关于docker:Docker入门实操

Docker初学者试验

代码筹备

需先自行在linux环境中装置好docker

$ lsDockerfile app.py requirements.txt 

Dockerfile

# 应用官网提供的 Python 开发镜像作为根底镜像# 指定了“python:2.7-slim”这个官网保护的根底镜像，从而免去了装置Python 等语言环境的操作FROM python:2.7-slim# 将工作目录切换为 /appWORKDIR /app# 将当前目录下的所有内容复制到 /app 下ADD . /app# 应用 pip 命令装置这个利用所须要的依赖RUN pip install --trusted-host pypi.python.org -r requirements.txt# 容许外界拜访容器的 80 端口EXPOSE 80# 设置环境变量ENV NAME World# 设置容器过程为：python app.py，即：这个 Python 利用的启动命令CMD ["python", "app.py"]

app.py

from flask import Flaskimport socketimport osapp = Flask(__name__)@app.route('/')def hello(): html = "<h3>Hello {name}!</h3>" \ "<b>Hostname:</b> {hostname}<br/>"  return html.format(name=os.getenv("NAME", "world"), hostname=socket.gethostname()) if __name__ == "__main__": app.run(host='0.0.0.0', port=80)

requirements.txt

Flask

制作docker镜像

# 执行命令root@VM-4-3-ubuntu:~/youkei/docker# docker build -t helloworld .# 屏幕输入Sending build context to Docker daemon  4.096kBStep 1/7 : FROM python:2.7-slim2.7-slim: Pulling from library/python123275d6e508: Pull complete dd1cd6637523: Pull complete 0c4e6d630f2c: Pull complete 13e9cd8f0ea1: Pull complete Digest: sha256:6c1ffdff499e29ea663e6e67c9b6b9a3b401d554d2c9f061f9a45344e3992363Status: Downloaded newer image for python:2.7-slim ---> eeb27ee6b893Step 2/7 : WORKDIR /app ---> Running in d24c0ec99c2bRemoving intermediate container d24c0ec99c2b ---> ce6e721af493Step 3/7 : ADD . /app ---> e27248668560Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt ---> Running in 9a0a673e0694DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-supportCollecting Flask  Downloading Flask-1.1.4-py2.py3-none-any.whl (94 kB)Collecting click<8.0,>=5.1  Downloading click-7.1.2-py2.py3-none-any.whl (82 kB)Collecting Werkzeug<2.0,>=0.15  Downloading Werkzeug-1.0.1-py2.py3-none-any.whl (298 kB)Collecting Jinja2<3.0,>=2.10.1  Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB)Collecting itsdangerous<2.0,>=0.24  Downloading itsdangerous-1.1.0-py2.py3-none-any.whl (16 kB)Collecting MarkupSafe>=0.23  Downloading MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl (24 kB)Installing collected packages: click, Werkzeug, MarkupSafe, Jinja2, itsdangerous, FlaskSuccessfully installed Flask-1.1.4 Jinja2-2.11.3 MarkupSafe-1.1.1 Werkzeug-1.0.1 click-7.1.2 itsdangerous-1.1.0WARNING: You are using pip version 20.0.2; however, version 20.3.4 is available.You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.Removing intermediate container 9a0a673e0694 ---> 04fca94cafb9Step 5/7 : EXPOSE 80 ---> Running in 0075c2c1ed93Removing intermediate container 0075c2c1ed93 ---> 7fdadace33a4Step 6/7 : ENV NAME World ---> Running in e9f625d20647Removing intermediate container e9f625d20647 ---> 4519da31ba33Step 7/7 : CMD ["python", "app.py"] ---> Running in f61e40b56589Removing intermediate container f61e40b56589 ---> 3a999beb7d15Successfully built 3a999beb7d15Successfully tagged helloworld:latest

docker images 查看

# 制作完镜像后，代码目录无变动root@VM-4-3-ubuntu:~/youkei/docker# lltotal 20drwxr-xr-x 2 root root 4096 Jun 27 15:34 ./drwxr-xr-x 4 root root 4096 Jun 27 15:23 ../-rw-r--r-- 1 root root  336 Jun 27 15:27 app.py-rw-r--r-- 1 root root  168 Jun 27 15:34 Dockerfile-rw-r--r-- 1 root root    6 Jun 27 15:28 requirements.txt# 查看打好的镜像root@VM-4-3-ubuntu:~/youkei/docker# docker image lsREPOSITORY                                              TAG        IMAGE ID       CREATED         SIZEhelloworld                                              latest     3a999beb7d15   5 minutes ago   158MBregistry.cn-hangzhou.aliyuncs.com/fengxuan/log4j_vuln   latest     5adc6879d812   6 months ago    1.03GBpython                                                  2.7-slim   eeb27ee6b893   2 years ago     148MBkdelfour/lychee-docker                                  latest     1bed5bfa1ad5   6 years ago     563MB

docker run启动容器

root@VM-4-3-ubuntu:~/youkei/docker# docker run -p 4000:80 helloworld * Serving Flask app "app" (lazy loading) * Environment: production   WARNING: This is a development server. Do not use it in a production deployment.   Use a production WSGI server instead. * Debug mode: off * Running on http://0.0.0.0:80/ (Press CTRL+C to quit)

docker ps 查看

root@VM-4-3-ubuntu:~# docker psCONTAINER ID   IMAGE        COMMAND           CREATED              STATUS              PORTS                                   NAMES311db91baf31   helloworld   "python app.py"   About a minute ago   Up About a minute   0.0.0.0:4000->80/tcp, :::4000->80/tcp   elastic_hoover

拜访宿主机 4000 端口

root@VM-4-3-ubuntu:~# curl http://localhost:4000<h3>Hello World!<h3><b>Hostname:</b> 311db91baf31<br/>

上传镜像

$ docker tag helloworld geektime/helloworld:v1

geektime 指Docker Hub 上的用户名
“/”前面的 helloworld 是这个镜像的名字
“v1”是给这个镜
像调配的版本号

$ docker tag iat-wecom:20220302162619 harbor.d.bank.local/test/iat-wecom:20220302162619

harbor.d.bank.local是企业级Registry服务器，Harbor 是为企业用户设计的容器镜像仓库开源我的项目，包含了权限治理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、治理界面、自我注册、HA 等企业必须的性能，同时针对中国用户的特点，设计镜像复制和中文反对等性能。
test是镜像仓库地址
iat-wecom是docker镜像名称
20220302162619是docker镜像版本

$ docker push geektime/helloworld:v1

把镜像上传到 Docker Hub 上

在容器外部操作

311db91baf31通过docker ps查得CONTAINER ID的值

root@VM-4-3-ubuntu:~# docker exec -it 311db91baf31 /bin/sh# pwd/app# touch test.txt # 在容器外部新建了一个文件# exit

# 将这个新建的文件提交到镜像中保留$ docker commit 4ddf4638572d geektime/helloworld:v2

查看容器过程

root@VM-4-3-ubuntu:~# docker inspect --format '{{ .State.Pid }}' 311db91baf31232400

查看宿主机 proc 文件

root@VM-4-3-ubuntu:~# ls -l /proc/232400/ns

一个过程的每种 Linux Namespace，都在它对应的 /proc/[过程号]/ns 下有一个对应的虚构文件，并且链接到一个实在的 Namespace 文件上。

一个过程，能够抉择退出到某个过程已有的 Namespace 当中，从而达到“进入”这个过程所在容器的目标，这正是 docker exec 的实现原理。

退出到已有容器

$ docker run -it --net container:4ddf4638572d busybox ifconfig

咱们新启动的这个容器，会间接退出到 ID=4ddf4638572d 的容器

将宿主机目录挂载进容器

因为执行这个挂载操作时，“容器过程”曾经创立了，也就意味着此时Mount Namespace 曾经开启了。所以，这个挂载事件只在这个容器里可见。你在宿主机上，是看不见容器外部的这个挂载点的。