Docker container basic image download speeds up basic operations

Docker overview

Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container, and then publish to any popular Linux machine or Windows machine, it can also be virtualized, the container is completely Using the sandbox mechanism, there will be no interfaces between each other.
A complete Docker consists of the following parts:
DockerClient client
Docker Daemon daemon
Docker Image mirror
DockerContainer container

1. Docker is an open platform for developing, delivering and running applications. Docker enables you to separate your application from the infrastructure so you can deliver software quickly.
2. It is an open source application container engine that allows developers to package the gated application and dependent packages into a portable image, and then publish it to any popular Linux or Windows machine, which can also be virtualized. Containers use the sandbox mechanism completely, and there will be no interfaces between them
3. Sandbox: In the field of computer security, sandbox is an isolated operating mechanism for programs
4. Docker became a hit in 2013, and until now, it has become synonymous with container technology.
5. Docker has been aiming to provide a standardized runtime environment from the very beginning, truly "build once, run anywhere". The same build version can be used in any environment such as development, testing, pre-release, production, etc. Decoupling of the underlying operating system. On this basis, CaaS (Container as a Service) technology has been further developed

Common usage scenarios of Docker

Simple deployment of packaged applications
can be freely migrated away from the underlying hardware (application isolation is achieved, applications are split and decoupled), for example: server migration from Tencent Cloud to Alibaba Cloud
Continuous Integration and Continuous Delivery (CI/CD): Development To test release,
deploy
microservices, provide PAAS products (Platform as a Service) OpenStack cloud host is similar to Alibaba Cloud ECS, belongs to IAAS, Docker (K8S) belongs to PAAS

Docker engine

Docker Engine
Docker Engine is a client-server application with the following main components: The
server is a long-running program called a daemon process (dockerd command).
REST API, which specifies the interface that programs can use to communicate with the daemon and instruct its operations.
Command line interface (CLI) client (docker command).
Docker architecture (Docker architecture)
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which completes the heavy work of building, running, and distributing Docker containers.

Docker is different from traditional virtualization. It does not require virtual hardware resources and directly uses the container engine, so it is fast

Docker Client: The client
Docker client (docker) is the main way many Docker users interact with Docker. When you use commands such as docker run, the client will send these commands to dockerd to execute these commands. The docker command uses the Docker API. The Docker client can communicate with multiple daemons.

Docker daemon: The daemon
Docker daemon (dockerd) listens to Docker API requests and manages Docker objects such as images, containers, networks, and volumes. The daemon can also communicate with other daemons to manage Docker services.

Docker images: image
container can be packaged into image

Docker container: container
Docker registry: mirror repository
The place to store the mirror image, by default it will be searched on the public Docker Hub, and you can create a personal repository

The difference between containers and virtual machines

Namespaces

Docker uses a technology called namespaces to provide isolated workspaces for containers. When running a container, Docker creates a set of namespaces for the container.
These namespaces provide a layer of isolation. Every aspect of the container runs in a separate namespace, and its access is limited to that namespace.
Docker Engine uses the following namespaces on Linux:
the pid namespace: process isolation (PID: process ID).
The net namespace: management network interface (NET: network).
The ipc namespace: manages access to IPC resources (IPC: inter-process communication).
The mnt namespace: management file system mount point (MNT: mount).
The uts namespace: isolate the kernel and version identifiers. (UTS: Unix Time Sharing System).

Control groups

The Docker engine on Linux also relies on another technology called cgroups. Cgroup restricts applications to a specific set of resources. The control group allows Docker Engine to share available hardware resources to the container and selectively enforce restrictions and constraints. For example, you can limit the memory available to specific containers.

bring it on! Show! !

Docker installation

Network Optimization

[root@5centos ~]# setenforce 0
[root@5centos ~]# iptables -F
[root@5centos ~]# vim /etc/sysctl.conf 	##末行插入
net.ipv4.ip_forward=1
[root@5centos ~]# sysctl -p
net.ipv4.ip_forward = 1

Installation tool

[root@5centos ~]# yum -y install yum-utils device-mapper-persistent-data lvm2

Set up Alibaba Cloud image

[root@5centos ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@5centos ~]# cd /etc/yum.repos.d/
[root@5centos yum.repos.d]# ls
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Media.repo    CentOS-Vault.repo
CentOS-CR.repo    CentOS-fasttrack.repo  CentOS-Sources.repo  docker-ce.repo

Install Docker Community Edition (mainly free)

[root@5centos yum.repos.d]# yum -y install docker-ce
[root@5centos yum.repos.d]# systemctl start docker
[root@5centos yum.repos.d]# docker version 	##查看信息

