Docker&K8s—Docker的安装、部署、镜像管理、容器操作、Dockerfile

容器概述

容器是一种基础工具。泛指任何可以用于容纳其它物品的工具，可以部分或完全封闭，被用于容纳、存储、运输物品。物体可以被放置在容器中，而容器则可以保护内容物。

— 维基百科

避免进程之间的可能的影响，我们分别把不同环境的进程再不同的容器种运行。在同一台宿主机但又相互隔离—虚拟化技术，类似于装虚拟机，然后在系统上装虚拟机上装操作系统，再装环境。这样太麻烦，容器技术相应出现—直接在系统安装Dockers Engine并在其上安装环境。

满足隔离条件：

容器发展历程

Docker简介

2013年Docker正式发布，早在2010年，几个大胡子就在旧金山成立了一家Paas平台的公司—dotCloud。2013 年 3 月，dotCloud 公司的创始人之一，Docker 之父，28 岁的 Solomon Hykes 正式决定，将 Docker 项目开源。

Build Once, Run Anywhere.

—Solomon Hykes

Docker基于容器技术的轻量级虚拟化解决方案
Docker是容器引擎，为用户提供了创建和管理容器的便捷界面（包括命令行和API）
开源，基于Go语言实现
大部分厂商都支持
整套的容器管理的生态系统

Docker引擎主要有两个版本：企业版（EE）和社区版（CE）。

Docker安装和部署

安装

阿里云ECS

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# uname -aLinux iZuf6g4e6vhdv58sz2z1klZ 4.18.0-193.28.1.el8_2.x86_64 #1 SMP Thu Oct 22 00:20:22 UTC 2020 x86_64 x86_64 x[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cat /etc/redhat-release CentOS Linux release 8.2.2004 (Core) [root@iZuf6g4e6vhdv58sz2z1klZ ~]# getenforce Disabled[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl stop firewalld[root@iZuf6g4e6vhdv58sz2z1klZ ~]# free -m total used free shared buff/cache availableMem: 1723 1115 139 3 468 440Swap: 1024 301 723# epel源[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install epel-release -yRepository epel is listed more than once in the configurationLast metadata expiration check: 2:47:33 ago on Wed 16 Jun 2021 03:07:22 PM CST.Package epel-release-8-10.el8.noarch is already installed.Dependencies resolved.Nothing to do.Complete!# 安装docker[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install -y yum-utils[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum list docker-ce --showduplicateRepository epel is listed more than once in the configurationDocker CE Stable - x86_64 78 kB/s | 14 kB 00:00 Available Packagesdocker-ce.x86_64 3:19.03.13-3.el8 docker-ce-stabledocker-ce.x86_64 3:19.03.14-3.el8 docker-ce-stabledocker-ce.x86_64 3:19.03.15-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.0-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.1-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.2-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.3-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.4-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.5-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.6-3.el8 docker-ce-stabledocker-ce.x86_64 3:20.10.7-3.el8 docker-ce-stable[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install docker-ce -y

部署

# 开机自启动[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl enable dockerCreated symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.# 启动docker[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl start docker# 配置[root@iZuf6g4e6vhdv58sz2z1klZ ~]#vi /etc/docker/daemon.json

配置文件

{'graph': '/mydata/docker','storage-driver': 'overlay2','insecure-registries': ['registry.access.redhat.com', 'quay.io'],'registry-mirrors': ['https://q2gr04ke.mirror.aliyuncs.com/'], 'bip': '172.17.0.1/24', 'exec-opts': ['native.cgroupdriver=systemd'], 'live-restore':true}

docker info

查看容器信息和启动是否正常

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl restart docker[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker infoClient: Context:    default Debug Mode: false Plugins:  app: Docker App (Docker Inc., v0.9.1-beta3)  buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)  scan: Docker Scan (Docker Inc., v0.8.0)Server: Containers: 0  Running: 0  Paused: 0  Stopped: 0 Images: 0 Server Version: 20.10.7 Storage Driver: overlay2  Backing Filesystem: xfs  Supports d_type: true  Native Overlay Diff: true  userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 1 Plugins:  Volume: local  Network: bridge host ipvlan macvlan null overlay  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 init version: de40ad0 Security Options:  seccomp   Profile: default Kernel Version: 4.18.0-193.28.1.el8_2.x86_64 Operating System: CentOS Linux 8 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.683GiB Name: iZuf6g4e6vhdv58sz2z1klZ ID: T3TJ:BJTA:U5PY:ZX74:K57G:7CDR:RMCT:CSBG:JLFG:FXPQ:KUB6:MVJT Docker Root Dir: /mydata/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries:  quay.io  registry.access.redhat.com  127.0.0.0/8 Registry Mirrors:  https://q2gr04ke.mirror.aliyuncs.com/ Live Restore Enabled: true

