdb832c
Successfully built f1ccdcdb832c
Successfully tagged demo:v2
此时查看镜像的层级结构,可以查看到用户相应的操作
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
demo v2 f1ccdcdb832c 50 seconds ago 1.15MB
busybox latest 59788edf1f3e 2 years ago 1.15MB
[root@server1 docker]# docker history demo:v2
IMAGE CREATED CREATED BY SIZE COMMENT
f1ccdcdb832c About a minute ago /bin/sh -c echo westos > testfile 7B
59788edf1f3e 2 years ago /bin/sh -c #(nop) CMD ["sh"] 0B
2 years ago /bin/sh -c #(nop) ADD file:63eebd629a5f7558c… 1.15MB
再次修改文件内容,创建v3镜像
[root@server1 docker]# vim Dockerfile
[root@server1 docker]# cat Dockerfile
FROM busybox
RUN echo westos > testfile
RUN echo hello > world
[root@server1 docker]#
[root@server1 docker]# docker build -t demo:v3 .
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM busybox
---> 59788edf1f3e
Step 2/3 : RUN echo westos > testfile
---> Using cache #使用之前的缓存
---> f1ccdcdb832c
Step 3/3 : RUN echo hello > world
---> Running in a8f72b8df999
Removing intermediate container a8f72b8df999
---> 27f74c681810
Successfully built 27f74c681810
Successfully tagged demo:v3
此时删除镜像v2后,并不影响镜像v3,查看后仍存在
3.镜像封装
[root@server1 docker]# vim Dockerfile
FROM rhel7
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.20.1.tar.gz /mnt
RUN rpmdb --rebuilddb
RUN yum install -y gcc make pcre-devel zlib-devel
WORKDIR /mnt/nginx-1.20.1
RUN ./configure &> /dev/null
RUN make &> /dev/null
RUN make install &> /dev/null
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[root@server1 docker]# ls
Dockerfile dvd.repo nginx-1.20.1.tar.gz rhel7.tar.gz
[root@server1 docker]# docker load -i rhel7.tar.gz
[root@server1 docker]# docker build -t rhel7:v1 .
[root@server1 docker]# docker run -d --name demo rhel7:v1
[root@server1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b65e902d579e rhel7:v1 "/usr/local/nginx/sb…" 19 minutes ago Up 19 minutes 80/tcp demo
查看容器ip
[root@server1 docker]# docker inspect demo
测试curl 172.17.0.2发现403
原因是目录里无文件,进去编写后再次访问
[root@server1 docker]# cd /var/lib/docker/volumes/101fcd6fc8c03d1542540d3ecbbdacad5b48484844a4021967322e4e175de0d8/_data
[root@server1 _data]# ls
[root@server1 _data]# echo hello > index.html
[root@server1 docker]# curl 172.17.0.2 #访问成功
hello
4.镜像优化
减少镜像层数,清理镜像构建的中间产物
使用多阶段构建镜像
[root@server1 docker]# vim Dockerfile
FROM rhel7 as build
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.20.1.tar.gz /mnt
WORKDIR /mnt/nginx-1.20.1
RUN rpmdb --rebuilddb && yum install -y gcc make pcre-devel zlib-devel && sed -i 's/CFLAGS="$/CFLAGS -g"/#CFLAGS="$/CFLAGS -g"/g' auto/cc/gcc && ./configure &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.20.1 /var/cache/*
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[root@server1 docker]# docker build -t rhel7:v2 .
[root@server1 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 ef24f850f00f 35 seconds ago 144MB
rhel7 v1 500c2c1c9291 About an hour ago 303MB
rhel7 latest 0a3eb3fde7fd 7 years ago 140MB
选择最精简的基础镜像
[root@server1 ~]# docker load -i base-debian10.tar
de1602ca36c9: Loading layer [==================================================>] 3.041MB/3.041MB
1d3b68b6972f: Loading layer [==================================================>] 17.77MB/17.77MB
Loaded image: gcr.io/distroless/base-debian10:latest
[root@server1 new]# pwd
/root/new
[root@server1 new]# vim dockerfile
FROM nginx:latest as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG TIME_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@server1 new]# docker build -t rhel7:v3 .
[root@server1 new]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 653b40ebf24d About a minute ago 31.9MB
rhel7 v2 ef24f850f00f 6 minutes ago 144MB
rhel7 v1 500c2c1c9291 About an hour ago 303MB
rhel7 latest 0a3eb3fde7fd 7 years ago 140MB
[root@server1 new]# docker run -d --name demo1 rhel7:v3
9a81e82efd030ad745d6abf2f8e6e5d1014119156f287dc850d1e8cd5f993a88
[root@server1 new]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a81e82efd03 rhel7:v3 "nginx -g 'daemon of…" 11 seconds ago Up 10 seconds 80/tcp, 443/tcp demo1
b65e902d579e rhel7:v1 "/usr/local/nginx/sb…" About an hour ago Up About an hour 80/tcp demo
[root@server1 new]# docker inspect demo1
"IPAddress": "172.17.0.3",
[root@server1 new]# curl 172.17.0.3
5.docker常用命令
| images | 显示镜像列表 |
|---|---|
| history | 显示镜像构建历史 |
| commit | 从容器构架镜像 |
| build | 从Dockerfile构建镜像 |
| tag | 给镜像达标签 |
| search | 搜索镜像 |
| pull | 从仓库拉取镜像 |
| push | 上传镜像到仓库 |
| rmi | 删除镜像 |