Docker acceleration

Alibaba Cloud official website search mirror acceleration, the first one is
then choose this
one,

and there is an official tutorial for reference

Docker basic operation

Mirror search
docker search image name

[root@5centos /]# docker search nginx

Image download
docker pull image name

[root@5centos /]# docker pull wodby/nginx

View existing images and detailed information
docker images
docker inspect image ID

[root@5centos /]# docker images		##查看已有镜像
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
wodby/nginx         latest              971aceb353d9        4 weeks ago         75.4MB
[root@5centos /]# docker inspect 971aceb353d9		##详细信息

The image is downloaded and stored in: /var/lib/docker, the downloaded file information: /var/lib/docker/image/overlay2/repositories.json

Add tags to the image
docker tag Warehouse name: original tag Warehouse name: new
tag After adding tags, the old and new tags will exist at the same time

[root@5centos /]# docker tag wodby/nginx:latest wodby/nginx:web
[root@5centos /]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
wodby/nginx         latest              971aceb353d9        4 weeks ago         75.4MB
wodby/nginx         web                 971aceb353d9        4 weeks ago         75.4MB

Mirror delete
docker rmi mirror id
docker rmi mirror name
If there are the same label, delete the label id and report an error. If only one label is left, you can delete the label

[root@5centos /]# docker rmi wodby/nginx:latest 
Untagged: wodby/nginx:latest
[root@5centos /]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
wodby/nginx         web                 971aceb353d9        4 weeks ago         75.4MB

Export the image to the specified directory
docker save -o Corresponding directory warehouse name: label

[root@5centos /]# docker save -o /opt/nginxweb wodby/nginx:web 
[root@5centos /]# ls /opt/nginxweb 
/opt/nginxweb

Import image
docker load <image or docker load --input image

[root@5centos opt]# docker load < nginxweb 
Loaded image: wodby/nginx:web

Mirror upload

[root@docker ~]# docker login --username=juejue registry.cn-hangzhou.aliyuncs.com	'//先登录'
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker ~]# docker tag ed21b7a8aee9 registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001:latest
[root@docker ~]# docker push registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001:latest	'//开始上传'
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001]
d37eecb5b769: Pushed 
99134ec7f247: Pushed 
c3a984abe8a8: Pushed 
latest: digest: sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266 size: 948

Container operation

Create a container
docker create -it Warehouse name: label login environment

[root@5centos opt]# docker create -it wodby/nginx:web /bin/bash
603f7eb7f17de60b185f4285fac2c6cd1d4dd8d4bf97ee04fe39e7b7f885ef1a

View container status
docker ps -a

[root@5centos opt]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
603f7eb7f17d        wodby/nginx:web     "/docker-entrypoint.…"   2 minutes ago       Created                                 keen_zhukovsky

Start the container
docker start container id

[root@5centos opt]# docker start 603f7eb7f17d
603f7eb7f17d
[root@5centos opt]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
603f7eb7f17d        wodby/nginx:web     "/docker-entrypoint.…"   4 minutes ago       Up 3 seconds        80/tcp              keen_zhukovsky

Use the running container
docker exec -it container id environment or docker run -it container name: label environment (automatically exit after execution)

[root@5centos opt]# docker exec -it 603f7eb7f17d /bin/bash
/var/www/html$

Stop the container
docker stop container id

[root@5centos opt]# docker stop 603f7eb7f17d
603f7eb7f17d

Start the container and run in the background

[root@docker ~]# docker run -d  centos:7 /bin/bash -c "while true;do echo hello;done"
6101ea6eedbf7a1dcc75bb9d7cc1eb94e83b343b6829b6546d6ceda318545df6
##-c：命令

Container export

[root@5centos opt]# docker export 603f7eb7f17d > /opt/nginx
[root@5centos opt]# ls /opt/
containerd  nginx  nginxweb  rh

Container import
will generate a mirror, but will not create a container

[root@5centos opt]# cat /opt/nginx | docker import - nginx01
sha256:3383211c95ee1c0f09306cf893852c0aa8a4e9366f826502a8a76e54c1c0fa6b
[root@5centos opt]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx01             latest              3383211c95ee        10 seconds ago      75.2MB
wodby/nginx         nginx               971aceb353d9        4 weeks ago         75.4MB
wodby/nginx         web                 971aceb353d9        4 weeks ago

Delete the container The
container status cannot be the start
docker rm container id

[root@5centos opt]# docker rm 603f7eb7f17d
603f7eb7f17d

Delete containers in batch
docker ps -a |awk'{print "docker rm "$1}'|bash

[root@5centos opt]# docker ps -a |awk '{print "docker rm "$1}'|bash
Error: No such container: CONTAINER
88429fd11d13
d5a4fe53ebb1
[root@5centos opt]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES