Docker的使用

Docker命令行使用

Docker 镜像的基础管理

获取镜像

基础镜像拉取

docker search centos //搜索

docker pull centos:6.9 //从hub拉取

docker pull nginx//默认最新，可以指定版本

镜像查看

[root@localhost ~]# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

nginx latest 2622e6cca7eb2weeks ago 132MB

nginx1.15 53f3fd8007f713months ago 109MB

标识镜像唯一性的方法

REPOSITORY：TAG

nginx：1.15

IMAGE ID（sha256:64位号码，默认只截取12位）

53f3fd8007f7

[root@localhost ~]# docker image ls --no-trunc

REPOSITORY TAG IMAGE ID CREATED SIZE

nginx latest sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b1632weeks ago 132MB

nginx1.15 sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf13months ago 109MB

镜像详细信息查看

[root@localhost ~]# docker image inspect 2622e6cca7eb

[root@localhost ~]# docker image inspect nginx:1.15

只查看镜像的id

[root@localhost ~]# docker image ls -q

2622e6cca7eb

53f3fd8007f7

镜像的导入和导出

[root@localhost ~]# docker image save 2622e6cca7eb >/media/nginxDocker.tar

[root@localhost ~]# docker image ls -a

REPOSITORY TAG IMAGE ID CREATED SIZE

nginx1.15 53f3fd8007f713months ago 109MB

[root@localhost ~]# docker image load -i /media/nginxDocker.tar

13cb14c2acd3: Loading layer [==================================================>]72.49MB/72.49MB

d4cf327d8ef5: Loading layer [==================================================>]63.8MB/63.8MB

7c7d7f446182: Loading layer [==================================================>]3.072kB/3.072kB

9040af41bb66: Loading layer [==================================================>]4.096kB/4.096kB

f978b9ed3f26: Loading layer [==================================================>]3.584kB/3.584kB

Loaded image ID: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163

[root@localhost ~]# docker image ls -a

REPOSITORY TAG IMAGE ID CREATED SIZE

2622e6cca7eb2weeks ago 132MB

nginx1.15 53f3fd8007f713months ago 109MB

镜像的删除

[root@localhost ~]# docker image rm 2622e6cca7eb

Untagged: nginx:latest

Untagged: nginx@sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133

Deleted: sha256:2622e6cca7ebbb6e310743abce3fc47335393e79171b9d76ba9d4f446ce7b163

Deleted: sha256:e86d1b8b130bec203609b4b1d7b851bd763fa16e513e5a3fa6102ebea23260e0

Deleted: sha256:8f9f007533543813bb1aef80b791a16e5e16c7cbbbc456a3a483d0fa7a9effcc

Deleted: sha256:e2c0065a77fee75795cdcf9f19a72f11769332423cd52ec9e19aacfb878aec8b

Deleted: sha256:059442698ef65fe8545e4fe9657988a10329b9c3663b368ae7ee0007a9c43949

Deleted: sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74

[root@localhost ~]# docker image rm -f nginx:1.15

Untagged: nginx:1.15

Untagged: nginx@sha256:23b4dcdf0d34d4a129755fc6f52e1c6e23bb34ea011b315d87e193033bcd1b68

Deleted: sha256:53f3fd8007f76bd23bf663ad5f5009c8941f63828ae458cef584b5f85dc0a7bf

[root@localhost ~]# docker image rm `docker image ls -q`

Docker 容器的基础管理

交互式容器

[root@localhost ~]# docker container run -it 53f3fd8007f7 //指定image来运行container

[root@localhost ~]# docker container run -it --name="demo1" 53f3fd8007f7 //指定用户名启动，不指定的话自动生成

[root@localhost ~]# docker container ls

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

STATUS:容器运行状态（Exited、Up）

注意交互式容器退出时按ctrl+P,Q，才可以保证使其在后台运行，而不会在退出时直接down掉

守护式容器

[root@localhost ~]# docker container run -d --name="demo" 53f3fd8007f7

a12716c0357e84cbb63e65f835fb6afa277e1a4ae3887364b42c414219c94388

[root@localhost ~]# docker container inspect demo //查看容器详细信息

容器的应用场景

交互式容器:工具类；开发，测试，临时性任务

守护式容器:网络服务

容器的启动、关闭、连接

守护式容器的关闭和启动

[root@localhost ~]# docker container stop demo

demo

[root@localhost ~]# docker container ls -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

a12716c0357e 53f3fd8007f7"nginx -g 'daemon of…"8minutes ago Exited (0)5seconds ago demo

[root@localhost ~]# docker container start demo

demo

[root@localhost ~]# docker container ls -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

a12716c0357e 53f3fd8007f7"nginx -g 'daemon of…"10minutes ago Up3seconds80/tcp demo

交互式容器的关闭和启动

[root@localhost ~]# docker container stop demo1

[root@localhost ~]# docker container start -i demo1

容器的连接方式

[root@localhost ~]# docker container attach demo

//子进程的方式登录，在已有的工作容器中生成子进程，做登录，可以用于容器的调试，退出时也不会影响当前容器

[root@localhost ~]# docker container exec -it demo /bin/bash

root@a12716c0357e:/#

容器的前台和后台运行

ctrl+P，Q attach调用到前台

让程序前台一直允许（夯在前台）；制作守护式容器时，常用此方法

开启个docker,打开consul的可视化web界面查看注册的服务；

[root@localhost ~]# docker run -d --name="consuldemo2" -p 8500:8500 consul agent -server -bootstrap -ui -client 0.0.0.0

a6a4898572f6ee93eb71da5002b47c863203bbf5a06a403109e86f889701f77b

-server:表示以服务端的方式开启

-bootstrap:指定自己为leader不需要经过选举

-ui：启动一个内置管理的web界面

-client 0.0.0.0：指定客户端可以访问的IP

容器的删除

[root@localhost ~]# docker container rm `docker container ls -q` //只能删除stop的容器

Error response from daemon: You cannot remove a running container 978f4cbad5fdff9564927fd276054961e307da44f715163356c1116cfe23e5c2. Stop the container before attempting removal or force remove

Error response from daemon: You cannot remove a running container bc338f9a0b28d3bdad05017ed016495260345626b8f247fb282ee0afd0bb2560. Stop the container before attempting removal or force remove

[root@localhost ~]# docker container rm `docker container ls -qf status=exited `//删除指定状态的容器

a12716c0357e

4f4d330fdc52

daa1d08c1f63

96c397696bfc

98c782a638e9

efeb8685799d

df6e77d42b9e

9785f702c1f8

015d2bf4c9b5

c580c9e97914

容器的网络映射

指定映射（dokcker 自动添加一条iptables规则来实现端口映射）

-phostPort:containerPort

-pip:hostPort:containerPort

-pip::containerPort//(随机端口：32768-60999)

-phostPort:containerPort/udp

-p81:80-p443:443 //多端口映射

随机映射

docker run-p80

[root@localhost ~]# docker container run -d -p 8000:80 --name="test" nginx:1.14

[root@localhost ~]# docker container run -d -p 192.168.241.129:8000:80 --name="test" nginx:1.14

[root@localhost ~]# docker container run -d -p 80 --name="test" nginx:1.14

[root@localhost ~]# docker container run -d -p 192.168.241.129::80 --name="test" nginx:1.14

容器的其他管理

dockerps-a-q//=docer containerls-a-q

dockertop8e07217a381f //=docker containertop8e07217a381f

查看日志

[root@localhost ~]# docker logs test

192.168.241.1--[30/Jun/2020:04:42:50+0000]"GET / HTTP/1.1"200612"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"

[root@localhost ~]# docker logs -tf test

2020-06-30T04:42:50.272233587Z192.168.241.1--[30/Jun/2020:04:42:50+0000]"GET / HTTP/1.1"200612"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"

[root@localhost ~]# docker logs -t test

[root@localhost ~]# docker logs -tf --tail 3 test

2020-06-30T04:42:51.192872914Z192.168.241.1--[30/Jun/2020:04:42:51+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"

2020-06-30T04:42:51.363250310Z192.168.241.1--[30/Jun/2020:04:42:51+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"

2020-06-30T04:43:00.583430633Z192.168.241.1--[30/Jun/2020:04:43:00+0000]"GET / HTTP/1.1"3040"-""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36""-"

