Kubernetes CKA认证运维工程师笔记-Docker快速入门

1. Docker 概念与安装
2. Docker 镜像管理
3. Docker 容器管理
4. Dockerfile 构建镜像
5. Harbor 镜像仓库搭建与使用

1. Docker 概念与安装

1.1 Docker 是什么

使用最广泛的开源容器引擎
一种操作系统级的虚拟化技术
依赖于Linux内核特性：Namespace（资源隔离）和Cgroups（资源限制）
一个简单的应用程序打包工具

1.2 Docker 基本组成

在这里插入图片描述

1.3 版本与支持平台

Docker版本：

社区版（Community Edition，CE）
企业版（Enterprise Edition，EE）

支持平台：

Linux（CentOS,Debian,Fedora,Oracle Linux,RHEL,SUSE和Ubuntu）
Mac
Windows

1.4 Docker 安装

# 关闭selinux和防火墙
[root@centos7 ~]# vi /etc/selinux/config
[root@centos7 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@centos7 ~]# getenforce
Disabled
[root@centos7 ~]# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
     
# 修改主机名称，也可以不该改
[root@centos7 ~]# hostnamectl set-hostname docker02
[root@centos7 ~]# exit

# 安装docker的准备插件，下载docker的yum源，这里提供了两种yum源，一个是官方的，一个是阿里云的，这里以阿里云的为例
[root@docker02 ~]# yum install -y yum-utils
[root@docker02 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@docker02 ~]# ls /etc/yum.repos.d/
CentOS-Base.repo  CentOS-CR.repo  CentOS-Debuginfo.repo  CentOS-fasttrack.repo  CentOS-Media.repo  CentOS-Sources.repo  CentOS-Vault.repo  docker-ce.repo  epel.repo
[root@docker02 ~]# wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
--2021-11-03 22:58:48--  http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 61.240.132.241, 124.165.127.202, 61.240.142.60, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|61.240.132.241|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2081 (2.0K) [application/octet-stream]
Saving to: ‘docker-ce.repo’

100%[================================================================================================================================================>] 2,081       --.-K/s   in 0s      

2021-11-03 22:58:48 (425 MB/s) - ‘docker-ce.repo’ saved [2081/2081]

[root@docker02 ~]# mv docker-ce.repo /etc/yum.repos.d/
mv: overwrite ‘/etc/yum.repos.d/docker-ce.repo’? y

# 查看docker-ce阿里云仓库提供的版本
[root@docker02 ~]# yum list docker-ce --showduplicates | sort -r
 * updates: mirrors.aliyun.com
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror
 * extras: mirrors.aliyun.com
docker-ce.x86_64            3:20.10.9-3.el7                     docker-ce-stable
docker-ce.x86_64            3:20.10.8-3.el7                     docker-ce-stable
docker-ce.x86_64            3:20.10.7-3.el7                     docker-ce-stable
docker-ce.x86_64            3:20.10.6-3.el7                     docker-ce-stable
......

# 安装docker-ce 
[root@docker02 ~]# yum install -y docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
......
Installed:
  docker-ce.x86_64 3:20.10.10-3.el7                                                                                                                                                      
Dependency Installed:
  audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7                    container-selinux.noarch 2:2.119.2-1.911c772.el7_8 containerd.io.x86_64 0:1.4.11-3.1.el7     
  docker-ce-cli.x86_64 1:20.10.10-3.el7  docker-ce-rootless-extras.x86_64 0:20.10.10-3.el7 docker-scan-plugin.x86_64 0:0.9.0-3.el7            fuse-overlayfs.x86_64 0:0.7.2-6.el7_8     
  fuse3-libs.x86_64 0:3.6.1-4.el7        libcgroup.x86_64 0:0.41-21.el7                    libsemanage-python.x86_64 0:2.5-14.el7             policycoreutils-python.x86_64 0:2.5-34.el7
  python-IPy.noarch 0:0.75-6.el7         setools-libs.x86_64 0:3.3.8-4.el7                 slirp4netns.x86_64 0:0.4.3-4.el7_8                

Dependency Updated:
  audit.x86_64 0:2.8.5-4.el7                      audit-libs.x86_64 0:2.8.5-4.el7                          libselinux.x86_64 0:2.5-15.el7      libselinux-python.x86_64 0:2.5-15.el7     
  libselinux-utils.x86_64 0:2.5-15.el7            libsemanage.x86_64 0:2.5-14.el7                          libsepol.x86_64 0:2.5-10.el7        policycoreutils.x86_64 0:2.5-34.el7       
  selinux-policy.noarch 0:3.13.1-268.el7_9.2      selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2     

Complete!

# 查看docker系统信息
[root@docker02 ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info
[root@docker02 ~]# systemctl start docker;systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker02 ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-862.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.779GiB
 Name: docker02
 ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

# 发现有报错，修改配置文件解决报错问题
[root@docker02 ~]# vi /etc/sysctl.conf
[root@docker02 ~]# cat /etc/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
# 在文件里添加下面两行代码
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# 然后 ESC 退出后 :wq 保存，执行下面语句使配置生效
[root@docker02 ~]# sysctl -p
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

# 问题解决
[root@docker02 ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-862.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.779GiB
 Name: docker02
 ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

# 列出容器
[root@docker02 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

https://docs.docker.com/engine/install/centos/
官方文档：https://docs.docker.com
阿里云源：http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2. Docker 镜像管理

2.1 镜像是什么

一个分层存储的文件，不是一个单一的文件
一个软件的环境
一个镜像可以创建N个容器
一种标准化的交付
一个不包含Linux内核而又精简的Linux操作系统

2.2 配置加速器

Docker Hub是由Docker公司负责维护的公共镜像仓库，包含大量的容器镜像，Docker工具默认从这个公共镜像库下载镜像。
地址：https://hub.docker.com
配置镜像加速器：

# 编辑daemon.json文件，没有就创建
[root@docker02 ~]# vi /etc/docker/daemon.json
# 添加如下加速器内容
[root@docker02 ~]# cat /etc/docker/daemon.json
{
    
    
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
# 重启docker
[root@docker02 ~]# systemctl restart docker
# 查看加速其内容是否生效，看最下面Registry Mirrors
[root@docker02 ~]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
  scan: Docker Scan (Docker Inc., v0.9.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-862.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.779GiB
 Name: docker02
 ID: 256O:LBZV:E2IT:R2Q5:IHWY:XMKK:SS4E:SCNX:A3HJ:6ZCJ:4JUD:O3MX
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://b9pmyelo.mirror.aliyuncs.com/
 Live Restore Enabled: false

2.3 镜像常用管理命令

命令格式：

docker --help
docker image COMMAND

指令	描述
ls	列出镜像
build	构建镜像来自Dockerfile
history	查看镜像历史
inspect	显示一个或多个镜像详细信息
pull	从镜像仓库拉取镜像
push	推送一个镜像到镜像仓库
rm	移除一个或多个镜像
prune	移除没有被标记或者没有被任何容器引用的镜像
tag	创建一个引用源镜像标记目录镜像
save	保存一个或多个镜像到一个tar归档文件
load	加载镜像来自tar归档或标准输入

#第一次运行会从本地找镜像，没有找到会直接从dockerhub上面下载，然后运行镜像
[root@docker02 ~]# docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
b380bbd43752: Pull complete 
fca7e12d1754: Pull complete 
745ab57616cb: Pull complete 
a4723e260b6f: Pull complete 
1c84ebdff681: Pull complete 
858292fd2e56: Pull complete 
Digest: sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
Status: Downloaded newer image for nginx:latest
443bad4b2b0672e1579c97a6f8608e9a7789841c4c5483d8efd973775ac14aa5

# 列出本地有的镜像
[root@docker02 ~]# docker image ls
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
nginx        latest    87a94228f133   3 weeks ago   133MB

