应用容器的理由
- 上线流程繁琐 开发->测试->申请资源->审批->部署->测试等环节
- 资源利用率低 广泛服务器利用率低,造成过多节约
- 扩容/缩容不及时 业务高峰期扩容流程繁琐,上线不及时
- 服务器环境臃肿 服务器越来越臃肿,对保护、迁徙带来艰难
- 环境不一致性 如开发环境和测试环境不统一,在测试的时候就因为环境问题而不能正确运行
容器VS虚拟机
- 容器
- 容器提供一个根本的独立环境,实现容器隔离、资源限度
- 次要解决应用层问题,利用疾速部署、高效治理
- 虚拟机
- 晋升服务器资源利用率
- 提供一个齐全隔离的环境
实现容器的核心技术
- Namespace:Linux Namespace是kernel的一个性能,它能够隔离一系列零碎的资源,Namespace是Linux内核用来隔离内核资源的形式。
- Cgroup(Control Groups):Cgroups是Linux内核提供的一种能够限度、记录、隔离过程组(process groups)所应用的物理资源(如:cpu,memory,IO等等)的机制
目前只须要晓得:
- 所谓的容器技术,是基于Linux操作系统的Namespace和Cgroup机制进行实现的
- Namespace次要用来做资源隔离,Cgroup次要用来做资源限度
- 容器底层就是基于Namespace和Cgroup实现
- 容器也只是一个过程而已
对于Linux的Namespace和Cgroups前面会专门进行分享。
docker是啥
- 应用最宽泛的开源容器引擎
- 一种操作系统级的虚拟化技术
- 依赖于Linux内核个性:Namespace(资源隔离)和Cgroups(资源限度)
- 一个简略的应用程序打包工具
docker的益处
- 提供简略的应用程序打包工具
- 开发人员和运维人员职责逻辑拆散
- 开发人员:开发我的项目、打包我的项目环境+代码成镜像、部署到容器平台
- 运维人员:怎么高效的去治理这些容器
- 带来的益处:运维人员结节省人工成本、继续公布有问题更好解决
- 多环境放弃一致性:开发环境、测试环境、预公布环境、生产环境
docker的利用场景
- 应用程序打包和公布
- 应用程序隔离
- 继续集成
- 部署微服务
- 疾速搭建测试环境
- 提供PaaS产品(平台即服务)
docker的组成
三大组成别离是镜像、容器、仓库,通过docker的命令能够对docker的对象进行治理、对象有:容器、镜像、网络等。
在centos7上装置docker-ce(社区版)
# 装置所需的零碎工具sudo yum install -y yum-utils device-mapper-persistent-data lvm2# 增加软件源信息yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.reposed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo#更新并装置Docker-CEyum makecache fastyum -y install docker-ce# 启动Docker服务systemctl start docker
docker镜像
- 一个分层存储的文件、不是一个繁多的文件
- 一个软件的环境
- 一个镜像能够创立N个容器
- 一种标准化的交付
- 一个不蕴含Linux内核而又精简的Linux操作系统
配置镜像加速器(指向国内的阿里云镜像仓库)
# 配置cat > /etc/docker/daemon.json <<EOF { "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]}EOF# 重启dockersystemctl restart docker
常用命令
docker pull # 拉取镜像docker push # 提交镜像docker images(或:docker image ls)# 查看镜像docker run # 启动容器docker prune # 删除不再应用的docker对象docker inspect # 查看容器详情信息docker build # 应用Dockerfile创立镜像docker save # 导出镜像docker load # 导入镜像docker rm # 删除容器docker tag # 批改镜像的tagdocker stop # 进行容器docker start # 启动容器docker restart # 重启容器docker top # 查看容器中运行的过程信息docker exec # 在运行的容器中执行命令docker cp # 在容器和主机之间进行数据拷贝docker logs # 查看容器的日志docker stats # 显示容器资源的应用状况,包含:CPU、内存、网络 I/O等docker port # 列出指定容器的端口映射docker commit # 从容器创立一个新的镜像
根底实战
- 拉取镜像
[root@test-a-docker01 ~]# [root@test-a-docker01 ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginxa2abf6c4d29d: Pull complete a9edb18cadd1: Pull complete 589b7251471a: Pull complete 186b1aaa4aa6: Pull complete b4df32aa5a72: Pull complete a0bcbecc962e: Pull complete Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31Status: Downloaded newer image for nginx:latestdocker.io/library/nginx:latest[root@test-a-docker01 ~]# docker pull centosUsing default tag: latestlatest: Pulling from library/centosa1d0c7532777: Pull complete Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177Status: Downloaded newer image for centos:latestdocker.io/library/centos:latest[root@test-a-docker01 ~]#
- 查看镜像
[root@test-a-docker01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 605c77e624dd 10 months ago 141MBcentos latest 5d0da3dc9764 14 months ago 231MB[root@test-a-docker01 ~]# docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 605c77e624dd 10 months ago 141MBcentos latest 5d0da3dc9764 14 months ago 231MB[root@test-a-docker01 ~]#
- 删除镜像
[root@test-a-docker01 ~]# docker image rm nginxUntagged: nginx:latestUntagged: nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7cDeleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f[root@test-a-docker01 ~]# docker image rm centosUntagged: centos:latestUntagged: centos@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177Deleted: sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6Deleted: sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59[root@test-a-docker01 ~]# [root@test-a-docker01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE[root@test-a-docker01 ~]## 更简洁的删除形式docker rmi centos
- 启动容器
[root@test-a-docker01 ~]# docker run -d -p 8080:80 --name web01 -h web01 nginxae5110bcb33626780b009d8d5ca11e3e217f767974d16f4e8d249755298bc927
- 查看容器
[root@test-a-docker01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESae5110bcb336 nginx "/docker-entrypoint.…" 4 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp web01[root@test-a-docker01 ~]#
- 进行容器
[root@test-a-docker01 ~]# docker stop web01web01
- 查看进行后的容器
[root@test-a-docker01 ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESae5110bcb336 nginx "/docker-entrypoint.…" 5 minutes ago Exited (0) 15 seconds ago web01[root@test-a-docker01 ~]#
- 启动容器
[root@test-a-docker01 ~]# docker start web01web01
- 重启容器
[root@test-a-docker01 ~]# docker restart web01web01
- 进入容器
[root@test-a-docker01 ~]# docker exec -it web01 bashroot@web01:/# lsbin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr varroot@web01:/# exit (退出容器)exit[root@test-a-docker01 ~]#
- 删除所有未被tag标记的镜像
[root@test-a-docker01 ~]# docker image pruneWARNING! This will remove all dangling images.Are you sure you want to continue? [y/N] yTotal reclaimed space: 0B[root@test-a-docker01 ~]#
- 删除所有未被容器应用的镜像
[root@test-a-docker01 ~]# docker image prune -aWARNING! This will remove all images without at least one container associated to them.Are you sure you want to continue? [y/N] yDeleted Images:untagged: centos:latestuntagged: centos@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177deleted: sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6deleted: sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59Total reclaimed space: 231.3MB[root@test-a-docker01 ~]#
- prune命令不再应用的docker对象更多例子
# 删除所有进行运行的容器docker container prune# 删除所有未被挂载的卷docker volume prune# 删除所有网络docker network prune# 删除docker所有资源docker system prune
- 查看容器详情
[root@test-a-docker01 ~]# docker inspect web01[ { "Id": "ae5110bcb33626780b009d8d5ca11e3e217f767974d16f4e8d249755298bc927", "Created": "2022-11-16T09:13:46.156778931Z", "Path": "/docker-entrypoint.sh", "Args": [ "nginx", "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false,......
- 批改镜像的tag(标签)
[root@test-a-docker01 ~]# docker tag nginx:latest nginx:v1[root@test-a-docker01 ~]# docker tag nginx:latest nginx:v2[root@test-a-docker01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 605c77e624dd 10 months ago 141MBnginx v1 605c77e624dd 10 months ago 141MBnginx v2 605c77e624dd 10 months ago 141MBcentos latest 5d0da3dc9764 14 months ago 231MB
- 导出(保留)镜像
# 形式1:重定向的形式[root@test-a-docker01 ~]# docker save nginx:v1 > nginx-v1.tar# 形式2:应用-o参数[root@test-a-docker01 ~]# docker save -o nginx-v2.tar nginx:v2[root@test-a-docker01 ~]# lsanaconda-ks.cfg nginx-v1.tar nginx-v2.tar[root@test-a-docker01 ~]#
- 导入镜像
# 先删除[root@test-a-docker01 ~]# docker rmi nginx:v1 nginx:v2Untagged: nginx:v1Untagged: nginx:v2# 再次查看[root@test-a-docker01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 605c77e624dd 10 months ago 141MBcentos latest 5d0da3dc9764 14 months ago 231MB# 导入形式1:重定向的形式[root@test-a-docker01 ~]# docker load < nginx-v1.tar Loaded image: nginx:v1# 导入形式2:应用-i参数[root@test-a-docker01 ~]# docker load -i nginx-v2.tar Loaded image: nginx:v2# 导入后查看[root@test-a-docker01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 605c77e624dd 10 months ago 141MBnginx v1 605c77e624dd 10 months ago 141MBnginx v2 605c77e624dd 10 months ago 141MBcentos latest 5d0da3dc9764 14 months ago 231MB[root@test-a-docker01 ~]#
- 查看容器中运行的过程信息
[root@test-a-docker01 ~]# docker top web01UID PID PPID C STIME TTY TIME CMDroot 18307 18288 0 17:22 ? 00:00:00 nginx: master process nginx -g daemon off;101 18349 18307 0 17:22 ? 00:00:00 nginx: worker process[root@test-a-docker01 ~]#
- 在运行的容器中执行命令
# 不进入容器执行命令[root@test-a-docker01 ~]# docker exec web01 cat /etc/hosts127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.17.0.2 web01[root@test-a-docker01 ~]# # 进入容器执行命令[root@test-a-docker01 ~]# docker exec -it web01 bashroot@web01:/# cat /etc/hosts127.0.0.1 localhost::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allrouters172.17.0.2 web01root@web01:/#
- 容器与主机之间的数据拷贝
# 宿主机当前目录下的123.txt文件拷贝到容器里的/tmp目录下[root@test-a-docker01 ~]# touch 123.txt[root@test-a-docker01 ~]# echo "hello" >> 123.txt [root@test-a-docker01 ~]# cat 123.txt hello[root@test-a-docker01 ~]# docker cp ./123.txt web01:/tmp/[root@test-a-docker01 ~]# docker exec web01 ls /tmp/123.txt# 将主机mydir目录拷贝到容器web01中的/tmp目录下,并将将其目录重命名为mydir01[root@test-a-docker01 ~]# mv 123.txt mydir/[root@test-a-docker01 ~]# docker cp ./mydir web01:/tmp/mydir01[root@test-a-docker01 ~]# docker exec web01 ls /tmp/123.txtmydir01[root@test-a-docker01 ~]# # 将容器web01里的/etc/nginx/nginx.conf文件拷贝的宿主机的当前目录下[root@test-a-docker01 ~]# docker cp web01:/etc/nginx/nginx.conf .
- 查看容器的日志 docker logs 命令的参数
- -f : 跟踪日志输入
- --since : 显示某个开始工夫的所有日志
- -t : 显示工夫戳
- --tail : 仅列出最新N条容器日志
# 跟踪查看容器web01的日志输入[root@test-a-docker01 ~]# docker logs -f web01/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d//docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh/docker-entrypoint.sh: Configuration complete; ready for start up2022/11/16 09:13:46 [notice] 1#1: using the "epoll" event method2022/11/16 09:13:46 [notice] 1#1: nginx/1.21.52022/11/16 09:13:46 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2022/11/16 09:13:46 [notice] 1#1: OS: Linux 3.10.0-1160.76.1.el7.x86_64......# 查看容器web01从2022年11月16日后的最新10条日志[root@test-a-docker01 ~]# docker logs --since="2022-11-16" --tail=10 web01/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh/docker-entrypoint.sh: Configuration complete; ready for start up2022/11/16 09:22:06 [notice] 1#1: using the "epoll" event method2022/11/16 09:22:06 [notice] 1#1: nginx/1.21.52022/11/16 09:22:06 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 2022/11/16 09:22:06 [notice] 1#1: OS: Linux 3.10.0-1160.76.1.el7.x86_642022/11/16 09:22:06 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:10485762022/11/16 09:22:06 [notice] 1#1: start worker processes2022/11/16 09:22:06 [notice] 1#1: start worker process 24[root@test-a-docker01 ~]#
- 显示容器资源的应用状况,包含:CPU、内存、网络 I/O 等。
# help可查看到更多的选项[root@test-a-docker01 ~]# docker stats --helpUsage: docker stats [OPTIONS] [CONTAINER...]Display a live stream of container(s) resource usage statisticsOptions: -a, --all Show all containers (default shows just running) --format string Pretty-print images using a Go template --no-stream Disable streaming stats and only pull the first result --no-trunc Do not truncate output[root@test-a-docker01 ~]# # 查看web01容器的运行信息[root@test-a-docker01 ~]# docker stats web01CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDSae5110bcb336 web01 0.00% 1.406MiB / 3.682GiB 0.04% 850B / 192B 0B / 0B 2CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDSae5110bcb336 web01 0.00% 1.406MiB / 3.682GiB 0.04% 850B / 192B 0B / 0B 2CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDSae5110bcb336 web01 0.00% 1.406MiB / 3.682GiB 0.04% 850B / 192B 0B / 0B 2CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDSae5110bcb336 web01 0.00% 1.406MiB / 3.682GiB 0.04% 850B / 192B 0B / 0B 2CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDSae5110bcb336 web01 0.00% 1.406MiB / 3.682GiB 0.04% 850B / 192B 0B / 0B 2^C[root@test-a-docker01 ~]# # 以json的格局输入[root@test-a-docker01 ~]# docker stats web01 --no-stream --format "{{ json . }}"{"BlockIO":"0B / 0B","CPUPerc":"0.00%","Container":"web01","ID":"ae5110bcb336","MemPerc":"0.04%","MemUsage":"1.406MiB / 3.682GiB","Name":"web01","NetIO":"850B / 192B","PIDs":"2"}[root@test-a-docker01 ~]#
- 列出指定端口的映射
[root@test-a-docker01 ~]# docker port web0180/tcp -> 0.0.0.0:808080/tcp -> :::8080[root@test-a-docker01 ~]#
上篇分享到此结束,搭建公有镜像仓库和制作镜像下篇持续分享,期待关注。
喜爱的盆友们关注咱们:https://mp.weixin.qq.com/s/Yp...