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

`第一个命令hello world`

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run hello-worldUnable to find image 'hello-world:latest' locallylatest: Pulling from library/hello-worldb8dfde127a29: Pull complete Digest: sha256:9f6ad537c5132bcce57f7a0a20e317228d382c3cd61edae14650eec68b2b345cStatus: Downloaded newer image for hello-world:latestHello from Docker!This message shows that your installation appears to be working correctly.To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the 'hello-world' image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bashShare images, automate workflows, and more with a free Docker ID: https://hub.docker.com/For more examples and ideas, visit: https://docs.docker.com/get-started/

Docker典型的C/S架构引擎

To generate this message, Docker took the following steps:

The Docker client contacted the Docker daemon.

The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)

The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.

The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

Docker的镜像管理

远端仓库

注册dockerhub: https://hub.docker.com/repositories

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker login docker.ioLogin with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.Username: dachongmingPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@iZuf6g4e6vhdv58sz2z1klZ ~]# # 信息存储在[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cat /root/.docker/config.json

1
2
3
4
5
6
7
8
9
10
11
12

1
2
3
4
5
6
7
8
9
10
11
12

`搜索镜像`

docker search alpine

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker search alpineNAME DESCRIPTION STARS OFFICIAL AUTOMATEDalpine A minimal Docker image based on Alpine Linux… 7551 [OK] mhart/alpine-node Minimal Node.js built on Alpine Linux 484 anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC 2.28 over A… 470 [OK]frolvlad/alpine-glibc Alpine Docker image with glibc (~12MB) 261 [OK]alpine/git A simple git container running in alpine li… 183 [OK]yobasystems/alpine-mariadb MariaDB running on Alpine Linux [docker] [am… 89 [OK]alpine/socat Run socat command in alpine container 68 [OK]davidcaste/alpine-tomcat Apache Tomcat 7/8 using Oracle Java 7/8 with… 44 [OK]kiasaki/alpine-postgres PostgreSQL docker image based on Alpine Linux 44 [OK]jfloff/alpine-python A small, more complete, Python Docker image … 41 [OK]byrnedo/alpine-curl Alpine linux with curl installed and set as … 34 [OK]zenika/alpine-chrome Chrome running in headless mode in a tiny Al… 34 [OK]hermsi/alpine-sshd Dockerize your OpenSSH-server with rsync and… 33 [OK]hermsi/alpine-fpm-php FPM-PHP 7.0 to 8.0, shipped along with tons … 25 [OK]etopian/alpine-php-wordpress Alpine WordPress Nginx PHP-FPM WP-CLI 25 [OK]bashell/alpine-bash Alpine Linux with /bin/bash as a default she… 18 [OK]davidcaste/alpine-java-unlimited-jce Oracle Java 8 (and 7) with GLIBC 2.21 over A… 13 [OK]roribio16/alpine-sqs Dockerized ElasticMQ server + web UI over Al… 13 [OK]spotify/alpine Alpine image with `bash` and `curl`. 11 [OK]cfmanteiga/alpine-bash-curl-jq Docker Alpine image with Bash, curl and jq p… 6 [OK]bushrangers/alpine-caddy Alpine Linux Docker Container running Caddys… 1 [OK]ellerbrock/alpine-mysql-client MySQL Client based on Alpine Linux 1 [OK]apteno/alpine-jq Weekly build of alpine image with curl, wget… 1 dwdraju/alpine-curl-jq Alpine Docker Image with curl, jq, bash 1 [OK]goodguykoi/alpine-curl-internal simple alpine image with curl installed no C… 1 [OK]

也可在dockerhub上搜索,有可视化界面

下载一个镜像

docker pull alpine

docker pull alpine 默认下载最新版

docker pull alpine:3.10.1 下载指定tag

docker pull docker.io/library/alpine:3.10.1 完整路径,其他仓库不可省,只有dockerhub可省

镜像结构: registry_name/repository_name/image_name:tag_name

例如:docker.io/library/alpine:3.10.1

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker pull alpineUsing default tag: latestlatest: Pulling from library/alpine5843afab3874: Pull complete Digest: sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0Status: Downloaded newer image for alpine:latestdocker.io/library/alpine:latest

`查看本地镜像`

docker image ls

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEalpine latest d4ff818577bc 14 hours ago 5.6MBhello-world latest d1165f221234 3 months ago 13.3kB

给镜像打标签

docker tag IMAGE ID registry_name/repository_name/image_name:tag_name

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker tag d4ff818577bc docker.io/dachongming/alpine:v3.14.0[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker image lsREPOSITORY           TAG       IMAGE ID       CREATED        SIZEdachongming/alpine   v3.14.0   d4ff818577bc   14 hours ago   5.6MBalpine               latest    d4ff818577bc   14 hours ago   5.6MBhello-world          latest    d1165f221234   3 months ago   13.3kB

`推送镜像`

docker push docker.io/dachongming/alpine:v3.14.0

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker push docker.io/dachongming/alpine:v3.14.0The push refers to repository [docker.io/dachongming/alpine]72e830a4dff5: Mounted from library/alpine v3.14.0: digest: sha256:1775bebec23e1f3ce486989bfc9ff3c4e951690df84aa9f926497d82f2ffca9d size: 528

删除镜像

docker rmi docker.io/dachongming/alpine:v3.14.0

只是删除标签

docker rmi -f IMAGE ID

强制删除所有

docker hub 上依然存在,想再有,直接pull即可

镜像只第一次拉取比较多,以后每次只拉取增量部分.

Docker容器的基本操作

查看本地的容器进程

docker ps -a

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -aCONTAINER ID   IMAGE         COMMAND    CREATED       STATUS                   PORTS     NAMESd3f98566b856   hello-world   '/hello'   2 hours ago   Exited (0) 2 hours ago             gallant_kepler[root@iZuf6g4e6vhdv58sz2z1klZ ~]#

`启动容器(运行镜像)`

docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run --helpUsage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]OPTIONS:选项-i:表示启动一个可交互的容器,并持续打开标准输入-t:表示使用终端关联到容器的标准输入输出上-d:表示将容器放置在后台运行-rm:退出后即删除容器-name:表示定义容器唯一名称IMAGE:表示要运行的镜像COMMAND:表示启动容器时要运行的命令

交互式启动一个容器

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -it docker.io/dachongming/alpine:v3.14.0 /bin/sh/ # cat /etc/issueWelcome to Alpine Linux 3.14Kernel \r on an \m (\l)/ # exit[root@iZuf6g4e6vhdv58sz2z1klZ ~]#

非交互式启动一个容器

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -rm docker.io/dachongming/alpine:v3.14.0 /bin/echo hello

后台运行

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run -d docker.io/dachongming/alpine:v3.14.0 /bin/sleep 300[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -aCONTAINER ID   IMAGE                        COMMAND            CREATED          STATUS                     PORTS     NAMES50d3d748b4f2   dachongming/alpine:v3.14.0   '/bin/sleep 300'   4 seconds ago    Up 3 seconds                         nervous_lumiereaaed2bd3a058   dachongming/alpine:v3.14.0   '/bin/sh'          10 minutes ago   Exited (0) 9 minutes ago             nervous_allend3f98566b856   hello-world                  '/hello'           2 hours ago      Exited (0) 2 hours ago               gallant_kepler

`进入容器`

docker exec -ti CONTAINER ID /bin/sh

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker exec -ti --name myalphin 50d3d748b4f2 /bin/sh/ # cat /etc/issueWelcome to Alpine Linux 3.14Kernel \r on an \m (\l)/ #

停止容器

docker stop CONTAINER ID

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker stop 50d3d748b4f250d3d748b4f2[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -aCONTAINER ID   IMAGE                        COMMAND            CREATED          STATUS                        PORTS     NAMES50d3d748b4f2   dachongming/alpine:v3.14.0   '/bin/sleep 300'   4 minutes ago    Exited (137) 14 seconds ago             nervous_lumiereaaed2bd3a058   dachongming/alpine:v3.14.0   '/bin/sh'          15 minutes ago   Exited (0) 14 minutes ago               nervous_allend3f98566b856   hello-world                  '/hello'           2 hours ago      Exited (0) 2 hours ago                  gallant_kepler

重启

docker restart CONTAINER ID

删除容器

docker rm CONTAINER ID

docker rm -f CONTAINER_NAME

写入文件持久保存

docker commit -p CONTAINER ID docker.io/dachongming/alpine:v3.14.0_with_1.txt

导入/导出镜像

导出

docker save IMAGE_ID > name:tag.tar
导入

docker load < name\:tag.tar

查看容器的日志

docker logs CONTAINER_ID

Docker容器的高级操作

下载Nginx镜像

docker pull nginx:tag

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker pull nginxUsing default tag: latestlatest: Pulling from library/nginx69692152171a: Pull complete 30afc0b18f67: Pull complete 596b1d696923: Pull complete febe5bd23e98: Pull complete 8283eee92e2f: Pull complete 351ad75a6cfa: Pull complete Digest: sha256:6d75c99af15565a301e48297fa2d121e15d80ad526f8369c526324f0f7ccb750Status: Downloaded newer image for nginx:latestdocker.io/library/nginx:latest

端口映射

docker run --rm --name mynginx -d -p81:80 dachongming/nginx:latest

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker tag d1a364dc548d dachongming/nginx:latest[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker run --rm --name mynginx -d -p81:80 dachongming/nginx:latest48c64b903bb2a260de104be1fa4c8597d291083d6edcff6b19f1a41d10ef7582[root@iZuf6g4e6vhdv58sz2z1klZ ~]# docker ps -aCONTAINER ID   IMAGE                        COMMAND                  CREATED         STATUS                      PORTS                               NAMES48c64b903bb2   dachongming/nginx:latest     '/docker-entrypoint.…'   6 seconds ago   Up 4 seconds                0.0.0.0:81->80/tcp, :::81->80/tcp   mynginx50d3d748b4f2   dachongming/alpine:v3.14.0   '/bin/sleep 300'         18 hours ago    Exited (137) 18 hours ago                                       nervous_lumiereaaed2bd3a058   dachongming/alpine:v3.14.0   '/bin/sh'                18 hours ago    Exited (0) 18 hours ago                                         nervous_allend3f98566b856   hello-world                  '/hello'                 20 hours ago    Exited (0) 20 hours ago                                         gallant_kepler[root@iZuf6g4e6vhdv58sz2z1klZ ~]#

1
2
3
4
5
6
7
8
9
10

1
2
3
4
5
6
7
8
9
10

在浏览器输入：IP:81

`挂载数据卷`

docker run -d --rm --name nginx_baidu -p81:80 -v/mydata/html:/usr/share/nginx/html dachongming/nginx:latest

[root@iZuf6g4e6vhdv58sz2z1klZ ~]# cd /mydata/[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# lsbill BlogLee blogleev2 docker[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mkdir html[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# lsbill BlogLee blogleev2 docker html[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# wget www.baidu.com -O index.html--2021-06-17 14:50:48-- http://www.baidu.com/Resolving www.baidu.com (www.baidu.com)... 112.80.248.76, 112.80.248.75Connecting to www.baidu.com (www.baidu.com)|112.80.248.76|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 2381 (2.3K) [text/html]Saving to: 'index.html’index.html 100%[========================================>] 2.33K --.-KB/s in 0s 2021-06-17 14:50:48 (171 MB/s) - 'index.html’ saved [2381/2381][root@iZuf6g4e6vhdv58sz2z1klZ mydata]# lsbill BlogLee blogleev2 docker html index.html[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mv index.html ./html[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# lsbill BlogLee blogleev2 docker html[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# cd html/[root@iZuf6g4e6vhdv58sz2z1klZ html]# LS-bash: LS: command not found[root@iZuf6g4e6vhdv58sz2z1klZ html]# lsindex.html[root@iZuf6g4e6vhdv58sz2z1klZ html]# cat index.html [root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run -d --rm --name nginx_baidu -p81:80 -v/mydata/html:/usr/share/nginx/html dachongming/nginx:latestef46c492a7d8bb60311b56e6685c77e72eda70bac0ed702e85f1696763e5fcc8[root@iZuf6g4e6vhdv58sz2z1klZ html]#

此时访问：IP:81

传递环境变量

docker run --rm -e KEY=VALUE alpine:latest printenv

[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run --rm -e KEY=VALUE alpine:latest printenvPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=6075948f8101KEY=VALUEHOME=/root[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker run --rm alpine:latest printenvPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOSTNAME=ec1fbe854da2HOME=/root[root@iZuf6g4e6vhdv58sz2z1klZ html]#

