Docker命令行使用
Docker 镜像的基础管理
获取镜像
基础镜像拉取
docker search centos //搜索
docker pull centos:6.9 //从hub拉取
docker pull nginx//默认最新,可以指定版本
镜像查看
[root@localhost ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 2622e6cca7eb2weeks ago 132MB
nginx1.15 53f3fd8007f713months ago 109MB
标识镜像唯一性的方法
REPOSITORY:TAG
nginx:1.15
IMAGE ID(sha256:64位号码,默认只截取12位)
53f3fd8007f7
[root@localhost ~]# docker image ls --no-trunc
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b1632weeks ago 132MB
nginx1.15 sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf13months ago 109MB
镜像详细信息查看
[root@localhost ~]# docker image inspect 2622e6cca7eb
[root@localhost ~]# docker image inspect nginx:1.15
只查看镜像的id
[root@localhost ~]# docker image ls -q
2622e6cca7eb
53f3fd8007f7
镜像的导入和导出
[root@localhost ~]# docker image save 2622e6cca7eb >/media/nginxDocker.tar
[root@localhost ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx1.15 53f3fd8007f713months ago 109MB
[root@localhost ~]# docker image load -i /media/nginxDocker.tar
13cb14c2acd3: Loading layer [==================================================>]72.49MB/72.49MB
d4cf327d8ef5: Loading layer [==================================================>]63.8MB/63.8MB
7c7d7f446182: Loading layer [==================================================>]3.072kB/3.072kB
9040af41bb66: Loading layer [==================================================>]4.096kB/4.096kB
f978b9ed3f26: Loading layer [==================================================>]3.584kB/3.584kB
Loaded image ID: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163
[root@localhost ~]# docker image ls -a
REPOSITORY TAG IMAGE ID CREATED SIZE
2622e6cca7eb2weeks ago 132MB
nginx1.15 53f3fd8007f713months ago 109MB
镜像的删除
[root@localhost ~]# docker image rm 2622e6cca7eb
Untagged: nginx:latest
Untagged: nginx@sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133
Deleted: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163
Deleted: sha256:e86d1b8b130bec203609b4b1d7b851bd763fa16e513e5a3fa6102ebea23260e0
Deleted: sha256:8f9f007533543813bb1aef80b791a16e5e16c7cbbbc456a3a483d0fa7a9effcc
Deleted: sha256:e2c0065a77fee75795cdcf9f19a72f11769332423cd52ec9e19aacfb878aec8b
Deleted: sha256:059442698ef65fe8545e4fe9657988a10329b9c3663b368ae7ee0007a9c43949
Deleted: sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74
[root@localhost ~]# docker image rm -f nginx:1.15
Untagged: nginx:1.15
Untagged: nginx@sha256:23b4dcdf0d34d4a129755fc6f52e1c6e23bb34ea011b315d87e193033bcd1b68
Deleted: sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf
[root@localhost ~]# docker image rm `docker image ls -q`
Docker 容器的基础管理
交互式容器
[root@localhost ~]# docker container run -it 53f3fd8007f7 //指定image来运行container
[root@localhost ~]# docker container run -it --name="demo1" 53f3fd8007f7 //指定用户名启动,不指定的话自动生成
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
STATUS:容器运行状态(Exited、Up)
注意交互式容器退出时按ctrl+P,Q,才可以保证使其在后台运行,而不会在退出时直接down掉
守护式容器
[root@localhost ~]# docker container run -d --name="demo" 53f3fd8007f7
a12716c0357e84cbb63e65f835fb6afa277e1a4ae3887364b42c414219c94388
[root@localhost ~]# docker container inspect demo //查看容器详细信息
容器的应用场景
交互式容器:工具类;开发,测试,临时性任务
守护式容器:网络服务
容器的启动、关闭、连接
守护式容器的关闭和启动
[root@localhost ~]# docker container stop demo
demo
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a12716c0357e 53f3fd8007f7"nginx -g 'daemon of…"8minutes ago Exited (0)5seconds ago demo
[root@localhost ~]# docker container start demo
demo
[root@localhost ~]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a12716c0357e 53f3fd8007f7"nginx -g 'daemon of…"10minutes ago Up3seconds80/tcp demo
交互式容器的关闭和启动
