Wall crack recommended! Look at the complete mastery, the most detailed summary of Docker study notes (the latest version of 2021)

What is Docker?

Docker is an open source container engine that can easily create a lightweight, portable, and self-sufficient container for any application. Developers and system administrators can compile and test containers on their laptops and deploy them in production in batches, including VMs (virtual machines), bare metal, OpenStack clusters, clouds, data centers, and other basic application platforms. Containers use the sandbox mechanism completely, and there will be no interfaces between them.

Why use Docker?

Why use Docker? This starts from the current pain points in the software industry

• 1. Software update release and deployment are inefficient, the process is cumbersome and requires manual intervention
• 2. Environmental consistency is difficult to guarantee
• 3. The cost of migration between different environments is too high

With Docker, the above problems can be solved to a large extent.

First of all, the use of Docker is extremely simple. From a development perspective, it is a three-step process: build, transport, and run. The key step is to build the link, that is, package the image file. But from the perspective of testing and operation and maintenance, there are only two steps: copy and run. With this image, you can copy it to and run it anywhere, regardless of the platform. At the same time, the container technology of Docker isolates an independent operating space, and will not compete with other applications for system resources and there is no need to consider the mutual influence between applications. Just think about it.

Secondly, because all dependencies of the service program on the system are processed when the image is built, so when you use it, you can ignore the dependencies of the original program and the development language. As far as testing and operation and maintenance are concerned, they are more focused on their own business content.

Finally, Docker provides a management method for the development environment for developers, ensures the synchronization of the environment with testers, and provides a portable standardized deployment process for operation and maintenance personnel.

What can Docker do?

• Easy to build and easy to distribute
• Isolate applications and release dependencies
• Quickly deploy and sell after testing

Where is the application scenario of Docker? ?

1. Local Dependency

Do you need to quickly try Magento on your local system, or use MySQL for a project? Still want to try most open source projects? Then use Docker, it will save you a lot of time. Docker can improve the development efficiency of developers, allowing us to quickly build a development environment.

Machines in the development environment usually have relatively small memory. When virtual machines were used before, it was often necessary to add memory to the machines in the development environment. With Docker, dozens of services can be easily run in Docker.

1. Build Environment

If you want to build the source code, but find that you have not prepared a suitable environment.

Then using Docker is a solution worth considering. After all, if you use traditional methods to install software one by one, a lot of software is really time-consuming to install. Using container technology saves time and effort. Why not? It allows you to put the operating environment and configuration in the code and then deploy. The same Docker configuration can be used in different environments, which reduces the coupling between the hardware requirements and the application environment. Here is an example worth seeing: docker golang builder.

1. Microservices

Are you using microservices? The microservice architecture splits a monolithic application into loosely coupled individual services.

Then consider Docker. You can package each service as a docker image and use docker-compose to simulate the production environment (checkout docker networks). It may be time-consuming and labor-intensive at first, but in the long run, it will eventually produce huge productivity.

1. Automated testing

Imagine such a problem, how to write automated integration test cases, these test cases do not take a long time to start running, users can easily manage. This does not mean running test cases in Docker, but running test cases and images closely together. There is a big advantage when you write test cases for a docker image. Here is a brief introduction to my test process: run two docker images (app + db), load data when MySQL starts, and use API on app docker. You can view this script for a quick example.

1. Deployment process

You can use the docker image for self-deployment. Many mainstream hosting providers support hosting docker, if you have a dedicated node/vm with shell access, then things will become easier. Just set up docker and run your image on the port you want.

1. Continuous Deployment

It is said that Docker is inherently suitable for continuous integration/continuous deployment. When Docker is used in deployment, continuous deployment will become very simple and will restart after entering a new image. Regarding the automation of this part, there are now many solutions to choose from, and Kubernetes is a familiar name. Kubernetes is a container cluster management system. It is an open source platform that can realize automatic deployment, automatic expansion and contraction, and maintenance of container clusters.

1. Multi-tenancy

An interesting use case of Docker is in multi-tenant applications, which can avoid the rewriting of key applications. If you expose application services to multiple tenants (tenants refer to a group of users, such as organizations), applications designed with a single-tenant solution can quickly obtain multi-tenant services if they use sub-domain + docker.
An example of this scenario is the development of a fast and easy-to-use multi-tenant environment for IoT applications. The basic code of this kind of multi-tenancy is very complicated and difficult to handle. Re-planning such an application not only consumes time, but also wastes money. Using Docker, you can create an isolated environment for multiple instances of each tenant's application layer, which is not only simple but also low-cost. Of course, all this benefits from the startup speed of the Docker environment and its efficient diff command.

1. Multiple apps from one machine

This is somewhat related to the microservices mentioned above, but even if you do not use microservices, but only provide services, Docker can still manage all services on a single machine well. You should use folder mounting to retain data for each data-based docker image.

1. Scaling QPS (Scaling QPS)

Docker helps you scale easily by creating another container. If you encounter huge peak traffic, Docker can help you solve the problem-just add more machines and increase the number of containers running behind the load balancer.

Friends who want to know more about it can refer to: too complete | Detailed explanation of the principle, function and use of Docker architecture

Docker and Openstack comparison

Docker ecological overview

Docker installation

root@centos7 ~]# yum install docker -y
[root@centos7 ~]# systemctl start docker

Download the image file

[root@centos7 ~]# docker pull centos:latest
Trying to pull repository docker.io/library/centos ... 
centos7: Pulling from docker.io/library/centos
93857f76ae30: Pull complete 
Digest: sha256:4eda692c08e0a065ae91d74e82fff4af3da307b4341ad61fa61771cc4659af60
[root@centos7 ~]# docker images
REPOSITORY        TAG      IMAGE ID     CREATED     SIZE
docker.io/centos  centos7  a8493f5f50ff 3 days ago  192.5 MB

delete mirror

[root@centos7 ~]# docker rmi a8493f5f50ff    ##容器ID

Docker container creation and management

1) Create a container

method one:

[root@centos7 ~]# docker run centos /bin/echo "nihao"  ##创建容器
nihao
[root@centos7 ~]# docker ps -a   ##查看所有容器
CONTAINER ID  IMAGE  COMMAND   CREATED    STATUS   PORTS    NAMES
3c113f9a4f1b centos "/bin/echo nihao" 43 seconds ago Exited (0) 41 seconds ago  boring_liskov

The container name is not specified here, it is automatically named, and the status is automatic exit

Method 2: Create a custom-named container

[root@centos7 ~]# docker run --name mgg -t -i centos /bin/bash
                              名称  分配伪终端  -i 处于打开状态
[root@2db7f1389dbd /]# ps -ef
UID   PID  PPID  C STIME TTY  TIME CMD
root   1    0  0 22:46 ?   00:00:00 /bin/bash
root   13   1  0 22:49 ?  00:00:00 ps -ef
[root@centos7 ~]# docker ps
CONTAINER ID  IMAGE   COMMAND   CREATED   STATUS  PORTS    NAMES
2db7f1389dbd  centos  "/bin/bash"  4 minutes ago   Up 4 minutes   mgg

docker ps -a displays all containers including those that are not running (same as virsh list --all)

2) Enter, exit, and start the container

[root@2db7f1389dbd /]# exit   ##退出容器
exit
[root@centos7 ~]# docker start 2db7f1389dbd   ##启动容器
2db7f1389dbd
[root@centos7 ~]# docker attach 2db7f1389dbd  ##进入容器（必须是启动状态下）
[root@2db7f1389dbd /]# hostname
2db7f1389dbd

This way of entering, the container will enter the Down state after exiting, as follows

[root@2db7f1389dbd /]# exit
exit
[root@centos7 ~]# docker ps
CONTAINER ID   IMAGE  COMMAND   CREATED    STATUS    PORTS   NAMES

3) Use the nsenter command to enter the container

[root@centos7 ~]# nsenter --help
Usage:
 nsenter [options] <program> [<argument>...]
Run a program with namespaces of other processes.
Options:
 -t, --target <pid>     target process to get namespaces from
 -m, --mount[=<file>]   enter mount namespace
 -u, --uts[=<file>]     enter UTS namespace (hostname etc)
 -i, --ipc[=<file>]     enter System V IPC namespace
 -n, --net[=<file>]     enter network namespace
 -p, --pid[=<file>]     enter pid namespace
 -U, --user[=<file>]    enter user namespace
 -S, --setuid <uid>     set uid in entered namespace
 -G, --setgid <gid>     set gid in entered namespace
     --preserve-credentials do not touch uids or gids
 -r, --root[=<dir>]     set the root directory
 -w, --wd[=<dir>]       set the working directory
 -F, --no-fork          do not fork before exec'ing <program>
 -Z, --follow-context   set SELinux context according to --target PID
 -h, --help     display this help and exit
 -V, --version  output version information and exit

Get the PID of the container

[root@centos7 ~]# docker inspect --format "{{.State.Pid}}" 2db7f1389dbd 
4580
[root@centos7 ~]# nsenter -t 4580 -u -i -n -p
[root@2db7f1389dbd ~]# hostname
2db7f1389dbd
[root@2db7f1389dbd ~]# exit
logout
[root@centos7 ~]# docker ps
CONTAINER ID  IMAGE    COMMAND    CREATED    STATUS   PORTS  NAMES
2db7f1389dbd  centos    "/bin/bash" 22 minutes ago   Up 7 minutes  mgg

4) Delete the container

[root@centos7 ~]# docker ps -a
CONTAINER ID   IMAGE  COMMAND   CREATED     STATUS    PORTS    NAMES
2db7f1389dbd  centos  "/bin/bash"  31 minutes ago  Up 16 minutes  mgg
3c113f9a4f1b  centos  "/bin/echo nihao" 38 minutes ago Exited (0) 38 minutes ago boring_liskov
[root@centos7 ~]# docker rm 3c113f9a4f1b  ##接名称也可以，删除一个停止的容器
3c113f9a4f1b
[root@centos7 ~]# docker rm -f   3c113f9a4f1b ##删除一个正在运行的容器
[root@centos7 ~]# docker ps -a          
CONTAINER ID  IMAGE   COMMAND    CREATED    STATUS    PORTS   NAMES
2db7f1389dbd    centos    "/bin/bash"    31 minutes ago   Up 16 minutes  mgg
[root@centos7 ~]# docker run --rm centos /bin/echo "hello"   ##创建时自动删除，用于测试
[root@centos7 ~]#docker --kill $(docker ps -a -q)            ##删除正在运行的容器

Docker network mode

Dokcer provides communication between containers by using Linux bridges. Docker has four network modes

They are the following four modes:

• host mode, use --net=host to specify.
• Container mode, use --net=container:NAMEorID to specify.
• none mode, use --net=none to specify.
• bridge mode, use --net=bridge to specify, the default configuration
• host mode

If the container uses the host mode, the container will not get an independent Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card and configure IP, etc., but use the host's IP and port. It's the same as running directly on the host. However, the file system and process list of the container are still isolated from the host.

• container mode

This mode specifies that the newly created container shares a Network Namespace with an existing container instead of sharing with the host. The newly created container will not create its own network card and configure IP, but will share IP, port range, etc. with a specified container. Similarly, the two containers are still isolated in addition to the network.

• none mode

This mode is different from the first two. Docker containers have their own Network Namespace, but Docker containers do not have any network configuration. Instead, we need to manually add network cards, configure IP, etc. to the Docker container.

• bridge mode

This mode is the default network setting of Docker. This mode assigns a Network Namespace to each container and connects the Docker container on a host to a virtual bridge.

For more about Docker container network introduction, please refer to: Docker container network-basics , Docker container network-implementation .

Docker data storage

There are two ways for docker to manage data:

• Data volume
• Data volume container

The data of the default container is stored in the readable and writable layer of the container. When the container is deleted, the data on it will also be lost. Therefore, in order to achieve data persistence, you need to choose a data persistence technology to save the data. Three storage methods are officially provided: Volumes, Bind mounts and tmpfs.

Data storage method

From now on, we learn Docker container data storage, you can first look Docker data persistence three options .

