Using Docker images

Get image

Use the docker pull command and the docker search command to search for shared images in the remote warehouse.

Run container

Use the docker run [OPTIONS] IMAGE [COMMAND] [ARG...] command, such as: docker run --name ubuntu_test --rm -it ubuntu:test /bin/bash, where the options are as follows:

--name specifies the container name.
--rm means delete the container after it exits.
The -t option tells Docker to allocate a pseudo terminal and bind it to the container's standard input.
-i keeps the container's standard input open.

View image information

Use the docker images command to list the downloaded images.

The docker image --filter command lists the specified parameters

For example: list the image's warehouse name, id and tag , separated by " === "

docker images --format "{
   
   {.Repository}} === {
   
   {.ID}} === {
   
   {.Tag}}"

Delete image

docker rmi [image label or ID], note that docker rm is the command to delete the container, don't be confused.

Create image

There are three methods. Use the docker commit command to create a container based on an existing image, or import based on a local template. Created based on Dockerfile.

docker commit

Save the container's storage layer as an image. The docker commit command will make the image bloated and will not be used in this way in the actual environment.

Command syntax:

docker commit [选项] <容器ID或容器名> [<仓库名>[:<标签>]]

Options include:

-a, --author=""Author information
-m, --message=""Commit message
-p, --pause=true pause container on commit

Import based on local template

First download the operating system template compressed package file, and then use the docker import command to import:

docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]

Customized image based on Dockerfile

Dockerfile is a text file that contains instructions (Instructions). Each instruction builds a layer, so the content of each instruction describes how the layer should be built. Proceed as follows:

1. In a blank directory, create a file Dockerfile with the following content:

FROM golang
RUN mkdir -p /go/src/study      \
    && go env -w GO111MODULE=off
COPY study /go/src/study
WORKDIR /go/src/study/photoweb/
RUN go build /go/src/study/photoweb/photoweb.go

The FROM instruction specifies the base image. If scratch is used as the base image, it means that it is not based on any image.

The RUN instruction is used to execute command line commands.

The COPY instruction copies local files to the image. It should be noted that the local file must be a file in the image build context (specified by the last parameter of the docker build command). Generally, the files to be copied are copied to the directory where the Dockerfile is located. The WORKDIR directive specifies the working directory to prevent the executable file from finding related resources.

2. After the Dockerfile is written, execute the command docker build -t golang:test. Create an image.

Dockerfile multi-stage build

Dockerfile multi-stage construction is a method to optimize Docker image construction, which can reduce the size of Docker images and runtime resource consumption. In the example below, in the first stage, the copyable source code and executable file app are compiled, and in the second stage, only the executable file app is copied to the image. Saves unnecessary space during runtime (go source code or other packages relied on during compilation)

# 第一阶段下载相关依赖编译出可执行文件app
FROM golang:1.9-alpine
RUN apk --no-cache add git
WORKDIR /go/src/github.com/go/helloworld/
RUN go get -d -v github.com/go-sql-driver/mysql
COPY app.go .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .

# 第二阶段只将可执行文件app复制到镜像中，运行的容器中并不需要下载git和mysql驱动包
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=0 /go/src/github.com/go/helloworld/app .
CMD ["./app"]

Save and load

Docker also provides docker load and docker save commands to save the image as a tar file, then transfer it to another location and then load it in. This is the approach when there is no Docker Registry. It is no longer recommended. Docker Registry should be used directly for image migration, whether it is using Docker Hub directly or using an intranet private Registry.

Save the image: docker save ubuntu:test | gzip > ubuntu-test.tar.gz. The image saved using docker save can only be loaded using docker load.

Load the image: docker load -i ubuntu-test.tar.gz

Mirror implementation principle

Each image is made up of many layers, and Docker uses Union FS to combine these different layers into a single image.

Operation container

Start container

Using the docker run command, when using docker run to create a container, the standard operations Docker runs in the background include:

Check whether the specified image exists locally. If it does not exist, download it from the public warehouse.
Create and start a container using an image
Allocate a file system and mount a read-write layer outside the read-only image layer
Bridge a virtual interface from the bridge interface configured on the host host to the container
Configure an IP address from the address pool to the container
Execute user-specified application
After execution, the container is terminated

Run in daemon state: Add the -d parameter when executing the docker run command.