# 查看镜像构建历史和步骤
[root@docker02 ~]# docker history nginx
IMAGE          CREATED       CREATED BY                                      SIZE      COMMENT
87a94228f133   3 weeks ago   /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  STOPSIGNAL SIGQUIT           0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  EXPOSE 80                    0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  ENTRYPOINT ["/docker-entr…   0B        
<missing>      3 weeks ago   /bin/sh -c #(nop) COPY file:09a214a3e07c919a…   4.61kB    
<missing>      3 weeks ago   /bin/sh -c #(nop) COPY file:0fd5fca330dcd6a7…   1.04kB    
<missing>      3 weeks ago   /bin/sh -c #(nop) COPY file:0b866ff3fc1ef5b0…   1.96kB    
<missing>      3 weeks ago   /bin/sh -c #(nop) COPY file:65504f71f5855ca0…   1.2kB     
<missing>      3 weeks ago   /bin/sh -c set -x     && addgroup --system -…   64MB      
<missing>      3 weeks ago   /bin/sh -c #(nop)  ENV PKG_RELEASE=1~buster     0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  ENV NJS_VERSION=0.6.2        0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  ENV NGINX_VERSION=1.21.3     0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  LABEL maintainer=NGINX Do…   0B        
<missing>      3 weeks ago   /bin/sh -c #(nop)  CMD ["bash"]                 0B        
<missing>      3 weeks ago   /bin/sh -c #(nop) ADD file:910392427fdf089bc…   69.3MB

# 以json的文件格式显示该镜像的详细信息
[root@docker02 ~]# docker inspect nginx
[
    {
    
    
        "Id": "sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02",
        "RepoTags": [
            "nginx:latest"
        ],
        "RepoDigests": [
            "nginx@sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-10-12T02:03:40.360294686Z",
        "Container": "21fd1c6cb532225ca7e04c77f6592e220574b919aec07021663576ef438e0fee",
        "ContainerConfig": {
    
    
            "Hostname": "21fd1c6cb532",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
    
    
                "80/tcp": {
    
    }
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.3",
                "NJS_VERSION=0.6.2",
                "PKG_RELEASE=1~buster"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"nginx\" \"-g\" \"daemon off;\"]"
            ],
            "Image": "sha256:e30f1b92b2c67fbe72fb24af7353a945f6df4f48d9064d47bf0f51674311251e",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
    
    
                "maintainer": "NGINX Docker Maintainers <[email protected]>"
            },
            "StopSignal": "SIGQUIT"
        },
        "DockerVersion": "20.10.7",
        "Author": "",
        "Config": {
    
    
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
    
    
                "80/tcp": {
    
    }
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.3",
                "NJS_VERSION=0.6.2",
                "PKG_RELEASE=1~buster"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "sha256:e30f1b92b2c67fbe72fb24af7353a945f6df4f48d9064d47bf0f51674311251e",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
    
    
                "maintainer": "NGINX Docker Maintainers <[email protected]>"
            },
            "StopSignal": "SIGQUIT"
        },
        "Architecture": "amd64",
        "Os": "linux",
        "Size": 133277153,
        "VirtualSize": 133277153,
        "GraphDriver": {
    
    
            "Data": {
    
    
                "LowerDir": "/var/lib/docker/overlay2/a0dbf794833f4f7d28ee89d6debf3d5e4d22dc04903ffae85eda6643383f57b4/diff:/var/lib/docker/overlay2/2d260cb5960fa673679039e382578cb852adb0e8f0930e71f817af09edf8556c/diff:/var/lib/docker/overlay2/ee2f883e3a578d3d748c63435267598bbc49a1b9e8c05a1dea8fe11cbfc3147a/diff:/var/lib/docker/overlay2/9f5fbdfd68bb7d2d3a8a0c586a097507b50ff13ca1d77e83ddcc5b63a07296ab/diff:/var/lib/docker/overlay2/b069a3c660d3ed0eedd9c35dd1af33df7ed2a769598bda8e0f4c16d6fff780a6/diff",
                "MergedDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/merged",
                "UpperDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/diff",
                "WorkDir": "/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
    
    
            "Type": "layers",
            "Layers": [
                "sha256:e81bff2725dbc0bf2003db10272fef362e882eb96353055778a66cda430cf81b",
                "sha256:43f4e41372e42dd32309f6a7bdce03cf2d65b3ca34b1036be946d53c35b503ab",
                "sha256:788e89a4d186f3614bfa74254524bc2e2c6de103698aeb1cb044f8e8339a90bd",
                "sha256:f8e880dfc4ef19e78853c3f132166a4760a220c5ad15b9ee03b22da9c490ae3b",
                "sha256:f7e00b807643e512b85ef8c9f5244667c337c314fa29572206c1b0f3ae7bf122",
                "sha256:9959a332cf6e41253a9cd0c715fa74b01db1621b4d16f98f4155a2ed5365da4a"
            ]
        },
        "Metadata": {
    
    
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

# 下载镜像，如果本地有会进行校验，如果没有就直接下载
[root@docker02 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
Digest: sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
Status: Image is up to date for nginx:latest
docker.io/library/nginx:latest
[root@docker02 ~]# docker pull redis
Using default tag: latest
latest: Pulling from library/redis
7d63c13d9b9b: Pull complete 
a2c3b174c5ad: Pull complete 
283a10257b0f: Pull complete 
7a08c63a873a: Pull complete 
0531663a7f55: Pull complete 
9bf50efb265c: Pull complete 
Digest: sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest

# 移除没有被标记或者没有被任何容器引用的镜像，加上-a是删除所有
[root@docker02 ~]# docker image prune
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
[root@docker02 ~]# docker image prune -a
WARNING! This will remove all images without at least one container associated to them.
Are you sure you want to continue? [y/N] y
Deleted Images:
untagged: redis:latest
untagged: redis@sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
deleted: sha256:7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f
deleted: sha256:e6deb90762475cda72e21895911f830ed99fd1cc6d920d92873270be91235274
deleted: sha256:2649acad13241d9c8d81e49357bc66cce459b352ded7f423d70ede7bd3bb7b89
deleted: sha256:64007bba5fc220df4d3da33cecdc2d55dd6a73528c138b0fa1acd79fd6a9c217
deleted: sha256:b2cc2f1bf8b1cca8ba7c19e1697f7b73755903ad8f880b83673fd6a697aca935
deleted: sha256:fbd1283ab782925be4d990bd4bebe9ad5e5cf9a525abfb6fa87465e072da9d31
deleted: sha256:e8b689711f21f9301c40bf2131ce1a1905c3aa09def1de5ec43cf0adf652576e

Total reclaimed space: 112.7MB

# 下载镜像，保存下来；再传到另一台没有网的机器上，导入
[root@docker02 ~]# docker pull redis
Using default tag: latest
latest: Pulling from library/redis
7d63c13d9b9b: Pull complete 
a2c3b174c5ad: Pull complete 
283a10257b0f: Pull complete 
7a08c63a873a: Pull complete 
0531663a7f55: Pull complete 
9bf50efb265c: Pull complete 
Digest: sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest
[root@docker02 ~]# docker image ls
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
redis        latest    7faaec683238   3 weeks ago   113MB
nginx        latest    87a94228f133   3 weeks ago   133MB
[root@docker02 ~]# docker save redis --help

Usage:  docker save [OPTIONS] IMAGE [IMAGE...]

Save one or more images to a tar archive (streamed to STDOUT by default)

Options:
  -o, --output string   Write to a file, instead of STDOUT
[root@docker02 ~]# docker save redis -o redis.tar
[root@docker02 ~]# du -sh redis.tar 
111M	redis.tar
[root@docker02 ~]# tar xvf redis.tar 
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/VERSION
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/json
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54/layer.tar
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/VERSION
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/json
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f/layer.tar
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/VERSION
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/json
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e/layer.tar
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/VERSION
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/json
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2/layer.tar
7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f.json
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/VERSION
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/json
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e/layer.tar
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/VERSION
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/json
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3/layer.tar
manifest.json
tar: manifest.json: implausibly old time stamp 1970-01-01 08:00:00
repositories
tar: repositories: implausibly old time stamp 1970-01-01 08:00:00
[root@docker02 ~]# ls
485c02c4e297ea1167ebd6868e770d053f22f6458d3e227e75e0cf4995772c54
6562438739bdf784a7f98c2dc8a6b7fce1beef4ef85e5b59881891eeaf23ce7f
6c8f827bffaa57c9e7d46a63344f1e41fc15fd6a1462bade33edcacd5a3c6b4e
7bc07f655849625a2243747ccb64b96d9cb55278797700ea6baf25aad00aafc2
7faaec68323851b2265bddb239bd9476c7d4e4335e9fd88cbfcc1df374dded2f.json
anaconda-ks.cfg
c2eb2172279bd62094265c1a5b7e19403d878704922a189c7ce8b3e274a8007e
createuser.sh
dd59d902792d0dce82a289b10b66ffa8256873a82c21347494cd2c5c6d59caa3
disk.sh
disk.txt
manifest.json
redis.tar
repositories
systeminfo.sh
user.txt
[root@docker02 ~]# scp redis.tar [email protected]:~
The authenticity of host '10.0.0.65 (10.0.0.65)' can't be established.
ECDSA key fingerprint is SHA256:OWuZy2NmY2roM1RqIamUATXYA+wqXai6nqsA1LesvjU.
ECDSA key fingerprint is MD5:04:af:eb:98:a5:8d:e0:a4:b4:16:29:80:8e:f9:e6:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.65' (ECDSA) to the list of known hosts.
[email protected]'s password: 
redis.tar 