Docker数据卷实现持久化存储

数据安全性；不会存在当容器挂掉时，容器中的数据丢失

手工交互数据

[root@localhost html]# docker container cp demo.html demo1:/usr/share/nginx/html/ //将文件给cp到指定容器的指定路径

[root@localhost html]# docker container cp demo1:/usr/share/nginx/html/demo.html ./ //将指定容器中的文件给cp到宿主机中

[root@localhost html]# ll

总用量4

-rw-r--r--1root root66月3015:16 demo.html

volume实现宿主机与容器的数据共享

[root@localhost /]# docker container run -d --name="demo3" -p 8003:80 -v /opt/html:/usr/share/nginx/html nginx:1.15

f482d34740f941a5b6d928d8e617bbe98fd57793dd2a4e9abbf8c1b53e2da39e

查看容器的数据卷挂载路径

[root@localhost html]# docker container inspect f482d34740f9

...

"Mounts": [

{

"Type":"bind",

"Source":"/opt/html",

"Destination":"/usr/share/nginx/html",

"Mode":"",

"RW":true,

"Propagation":"rprivate"

}

...

数据卷容器

相当于一个通道，将宿主机中的目录和目标容器中的指定目录做共享；作用在于可以更好的分类管理大量容器的不同类型的文件

在宿主机中模拟数据目录

mkdir -p /opt/volume/a

mkdir -p /opt/volume/b

touch /opt/volume/a/a.txt

touch /opt/volume/b/b.txt

启动数据卷容器并建立目录映射关系

[root@localhost html]# docker container run -it --name="nginx_volumes" -v /opt/volume/a:/opt/a -v /opt/volume/b:/opt/b centos:6.9 /bin/bash

[root@48dd82a829b4 /]# cd /opt/

[root@48dd82a829b4 opt]# ls

a b

需要注意的是这边的容器的开启是使用了交互式方式；所以为了避免在退出时容器直接exited;需要按住ctrl+P，Q来退出，使其在后天运行

使用数据卷容器

[root@localhost opt]# docker run -d --name="nginx_demo1" -p 8066:80 --volumes-from nginx_volumes nginx:1.15

bc7d6e751a5fd394f9c578e5c09dc5e0995fd6da92caeb35d712605da0312436

[root@localhost opt]# docker run -d --name="nginx_demo2" -p 8067:80 --volumes-from nginx_volumes nginx:1.15

28c1af4ea092e4eb67640c9c91cbd7643e977afca2de14b27161698ca1b3fb8d

[root@localhost ~]# docker container exec -it nginx_demo1 /bin/bash

root@bc7d6e751a5f:/# cd /opt

root@bc7d6e751a5f:/opt# ls

a b

root@bc7d6e751a5f:/opt# cd a

root@bc7d6e751a5f:/opt/a# ls

a.txt

制作本地局域网的yum源

安装vsftpd软件

yum install-yvsftpd

启动ftp

systemctl enable vsftpd //将vsftpd加入到开机自动启动的服务中

systemctlstartvsftpd //开启服务

上传系统到虚拟机

配置yum仓库

[root@localhost ftp]# mount -o loop /mnt/hgfs/www/yum_sources/CentOS-6.9-x86_64-bin-DVD1.iso /var/ftp/centos0.0/ //将目标系统挂载到ftp访问目录中

windows 验证

ftp://192.168.241.129/centos0.0/

Docker构建私有registry

构建的私有registry 也是放在容器中的

建立registry容器

[root@localhost docker]# docker container run -d -p 5000:5000 --restart=always --name="registry" -v /opt/registry:/var/lib/registry registry

Unable tofindimage'registry:latest'locally

latest: Pulling from library/registry

cbdbe7a5bc2a: Pull complete

47112e65547d: Pull complete

46bcb632e506: Pull complete

c1cc712bcecd: Pull complete

3db6272dcbfa: Pull complete

Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d

Status: Downloaded newer imageforregistry:latest

306e8e455a7f5ea001cf93446b61acb4aa0e305b75b2de1710b90670c41d79be

--restart=always 命令是当docker重启时会自动启动该容器；不会因为关闭重启docker而导致容器关闭

修改配置文件

[root@localhost ~]# cat /etc/docker/daemon.json

{

"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"],//指定镜像下载源（官方是外网，所以需要用中文镜像网站）

"insecure-registries":["192.168.241.129:5000"]//注册本地registry的下载地址

}

制作本地镜像并push到私有registry中

这边标记本地nginx:latest镜像，将其归入指定仓库

[root@localhost ~]# docker tag nginx:latest 197.128.241.129:5000/wzbwzt/nginx:v1//这边前面是registry地址+项目名+具体镜像名

[root@localhost ~]# docker image ls

REPOSITORY TAG IMAGE ID CREATED SIZE

registry latest 2d4f4b5309b113days ago26.2MB

197.128.241.129:5000/wzbwzt/nginx v1 53f3fd8007f714months ago 109MB

nginx1.15 53f3fd8007f714months ago 109MB

nginx1.14 295c7be0790215months ago 109MB

centos6.9 2199b8eb839015months ago 195MB

push到本地registry

[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1

The push refers to repository [192.168.241.129:5000/wzbwzt/nginx]

f978b9ed3f26: Pushed

9040af41bb66: Pushed

7c7d7f446182: Pushed

d4cf327d8ef5: Pushed

13cb14c2acd3: Pushed

v1: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size:1362

异地进行pull镜像

[root@localhost ~]# docker pull 192.168.241.129:5000/wzbwzt/nginx:v1

本地仓库加安全验证

往registry中推送image需要先验证

下载httpd-tool做账号密码验证

[root@localhost ~]# yum install -y httpd-tools

[root@localhost ~]# mkdir /opt/registry-auth

[root@localhost opt]# htpasswd -Bbn wzb 123123 > /opt/registry-auth/htpasswd

[root@localhost registry-auth]# cat htpasswd

wzb:$2y$05$BGrfbP4JgEA7OhRQs/vAIOmatL3/rURjjod1RTuC3O.UFJqsaNU0G

生成带密钥功能的registry容器

[root@localhost ~]# docker run -d -p 5000:5000 --name="registry-auth" -v /opt/registry-auth/:/auth/ -v /opt/registry/:/var/lib/registry -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry

WARNING: IPv4 forwarding is disabled. Networking will not work.

22c0397455c87e0517e53834ce082c1c43abd997f0f487e6e95b39e377633ef3

//-e 后面跟的是配置参数

push镜像需要先验证（pull不需要）

[root@localhost ~]# docker push 192.168.241.129:5000/wzbwzt/nginx:v1

The push refers to repository [192.168.241.129:5000/wzbwzt/nginx]

f978b9ed3f26: Preparing

9040af41bb66: Preparing

7c7d7f446182: Preparing

d4cf327d8ef5: Preparing

13cb14c2acd3: Preparing

no basic auth credentials

//显示无验证

[root@localhost ~]# docker login 192.168.241.129:5000 //登录

Username: wzb

Password:

WARNING! Your password will be stored unencryptedin/root/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

[root@localhost ~]# docker push 192.168.241.129:5000/wzb/nginx:v2 //推送

The push refers to repository [192.168.241.129:5000/wzb/nginx]

f978b9ed3f26: Mounted from wzbwzt/nginx

9040af41bb66: Mounted from wzbwzt/nginx

7c7d7f446182: Mounted from wzbwzt/nginx

d4cf327d8ef5: Mounted from wzbwzt/nginx

13cb14c2acd3: Mounted from wzbwzt/nginx

v2: digest: sha256:0efad4d09a419dc6d574c3c3baacb804a530acd61d5eba72cb1f14e1f5ac0c8f size:1362

Kubernetes (k8s)

apiserver:接受请求之后，控制kubelet进行部署的启动和关闭，监控每个pod的生命周期；以及运行监控；

由scheduler进行资源的调度

replication Controller（RC）主要是将提供同一服务的的节点进行统一管理；实现一个高可用性；但是当一个请求进来后具体调用哪个节点，是通过SVC进行负载均衡；

controller manager 主要是管控replication Controller（RC）进行一个错误的处理例如当RC中某个节点down掉后会重新生成该节点；以及他的动态扩容和缩容；

Docker的使用

你可能感兴趣的:(Docker的使用)