Docker 初学者试验
代码筹备
需先自行在 linux 环境中装置好 docker
$ ls
Dockerfile app.py requirements.txt
Dockerfile
# 应用官网提供的 Python 开发镜像作为根底镜像
# 指定了“python:2.7-slim”这个官网保护的根底镜像,从而免去了装置 Python 等语言环境的操作
FROM python:2.7-slim
# 将工作目录切换为 /app
WORKDIR /app
# 将当前目录下的所有内容复制到 /app 下
ADD . /app
# 应用 pip 命令装置这个利用所须要的依赖
RUN pip install --trusted-host pypi.python.org -r requirements.txt
# 容许外界拜访容器的 80 端口
EXPOSE 80
# 设置环境变量
ENV NAME World
# 设置容器过程为:python app.py,即:这个 Python 利用的启动命令
CMD ["python", "app.py"]
app.py
from flask import Flask
import socket
import os
app = Flask(__name__)
@app.route('/')
def hello():
html = "<h3>Hello {name}!</h3>" \
"<b>Hostname:</b> {hostname}<br/>"
return html.format(name=os.getenv("NAME", "world"), hostname=socket.gethostname())
if __name__ == "__main__":
app.run(host='0.0.0.0', port=80)
requirements.txt
Flask
制作 docker 镜像
# 执行命令
root@VM-4-3-ubuntu:~/youkei/docker# docker build -t helloworld .
# 屏幕输入
Sending build context to Docker daemon 4.096kB
Step 1/7 : FROM python:2.7-slim
2.7-slim: Pulling from library/python
123275d6e508: Pull complete
dd1cd6637523: Pull complete
0c4e6d630f2c: Pull complete
13e9cd8f0ea1: Pull complete
Digest: sha256:6c1ffdff499e29ea663e6e67c9b6b9a3b401d554d2c9f061f9a45344e3992363
Status: Downloaded newer image for python:2.7-slim
---> eeb27ee6b893
Step 2/7 : WORKDIR /app
---> Running in d24c0ec99c2b
Removing intermediate container d24c0ec99c2b
---> ce6e721af493
Step 3/7 : ADD . /app
---> e27248668560
Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt
---> Running in 9a0a673e0694
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
Collecting Flask
Downloading Flask-1.1.4-py2.py3-none-any.whl (94 kB)
Collecting click<8.0,>=5.1
Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)
Collecting Werkzeug<2.0,>=0.15
Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)
Collecting Jinja2<3.0,>=2.10.1
Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)
Collecting itsdangerous<2.0,>=0.24
Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)
Collecting MarkupSafe>=0.23
Downloading MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)
Installing collected packages: click, Werkzeug, MarkupSafe, Jinja2, itsdangerous, Flask
Successfully installed Flask-1.1.4 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0
WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
Removing intermediate container 9a0a673e0694
---> 04fca94cafb9
Step 5/7 : EXPOSE 80
---> Running in 0075c2c1ed93
Removing intermediate container 0075c2c1ed93
---> 7fdadace33a4
Step 6/7 : ENV NAME World
---> Running in e9f625d20647
Removing intermediate container e9f625d20647
---> 4519da31ba33
Step 7/7 : CMD ["python", "app.py"]
---> Running in f61e40b56589
Removing intermediate container f61e40b56589
---> 3a999beb7d15
Successfully built 3a999beb7d15
Successfully tagged helloworld:latest
docker images 查看
# 制作完镜像后,代码目录无变动
root@VM-4-3-ubuntu:~/youkei/docker# ll
total 20
drwxr-xr-x 2 root root 4096 Jun 27 15:34 ./
drwxr-xr-x 4 root root 4096 Jun 27 15:23 ../
-rw-r--r-- 1 root root 336 Jun 27 15:27 app.py
-rw-r--r-- 1 root root 168 Jun 27 15:34 Dockerfile
-rw-r--r-- 1 root root 6 Jun 27 15:28 requirements.txt
# 查看打好的镜像
root@VM-4-3-ubuntu:~/youkei/docker# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
helloworld latest 3a999beb7d15 5 minutes ago 158MB
registry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln latest 5adc6879d812 6 months ago 1.03GB
python 2.7-slim eeb27ee6b893 2 years ago 148MB
kdelfour/lychee-docker latest 1bed5bfa1ad5 6 years ago 563MB
docker run 启动容器
root@VM-4-3-ubuntu:~/youkei/docker# docker run -p 4000:80 helloworld
* Serving Flask app "app" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
docker ps 查看
root@VM-4-3-ubuntu:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
311db91baf31 helloworld "python app.py" About a minute ago Up About a minute 0.0.0.0:4000->80/tcp, :::4000->80/tcp elastic_hoover
拜访宿主机 4000 端口
root@VM-4-3-ubuntu:~# curl http://localhost:4000
<h3>Hello World!<h3><b>Hostname:</b> 311db91baf31<br/>
上传镜像
$ docker tag helloworld geektime/helloworld:v1
geektime 指 Docker Hub 上的用户名
“/”前面的 helloworld 是这个镜像的名字
“v1”是给这个镜
像调配的版本号
$ docker tag iat-wecom:20220302162619 harbor.d.bank.local/test/iat-wecom:20220302162619
harbor.d.bank.local 是企业级 Registry 服务器,Harbor 是为企业用户设计的容器镜像仓库开源我的项目,包含了权限治理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、治理界面、自我注册、HA 等企业必须的性能,同时针对中国用户的特点,设计镜像复制和中文反对等性能。
test 是镜像仓库地址
iat-wecom 是 docker 镜像名称
20220302162619 是 docker 镜像版本
$ docker push geektime/helloworld:v1
把镜像上传到 Docker Hub 上
在容器外部操作
311db91baf31
通过 docker ps 查得 CONTAINER ID 的值
root@VM-4-3-ubuntu:~# docker exec -it 311db91baf31 /bin/sh
# pwd
/app
# touch test.txt # 在容器外部新建了一个文件
# exit
# 将这个新建的文件提交到镜像中保留
$ docker commit 4ddf4638572d geektime/helloworld:v2
查看容器过程
root@VM-4-3-ubuntu:~# docker inspect --format '{{.State.Pid}}' 311db91baf31
232400
查看宿主机 proc 文件
root@VM-4-3-ubuntu:~# ls -l /proc/232400/ns
一个过程的每种 Linux Namespace,都在它对应的 /proc/[过程号]/ns 下有一个对应的虚构文件,并且链接到一个实在的 Namespace 文件上。
一个过程,能够抉择退出到某个过程已有的 Namespace 当中,从而达到“进入”这个过程所在容器的目标,这正是 docker exec 的实现原理。
退出到已有容器
$ docker run -it --net container:4ddf4638572d busybox ifconfig
咱们新启动的这个容器,会间接退出到 ID=4ddf4638572d
的容器
将宿主机目录挂载进容器
因为执行这个挂载操作时,“容器过程”曾经创立了,也就意味着此时 Mount Namespace 曾经开启了。所以,这个挂载事件只在这个容器里可见。你在宿主机上,是看不见容器外部的这个挂载点的。