[root@docker01 ~]# docker image ls
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
[root@docker01 ~]# ls
anaconda-ks.cfg  redis.tar
[root@docker01 ~]# docker load -i redis.tar 
e8b689711f21: Loading layer [==================================================>]  83.86MB/83.86MB
b43651130521: Loading layer [==================================================>]  338.4kB/338.4kB
8b9770153666: Loading layer [==================================================>]  4.274MB/4.274MB
6b01cc47a390: Loading layer [==================================================>]   27.8MB/27.8MB
0bd13b42de4d: Loading layer [==================================================>]  2.048kB/2.048kB
146262eb3841: Loading layer [==================================================>]  3.584kB/3.584kB
Loaded image: redis:latest
[root@docker01 ~]# docker image ls
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
redis                         latest              7faaec683238        3 weeks ago         113MB
[root@docker01 ~]# docker run -d redis
38453ca627aa556868383d883a0c0020afee37b5e3c094eb5901e37b3d0add1b
[root@docker01 ~]# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                          PORTS                       NAMES
38453ca627aa        redis                                "docker-entrypoint.s…"   6 seconds ago       Up 5 seconds                    6379/tcp                    awesome_jang

[root@docker02 ~]# docker run -d -p 8080:80 nginx
5765ec59ef5c9c843d204513cccd2f1b9c3f5ad18b4e6aa3bacf01c19b4bf949
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                                   NAMES
5765ec59ef5c   nginx     "/docker-entrypoint.…"   15 seconds ago   Up 11 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman

在这里插入图片描述

3. Docker 容器管理

3.1 创建容器常用选项

命令格式：

docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

选项	描述
-i, –interactive	交互式
-t, –tty	分配一个伪终端
-d, –detach	运行容器到后台
-e, –env	设置环境变量
-p, –publish list	发布容器端口到主机
-P, –publish-all	发布容器所有EXPOSE的端口到宿主机随机端口
–name string	指定容器名称
-h, –hostname	设置容器主机名
–ip string	指定容器IP，只能用于自定义网络
–network	连接容器到一个网络
-v, –volume list；–mount mount（新方式）	将文件系统附加到容器
–restart string	容器退出时重启策略，默认no，可选值：[always
-m，–memory	容器可以使用的最大内存量
–memory-swap	允许交换到磁盘的内存量
–memory-swappiness=<0-100>	容器使用SWAP分区交换的百分比（0-100，默认为-1）
–oom-kill-disable	禁用OOM Killer
–cpus	可以使用的CPU数量
–cpuset-cpus	限制容器使用特定的CPU核心，如(0-3, 0,1)
–cpu-shares	CPU共享（相对权重）

[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                                   NAMES
5765ec59ef5c   nginx     "/docker-entrypoint.…"   15 seconds ago   Up 11 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
[root@docker02 ~]# docker exec -it 5765ec59ef5c bash
root@5765ec59ef5c:/# 

[root@docker02 ~]# docker run -d nginx
cc83449feeeb66ce1136aeaf9d315418c524076680934eccf01f44de3386eea6
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
cc83449feeeb   nginx     "/docker-entrypoint.…"   3 seconds ago   Up 2 seconds   80/tcp    agitated_driscoll
[root@docker02 ~]# docker run -d centos
a7a7b7e02c36561fbd0068869db4ebdae6cc7388bd84b776fdc949468c480173
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND       CREATED         STATUS                    PORTS     NAMES
a7a7b7e02c36   centos    "/bin/bash"   2 seconds ago   Exited (0) 1 second ago             serene_ellis

[root@docker02 ~]# docker run -it -d nginx
ba394b242d0f24195a06772374c530748aae79987dd82268bfc620ac5b3db786
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
ba394b242d0f   nginx     "/docker-entrypoint.…"   2 seconds ago   Up 2 seconds   80/tcp    strange_moser
[root@docker02 ~]# docker run -it -d centos
26ea932594a15c843f12ad0f70f119d2e5f8cad8442dcc3b71fa0a4aa68a3888
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND       CREATED         STATUS        PORTS     NAMES
26ea932594a1   centos    "/bin/bash"   2 seconds ago   Up 1 second             interesting_jones

[root@docker02 ~]# docker top ba394b242d0f
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                3219                3198                0                   22:51               pts/0               00:00:00            nginx: master process nginx -g daemon off;
101                 3269                3219                0                   22:51               pts/0               00:00:00            nginx: worker process
101                 3270                3219                0                   22:51               pts/0               00:00:00            nginx: worker process

[root@docker02 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                                   NAMES
26ea932594a1   centos    "/bin/bash"              2 minutes ago    Up 2 minutes                                            interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   2 minutes ago    Up 2 minutes    80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   4 minutes ago    Up 4 minutes    80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   6 minutes ago    Up 6 minutes    80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   21 minutes ago   Up 21 minutes   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   47 minutes ago   Up 47 minutes   80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker top 26ea932594a1
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                3315                3295                0                   22:51               pts/0               00:00:00            /bin/bash

[root@docker02 ~]# docker run nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/11/07 14:56:07 [notice] 1#1: using the "epoll" event method
2021/11/07 14:56:07 [notice] 1#1: nginx/1.21.3
2021/11/07 14:56:07 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6) 
2021/11/07 14:56:07 [notice] 1#1: OS: Linux 3.10.0-862.el7.x86_64
2021/11/07 14:56:07 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/11/07 14:56:07 [notice] 1#1: start worker processes
2021/11/07 14:56:07 [notice] 1#1: start worker process 32
2021/11/07 14:56:07 [notice] 1#1: start worker process 33

[root@docker02 ~]# docker run -d -e env=prod -p 88:80 --name web -h web --restart=always nginx
65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628
[root@docker02 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                                   NAMES
65da0bbfccc8   nginx     "/docker-entrypoint.…"   5 seconds ago    Up 4 seconds    0.0.0.0:88->80/tcp, :::88->80/tcp       web
26ea932594a1   centos    "/bin/bash"              8 minutes ago    Up 8 minutes                                            interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   8 minutes ago    Up 8 minutes    80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   10 minutes ago   Up 10 minutes   80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   11 minutes ago   Up 11 minutes   80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   27 minutes ago   Up 27 minutes   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   53 minutes ago   Up 53 minutes   80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker exec -it web bash
root@web:/# cd /usr/share/nginx/
root@web:/usr/share/nginx# ls
html
root@web:/usr/share/nginx# cd html/
root@web:/usr/share/nginx/html# ls
50x.html  index.html
root@web:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.html
root@web:/usr/share/nginx/html# hostname
web
root@web:/usr/share/nginx/html# echo $env
prod
[root@docker02 ~]# docker inspect 65da0bbfccc8
[
    {
    
    
        "Id": "65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628",
        "Created": "2021-11-07T14:59:41.715811333Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [
            "nginx",
            "-g",
            "daemon off;"
        ],
        "State": {
    
    
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 3565,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2021-11-07T14:59:42.616017801Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02",
        "ResolvConfPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/hostname",
        "HostsPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/hosts",
        "LogPath": "/var/lib/docker/containers/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628/65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628-json.log",
        "Name": "/web",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
    
    
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
    
    
                "Type": "json-file",
                "Config": {
    
    }
            },
            "NetworkMode": "default",
            "PortBindings": {
    
    
                "80/tcp": [
                    {
    
    
                        "HostIp": "",
                        "HostPort": "88"
                    }
                ]
            },
            "RestartPolicy": {
    
