【4】Docker run 详解.md

【4】Docker run 详解

一般形式

docker run [OPTIONS] IMAGE [:TAG|@DIGEST] [COMMAND] [ARG...]

Operator exclusive options

  • Detached vs foreground
  • Detached (-d)
  • Foreground
  • Container identification
  • Name (--name)
  • PID equivalent
  • IPC settings (--ipc)
  • Network settings
  • Restart policies (--restart)
  • Clean up (--rm)
  • Runtime constraints on resource
  • Runtime privileges, Linux capabilities, and LXC configuration

Detached vs foreground

Detached (-d)

  • --rm 和 -d 不能同时存在
  • 不能使用service x start

docker run -d 80:80 my_image service nginx start

  • 正确的启动方式

docker run -d 80:80 my_image nginx -g 'daemon off;'

Foreground

  • 进入交互模式 -it

Container identification

Name (--name)

  • 区分容器的三种方式
  • UUID 长标识符
  • UUID 短标识符
  • Name (若未指定,则随机生成)

PID

--cidfile="": Write the container ID to the file

Image[:tag]

docker run ubuntu:14.04

Image[@digest]

PID settings (--pid)

docker run --pid=host rhel7 strace -p 1234

UTS settings (--uts)

IPC settings (--ipc)

Network settings

Restart policies (--restart)

docker run --restart=always redis
docker run --restart=on-failure:10 redis

Clean up (--rm)

Automatically remove the container when it exists (incompatible with -d)

Security configuration

docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash

Specifying custom cgroups

Runtime constraints on resources

User memory constraints

docker run -ti ubuntu:14.04 /bin/bash
docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
docker run -ti -m 300M ubuntu:14.04 /bin/bash
docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
docker run -ti -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash
docker run -ti --memory-reservation 1G ubuntu:14.04 /bin/bash

Kernel memory constraints

Swappiness constraint

docker run -ti --memory-swappiness=0 ubuntu:14.04 /bin/bash

CPU share constraint

CPU period constraint

docker run -ti --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash

CPUset constraint

docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-mems="1,3" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-mems="0-2" ubuntu:14.04 /bin/bash

CPU quota constraint

Block IO bandwidth (Blkio) constraint

docker run -ti --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash
docker run -ti --name c2 --blkio-weight 600 ubunut:14.04 /bin/bash

Additional groups

Runtime privileges, Linux capabilities, and LXC configuration

docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc

Logging drivers (--log-driver)

Overriding Dockerfile image defaults

CMD (default command or options)

ENTRYPOINT (default command to execute at runtime)

EXPOSE (incoming ports)

ENV (environment variables)

VOLUME (shared filesystems)

USER

WORKDIR

你可能感兴趣的:(【4】Docker run 详解.md)