Bind mount will overwrite the files in the container, but volume mount will not. That is, if there are files in the container, the files will be synchronized to the host's directory. This way mount a Linux system is very similar to the way that the container will cover an existing directory or file, but does not change the the container the original file, the original file umount when the vessel will be restored.

Volumes

• Created and managed by docker , and isolated from the core functions of the host
• Both named and anonymous data volumes are stored under /var/lib/docker/volumes/
• The defined data volume can be used in multiple containers at the same time and will not be automatically deleted
• Allow containers to save content to remote sites, cloud service providers, encrypted content, etc.

Bind mounts

• Compared with data volumes, hanging on the host directory has limited functions
• The application file or directory does not need to exist in advance, it will be created automatically when used
• This method allows access to sensitive files in the container, which may cause security risks

Memory mapping (tmpfs)

• Only stored in the container's memory, never written to the file system
• The swarm service uses tmpfs mount to mount sensitive information into the container

Data volume

The data volume is stored under a specific directory of Docker container

Advantage description

The Docker Volumes mechanism is usually used to store persistent data for Docker containers. There are many advantages to using Volumes:

• Easier backup and data migration
• Use Docker CLI commands or Docker API to manage
• Can be used on Linux and Windows operating systems
• Can be shared in multiple containers more securely
• Volume drivers allow containers to save content to remote sites, cloud service providers, and encrypt volume content
• The contents of the new volume can be pre-filled by the container

Volumes are generally better than the writable layer of the container. Using Volumes does not increase the volume of the container, and the contents of Volumes are stored externally independent of the container's life cycle. If the container does not generate persistent data, you can consider using tmpfs memory mapping (only stored in the container's memory) to avoid storing data in other possible places and avoid increasing the volume of the container.

Instructions for use

At the beginning, the -v or --volume option is for individual containers, and the --mount option is for cluster services. But starting from Docker 17.06, you can also use --mount on a separate container. Generally speaking, the --mount option is also more specific and detailed. The -v option groups all options into one value, while the --mount option separates the optional items. If you need to specify the volume driver option, you must use the --mount option.

# 创建一个数据卷
$ docker volume create my-vol

# 查看所有的数据卷
$ docker volume ls

# 查看指定数据卷的信息
$ docker volume inspect my-vol
[
    {
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
        "Name": "my-vol",
        "Options": {},
        "Scope": "local"
    }
]

# 移除指定数据卷的
$ docker volume rm my-vol

# 清除无主的数据卷
$ docker volume prune

# 启动一个挂载数据卷的容器
$ docker run -d -P --name web \
    -v my-vol:/wepapp \
    training/webapp python app.py

$ docker run -d -P --name web \
    --mount source=my-vol,target=/webapp \
    training/webapp python app.py

# 启动一个挂载数据卷的服务
$ docker service create -d --name devtest-service \
    --mount source=myvol2,target=/app \
    nginx:latest

# 挂载为只读模式
$ docker run -d --name=nginxtest \
    -v nginx-vol:/usr/share/nginx/html:ro \
    nginx:latest

# type可以分为bind、volume、tmpfs, 默认为volume
# source用于设置数据卷的名称，匿名数据卷可以省略
# target表示需要挂载到容器里面的地方
# readonly表示挂载的内容为只读模式，可选
# volume-opt表示可以使用多次，可选
$ docker run -d --name=nginxtest \
    --mount source=nginx-vol,destination=/usr/share/nginx/html,readonly \
    nginx:latest
[3] 挂载远程数据卷

# 插件sshfs允许您轻松地在容器中挂载远程文件夹

# 下载该插件
$ docker plugin install --grant-all-permissions vieux/sshfs

# 使用该驱动创建ssh数据卷
$ docker volume create --driver vieux/sshfs \
    -o sshcmd=test@node2:/home/test \
    -o password=testpassword \
    -o port=3336 \
    sshvolume

# 启动该驱动程序创建卷创建容器
# 如果两个容器配置了可信关系，就不需要设置volume-opt密码了
$ docker run -d \
    --name sshfs-container \
    --volume-driver vieux/sshfs \
    --mount src=sshvolume,target=/app, \
    volume-opt=sshcmd=test@node2:/home/test,volume-opt=password=testpassword \
    nginx:latest

Mount the host directory-bind mounts

Mounting the host directory is to directly hang a specific directory in the host into the container for use

Instructions for use

# 使用bind模式启动容器
$ docker run -d -it --name devtest \
    -v "$(pwd)"/target:/app \
    nginx:latest

$ docker run -d -it --name devtest \
    --mount type=bind,source="$(pwd)"/target,target=/app \
    nginx:latest

# 看下对应的信息
$ docker inspect devtest
"Mounts": [
    {
        "Type": "bind",
        "Source": "/tmp/source/target",
        "Destination": "/app",
        "Mode": "",
        "RW": true,
        "Propagation": "rprivate"
    }
]

# 挂载为只读模式
$ docker run -d -it --name devtest \
    -v "$(pwd)"/target:/app:ro \
    nginx:latest

$ docker run -d -it --name devtest \
    --mount type=bind,source="$(pwd)"/target,target=/app,readonly \
    nginx:latest

Special attributes

$ docker run -d -it --name devtest \
    -v "$(pwd)"/target:/app \
    -v "$(pwd)"/target:/app2:ro,rslave \
    nginx:latest

$ docker run -d -it --name devtest \
    --mount type=bind,source="$(pwd)"/target,target=/app \
    --mount type=bind,source="$(pwd)"/target,target=/app2,readonly,bind-propagation=rslave \
    nginx:latest

Memory mapping-tmpfs

Memory mapping is to map memory into the container for internal use in the container

Advantage description

Initially --tmpfs was used for individual containers, and the --mount option was used for swarm cluster services. However, starting from Docker 17.06, --mount can also be used on a separate container. Generally speaking, --mount is more explicit and verbose. The biggest difference is that the --tmpfs flag does not support any configurable options. Among them --tmpfs can only be used in containers, and swarm clusters must use --mount to use tmpfs memory mapping.

Instructions for use

# 容器上使用
$ docker run -d -it --name tmptest \
    --tmpfs /app \
    nginx:latest

$ docker run -d -it --name tmptest \
    --mount type=tmpfs,destination=/app \
    nginx:latest

Log Drive-logs

View the log output inside the container outside the container to facilitate troubleshooting and monitoring of problems

You can use the docker logs command to view the logs generated when the application inside the Docker container is running. You can avoid the process of entering the Docker container first and then opening the application log file. docker logs will monitor the standard output device (STDOUT) of the operating system in the container. Once STDOUT has data generated, it will transmit the data to another device, which is called the Logging Driver.

# 动态查看日志内容
$ docker logs -f netdata
Docker 是怎样做到的呢？我们使用 docker info 命令，可以看到 Docker 容器的相关信息，其中有一项 Logging Driver 的字段。

# 当前所设置的日志驱动类型
$ docker info | grep 'Logging Driver'
Logging Driver: json-file

We can use the --log-driver parameter in the docker run command to set the specific Docker log driver, or use the --log-opt parameter to specify the related options of the corresponding log driver.

docker run -d -p 80:80 --name nginx \    
--log-driver json-file \ # 设置日志驱动    
--log-opt max-size=10m \ # 表示JSON文件最大为10MB，超过则生成新的文件    
--log-opt max-file=3 \   # 表示JSON文件最多保存3个，超过则删除多余文件    
nginx

# 当然，可以在配置文件中添加，全局生效
$ cat /etc/docker/daemon.json
{
  "log-driver": "syslog"
}

# 修改配置之后重启服务
$ sudo systemctl restart docker

In addition, it should be noted that by default, Docker stores logs to a log file.

# 检查日志文件路径
$ docker inspect --format='{{.LogPath}}' netdata
/var/lib/docker/containers/556553bcb5xxx13cbc588a4-json.log

# 查看实时日志信息
$ tail -f `docker inspect --format='{{.LogPath}}' netdata`

Reference to the above content: https://escapelife.github.io/posts/c2e250ea.html

Introduction to Docker Command

After installing the docker container service, you need to know how to operate it? You can view the help information by directly typing docker in the shell command line, as follows.

[root@master ~]# docker
Usage:    docker COMMAND
A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -D, --debug              Enable debug mode
      --help               Print usage
  -H, --host list          Daemon socket(s) to connect to (default [])
  -l, --log-level string   Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  container   Manage containers
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  volume      Manage volumes

Commands:
  attach      Attach to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

There are many commands, focus on these 20, please read the following article in detail:

these 20 Docker Commands, how many do you know?

Docker file

A brief introduction to Docker file

Docker can use the contents of the Dockerfile to automatically build the image. Dockerfile is also a file, which contains a series of commands such as creating a mirror and running instructions, and each line only supports one running command.

Docker file is divided into four parts:

• Basic Mirror Letter
• Maintainer information
• Mirror operation instructions
• Execute instructions when the container starts

The dockerfile command ignores uppercase and lowercase letters. Uppercase is recommended. #As a comment, only one command per line is supported, and the command can take multiple parameters.

The dockerfile instructions are:

• Build instructions: used to build the image, the specified operation will not be executed in the container running the image.
• Setting instructions: used to set the attributes of the image, and the specified operations will be executed in the container running the image.

Dockerfile instructions

There are the following types of Dockerfile instructions:

• 1、FROM

Used to specify the base image, and then build a new image on the base image. The base image generally has a remote or local warehouse. And the required FROM instruction in the first line of the Dockerfile file, if a Dockerfile needs to create multiple images, you can use multiple FROM instructions.

#具体使用用法如下：
FROM < image_name >   #默认是latest版本
FROM <image:version>  #指定版本

• 2、MAINTAINER

Specify the creator information of the mirror

#具体使用法如下：
MAINTAINER < name >

• 3、RUN

Run all the commands that the basic image can support, you can also use multiple RUN instructions, you can use \ to wrap

#具体使用法如下：
RUN < command >
RUN ["executable", "param1", "param2" ... ] (exec form) 

• 4、CMD

It is used for the specified operation when the container starts. It can be a command or a script, but it will only be executed once. If there are many, it will only execute the last one by default.

#具体使用法如下：
CMD [“executable” ,”Param1”, “param2”]使用exec执行，推荐 
CMD command param1 param2，在/bin/sh上执行 
CMD [“Param1”, “param2”] 提供给ENTRYPOINT做默认参数。

• 5、EXPOSE

Specify the port mapping of the container (container and physical machine). When running the container, add the -p parameter to specify the port set by EXPOSE. EXPOSE can set multiple port numbers, and use the -p parameter multiple times to run the container accordingly. You can refer to the host's mapped port by docker port + the port number and container ID that the container needs to map.

#具体使用法如下：
EXPOSE <port> [port1 , port2 ............]

• 6、ENV

It is used to set environment variables in the image, and then the RUN command can use the environment variables that are set. After the container is started, the environment variables can also be viewed through docker inspect. You can set or modify the environment variables through docker run --env key=value .

#具体使用法如下：
ENV <key> <value>
ENV JAVA_HOME /usr/local/jdk

• 7、ADD

Copy the specified source file, directory, and URL to the specified directory of the container. The permissions of all files and folders copied to the container are 0755, and the uid and gid are 0.

If the source is a directory, all files in the directory will be added to the container, excluding the directory;

If the source file is in a recognizable compression format, docker will help decompress it (note the compression format);

If the source is a file and the target directory does not end with a slash, the target directory will be regarded as a file, and the contents of the source will be written into the target directory;

If the source is a file and the target directory ends with a slash, the source file will be copied to the target directory.

#具体使用法如下：
ADD <源> <目标>

• 8、COPY

Copy the source of the local host (the directory where the Dockerfile is located by default) to the target in the container. The target path will be created automatically if it does not exist.

#具体使用法如下：
COPY <源> <目标>
COPY web/index.html  /var/web/

• The path must be an absolute path, if it does not exist, the corresponding directory will be created automatically
• The path must be relative to the path where the Dockerfile is located
• If it is a directory, only the contents under the directory will be copied, but the directory itself will not be copied
• 9、ENTRYPOINT

Specify the command to be executed after the container is started, and only the last line is executed for multiple lines. And it cannot be overridden by the parameters provided by docker run.

#具体使用法如下：
ENTRYPOINT "command" "param1" "param2"

• 10、VOLUME

Create a mount point that can be mounted from the local host or other containers, generally used to store data. This function can also be achieved with docker run -v.

#具体使用法如下：
VOLUME  [directory_name]
VOLUME /docker_data

• 11、USER

Specify the user or UID used when the container is running, and later RUN, CMD, and ENTRYPIONT will use this user to run commands.

#具体使用法如下：
USER [username/uid]

• 12、WORKDIR

Specify the running directory of the command specified by RUN, CMD, and ENTRYPIONT. Multiple WORKDIR instructions can be used. If the subsequent parameter is a relative path, it will be based on the path specified by the previous command. Such as: WORKDIR /data WORKDIR work. The final path is /data/work. The path path can also be an environment variable.

#具体使用方法如下：
WORKDIR [path]

• 13、ONBUILD

When configuring the currently created image as the base image of other newly created images, the operation instructions are executed. That is, after this mirror is created, if other mirrors are based on this mirror, the ONBUILD command of this mirror will be executed first.

#具体使用法如下：
ONBUILD [INSTRUCTION]

Quickly build an image through Dockerfile

Next, we will demonstrate the use of Dockerfile by building a Tomcat image. The premise is to install the Docker environment. How to install the Docker environment will not be repeated here. Please jab the following text:

[root@master tomcat]# ll
总用量 190504
-rw-r--r-- 1 root root   9552281 6月   7 15:07 apache-tomcat-8.5.31.tar.gz
-rw-r--r-- 1 root root        32 7月   3 09:41 index.jsp
-rw-r--r-- 1 root root 185515842 9月  20 2017 jdk-8u144-linux-x64.tar.gz
[root@master tomcat]# cat index.jsp 
welcome to mingongge's web site
[root@master tomcat]# pwd
/root/docker/tomcat
[root@master tomcat]# vim Dockerfile
#config file start#
FROM centos
MAINTAINER mingongge <微信公众号:民工哥技术之路>

#add jdk and tomcat software
ADD jdk-8u144-linux-x64.tar.gz /usr/local/
ADD apache-tomcat-8.5.31.tar.gz /usr/local/
ADD index.jsp /usr/local/apache-tomcat-8.5.31/webapps/ROOT/

#config java and tomcat ENV
ENV JAVA_HOME /usr/local/jdk1.8.0_144
ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV CATALINA_HOME /usr/local/apache-tomcat-8.5.31/
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin

#config listen port of tomcat
EXPOSE 8080

#config startup command of tomcat
CMD /usr/local/apache-tomcat-8.5.31/bin/catalina.sh run

#end of config-file#

Build process

[root@master tomcat]# docker build -t tomcat-web . #这个.不用注释了吧相信懂的人自然懂的
Sending build context to Docker daemon 195.1 MB
Step 1/11 : FROM centos
 ---> 49f7960eb7e4
Step 2/11 : MAINTAINER mingongge <微信公众号:民工哥技术之路>
 ---> Running in afac1e218299
 ---> a404621fac22
Removing intermediate container afac1e218299
Step 3/11 : ADD jdk-8u144-linux-x64.tar.gz /usr/local/
 ---> 4e22dafc2f76
Removing intermediate container b1b23c6f202a
Step 4/11 : ADD apache-tomcat-8.5.31.tar.gz /usr/local/
 ---> 1efe59301d59
Removing intermediate container aa78d5441a0a
Step 5/11 : ADD index.jsp /usr/local/apache-tomcat-8.5.31/webapps/ROOT/
 ---> f09236522370
Removing intermediate container eb54e6eb963a
Step 6/11 : ENV JAVA_HOME /usr/local/jdk1.8.0_144
 ---> Running in 3aa91b03d2d1
 ---> b497c5482fe0
Removing intermediate container 3aa91b03d2d1
Step 7/11 : ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 ---> Running in f2649b5069be
 ---> 9cedb218a8df
Removing intermediate container f2649b5069be
Step 8/11 : ENV CATALINA_HOME /usr/local/apache-tomcat-8.5.31/
 ---> Running in 39ef620232d9
 ---> ccab256164fe
Removing intermediate container 39ef620232d9
Step 9/11 : ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin
 ---> Running in a58944d03d4a
 ---> f57de761a759
Removing intermediate container a58944d03d4a
Step 10/11 : EXPOSE 8080
 ---> Running in 30681437d265
 ---> b906dcc26584
Removing intermediate container 30681437d265
Step 11/11 : CMD /usr/local/apache-tomcat-8.5.31/bin/catalina.sh run
 ---> Running in 437790cc642a
 ---> 95204158ee68
Removing intermediate container 437790cc642a
Successfully built 95204158ee68