    
                "Name": "always",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
    
    
            "Data": {
    
    
                "LowerDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3-init/diff:/var/lib/docker/overlay2/c60887b049d83d83780c5993d13773d6998e414722223db056a3cc9dadfa4848/diff:/var/lib/docker/overlay2/a0dbf794833f4f7d28ee89d6debf3d5e4d22dc04903ffae85eda6643383f57b4/diff:/var/lib/docker/overlay2/2d260cb5960fa673679039e382578cb852adb0e8f0930e71f817af09edf8556c/diff:/var/lib/docker/overlay2/ee2f883e3a578d3d748c63435267598bbc49a1b9e8c05a1dea8fe11cbfc3147a/diff:/var/lib/docker/overlay2/9f5fbdfd68bb7d2d3a8a0c586a097507b50ff13ca1d77e83ddcc5b63a07296ab/diff:/var/lib/docker/overlay2/b069a3c660d3ed0eedd9c35dd1af33df7ed2a769598bda8e0f4c16d6fff780a6/diff",
                "MergedDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/merged",
                "UpperDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff",
                "WorkDir": "/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
    
    
            "Hostname": "web",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
    
    
                "80/tcp": {
    
    }
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "env=prod",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "NGINX_VERSION=1.21.3",
                "NJS_VERSION=0.6.2",
                "PKG_RELEASE=1~buster"
            ],
            "Cmd": [
                "nginx",
                "-g",
                "daemon off;"
            ],
            "Image": "nginx",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/docker-entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
    
    
                "maintainer": "NGINX Docker Maintainers <[email protected]>"
            },
            "StopSignal": "SIGQUIT"
        },
        "NetworkSettings": {
    
    
            "Bridge": "",
            "SandboxID": "a83252848774f4ac53075b126e02d4bb5774b5b853dbe48867dc618cfe3ab034",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
    
    
                "80/tcp": [
                    {
    
    
                        "HostIp": "0.0.0.0",
                        "HostPort": "88"
                    },
                    {
    
    
                        "HostIp": "::",
                        "HostPort": "88"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/a83252848774",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "9fe4a7a6575684a0b6585691831b1c988764b19761538a2ffd753fbf6b14a9c3",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.8",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:08",
            "Networks": {
    
    
                "bridge": {
    
    
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "496733af375fa19fe4514181415b2af7596f2589732815af273ac8ad360a972b",
                    "EndpointID": "9fe4a7a6575684a0b6585691831b1c988764b19761538a2ffd753fbf6b14a9c3",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.8",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:08",
                    "DriverOpts": null
                }
            }
        }
    }
]
[root@docker02 ~]# ls /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff
etc  root  run  usr  var
[root@docker02 ~]# ls /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html 
/var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html
[root@docker02 ~]# cat /var/lib/docker/overlay2/c9f493de0cb58e1e7ebe731fe45c7180368558ac2d57f33a7166bc6e7d5415a3/diff/usr/share/nginx/html/index.html 
<h1>hello world</h1>

[root@docker02 ~]# docker run -m="500M" --cpus="1" -d nginx
0112aaf0cd9dd6963d7f2f08fee1085df6edf95efae6c2045adf1830f322cbb0
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   9 seconds ago   Up 7 seconds   80/tcp    unruffled_fermat

在这里插入图片描述

3.2 镜像常用管理命令

命令格式：

docker container COMMAND

选项	描述
ls	列出容器
inspect	查看一个或多个容器详细信息
exec	在运行容器中执行命令
commit	创建一个新镜像来自一个容器
cp	拷贝文件/文件夹到一个容器
logs	获取一个容器日志
port	列出或指定容器端口映射
top	显示一个容器运行的进程
stats	显示容器资源使用统计
stop/start/restart	停止/启动一个或多个容器
rm	删除一个或多个容器
prune	移除已停止的容器

[root@docker02 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS             PORTS                                   NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   5 minutes ago       Up 5 minutes       80/tcp                                  unruffled_fermat
65da0bbfccc8   nginx     "/docker-entrypoint.…"   22 minutes ago      Up 22 minutes      0.0.0.0:88->80/tcp, :::88->80/tcp       web
26ea932594a1   centos    "/bin/bash"              31 minutes ago      Up 31 minutes                                              interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   31 minutes ago      Up 31 minutes      80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   32 minutes ago      Up 32 minutes      80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   34 minutes ago      Up 34 minutes      80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   50 minutes ago      Up 50 minutes      0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker container ls
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS             PORTS                                   NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   5 minutes ago       Up 5 minutes       80/tcp                                  unruffled_fermat
65da0bbfccc8   nginx     "/docker-entrypoint.…"   23 minutes ago      Up 23 minutes      0.0.0.0:88->80/tcp, :::88->80/tcp       web
26ea932594a1   centos    "/bin/bash"              31 minutes ago      Up 31 minutes                                              interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   31 minutes ago      Up 31 minutes      80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   33 minutes ago      Up 33 minutes      80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   34 minutes ago      Up 34 minutes      80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   50 minutes ago      Up 50 minutes      0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes   80/tcp    unruffled_fermat
[root@docker02 ~]# docker exec web ls
bin
boot
dev
docker-entrypoint.d
docker-entrypoint.sh
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var 

[root@docker02 ~]# docker cp manifest.json web:/
[root@docker02 ~]# docker exec web ls /
bin
boot
dev
docker-entrypoint.d
docker-entrypoint.sh
etc
home
lib
lib64
manifest.json
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

[root@docker02 ~]# docker logs web -f
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/11/07 14:59:42 [notice] 1#1: using the "epoll" event method
2021/11/07 14:59:42 [notice] 1#1: nginx/1.21.3
2021/11/07 14:59:42 [notice] 1#1: built by gcc 8.3.0 (Debian 8.3.0-6) 
2021/11/07 14:59:42 [notice] 1#1: OS: Linux 3.10.0-862.el7.x86_64
2021/11/07 14:59:42 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2021/11/07 14:59:42 [notice] 1#1: start worker processes
2021/11/07 14:59:42 [notice] 1#1: start worker process 31
2021/11/07 14:59:42 [notice] 1#1: start worker process 32
10.0.0.1 - - [07/Nov/2021:15:02:26 +0000] "GET / HTTP/1.1" 200 21 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
2021/11/07 15:02:26 [error] 31#31: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.66:88", referrer: "http://10.0.0.66:88/"
10.0.0.1 - - [07/Nov/2021:15:02:26 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "http://10.0.0.66:88/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"







10.0.0.1 - - [07/Nov/2021:15:28:18 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.1 - - [07/Nov/2021:15:28:19 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
10.0.0.1 - - [07/Nov/2021:15:28:19 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"


[root@docker02 ~]# docker port web
80/tcp -> 0.0.0.0:88
80/tcp -> :::88

[root@docker02 ~]# docker top web
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                3565                3543                0                   22:59               ?                   00:00:00            nginx: master process nginx -g daemon off;
101                 3617                3565                0                   22:59               ?                   00:00:00            nginx: worker process
101                 3618                3565                0                   22:59               ?                   00:00:00            nginx: worker process

[root@docker02 ~]# docker stats web --no-stream
CONTAINER ID   NAME      CPU %     MEM USAGE / LIMIT     MEM %     NET I/O           BLOCK I/O     PIDS
65da0bbfccc8   web       0.00%     2.008MiB / 1.779GiB   0.11%     4.77kB / 2.93kB   0B / 13.3kB   3
[root@docker02 ~]# docker stats web --no-stream|awk '{print $2}'
ID
web
[root@docker02 ~]# docker stats web --no-stream|awk '{print $3}'
NAME
0.00%
[root@docker02 ~]# docker stats web --no-stream|awk 'NR==2{print $3}'
0.00%

[root@docker02 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS             PORTS                                   NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   16 minutes ago      Up 16 minutes      80/tcp                                  unruffled_fermat
65da0bbfccc8   nginx     "/docker-entrypoint.…"   33 minutes ago      Up 33 minutes      0.0.0.0:88->80/tcp, :::88->80/tcp       web
26ea932594a1   centos    "/bin/bash"              41 minutes ago      Up 41 minutes                                              interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   42 minutes ago      Up 41 minutes      80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   43 minutes ago      Up 43 minutes      80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   45 minutes ago      Up 45 minutes      80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS                      PORTS                                   NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   16 minutes ago      Up 16 minutes               80/tcp                                  unruffled_fermat
65da0bbfccc8   nginx     "/docker-entrypoint.…"   33 minutes ago      Up 33 minutes               0.0.0.0:88->80/tcp, :::88->80/tcp       web
d14032f400f2   nginx     "/docker-entrypoint.…"   36 minutes ago      Exited (0) 36 minutes ago                                           laughing_jennings
26ea932594a1   centos    "/bin/bash"              41 minutes ago      Up 41 minutes                                                       interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   42 minutes ago      Up 42 minutes               80/tcp                                  strange_moser
a7a7b7e02c36   centos    "/bin/bash"              43 minutes ago      Exited (0) 43 minutes ago                                           serene_ellis
cc83449feeeb   nginx     "/docker-entrypoint.…"   43 minutes ago      Up 43 minutes               80/tcp                                  agitated_driscoll
f7cf5a392650   centos    "/bin/bash"              45 minutes ago      Exited (0) 45 minutes ago                                           angry_swartz
7a613f1de6e7   nginx     "/docker-entrypoint.…"   45 minutes ago      Up 45 minutes               80/tcp                                  elegant_lamport
494b3e57bc76   centos    "/bin/bash"              45 minutes ago      Exited (0) 45 minutes ago                                           tender_jemison
5765ec59ef5c   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour            0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour            80/tcp                                  zealous_sutherland
[root@docker02 ~]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
Deleted Containers:
d14032f400f2570ac8279a377b4bc11726acc3f46cbc9da02dde0f4741e51428
a7a7b7e02c36561fbd0068869db4ebdae6cc7388bd84b776fdc949468c480173
f7cf5a39265052be9a8518886d51fa4571a25598273a0c7f2f08487a89023f63
494b3e57bc765a19fd532798fee9813c53930fad3947b45d1497d2f4ca18b181

Total reclaimed space: 1.093kB
# 查看所有的容器，包含退出
[root@docker02 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND                  CREATED             STATUS             PORTS                                   NAMES
0112aaf0cd9d   nginx     "/docker-entrypoint.…"   17 minutes ago      Up 17 minutes      80/tcp                                  unruffled_fermat
65da0bbfccc8   nginx     "/docker-entrypoint.…"   34 minutes ago      Up 34 minutes      0.0.0.0:88->80/tcp, :::88->80/tcp       web
26ea932594a1   centos    "/bin/bash"              42 minutes ago      Up 42 minutes                                              interesting_jones
ba394b242d0f   nginx     "/docker-entrypoint.…"   42 minutes ago      Up 42 minutes      80/tcp                                  strange_moser
cc83449feeeb   nginx     "/docker-entrypoint.…"   44 minutes ago      Up 44 minutes      80/tcp                                  agitated_driscoll
7a613f1de6e7   nginx     "/docker-entrypoint.…"   46 minutes ago      Up 46 minutes      80/tcp                                  elegant_lamport
5765ec59ef5c   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   0.0.0.0:8080->80/tcp, :::8080->80/tcp   epic_bouman
443bad4b2b06   nginx     "/docker-entrypoint.…"   About an hour ago   Up About an hour   80/tcp                                  zealous_sutherland

# 列出所有的容器ID
[root@docker02 ~]# docker ps -q
0112aaf0cd9d
65da0bbfccc8
26ea932594a1
ba394b242d0f
cc83449feeeb
7a613f1de6e7
5765ec59ef5c
443bad4b2b06

[root@docker02 ~]# docker rm $(docker ps -q)
Error response from daemon: You cannot remove a running container 0112aaf0cd9dd6963d7f2f08fee1085df6edf95efae6c2045adf1830f322cbb0. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 65da0bbfccc8b8b76bf95d17ef5f9860746457c25bb3aa0a016ae66c1ddcc628. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 26ea932594a15c843f12ad0f70f119d2e5f8cad8442dcc3b71fa0a4aa68a3888. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container ba394b242d0f24195a06772374c530748aae79987dd82268bfc620ac5b3db786. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container cc83449feeeb66ce1136aeaf9d315418c524076680934eccf01f44de3386eea6. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 7a613f1de6e77d314fdf1f2cee4e603e9c126edfaa4c2c99cb73385559f49ec5. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 5765ec59ef5c9c843d204513cccd2f1b9c3f5ad18b4e6aa3bacf01c19b4bf949. Stop the container before attempting removal or force remove
Error response from daemon: You cannot remove a running container 443bad4b2b0672e1579c97a6f8608e9a7789841c4c5483d8efd973775ac14aa5. Stop the container before attempting removal or force remove

# 删除所有容器
[root@docker02 ~]# docker rm -f $(docker ps -qa)
0112aaf0cd9d
65da0bbfccc8
26ea932594a1
ba394b242d0f
cc83449feeeb
7a613f1de6e7
5765ec59ef5c
443bad4b2b06
[root@docker02 ~]# docker ps 
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

3.3 容器数据持久化

Docker提供三种方式将数据从宿主机挂载到容器中：

volumes：Docker管理宿主机文件系统的一部分（/var/lib/docker/volumes）。保存数据的最佳方式。
bind mounts：将宿主机上的任意位置的文件或者目录挂载到容器中。

volumes示例：
1、创建数据卷

# docker volume create nginx-vol
# docker volume ls
# docker volume inspect nginx-vol

2、使用数据卷

# docker run -d --name=nginx-test --mount src=nginx-vol,dst=/usr/share/nginx/html nginx
# docker run -d --name=nginx-test -v nginx-vol:/usr/share/nginx/html nginx

bind mounts示例：
1、挂载宿主机目录到容器

# docker run -d --name=nginx-test --mount type=bind,src=/app/wwwroot,dst=/usr/share/nginx/html nginx
# docker run -d --name=nginx-test -v /app/wwwroot:/usr/share/nginx/html nginx

[root@docker02 ~]# docker run -d --name web -p 88:80 nginx
9fbcf88c1698577a72e7655a2d2b7486d49140229fb6e9f0f7acb0753c171a7e
[root@docker02 ~]# docker exec -it web bash
root@9fbcf88c1698:/# cd /usr/share/nginx/html/
root@9fbcf88c1698:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.htm
root@9fbcf88c1698:/usr/share/nginx/html# exit
exit

在这里插入图片描述

[root@docker02 ~]# docker rm -f web
web

在这里插入图片描述

[root@docker02 ~]# docker run -d --name web -p 88:80 nginx
26bc8776c3b8caa0ef8e5e5989f1a82f560da4127c4067778a13d2e475a2952d

在这里插入图片描述

[root@docker02 ~]# docker rm -f web
web
[root@docker02 ~]# mkdir /opt/wwwroot
[root@docker02 ~]# docker run -d --name web -p 88:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx
4d34c32b0eda8805110cfc7a70af5d487aa70ddb526e17dea852f1eff15589bb

在这里插入图片描述

[root@docker02 ~]# docker exec -it web bash
root@4d34c32b0eda:/# cd /usr/share/nginx/html/
root@4d34c32b0eda:/usr/share/nginx/html# ls
root@4d34c32b0eda:/usr/share/nginx/html# echo "<h1>hello world</h1>" > index.html
root@4d34c32b0eda:/usr/share/nginx/html# ls
index.html
root@4d34c32b0eda:/usr/share/nginx/html# exit
exit

在这里插入图片描述

[root@docker02 ~]# ls /opt/wwwroot/
index.html
[root@docker02 ~]# vi /opt/wwwroot/index.html 
[root@docker02 ~]# cat /opt/wwwroot/index.html 
<h1>hello world 666</h1>
[root@docker02 ~]# docker rm -f web
web
[root@docker02 ~]# docker run -d --name web -p 88:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx
9b9ce816851a2100fd0b77346f1de7b442011386f3996080e8d50ccc850e35fe
[root@docker02 ~]# cat /opt/wwwroot/index.html 
<h1>hello world 666</h1>

在这里插入图片描述
制作镜像：

启动容器之后的应用程序服务产生的数据尽量放到一个目录 /data
构建不是将已经生成的应用程序数据打包进去的

例如：jenkins、gitlab使用docker都是采用-v将他们自身产生的数据持久化宿主机。

3.4 容器网络

在这里插入图片描述

veth pair：成对出现的一种虚拟网络设备，数据从一端进,从另一端出。用于解决网络命名空间之间隔离。
docker0：网桥是一个二层网络设备，通过网桥可以将Linux支持的不同的端口连接起来，并实现类似交换机那样的多对多的通信。

[root@docker02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:71:b7:92 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.66/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::9186:9ae5:e200:c1d6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:71:b7:9c brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.66/24 brd 172.16.1.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::b68c:781f:5d63:b897/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::2635:4769:2ff1:a02e/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:af:90:da:08 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:afff:fe90:da08/64 scope link 
       valid_lft forever preferred_lft forever
12: veth6eae606@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 7a:b5:4f:ad:77:87 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::78b5:4fff:fead:7787/64 scope link 
       valid_lft forever preferred_lft forever

Docker使用iptables实现网络通信

外部访问容器：

# iptables -t nat -vnL DOCKER

在这里插入图片描述

DNAT 目标网络地址转换

[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
9b9ce816851a   nginx     "/docker-entrypoint.…"   16 minutes ago   Up 16 minutes   0.0.0.0:88->80/tcp, :::88->80/tcp   web
[root@docker02 ~]# docker run -itd busybox
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
01c2cdc13739: Pull complete 
Digest: sha256:15e927f78df2cc772b70713543d6b651e3cd8370abf86b2ea4644a9fba21107f
Status: Downloaded newer image for busybox:latest
002b9b970701f31c66e177acc2bf14429ef537d79b3e683f8c6b891edcb733f5
[root@docker02 ~]# ss -antp|grep 88
LISTEN     0      128          *:88                       *:*                   users:(("docker-proxy",pid=2509,fd=4))
LISTEN     0      128         :::88                      :::*                   users:(("docker-proxy",pid=2514,fd=4))
[root@docker02 ~]# iptables -t nat -vnL DOCKER
Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    1    52 DNAT       tcp  --  !docker0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:88 to:172.17.0.2:80
[root@docker02 ~]# ip route
default via 10.0.0.254 dev eth0 proto static metric 100 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.66 metric 100 
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.66 metric 101 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

容器访问外部：

# iptables -t nat -vnL POSTROUTIN

在这里插入图片描述

SNAT 源地址转换

[root@docker02 ~]# docker ps -l
CONTAINER ID   IMAGE     COMMAND   CREATED         STATUS         PORTS     NAMES
002b9b970701   busybox   "sh"      6 minutes ago   Up 6 minutes             intelligent_hoover
[root@docker02 ~]# docker exec -it 002b9b970701 sh
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03  
          inet addr:172.17.0.3  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # ping baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=127 time=14.265 ms
...
^C
--- baidu.com ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 10.652/17.532/23.245 ms
/ # ip route
default via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 scope link  src 172.17.0.3 
/ # exit
[root@docker02 ~]# ip route
default via 10.0.0.254 dev eth0 proto static metric 100 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.66 metric 100 
172.16.1.0/24 dev eth1 proto kernel scope link src 172.16.1.66 metric 101 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
[root@docker02 ~]# iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 46 packets, 3400 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   194 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:80

4. Dockerfile 构建镜像

4.1 Dockerfile概述

Docker通过Dockerfile自动构建镜像，Dockerfile是一个包含用于组建镜像的文本文件，由一条一条的指令组成。
在这里插入图片描述

4.2 Dockerfile常用指令

指令	描述
FROM	构建新镜像是基于哪个镜像
LABEL	标签
RUN	构建镜像时运行的Shell命令
COPY	拷贝文件或目录到镜像中
ADD	解压压缩包并拷贝
ENV	设置环境变量
USER	为RUN、CMD和ENTRYPOINT执行命令指定运行用户
EXPOSE	声明容器运行的服务端口
WORKDIR	为RUN、CMD、ENTRYPOINT、COPY和ADD设置工作目录
CMD	运行容器时默认执行，如果有多个CMD指令，最后一个生效

[root@docker02 ~]# mkdir dockerfile
[root@docker02 ~]# cd dockerfile/
[root@docker02 dockerfile]# vi Dockerfile
[root@docker02 dockerfile]# vi Dockerfile
[root@docker02 dockerfile]# cat Dockerfile 
FROM centos:7
RUN yum install epel-release -y && \
    yum install nginx -y
CMD ["nginx", "-g", "daemon off;"]
[root@docker02 dockerfile]# docker build -t nginx:v1 .
Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM centos:7
7: Pulling from library/centos
...
Step 3/3 : CMD ["nginx", "-g", "daemon off;"]
 ---> Running in c74e0549624e
Removing intermediate container c74e0549624e
 ---> a9f35ab28121
Successfully built a9f35ab28121
Successfully tagged nginx:v1
[root@docker02 dockerfile]# docker image ls
REPOSITORY   TAG       IMAGE ID       CREATED              SIZE
nginx        v1        a9f35ab28121   About a minute ago   420MB
busybox      latest    cabb9f684f8b   11 days ago          1.24MB
redis        latest    7faaec683238   3 weeks ago          113MB
nginx        latest    87a94228f133   3 weeks ago          133MB
centos       7         eeb6ee3f44bd   7 weeks ago          204MB
centos       latest    5d0da3dc9764   7 weeks ago          231MB
[root@docker02 dockerfile]# docker run -d --name web2 -p 89:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx:v1 
7135ecb5967f56197f8e24a09e6085850ec1e9e578112d6e8a760118a74e77b1
[root@docker02 dockerfile]# vi /opt/wwwroot/index.html 
[root@docker02 dockerfile]# cat /opt/wwwroot/index.html 
<h1>hello world 666789</h1>

在这里插入图片描述

4.3 构建镜像命令

Usage: docker build [OPTIONS] PATH | URL | -[flags]Options:
-t, --tag list # 镜像名称
-f, --file string # 指定Dockerfile文件位置
# docker build -t shykes/myapp .
# docker build -t shykes/myapp -f /path/Dockerfile /path
# docker build -t shykes/myapp http://www.example.com/Dockerfile

4.4 构建Nginx镜像

编译安装一个软件：

安装依赖包
./configure 检查环境依赖
make 编译
make install 安装

[root@docker02 dockerfile]# ls
java  nginx  php  tomcat
[root@docker02 dockerfile]# cd nginx/
[root@docker02 nginx]# cat Dockerfile 
FROM centos:7
LABEL maintainer www.ctnrs.com
RUN yum install -y gcc gcc-c++ make \
    openssl-devel pcre-devel gd-devel \
    iproute net-tools telnet wget curl && \
    yum clean all && \
    rm -rf /var/cache/yum/*

ADD nginx-1.15.5.tar.gz /
RUN cd nginx-1.15.5 && \
    ./configure --prefix=/usr/local/nginx \
    --with-http_ssl_module \
    --with-http_stub_status_module && \
    make -j 4 && make install && \
    mkdir /usr/local/nginx/conf/vhost && \
    cd / && rm -rf nginx* && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ENV PATH $PATH:/usr/local/nginx/sbin
COPY nginx.conf /usr/local/nginx/conf/nginx.conf
WORKDIR /usr/local/nginx
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

[root@docker02 nginx]# docker build -t nginx:v2 .
...
Step 10/10 : CMD ["nginx", "-g", "daemon off;"]
 ---> Running in 0b885420f346
Removing intermediate container 0b885420f346
 ---> 39a58753df37
Successfully built 39a58753df37
Successfully tagged nginx:v2

映射路径不同

[root@docker02 nginx]# docker run -d --name web3 -p 90:80 -v /opt/wwwroot/:/usr/share/nginx/html nginx:v2
a75c1ca10771f4712a12cf104fc8dcfd26850ab706c7c0f4e4019f7bf8765e7f

在这里插入图片描述

[root@docker02 nginx]# docker run -d --name web4 -p 91:80 -v /opt/wwwroot/:/usr/local/nginx/html nginx:v2
cfab3c72c75d0e41c3668f4ffbe0f3ff495bf853d00f124bd9a27c9b30795b4b

在这里插入图片描述

4.5 构建Tomcat镜像

[root@docker02 nginx]# cd ..
[root@docker02 dockerfile]# ls
java  nginx  php  tomcat
[root@docker02 dockerfile]# cd tomcat/
[root@docker02 tomcat]# ls
apache-tomcat-8.5.43.tar.gz  Dockerfile  ROOT.war
[root@docker02 tomcat]# cat Dockerfile 
FROM centos:7
MAINTAINER www.ctnrs.com

ENV VERSION=8.5.43

RUN yum install java-1.8.0-openjdk wget curl unzip iproute net-tools -y && \
    yum clean all && \
    rm -rf /var/cache/yum/*

ADD apache-tomcat-${VERSION}.tar.gz /usr/local/
RUN mv /usr/local/apache-tomcat-${VERSION} /usr/local/tomcat && \
    sed -i '1a JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"' /usr/local/tomcat/bin/catalina.sh && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

ENV PATH $PATH:/usr/local/tomcat/bin

WORKDIR /usr/local/tomcat

EXPOSE 8080
CMD ["catalina.sh", "run"]

[root@docker02 tomcat]# docker build -t tomcat:v1 .
...
 ---> d6d915621b3e
Step 10/10 : CMD ["catalina.sh", "run"]
 ---> Running in 926cc405c91f
Removing intermediate container 926cc405c91f
 ---> 6fc8fb7f87a1
Successfully built 6fc8fb7f87a1
Successfully tagged tomcat:v1
[root@docker02 tomcat]# docker run -d -p 8081:8080 tomcat:v1 
d7d711b2929429492ee21e07c01ea94bb1f7b4c5b87d2aa4f56c95bc07e49b24

在这里插入图片描述

[root@docker02 tomcat]# docker exec -it d7d711b2929429492ee21e07c01ea94bb1f7b4c5b87d2aa4f56c95bc07e49b24 bash
[root@d7d711b29294 tomcat]# cd webapps/
[root@d7d711b29294 webapps]# ls
ROOT  docs  examples  host-manager  manager
[root@d7d711b29294 webapps]# cd ROOT/
[root@d7d711b29294 ROOT]# ls
RELEASE-NOTES.txt  asf-logo-wide.svg  bg-middle.png  bg-upper.png  index.jsp         tomcat.css  tomcat.png
WEB-INF            bg-button.png      bg-nav.png     favicon.ico   tomcat-power.gif  tomcat.gif  tomcat.svg
[root@d7d711b29294 ROOT]# vi index.jsp 
[root@d7d711b29294 ROOT]# cat index.jsp 
<h1>hello tomcat</h1>

在这里插入图片描述

[root@d7d711b29294 ROOT]# pwd
/usr/local/tomcat/webapps/ROOT
[root@d7d711b29294 ROOT]# exit
exit
[root@docker02 tomcat]# docker run -d -p 8082:8080 -v /opt/wwwroot/:/usr/local/tomcat/webapps/ROOT tomcat:v1 
0afd387c167117ec3829292420a8d2cec738637eae5b84276581faafd34381a1

在这里插入图片描述

5. Harbor 镜像仓库搭建与使用

5.1 Harbor概述

Harbor是由VMWare公司开源的容器镜像仓库。事实上，Harbor是在Docker Registry上进行了相应的企业级扩展，从而获得了更加广泛的应用，这些新的企业级特性包括：管理用户界面，基于角色的访问控制，AD/LDAP集成以及审计日志等，足以满足基本企业需求。

官方：https://goharbor.io/
Github：https://github.com/goharbor/harbor

5.2 Harbor 部署先决条件与部署

5.2.1 Harbor部署：先决条件

服务器硬件配置：

最低要求：CPU2核/内存4G/硬盘40GB
推荐：CPU4核/内存8G/硬盘160GB

软件：

Docker CE 17.06版本+
Docker Compose1.18版本+

Harbor安装有2种方式：

在线安装：从Docker Hub下载Harbor相关镜像，因此安装软件包非常小
离线安装：安装包包含部署的相关镜像，因此安装包比较大

5.2.2 Harbor部署

1、先安装Docker和Docker Compose
https://github.com/docker/compose/releases

上传Harbor和docker-compose安装包

[root@docker02 ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@docker02 ~]# chmod +x /usr/bin/docker-compose 
[root@docker02 ~]# docker-compose 
Define and run multi-container applications with Docker.

Usage:
  docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
  docker-compose -h|--help

Options:
  -f, --file FILE             Specify an alternate compose file
                              (default: docker-compose.yml)
  -p, --project-name NAME     Specify an alternate project name
                              (default: directory name)
  -c, --context NAME          Specify a context name
  --verbose                   Show more output
  --log-level LEVEL           Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
  --no-ansi                   Do not print ANSI control characters
  -v, --version               Print version and exit
  -H, --host HOST             Daemon socket to connect to

  --tls                       Use TLS; implied by --tlsverify
  --tlscacert CA_PATH         Trust certs signed only by this CA
  --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
  --tlskey TLS_KEY_PATH       Path to TLS key file
  --tlsverify                 Use TLS and verify the remote
  --skip-hostname-check       Don't check the daemon's hostname against the
                              name specified in the client certificate
  --project-directory PATH    Specify an alternate working directory
                              (default: the path of the Compose file)
  --compatibility             If set, Compose will attempt to convert keys
                              in v3 files to their non-Swarm equivalent
  --env-file PATH             Specify an alternate environment file

Commands:
  build              Build or rebuild services
  config             Validate and view the Compose file
  create             Create services
  down               Stop and remove containers, networks, images, and volumes
  events             Receive real time events from containers
  exec               Execute a command in a running container
  help               Get help on a command
  images             List images
  kill               Kill containers
  logs               View output from containers
  pause              Pause services
  port               Print the public port for a port binding
  ps                 List containers
  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
  top                Display the running processes
  unpause            Unpause services
  up                 Create and start containers
  version            Show the Docker-Compose version information

2、部署Harbor HTTP

# tar zxvf harbor-offline-installer-v2.0.0.tgz
# cd harbor
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
hostname: reg.ctnrs.com
https: # 先注释https相关配置
harbor_admin_password: Harbor12345
# ./prepare
# ./install.sh

[root@docker02 ~]# tar zvxf harbor-offline-installer-v2.0.0.tgz 
harbor/harbor.v2.0.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@docker02 ~]# cd harbor/
[root@docker02 harbor]# ls
common.sh  harbor.v2.0.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@docker02 harbor]# cp harbor.yml.tmpl harbor.yml
[root@docker02 harbor]# ls
common.sh  harbor.v2.0.0.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@docker02 harbor]# vi harbor.yml
[root@docker02 harbor]# cat harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 10.0.0.66

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path

[root@docker02 harbor]# ./prepare 
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.0.0' locally
v2.0.0: Pulling from goharbor/prepare
836b6c765c93: Pull complete 
7d2118468cd6: Pull complete 
ec361edd3da3: Pull complete 
96018abb76c1: Pull complete 
93a6102d0a5d: Pull complete 
5ee1acfc0e3d: Pull complete 
2b88cfa69516: Pull complete 
5081e058f91e: Pull complete 
Digest: sha256:529596e839c481354f9652b3f598b0aa634c57015840d047295dc65a27ffd880
Status: Downloaded newer image for goharbor/prepare:v2.0.0
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@docker02 harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.10

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.26.0

[Step 2]: loading Harbor images ...
1f3458bb7308: Loading layer [==================================================>]  8.435MB/8.435MB
74e91bd5ca15: Loading layer [==================================================>]  6.317MB/6.317MB
...
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl   ... done
Creating redis         ... done
Creating registry      ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----
[root@docker02 harbor]# docker-compose ps
      Name                     Command                  State                      Ports                
--------------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Up (healthy)                                       
harbor-db           /docker-entrypoint.sh            Up (healthy)   5432/tcp                            
harbor-jobservice   /harbor/entrypoint.sh            Up (healthy)                                       
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp           
harbor-portal       nginx -g daemon off;             Up (healthy)   8080/tcp                            
nginx               nginx -g daemon off;             Up (healthy)   0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis               redis-server /etc/redis.conf     Up (healthy)   6379/tcp                            
registry            /home/harbor/entrypoint.sh       Up (healthy)   5000/tcp                            
registryctl         /home/harbor/start.sh            Up (healthy)

在这里插入图片描述
账号：admin
密码：Harbor12345

5.3 基本使用

1、配置http镜像仓库可信任

# vi /etc/docker/daemon.json
{"insecure-registries":["reg.ctnrs.com"]}
# systemctl restart docker

2、打标签

# docker tag centos:7 reg.ctnrs.com/library/centos:7

3、上传

# docker push reg.ctnrs.com/library/centos:7

4、下载

# docker pull reg.ctnrs.com/library/centos:7

[root@docker02 harbor]# docker tag tomcat:v1 10.0.0.66/library/tomcat:v1
[root@docker02 harbor]# docker image ls
REPOSITORY                      TAG       IMAGE ID       CREATED             SIZE
10.0.0.66/library/tomcat        v1        6fc8fb7f87a1   34 minutes ago      459MB
tomcat                          v1        6fc8fb7f87a1   34 minutes ago      459MB
nginx                           v2        39a58753df37   46 minutes ago      377MB
nginx                           v1        a9f35ab28121   About an hour ago   420MB
busybox                         latest    cabb9f684f8b   11 days ago         1.24MB
redis                           latest    7faaec683238   3 weeks ago         113MB
nginx                           latest    87a94228f133   3 weeks ago         133MB
centos                          7         eeb6ee3f44bd   7 weeks ago         204MB
centos                          latest    5d0da3dc9764   7 weeks ago         231MB
goharbor/chartmuseum-photon     v2.0.0    4db8d6aa63e9   18 months ago       127MB
goharbor/redis-photon           v2.0.0    c89ea2e53cc0   18 months ago       72.2MB
goharbor/trivy-adapter-photon   v2.0.0    6122c52b7e48   18 months ago       103MB
goharbor/clair-adapter-photon   v2.0.0    dd2210cb7f53   18 months ago       62MB
goharbor/clair-photon           v2.0.0    f7c7fcc52278   18 months ago       171MB
goharbor/notary-server-photon   v2.0.0    983ac10ed8be   18 months ago       143MB
goharbor/notary-signer-photon   v2.0.0    bee1b6d75e0d   18 months ago       140MB
goharbor/harbor-registryctl     v2.0.0    c53c32d58d04   18 months ago       102MB
goharbor/registry-photon        v2.0.0    afdc1b7ada36   18 months ago       84.5MB
goharbor/nginx-photon           v2.0.0    17892f03e56c   18 months ago       43.6MB
goharbor/harbor-log             v2.0.0    5f8ff08e795c   18 months ago       82MB
goharbor/harbor-jobservice      v2.0.0    c68a2495bf55   18 months ago       116MB
goharbor/harbor-core            v2.0.0    3aa3af64baf8   18 months ago       138MB
goharbor/harbor-portal          v2.0.0    e0b1d3c894c4   18 months ago       52.4MB
goharbor/harbor-db              v2.0.0    5c76f0296cec   18 months ago       154MB
goharbor/prepare                v2.0.0    7266d49995ed   18 months ago       158MB
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
Get "https://10.0.0.66/v2/": dial tcp 10.0.0.66:443: connect: connection refused
[root@docker02 harbor]# ss -antp|grep 443
[root@docker02 harbor]# vi /etc/docker/daemon.json
[root@docker02 harbor]# cat /etc/docker/daemon.json
{
    
    
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries": ["10.0.0.66"]
}
[root@docker02 harbor]# systemctl restart docker
[root@docker02 harbor]# docker info
Client:
 Context:    default
...
 Insecure Registries:
  10.0.0.66
  127.0.0.0/8
 Registry Mirrors:
  https://b9pmyelo.mirror.aliyuncs.com/
 Live Restore Enabled: false

[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
Get "http://10.0.0.66/v2/": dial tcp 10.0.0.66:80: connect: connection refused
[root@docker02 harbor]# docker-compose up -d
harbor-log is up-to-date
registry is up-to-date
registryctl is up-to-date
Starting harbor-db ... 
Starting harbor-db ... done
Starting redis     ... done
Starting harbor-core ... done
harbor-jobservice is up-to-date
Starting nginx       ... done
[root@docker02 harbor]# docker-compose ps
      Name                     Command                       State                          Ports                
-----------------------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Up (health: starting)                                       
harbor-db           /docker-entrypoint.sh            Up (health: starting)   5432/tcp                            
harbor-jobservice   /harbor/entrypoint.sh            Up (health: starting)                                       
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)            127.0.0.1:1514->10514/tcp           
harbor-portal       nginx -g daemon off;             Up (healthy)            8080/tcp                            
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis               redis-server /etc/redis.conf     Up (health: starting)   6379/tcp                            
registry            /home/harbor/entrypoint.sh       Up (healthy)            5000/tcp                            
registryctl         /home/harbor/start.sh            Up (healthy) 
 
[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
98c4b29cf343: Preparing 
9336ee301b63: Preparing 
ce0d7b0e81fd: Preparing 
174f56854903: Preparing 
unauthorized: unauthorized to access repository: library/tomcat, action: push: unauthorized to access repository: library/tomcat, action: push

[root@docker02 harbor]# docker login 10.0.0.66
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@docker02 harbor]# docker push 10.0.0.66/library/tomcat:v1
The push refers to repository [10.0.0.66/library/tomcat]
98c4b29cf343: Pushed 
9336ee301b63: Pushed 
ce0d7b0e81fd: Pushed 
174f56854903: Pushed 
v1: digest: sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b size: 1163

[root@docker02 harbor]# docker tag nginx:v1 10.0.0.66/library/nginx:v1
[root@docker02 harbor]# docker push 10.0.0.66/library/nginx:v1 
The push refers to repository [10.0.0.66/library/nginx]
6ae04f43e068: Pushed 
174f56854903: Mounted from library/tomcat 
v1: digest: sha256:d6807cc4a6d11ac0b362cda23fb1a6684632f5c094e8e83e4e9030a4eabaa42e size: 741

在这里插入图片描述

[root@docker01 ~]# docker pull 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
Error response from daemon: Get https://10.0.0.66/v2/: dial tcp 10.0.0.66:443: connect: connection refused
[root@docker01 ~]# vi /etc/docker/daemon.json 
[root@docker01 ~]# cat /etc/docker/daemon.json 
{
    
    
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["10.0.0.66"]
}
[root@docker01 ~]# systemctl restart docker
[root@docker01 ~]# docker pull 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b: Pulling from library/tomcat
2d473b07cdd5: Already exists 
b0b6304a25f3: Pull complete 
0e352b2a6d9f: Pull complete 
23b3f48b27f0: Pull complete 
Digest: sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
Status: Downloaded newer image for 10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b
10.0.0.66/library/tomcat@sha256:e221b3ac1bd963fb0ec54aceafa4067142dcf5c7ab3a5d1fc4d3f5e872833a7b

在这里插入图片描述


[root@docker01 ~]# docker run -d -p 100:80 10.0.0.66/library/nginx:v1
f072c8139c48ee3397a0419109f5dd9e4976e5b89247bc00c2388b33c5cceefc

在这里插入图片描述

[root@docker01 ~]# docker ps -l
CONTAINER ID        IMAGE                        COMMAND                  CREATED              STATUS              PORTS                 NAMES
f072c8139c48        10.0.0.66/library/nginx:v1   "nginx -g 'daemon of…"   About a minute ago   Up About a minute   0.0.0.0:100->80/tcp   zealous_cohen
[root@docker01 ~]# docker exec -it f072c8139c48 bash
[root@f072c8139c48 /]# cd /usr/share/nginx/html/
[root@f072c8139c48 html]# ls
404.html  50x.html  en-US  icons  img  index.html  nginx-logo.png  poweredby.png
[root@f072c8139c48 html]# ll
total 12
-rw-r--r-- 1 root root 3650 Oct 18 23:55 404.html
-rw-r--r-- 1 root root 3693 Oct 18 23:55 50x.html
lrwxrwxrwx 1 root root   20 Nov  8 14:40 en-US -> ../../doc/HTML/en-US
drwxr-xr-x 2 root root   27 Nov  8 14:40 icons
lrwxrwxrwx 1 root root   18 Nov  8 14:40 img -> ../../doc/HTML/img
lrwxrwxrwx 1 root root   25 Nov  8 14:40 index.html -> ../../doc/HTML/index.html
-rw-r--r-- 1 root root  368 Oct 18 23:55 nginx-logo.png
lrwxrwxrwx 1 root root   14 Nov  8 14:40 poweredby.png -> nginx-logo.png
[root@f072c8139c48 html]# rm -rf *
[root@f072c8139c48 html]# ll
total 0
[root@f072c8139c48 html]# echo 123 > index.html

在这里插入图片描述

Kubernetes CKA认证运维工程师笔记-Docker快速入门

Kubernetes CKA认证运维工程师笔记-Docker快速入门

1. Docker 概念与安装

1.1 Docker 是什么

1.2 Docker 基本组成

1.3 版本与支持平台

1.4 Docker 安装

2. Docker 镜像管理

2.1 镜像是什么

2.2 配置加速器

2.3 镜像常用管理命令

3. Docker 容器管理

3.1 创建容器常用选项

3.2 镜像常用管理命令

3.3 容器数据持久化

3.4 容器网络

4. Dockerfile 构建镜像

4.1 Dockerfile概述

4.2 Dockerfile常用指令

4.3 构建镜像命令

4.4 构建Nginx镜像

4.5 构建Tomcat镜像

5. Harbor 镜像仓库搭建与使用

5.1 Harbor概述

5.2 Harbor 部署先决条件与部署

5.2.1 Harbor部署：先决条件

5.2.2 Harbor部署

5.3 基本使用

猜你喜欢