Article Directory
Docker overview
Docker is an open source application container engine that allows developers to package their applications and dependent packages into a portable container, and then publish to any popular Linux machine or Windows machine, it can also be virtualized, the container is completely Using the sandbox mechanism, there will be no interfaces between each other.
A complete Docker consists of the following parts:
DockerClient client
Docker Daemon daemon
Docker Image mirror
DockerContainer container
- Docker is an open platform for developing, delivering and running applications. Docker enables you to separate your application from the infrastructure so you can deliver software quickly.
- It is an open source application container engine that allows developers to package the gated application and dependent packages into a portable image, and then publish it to any popular Linux or Windows machine, which can also be virtualized. Containers use the sandbox mechanism completely, and there will be no interfaces between them
- Sandbox: In the field of computer security, sandbox is an isolated operating mechanism for programs
- Docker became a hit in 2013, and until now, it has become synonymous with container technology.
- Docker has been aiming to provide a standardized runtime environment from the very beginning, truly "build once, run anywhere". The same build version can be used in any environment such as development, testing, pre-release, production, etc. Decoupling of the underlying operating system. On this basis, CaaS (Container as a Service) technology has been further developed
Common usage scenarios of Docker
Simple deployment of packaged applications
can be freely migrated away from the underlying hardware (application isolation is achieved, applications are split and decoupled), for example: server migration from Tencent Cloud to Alibaba Cloud
Continuous Integration and Continuous Delivery (CI/CD): Development To test release,
deploy
microservices, provide PAAS products (Platform as a Service) OpenStack cloud host is similar to Alibaba Cloud ECS, belongs to IAAS, Docker (K8S) belongs to PAAS
Docker engine
Docker Engine
Docker Engine is a client-server application with the following main components: The
server is a long-running program called a daemon process (dockerd command).
REST API, which specifies the interface that programs can use to communicate with the daemon and instruct its operations.
Command line interface (CLI) client (docker command).
Docker architecture (Docker architecture)
Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which completes the heavy work of building, running, and distributing Docker containers.
Docker is different from traditional virtualization. It does not require virtual hardware resources and directly uses the container engine, so it is fast
Docker Client: The client
Docker client (docker) is the main way many Docker users interact with Docker. When you use commands such as docker run, the client will send these commands to dockerd to execute these commands. The docker command uses the Docker API. The Docker client can communicate with multiple daemons.
Docker daemon: The daemon
Docker daemon (dockerd) listens to Docker API requests and manages Docker objects such as images, containers, networks, and volumes. The daemon can also communicate with other daemons to manage Docker services.
Docker images: image
container can be packaged into image
Docker container: container
Docker registry: mirror repository
The place to store the mirror image, by default it will be searched on the public Docker Hub, and you can create a personal repository
The difference between containers and virtual machines
Namespaces
Docker uses a technology called namespaces to provide isolated workspaces for containers. When running a container, Docker creates a set of namespaces for the container.
These namespaces provide a layer of isolation. Every aspect of the container runs in a separate namespace, and its access is limited to that namespace.
Docker Engine uses the following namespaces on Linux:
the pid namespace: process isolation (PID: process ID).
The net namespace: management network interface (NET: network).
The ipc namespace: manages access to IPC resources (IPC: inter-process communication).
The mnt namespace: management file system mount point (MNT: mount).
The uts namespace: isolate the kernel and version identifiers. (UTS: Unix Time Sharing System).
Control groups
The Docker engine on Linux also relies on another technology called cgroups. Cgroup restricts applications to a specific set of resources. The control group allows Docker Engine to share available hardware resources to the container and selectively enforce restrictions and constraints. For example, you can limit the memory available to specific containers.
bring it on! Show! !
Docker installation
Network Optimization
[root@5centos ~]# setenforce 0
[root@5centos ~]# iptables -F
[root@5centos ~]# vim /etc/sysctl.conf ##末行插入
net.ipv4.ip_forward=1
[root@5centos ~]# sysctl -p
net.ipv4.ip_forward = 1
Installation tool
[root@5centos ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
Set up Alibaba Cloud image
[root@5centos ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@5centos ~]# cd /etc/yum.repos.d/
[root@5centos yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo docker-ce.repo
Install Docker Community Edition (mainly free)
[root@5centos yum.repos.d]# yum -y install docker-ce
[root@5centos yum.repos.d]# systemctl start docker
[root@5centos yum.repos.d]# docker version ##查看信息
Docker acceleration
Alibaba Cloud official website search mirror acceleration, the first one is
then choose this
one,
and there is an official tutorial for reference
Docker basic operation
Mirror search
docker search image name
[root@5centos /]# docker search nginx
Image download
docker pull image name
[root@5centos /]# docker pull wodby/nginx
View existing images and detailed information
docker images
docker inspect image ID
[root@5centos /]# docker images ##查看已有镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
wodby/nginx latest 971aceb353d9 4 weeks ago 75.4MB
[root@5centos /]# docker inspect 971aceb353d9 ##详细信息
The image is downloaded and stored in: /var/lib/docker, the downloaded file information: /var/lib/docker/image/overlay2/repositories.json
Add tags to the image
docker tag Warehouse name: original tag Warehouse name: new
tag After adding tags, the old and new tags will exist at the same time
[root@5centos /]# docker tag wodby/nginx:latest wodby/nginx:web
[root@5centos /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wodby/nginx latest 971aceb353d9 4 weeks ago 75.4MB
wodby/nginx web 971aceb353d9 4 weeks ago 75.4MB
Mirror delete
docker rmi mirror id
docker rmi mirror name
If there are the same label, delete the label id and report an error. If only one label is left, you can delete the label
[root@5centos /]# docker rmi wodby/nginx:latest
Untagged: wodby/nginx:latest
[root@5centos /]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wodby/nginx web 971aceb353d9 4 weeks ago 75.4MB
Export the image to the specified directory
docker save -o Corresponding directory warehouse name: label
[root@5centos /]# docker save -o /opt/nginxweb wodby/nginx:web
[root@5centos /]# ls /opt/nginxweb
/opt/nginxweb
Import image
docker load <image or docker load --input image
[root@5centos opt]# docker load < nginxweb
Loaded image: wodby/nginx:web
Mirror upload
[root@docker ~]# docker login --username=juejue registry.cn-hangzhou.aliyuncs.com '//先登录'
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker ~]# docker tag ed21b7a8aee9 registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001:latest
[root@docker ~]# docker push registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001:latest '//开始上传'
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/tang_docker001/tang_docker001]
d37eecb5b769: Pushed
99134ec7f247: Pushed
c3a984abe8a8: Pushed
latest: digest: sha256:7ac7819e1523911399b798309025935a9968b277d86d50e5255465d6592c0266 size: 948
Container operation
Create a container
docker create -it Warehouse name: label login environment
[root@5centos opt]# docker create -it wodby/nginx:web /bin/bash
603f7eb7f17de60b185f4285fac2c6cd1d4dd8d4bf97ee04fe39e7b7f885ef1a
View container status
docker ps -a
[root@5centos opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
603f7eb7f17d wodby/nginx:web "/docker-entrypoint.…" 2 minutes ago Created keen_zhukovsky
Start the container
docker start container id
[root@5centos opt]# docker start 603f7eb7f17d
603f7eb7f17d
[root@5centos opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
603f7eb7f17d wodby/nginx:web "/docker-entrypoint.…" 4 minutes ago Up 3 seconds 80/tcp keen_zhukovsky
Use the running container
docker exec -it container id environment or docker run -it container name: label environment (automatically exit after execution)
[root@5centos opt]# docker exec -it 603f7eb7f17d /bin/bash
/var/www/html$
Stop the container
docker stop container id
[root@5centos opt]# docker stop 603f7eb7f17d
603f7eb7f17d
Start the container and run in the background
[root@docker ~]# docker run -d centos:7 /bin/bash -c "while true;do echo hello;done"
6101ea6eedbf7a1dcc75bb9d7cc1eb94e83b343b6829b6546d6ceda318545df6
##-c:命令
Container export
[root@5centos opt]# docker export 603f7eb7f17d > /opt/nginx
[root@5centos opt]# ls /opt/
containerd nginx nginxweb rh
Container import
will generate a mirror, but will not create a container
[root@5centos opt]# cat /opt/nginx | docker import - nginx01
sha256:3383211c95ee1c0f09306cf893852c0aa8a4e9366f826502a8a76e54c1c0fa6b
[root@5centos opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx01 latest 3383211c95ee 10 seconds ago 75.2MB
wodby/nginx nginx 971aceb353d9 4 weeks ago 75.4MB
wodby/nginx web 971aceb353d9 4 weeks ago
Delete the container The
container status cannot be the start
docker rm container id
[root@5centos opt]# docker rm 603f7eb7f17d
603f7eb7f17d
Delete containers in batch
docker ps -a |awk'{print "docker rm "$1}'|bash
[root@5centos opt]# docker ps -a |awk '{print "docker rm "$1}'|bash
Error: No such container: CONTAINER
88429fd11d13
d5a4fe53ebb1
[root@5centos opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES