理解Docker基本原理和要把握的内容之后,咱们就正式开始Docker的学习了。本篇内容次要介绍Docker的镜像和容器。
上篇回顾:Docker小白入门倡议及基本原理介绍。下一篇预报:环境变量、数据卷等。
上面,一起来开始学习吧!
镜像
原理
如果只思考 Docker 容器的操作系统属性,那么镜像=轻量级操作系统安装包。
如果需思考 Docker 容器的应用软件属性,那么镜像=(轻量级操作系统+利用)安装包
例如:MySQL 镜像= 虚构的 Linux 操作系统 + MySQL
镜像是怎么产生的?
用户编写镜像编排 Dockerfile,对这种文件进行 build 操作,就生成了一个镜像。
镜像是一个文件?
镜像从逻辑上能够简略了解是一个文件,但实际上是多层文件的组合。
所以,镜像尽管不是一个独自的文件,但能够被导出成为一个压缩文件:
# 镜像导出成一个tarball文件docker save image# 加载一个 tarball 镜像文件docker load image镜像寄存在哪里?
运行容器时,Docker 会从 /var/lib/docker/image 目录下寻找是否镜像文件。
如果没有镜像文件,Docker 会尝试从 Dockerhub 镜像仓库 (opens new window)中下载到本地,而后运行。
仓库
家喻户晓,DockerHub 是由 Docker 官网经营的寰球最大的镜像仓库。
实际上,除了 DockerHub 之外,还有多种构建仓库的形式:
自建仓库
反对自建仓库。个别云提供商均提供了镜像仓库服务,供客户寄存本人的公有镜像。
减速仓库
如果从 Dockerhub 下载镜像镜像十分慢的话,就须要通过如下的形式批改仓库地址:
抉择或获取你喜爱的国内镜像仓库(减速地址)
#1 Docker 中文社区https://registry.docker-cn.com#2 网易仓库http://hub-mirror.c.163.com#3 腾讯仓库https://mirror.ccs.tencentyun.com#4 阿里云仓库https://f53jxx8r.mirror.aliyuncs.com上述阿里云仓库减速地址仅供参考,倡议登录控制台后,从后盾获取 (opens new window)获取
批改 /etc/docker/daemon.json 文件(如果没有能够减少),插入下值
{ "registry-mirrors": ["https://f53jxx8r.mirror.aliyuncs.com"]}重启服务后失效
sudo systemctl daemon-reloadsudo systemctl restart dockerDocker 反对配置多个仓库地址,相似:
{ "registry-mirrors": ["https://registry.docker-cn.com","https://f53jxx8r.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]}
容器
容器是 Docker 最重要的组件,下面曾经屡次提到容器就是一个轻量级虚拟机。
运行容器
通过 docker run 命令运行容器,它的用法和参数如下(详情 (opens new window))。
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]Run a command in a new containerOptions: --add-host list Add a custom host-to-IP mapping (host:ip) -a, --attach list Attach to STDIN, STDOUT or STDERR --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --blkio-weight-device list Block IO weight (relative device weight) (default []) --cap-add list Add Linux capabilities --cap-drop list Drop Linux capabilities --cgroup-parent string Optional parent cgroup for the container --cgroupns string Cgroup namespace to use (host|private) 'host': Run the container in the Docker host's cgroup namespace 'private': Run the container in its own private cgroup namespace '': Use the cgroup namespace as configured by the default-cgroupns-mode option on the daemon (default) --cidfile string Write the container ID to the file --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota --cpu-rt-period int Limit CPU real-time period in microseconds --cpu-rt-runtime int Limit CPU real-time runtime in microseconds -c, --cpu-shares int CPU shares (relative weight) --cpus decimal Number of CPUs --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID --detach-keys string Override the key sequence for detaching a container --device list Add a host device to the container --device-cgroup-rule list Add a rule to the cgroup allowed devices list --device-read-bps list Limit read rate (bytes per second) from a device (default []) --device-read-iops list Limit read rate (IO per second) from a device (default []) --device-write-bps list Limit write rate (bytes per second) to a device (default []) --device-write-iops list Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns list Set custom DNS servers --dns-option list Set DNS options --dns-search list Set custom DNS search domains --domainname string Container NIS domain name --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env list Set environment variables --env-file list Read in a file of environment variables --expose list Expose a port or a range of ports --gpus gpu-request GPU devices to add to the container ('all' to pass all GPUs) --group-add list Add additional groups to join --health-cmd string Command to run to check health --health-interval duration Time between running the check (ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy --health-start-period duration Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) --health-timeout duration Maximum time to allow one check to run (ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name --init Run an init inside the container that forwards signals and reaps processes -i, --interactive Keep STDIN open even if not attached --ip string IPv4 address (e.g., 172.30.100.104) --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC mode to use --isolation string Container isolation technology --kernel-memory bytes Kernel memory limit -l, --label list Set meta data on a container --label-file list Read in a line delimited file of labels --link list Add link to another container --link-local-ip list Container IPv4/IPv6 link-local addresses --log-driver string Logging driver for the container --log-opt list Log driver options --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory bytes Memory limit --memory-reservation bytes Memory soft limit --memory-swap bytes Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --mount mount Attach a filesystem mount to the container --name string Assign a name to the container --network network Connect a container to a network --network-alias list Add network-scoped alias for the container --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) --pid string PID namespace to use --pids-limit int Tune container pids limit (set -1 for unlimited) --platform string Set platform if server is multi-platform capable --privileged Give extended privileges to this container -p, --publish list Publish a container's port(s) to the host -P, --publish-all Publish all exposed ports to random ports --pull string Pull image before running ("always"|"missing"|"never") (default "missing") --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt list Security Options --shm-size bytes Size of /dev/shm --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout int Timeout (in seconds) to stop a container --storage-opt list Storage driver options for the container --sysctl map Sysctl options (default map[]) --tmpfs list Mount a tmpfs directory -t, --tty Allocate a pseudo-TTY --ulimit ulimit Ulimit options (default []) -u, --user string Username or UID (format: <name|uid>[:<group|gid>]) --userns string User namespace to use --uts string UTS namespace to use -v, --volume list Bind mount a volume --volume-driver string Optional volume driver for the container --volumes-from list Mount volumes from the specified container(s) -w, --workdir string Working directory inside the container上面咱们通过一个简略的示例,介绍如何运行一个容器:
- 找到一个 Docker 镜像,例如:MySQL(opens new window)
运行如下的命令启动一个 MySQL 容器
docker run --name mysql -e MYSQL_ROOT_PASSWORD=123456 -d mysql:tag容器运行胜利后,运行如下命令即可开始应用 MySQL 的客户端命令
docker exec -it mysql mysql -uroot -p123456
上述示例咱们实现如下几个工作:
- 通过镜像页面找到运行容器的计划
- 运行一个容器
- 进入一个容器
创立镜像
Docker 的原理表明,容器的内核有一部分共享的 Docker 镜像的不变文件,另外一部分是可变文件。
所以,容器也能够很不便的转换成镜像。具体操作如下:
- 运行
docker ps命令获取容器的 ID 号 将容器导出为压缩文件
# 容器导出成 tarball 文件docker export -o mysql-`date +%Y%m%d`.tar f9fc8627b7fe# 查看文件ls mysql-`date +%Y%m%d`.tar将压缩文件转换成镜像
docker import mysql-20210416.tar mysql-test运行
docker image ls命令,查看刚转换胜利的镜像$ docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE mysql-test latest 05cb947f5572 5 seconds ago 209MB
从性能上讲,docker export相当于commit +save,先将容器commit成镜像,再save成文件。
下篇内容:境变量、数据卷等。期待您和小九一起持续学习~
本文由Websoft9原创公布,转载请注明出处。