1
2
3
4
5
6
7
8
9
10

1
2
3
4
5
6
7
8
9
10

`容器内安装软件（工具）`

tee /etc/apt/sources.list << EOFdeb http://mirrors.163.com/debian/ jessie main non-free contribdeb http://mirrors.163.com/debian/ jessie-updates main non-free contribEOF[root@iZuf6g4e6vhdv58sz2z1klZ html]# docker exec -ti nginx_baidu /bin/bashroot@ef46c492a7d8:/# pwd/root@ef46c492a7d8:/# lsbin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp varboot docker-entrypoint.d etc lib media opt root sbin sys usrroot@ef46c492a7d8:/# tee /etc/apt/sources.list << EOF> deb http://mirrors.163.com/debian/ jessie main non-free contrib> deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib> EOFdeb http://mirrors.163.com/debian/ jessie main non-free contribdeb http://mirrors.163.com/debian/ jessie-updates main non-free contribroot@ef46c492a7d8:/# apt-get update && apt-get install curl -yIgn:1 http://mirrors.163.com/debian jessie InReleaseGet:2 http://mirrors.163.com/debian jessie-updates InRelease [16.3 kB]Get:3 http://mirrors.163.com/debian jessie Release [77.3 kB]Get:4 http://mirrors.163.com/debian jessie Release.gpg [1652 B]Err:2 http://mirrors.163.com/debian jessie-updates InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010Ign:4 http://mirrors.163.com/debian jessie Release.gpgReading package lists... DoneW: GPG error: http://mirrors.163.com/debian jessie-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010E: The repository 'http://mirrors.163.com/debian jessie-updates InRelease' is not signed.N: Updating from such a repository can't be done securely, and is therefore disabled by default.N: See apt-secure(8) manpage for repository creation and user configuration details.W: GPG error: http://mirrors.163.com/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1E: The repository 'http://mirrors.163.com/debian jessie Release' is not signed.N: Updating from such a repository can't be done securely, and is therefore disabled by default.N: See apt-secure(8) manpage for repository creation and user configuration details.root@ef46c492a7d8:/# curlcurl: try 'curl --help' or 'curl --manual' for more informationroot@ef46c492a7d8:/#

容器的生命周期

检测本地是否存在镜像，如果不存在即从远端仓库检索
利用镜像启动容器
分配一个文件系统，并在只读的镜像层外挂载一层可读写层
从宿主机配置的网桥接口种桥接一个虚拟接口到容器
从地址池配置一个ip地址给容器
执行用户指定的命令
执行完毕后容器终止

Dockerfile构建镜像

规则

格式
- #注释
- 指令（大写）内容（小写）实际上时不区分大小写的，但是尽量遵循
从上到下按顺序执行指令
第一个非注释行必须时FROM指令

4组核心的Dockerfile指令

构建：docker build . -t docker.io/dachongming/nginx:myfile

USER/WORKDIR

使用哪个用户 / 相当于cd，进到某个目录

[root@iZuf6g4e6vhdv58sz2z1klZ html]# cd /mydata/[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# mkdir dockerfile[root@iZuf6g4e6vhdv58sz2z1klZ mydata]# cd dockerfile/[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# ls'[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# vim DockerfileFROM docker.io/dachongming/nginx:latestUSER nginxWORKDIR /usr/share/nginx/html# 构建[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker build . -t docker.io/dachongming/nginx:myfileSending build context to Docker daemon  2.048kBStep 1/3 : FROM docker.io/dachongming/nginx:latest ---> d1a364dc548dStep 2/3 : USER nginx ---> Running in 050b6999cd9cRemoving intermediate container 050b6999cd9c ---> 106250864654Step 3/3 : WORKDIR /usr/share/nginx/html ---> Running in 616a745ff982Removing intermediate container 616a745ff982 ---> 95fe2fbc39a9Successfully built 95fe2fbc39a9Successfully tagged dachongming/nginx:myfile[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker run -rm -ti dachongming/nginx:myfile /bin/bashunknown shorthand flag: 'r' in -rmSee 'docker run --help'.[root@iZuf6g4e6vhdv58sz2z1klZ dockerfile]# docker run --rm -ti dachongming/nginx:myfile /bin/bashnginx@8bd7d3174e01:/usr/share/nginx/html$ pwd/usr/share/nginx/htmlnginx@8bd7d3174e01:/usr/share/nginx/html$ whoaminginxnginx@8bd7d3174e01:/usr/share/nginx/html$

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

ADD/EXPOSE

添加文件到容器 / 暴露哪个端口
FROM docker.io/dachongming/nginx:latestADD index.html /usr/share/nginx/html/index.htmlEXPOSE 80
- 1
- 2
- 3
- 1
- 2
- 3

RUN/ENV

执行命令在镜像种安装 / 环境变量

FROM centos:7ENV VER 9.9.4-74.e17_6.1RUN yum install bind-$VER -y

CMD/ENTRYPOINT

启动容器时执行命令 /

Docker&K8s