Terminate container

Use the docker stop command to terminate the container. The terminated container can be restarted through the docker start command.

Enter the container

Use the docker attach or docker exec command. The difference between the two is that after executing attach, exiting from stdin will cause the container to stop. After executing exec, exiting from stdin will not cause the container to stop. Therefore, it is recommended to use the docker exec command to enter the container.

Export import

Use the docker export command to export a local container snapshot to a local file, and use the docker import command to import it from the container snapshot file into an image, for example:

$ docker ps -a

CONTAINER ID    IMAGE            COMMAND        CREATED        STATUS        PORTS        NAMES
7691a814370e    ubuntu:14.04     "/bin/bash"    36 hours ago   Exited(0) 21 hours ago  test

$ docker export 7691a814370e > ubuntu.tar
 

$ cat ubuntu.tar | docker import - test/ubuntu:v1.0

$ docker images
REPOSITORY    TAG    IMAGE ID      CREATED               VIRTUAL SIZE
test/ubuntu   v1.0   9d37a6082e97  About a minute ago    171.3MB

Delete container

Using the docker rm command, if you want to delete a running container, you can add the -f parameter. Docker will send the SIGKILL signal to the container. Clean up all terminated containers using the command docker container prune

Visit the warehouse

Docker Hub

Pull the image: Use docker search to find the image from the warehouse, and use the docker pull command to pull the image.

Push the image: docker push username/ubuntu:17.10 command, username is the account username.

Private warehouse

Use the officially provided tool docker-registry to build a private image warehouse.

Container running: docker run -d -p 5000:5000 --restart=always --name registry registry. By default, the warehouse will be created in the /var/lib/registry directory of the container. You can use the -v parameter to store the image file in a local specified path.

Upload, search and download images in private repositories:

First use docker tag to mark an image. For example, the private warehouse address is 127.0.0.1:5000 , and the tag command is docker tag ubuntu:latest 127.0.0.1:5000/ubuntu:latest
Then use docker push to upload the tagged image. The command is docker push 127.0.0.1:5000/ubuntu:latest
Use curl to view the images in the repository. The command is curl 127.0.0.1:5000/v2/_catalog
Download the image from the warehouse, the command is docker pull 127.0.0.1:5000/ubuntu:latest
Docker does not allow non-HTTPS images to be pushed by default. We can remove this restriction through Docker configuration, or configure a private repository that can be accessed through HTTPS. Add the following content to the file /etc/docker/daemon.json:

{
    "registry-mirror": [
    "https://registry.docker-cn.com"
    ],
    "insecure-registries": [
    "192.168.199.100:5000"
    ]
}

Data management

There are two main ways to manage data within Docker and between containers: data volumes (Volumes) and mounting host directories (Bind mounts).

A special directory where a data volume can be used by one or more containers. It bypasses UFS and has the following characteristics:

Data volumes can be shared and reused between containers
Modifications to the data volume will take effect immediately
Updates to the data volume will not affect the mirror
The data volume will always exist by default, even if the container is deleted

Create data volume

docker volume create my-vol

View the data volume: docker volume ls; view the information of the specified data volume as follows:

$ docker volume inspect my-vol
[
    {
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
        "Name": "my-vol",
        "Options": {},
        "Scope": "local"
    }
]

Mount the data volume when starting the container: Use the --mount parameter to specify the data volume to be mounted when executing docker run. For example:

$ docker run -d -P \
    --name web \
    # -v my-vol:/wepapp \
    --mount source=my-vol,target=/webapp \
    training/webapp \
    python app.py

Use the command docker inspect web on the host to view the container information. The data volume information is under the "Mounts" Key.

Delete the data volume: docker volume rm my-vol, clean the data volume command docker volume prune

In addition to mounting the created data volume, you can also use the --mount flag to specify directly mounting a directory on the local host into the container. The default permissions of Docker's mounted host directory are read and write, and users can also specify read-only by adding readonly.

Docker images, containers, warehouses and data management