Docker Compose
Introduction to Compose
Compose is a tool for defining and running multi-container Docker applications. With Compose, you can use YML files to configure all services required by your application. Then, with one command, all services can be created and started from the YML file configuration.
If you still don't understand YML file configuration, you can read the YAML introductory tutorial first.
Three steps used by Compose:
使用 Dockerfile 定义应用程序的环境。
使用 docker-compose.yml 定义构成应用程序的服务,这样它们可以在隔离环境中一起运行。
最后,执行 docker-compose up 命令来启动并运行整个应用程序。
The configuration case of docker-compose.yml is as follows (refer to the configuration parameters below):
Instance
yaml configuration example
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
- logvolume01:/var/log
links:
- redis
redis:
image: redis
volumes:
logvolume01: {}
use
1. Prepare to
create a test directory:
$ mkdir composetest
$ cd composetest
Create a file named app.py in the test directory, and copy and paste the following content:
composetest/app.py file code
import time
import redis
from flask import Flask
app = Flask(__name__)
cache = redis.Redis(host='redis', port=6379)
def get_hit_count():
retries = 5
while True:
try:
return cache.incr('hits')
except redis.exceptions.ConnectionError as exc:
if retries == 0:
raise exc
retries -= 1
time.sleep(0.5)
@app.route('/')
def hello():
count = get_hit_count()
return 'Hello World! I have been seen {} times.\n'.format(count)
In this example, redis is the host name of the redis container on the application network, and the port used by the host is 6379.
Create another file named requirements.txt in the composetest directory with the following content:
flask
redis
2. Create a Dockerfile file
In the composetest directory, create a file named Dockerfile with the following content:
FROM python:3.7-alpine
WORKDIR /code
ENV FLASK_APP app.py
ENV FLASK_RUN_HOST 0.0.0.0
RUN apk add --no-cache gcc musl-dev linux-headers
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
COPY . .
CMD ["flask", "run"]
Dockerfile content explanation:
FROM python:3.7-alpine: 从 Python 3.7 映像开始构建镜像。
WORKDIR /code: 将工作目录设置为 /code。
ENV FLASK_APP app.py
ENV FLASK_RUN_HOST 0.0.0.0
设置 flask 命令使用的环境变量。
RUN apk add --no-cache gcc musl-dev linux-headers: 安装 gcc,以便诸如 MarkupSafe 和 SQLAlchemy 之类的 Python 包可以编译加速。
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
复制 requirements.txt 并安装 Python 依赖项。
COPY . .: 将 . 项目中的当前目录复制到 . 镜像中的工作目录。
CMD ["flask", "run"]: 容器提供默认的执行命令为:flask run。
3. Create docker-compose.yml
Create a file named docker-compose.yml in the test directory, and paste the following content:
docker-compose.yml configuration file
# yaml 配置
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
redis:
image: "redis:alpine"
The Compose file defines two services: web and redis.
web: This web service uses the image built from the current directory of the Dockerfile. Then, it binds the container and host to the exposed port 5000. This sample service uses the default port 5000 of the Flask web server.
redis: This redis service uses the public Redis image of Docker Hub.
4. Use the Compose command to build and run your application.
In the test directory, execute the following command to start the application:
docker-compose up
If you want to execute the service in the background, you can add the -d parameter:
docker-compose up -d
The yml configuration command refers to
version to
specify which version of compose this yml complies with.
build is
specified as the build image context path:
For example, the webapp service is specified as an image built from the context path ./dir/Dockerfile:
version: "3.7"
services:
webapp:
build: ./dir
Or, as an object with a path specified in the context, and optional Dockerfile and args:
version: "3.7"
services:
webapp:
build:
context: ./dir
dockerfile: Dockerfile-alternate
args:
buildno: 1
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
target: prod
- context: context path.
- Dockerfile: Specify the name of the Dockerfile to build the image.
- args: Add build parameters, which are environment variables that can only be accessed during the build process.
- labels: Set the labels for building the image.
- target: Multi-layer construction, you can specify which layer to build.
- cap_add,cap_drop
- Add or delete the kernel functions of the host machine owned by the container.
cap_add:
- ALL # Turn on all permissions
cap_drop:
- SYS_PTRACE # Turn off ptrace permission
cgroup_parent
specifies the parent cgroup group for the container, which means that the resource limit of this group will be inherited.
cgroup_parent: m-executor-abcd
command
overrides the default command started by the container.
command: ["bundle", "exec", "thin", "-p", "3000"]
container_name
specifies a custom container name instead of the generated default name.
container_name: my-web-container
depends_on
sets dependencies.
docker-compose up: Start services in dependency order. In the following example, db and redis are started before web is started.
docker-compose up SERVICE: automatically include the dependencies of SERVICE. In the following example, docker-compose up web will also create and start db and redis.
docker-compose stop: Stop services in the order of dependencies. In the following example, web stops before db and redis.
version: "3.7"
services:
web:
build: .
depends_on:
- db
- redis
redis:
image: redis
db:
image: postgres
Note: The web service does not wait for redis db to start completely.
Deploy
specifies the configuration related to the deployment and operation of the service. Only useful in swarm mode.
version: "3.7"
services:
redis:
image: redis:alpine
deploy:
mode:replicated
replicas: 6
endpoint_mode: dnsrr
labels:
description: "This redis service label"
resources:
limits:
cpus: '0.50'
memory: 50M
reservations:
cpus: '0.25'
memory: 20M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
Optional parameters:
-
endpoint_mode: the way to access cluster services.
- endpoint_mode: vip
Docker cluster serves an external virtual IP. All requests will reach the machines inside the cluster service through this virtual ip. - endpoint_mode: dnsrr
DNS polling (DNSRR). All requests will be automatically polled to obtain an IP address in the cluster IP list.
- endpoint_mode: vip
-
labels: Set labels on the service. You can use the labels on the container (the configuration at the same level as deploy) to overwrite the labels under deploy.
-
mode: Specifies the mode of service provision.
-
replicated: Replication service, which replicates the specified service to the cluster machines.
-
global: Global service, the service will be deployed to each node of the cluster.
-
Illustration: The yellow square in the figure below is the operation of replicated mode, and the gray square is the operation of global mode.
-
replicas: When the mode is replicated, you need to use this parameter to configure the number of specific running nodes.
-
resources: Configure the limits of server resource usage, such as the above example, configure the percentage of CPU and memory usage for redis cluster operation. Avoid excessive resource usage and abnormalities.
-
restart_policy: Configure how to restart the container when it exits.
- condition: optional none, on-failure or any (default: any).
- delay: Set how long to restart after setting (default value: 0).
- max_attempts: The number of attempts to restart the container. If the number is exceeded, no more attempts (default: always retry).
- window: Set the container restart timeout (default value: 0).
- rollback_config: Configure how to roll back the service if the update fails.
-
Parallelism: The number of containers to be rolled back at a time. If set to 0, all containers will be rolled back at the same time.
- delay: The time to wait between rollbacks of each container group (default is 0s).
- failure_action: What to do if the rollback fails. One of continue or pause (pause by default).
- monitor: After each container is updated, the time to continuously observe whether it fails (ns|us|ms|s|m|h) (default is 0s).
- max_failure_ratio: The failure rate that can be tolerated during the rollback (default is 0).
- order: The order of operations during rollback. One of stop-first (serial rollback), or start-first (parallel rollback) (default stop-first).
- update_config: Configure how the service should be updated, which is useful for configuring rolling updates.
-
Parallelism: The number of containers updated at one time.
- delay: The time to wait between updating a set of containers.
- failure_action: What to do if the update fails. One of continue, rollback or pause (default: pause).
- monitor: After each container is updated, the time to continuously observe whether it fails (ns|us|ms|s|m|h) (default is 0s).
- max_failure_ratio: the failure rate that can be tolerated during the update process.
- order: The order of operations during rollback. One of stop-first (serial rollback), or start-first (parallel rollback) (default stop-first).
Note: Only V3.4 and later versions are supported.
-
devices
specifies the device mapping list.
devices:
- "/dev/ttyUSB0:/dev/ttyUSB0"
- dns
Custom DNS server, which can be a single value or multiple values in a list.
dns: 8.8.8.8
dns:
- 8.8.8.8
- 9.9.9.9
- dns_search
custom DNS search domain. Can be a single value or a list.
dns_search: example.com
dns_search:
- dc1.example.com
- dc2.example.com
- The entrypoint
overrides the default entrypoint of the container.
entrypoint: /code/entrypoint.sh
It can also be in the following format:
entrypoint:
- php
- -d
- zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20100525/xdebug.so
- -d
- memory_limit=-1
- vendor/bin/phpunit
- env_file
adds environment variables from the file. It can be a single value or a list of multiple values.
env_file: .env
It can also be in list format:
env_file:
- ./common.env
- ./apps/web.env
- /opt/secrets.env
- environment
Add environment variables. You can use arrays or dictionaries, any Boolean values, Boolean values need to be enclosed in quotation marks to ensure that the YML parser will not convert them to True or False.
environment:
RACK_ENV: development
SHOW: 'true'
- Expose the
port, but it is not mapped to the host, only accessed by connected services.
Only internal ports can be specified as parameters:
expose:
- "3000"
- "8000"
- extra_hosts
adds host name mapping. Similar to docker client --add-host.
extra_hosts:
- "somehost:162.242.195.82"
- "otherhost:50.31.209.229"
The above will create a mapping relationship with ip address and host name in /etc/hosts in the internal container of this service:
162.242.195.82 somehost
50.31.209.229 otherhost
- healthcheck is
used to detect whether the docker service is running healthy.
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"] # 设置检测程序
interval: 1m30s # 设置检测间隔
timeout: 10s # 设置检测超时时间
retries: 3 # 设置重试次数
start_period: 40s # 启动后,多少秒开始启动检测程序
- image
specifies the image that the container is running on. The following formats are all possible:
image: redis
image: ubuntu:14.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd # 镜像id
- Logging
configuration of the logging service.
driver: Specify the logging driver of the service container. The default value is json-file. There are three options
driver: "json-file"
driver: "syslog"
driver: "none"
Only under the json-file driver, the following parameters can be used to limit the number and size of logs.
logging:
driver: json-file
options:
max-size: "200k" # 单个文件大小为200k
max-file: "10" # 最多10个文件
When the file limit is reached, the old files will be deleted automatically.
Under the syslog driver, you can use syslog-address to specify the log receiving address.
logging:
driver: syslog
options:
syslog-address: "tcp://192.168.0.42:123"
- network_mode
sets the network mode.
network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"
- networks
Configure the network that the container is connected to, refer to the entry under the top-level networks.
services:
some-service:
networks:
some-network:
aliases:
- alias1
other-network:
aliases:
- alias2
networks:
some-network:
# Use a custom driver
driver: custom-driver-1
other-network:
# Use a custom driver which takes special options
driver: custom-driver-2
aliases: Other containers on the same network can use the service name or this alias to connect to the service of the corresponding container.
-
restart
no: is the default restart strategy, the container will not be restarted under any circumstances.
always: The container always restarts.
on-failure: When the container exits abnormally (exit status is not 0), the container will be restarted.
unless-stopped: Always restart the container when it exits, but do not consider containers that have been stopped when the Docker daemon is started
restart: “no”
restart: always
restart: on-failure
restart: unless-stopped
Note: swarm cluster Mode, please use restart_policy instead. -
Secrets
store sensitive data, such as passwords:
version: "3.1"
services:
mysql:
image: mysql
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/my_secret
secrets:
- my_secret
secrets:
my_secret:
file: ./my_secret.txt
- security_opt
modifies the default schema tag of the container.
security-opt:
- label:user:USER # 设置容器的用户标签
- label:role:ROLE # 设置容器的角色标签
- label:type:TYPE # 设置容器的安全策略标签
- label:level:LEVEL # 设置容器的安全等级标签
- stop_grace_period
specifies how long to wait before sending a SIGKILL signal to close the container after the container cannot process SIGTERM (or any stop_signal signal).
stop_grace_period: 1s # 等待 1 秒
stop_grace_period: 1m30s # 等待 1 分 30 秒
默认的等待时间是 10 秒。
- stop_signal
sets an alternative signal to stop the container. SIGTERM is used by default.
The following example uses SIGUSR1 instead of signal SIGTERM to stop the container.
stop_signal: SIGUSR1
- sysctls
sets the kernel parameters in the container, you can use array or dictionary format.
sysctls:
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0
sysctls:
- net.core.somaxconn=1024
- net.ipv4.tcp_syncookies=0
- tmpfs
installs a temporary file system in the container. It can be a single value or a list of multiple values.
tmpfs: /run
tmpfs:
- /run
- /tmp
- ulimits
Override the default ulimit of the container.
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
- volumes
to mount a volume or a file of data to the host container.
version: "3.7"
services:
db:
image: postgres:latest
volumes:
- "/localhost/postgres.sock:/var/run/postgres/postgres.sock"
- "/localhost/data:/var/lib/postgresql/data"