[root@localhost ~]# docker container stop demo1
[root@localhost ~]# docker container start -i demo1
容器的连接方式
[root@localhost ~]# docker container attach demo
//子进程的方式登录,在已有的工作容器中生成子进程,做登录,可以用于容器的调试,退出时也不会影响当前容器
[root@localhost ~]# docker container exec -it demo /bin/bash
root@a12716c0357e:/#
容器的前台和后台运行
ctrl+P,Q attach调用到前台
让程序前台一直允许(夯在前台);制作守护式容器时,常用此方法
开启个docker,打开consul的可视化web界面查看注册的服务;
[root@localhost ~]# docker run -d --name="consuldemo2" -p 8500:8500 consul agent -server -bootstrap -ui -client 0.0.0.0
a6a4898572f6ee93eb71da5002b47c863203bbf5a06a403109e86f889701f77b
-server:表示以服务端的方式开启
-bootstrap:指定自己为leader不需要经过选举
-ui:启动一个内置管理的web界面
-client 0.0.0.0:指定客户端可以访问的IP
容器的删除
[root@localhost ~]# docker container rm `docker container ls -q` //只能删除stop的容器
Error response from daemon: You cannot remove a running container 978f4cbad5fdff9564927fd276054961e307da44f715163356c1116cfe23e5c2. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container bc338f9a0b28d3bdad05017ed016495260345626b8f247fb282ee0afd0bb2560. Stop the container before attempting removal or force remove
[root@localhost ~]# docker container rm `docker container ls -qf status=exited `//删除指定状态的容器
a12716c0357e
4f4d330fdc52
daa1d08c1f63
96c397696bfc
98c782a638e9
efeb8685799d
df6e77d42b9e
9785f702c1f8
015d2bf4c9b5
c580c9e97914
容器的网络映射
指定映射(dokcker 自动添加一条iptables规则来实现端口映射)
-phostPort:containerPort
-pip:hostPort:containerPort
-pip::containerPort//(随机端口:32768-60999)
-phostPort:containerPort/udp
-p81:80-p443:443 //多端口映射
随机映射
docker run-p80
[root@localhost ~]# docker container run -d -p 8000:80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 192.168.241.129:8000:80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 80 --name="test" nginx:1.14
[root@localhost ~]# docker container run -d -p 192.168.241.129::80 --name="test" nginx:1.14
容器的其他管理
dockerps-a-q//=docer containerls-a-q
dockertop8e07217a381f //=docker containertop8e07217a381f
查看日志
[root@localhost ~]# docker logs test
192.168.241.1--[30/Jun/2020:04:42:50+0000]"GET / HTTP/1.1"200612"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
[root@localhost ~]# docker logs -tf test
2020-06-30T04:42:50.272233587Z192.168.241.1--[30/Jun/2020:04:42:50+0000]"GET / HTTP/1.1"200612"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
[root@localhost ~]# docker logs -t test
2020-06-30T04:42:50.272233587Z192.168.241.1--[30/Jun/2020:04:42:50+0000]"GET / HTTP/1.1"200612"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
[root@localhost ~]# docker logs -tf --tail 3 test
2020-06-30T04:42:51.192872914Z192.168.241.1--[30/Jun/2020:04:42:51+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
2020-06-30T04:42:51.363250310Z192.168.241.1--[30/Jun/2020:04:42:51+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
2020-06-30T04:43:00.583430633Z192.168.241.1--[30/Jun/2020:04:43:00+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"
Docker数据卷实现持久化存储
数据安全性;不会存在当容器挂掉时,容器中的数据丢失
手工交互数据
[root@localhost html]# docker container cp demo.html demo1:/usr/share/nginx/html/ //将文件给cp到指定容器的指定路径
[root@localhost html]# docker container cp demo1:/usr/share/nginx/html/demo.html ./ //将指定容器中的文件给cp到宿主机中
[root@localhost html]# ll
总用量4
-rw-r--r--1root root66月3015:16 demo.html
volume实现宿主机与容器的数据共享
[root@localhost /]# docker container run -d --name="demo3" -p 8003:80 -v /opt/html:/usr/share/nginx/html nginx:1.15
f482d34740f941a5b6d928d8e617bbe98fd57793dd2a4e9abbf8c1b53e2da39e
查看容器的数据卷挂载路径
[root@localhost html]# docker container inspect f482d34740f9
...
"Mounts": [
{
"Type":"bind",
"Source":"/opt/html",
"Destination":"/usr/share/nginx/html",
"Mode":"",
"RW":true,
"Propagation":"rprivate"
}
],
...
数据卷容器
相当于一个通道,将宿主机中的目录和目标容器中的指定目录做共享;作用在于可以更好的分类管理大量容器的不同类型的文件
在宿主机中模拟数据目录
mkdir -p /opt/volume/a
mkdir -p /opt/volume/b
touch /opt/volume/a/a.txt
touch /opt/volume/b/b.txt
启动数据卷容器并建立目录映射关系
[root@localhost html]# docker container run -it --name="nginx_volumes" -v /opt/volume/a:/opt/a -v /opt/volume/b:/opt/b centos:6.9 /bin/bash
[root@48dd82a829b4 /]# cd /opt/
[root@48dd82a829b4 opt]# ls
a b
需要注意的是这边的容器的开启是使用了交互式方式;所以为了避免在退出时容器直接exited;需要按住ctrl+P,Q来退出,使其在后天运行
使用数据卷容器
[root@localhost opt]# docker run -d --name="nginx_demo1" -p 8066:80 --volumes-from nginx_volumes nginx:1.15
bc7d6e751a5fd394f9c578e5c09dc5e0995fd6da92caeb35d712605da0312436
[root@localhost opt]# docker run -d --name="nginx_demo2" -p 8067:80 --volumes-from nginx_volumes nginx:1.15
28c1af4ea092e4eb67640c9c91cbd7643e977afca2de14b27161698ca1b3fb8d
[root@localhost ~]# docker container exec -it nginx_demo1 /bin/bash
root@bc7d6e751a5f:/# cd /opt
root@bc7d6e751a5f:/opt# ls
a b
root@bc7d6e751a5f:/opt# cd a
root@bc7d6e751a5f:/opt/a# ls
a.txt
制作本地局域网的yum源
安装vsftpd软件
yum install-yvsftpd
启动ftp
systemctl enable vsftpd //将vsftpd加入到开机自动启动的服务中
systemctlstartvsftpd //开启服务
上传系统到虚拟机
配置yum仓库
[root@localhost ftp]# mount -o loop /mnt/hgfs/www/yum_sources/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos0.0/ //将目标系统挂载到ftp访问目录中
windows 验证
ftp://192.168.241.129/centos0.0/
Docker构建私有registry
构建的私有registry 也是放在容器中的
建立registry容器
[root@localhost docker]# docker container run -d -p 5000:5000 --restart=always --name="registry" -v /opt/registry:/var/lib/registry registry
Unable tofindimage'registry:latest'locally
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete
47112e65547d: Pull complete
46bcb632e506: Pull complete
c1cc712bcecd: Pull complete
3db6272dcbfa: Pull complete
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer imageforregistry:latest
306e8e455a7f5ea001cf93446b61acb4aa0e305b75b2de1710b90670c41d79be
--restart=always 命令是当docker重启时会自动启动该容器;不会因为关闭重启docker而导致容器关闭
修改配置文件
[root@localhost ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"],//指定镜像下载源(官方是外网,所以需要用中文镜像网站)
"insecure-registries":["192.168.241.129:5000"]//注册本地registry的下载地址
}
制作本地镜像并push到私有registry中
这边标记本地nginx:latest镜像,将其归入指定仓库
[root@localhost ~]# docker tag nginx:latest 197.128.241.129:5000/wzbwzt/nginx:v1//这边前面是registry地址+项目名+具体镜像名
[root@localhost ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 2d4f4b5309b113days ago26.2MB
197.128.241.129:5000/wzbwzt/nginx v1 53f3fd8007f714months ago 109MB
nginx1.15 53f3fd8007f714months ago 109MB
nginx1.14 295c7be0790215months ago 109MB
centos6.9 2199b8eb839015months ago 195MB
push到本地registry
[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1
The push refers to repository [192.168.241.129:5000/wzbwzt/nginx]
f978b9ed3f26: Pushed
9040af41bb66: Pushed
7c7d7f446182: Pushed
d4cf327d8ef5: Pushed
13cb14c2acd3: Pushed
v1: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size:1362
异地进行pull镜像
[root@localhost ~]# docker pull 192.168.241.129:5000/wzbwzt/nginx:v1
本地仓库加安全验证
往registry中推送image需要先验证
下载httpd-tool做账号密码验证
[root@localhost ~]# yum install -y httpd-tools
[root@localhost ~]# mkdir /opt/registry-auth
[root@localhost opt]# htpasswd -Bbn wzb 123123 > /opt/registry-auth/htpasswd
[root@localhost registry-auth]# cat htpasswd
wzb:$2y$05$BGrfbP4JgEA7OhRQs/vAIOmatL3/rURjjod1RTuC3O.UFJqsaNU0G
生成带密钥功能的registry容器
[root@localhost ~]# docker run -d -p 5000:5000 --name="registry-auth" -v /opt/registry-auth/:/auth/ -v /opt/registry/:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
WARNING: IPv4 forwarding is disabled. Networking will not work.
22c0397455c87e0517e53834ce082c1c43abd997f0f487e6e95b39e377633ef3
//-e 后面跟的是配置参数
push镜像需要先验证(pull不需要)
[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1
The push refers to repository [192.168.241.129:5000/wzbwzt/nginx]
f978b9ed3f26: Preparing
9040af41bb66: Preparing
7c7d7f446182: Preparing
d4cf327d8ef5: Preparing
13cb14c2acd3: Preparing
no basic auth credentials
//显示无验证
[root@localhost ~]# docker login 192.168.241.129:5000 //登录
Username: wzb
Password:
WARNING! Your password will be stored unencryptedin/root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost ~]# docker push 192.168.241.129:5000/wzb/nginx:v2 //推送
The push refers to repository [192.168.241.129:5000/wzb/nginx]
f978b9ed3f26: Mounted from wzbwzt/nginx
9040af41bb66: Mounted from wzbwzt/nginx
7c7d7f446182: Mounted from wzbwzt/nginx
d4cf327d8ef5: Mounted from wzbwzt/nginx
13cb14c2acd3: Mounted from wzbwzt/nginx
v2: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size:1362
Kubernetes (k8s)
apiserver:接受请求之后,控制kubelet进行部署的启动和关闭,监控每个pod的生命周期;以及运行监控;
由scheduler进行资源的调度
replication Controller(RC)主要是将提供同一服务的的节点进行统一管理;实现一个高可用性;但是当一个请求进来后具体调用哪个节点,是通过SVC进行负载均衡;
controller manager 主要是管控replication Controller(RC)进行一个错误的处理例如当RC中某个节点down掉后会重新生成该节点;以及他的动态扩容和缩容;