Start the container from the built image

[root@master tomcat]# docker run -d -p 8080:8080 tomcat-web
b5b65bee5aedea2f48edb276c543c15c913166bf489088678c5a44fe9769ef45
[root@master tomcat]# docker ps
CONTAINER ID   IMAGE        COMMAND                  CREATED        STATUS         PORTS                    NAMES
b5b65bee5aed   tomcat-web   "/bin/sh -c '/usr/..."   5 seconds ago  Up 4 seconds   0.0.0.0:8080->8080/tcp   vigilant_heisenberg

Access container

Browser input http://server-ip :8080, the result is as follows:

Docker Three Musketeers

Container Technology｜Compose of Docker Three Musketeers

Container Technology | Docker-machine of the Docker Three Musketeers

to create a highly compelling, visualized Docker container monitoring system platform

Private mirror warehouse construction

When we execute docker pull xxx, docker searches for the image file we need from the address of registry.docker.com by default, and then executes the download operation. This type of mirror warehouse is the default public warehouse of docker, and everyone can directly view or download and use it. However, due to network reasons, the download speed is limited and slower. Therefore, we use dokcer in the company's internal intranet environment, and generally do not upload the image file to the public library on the public network. But internal shared use is a problem, so private warehouses are born from this.

What is a private warehouse?

A private warehouse is a mirrored warehouse built locally (in the internal network environment) that has similar functions to the public network public library. After the establishment, we can submit the packaged image to the private warehouse, so that other users on the intranet can also use the image file.

This article uses the official registry mirroring to build a private mirror warehouse for the enterprise intranet

Environment introduction

Two hosts with docker environment installed

• Server: 192.168.3.82 The private warehouse server is in, running the registry container
• Client: 192.168.3.83 test client, used to upload and download mirror files

Installation and deployment process

Download the official registry image file

[root@master ~]# docker pull registry
Using default tag: latest
Trying to pull repository docker.io/library/registry ... 
latest: Pulling from docker.io/library/registry
81033e7c1d6a: Pull complete 
b235084c2315: Pull complete 
c692f3a6894b: Pull complete 
ba2177f3a70e: Pull complete 
a8d793620947: Pull complete 
Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54
Status: Downloaded newer image for docker.io/registry:latest
[root@master ~]# docker images |grep registry
docker.io/registry   latest  d1fd7d86a825   5 months ago  33.3 MB

Run the registry container

[root@master ~]# mkdir /docker/registry -p
[root@master ~]# docker run -itd -v /docker/registry/:/docker/registry -p 5000:5000 --restart=always --name registry registry:latest
26d0b91a267f684f9da68f01d869b31dbc037ee6e7bf255d8fb435a22b857a0e
[root@master ~]# docker ps
CONTAINER ID   IMAGE            COMMAND                  CREATED        STATUS        PORTS                    NAMES
26d0b91a267f   registry:latest  "/entrypoint.sh /e..."   4 seconds ago  Up 3 seconds  0.0.0.0:5000->5000/tcp   registry

Parameter Description

1）-itd：在容器中打开一个伪终端进行交互操作，并在后台运行；
2）-v：把宿主机的/docker/registry目录绑定到容器/docker/registry目录(这个目录是registry容器中存放镜像文件的目录)，来实现数据的持久化；
3）-p：映射端口；访问宿主机的5000端口就访问到registry容器的服务了；
4）--restart=always：这是重启的策略，假如这个容器异常退出会自动重启容器；
5）--name registry：创建容器命名为registry，可自定义任何名称；
6）registry:latest：这个是刚才pull下来的镜像；

View remote warehouse image files

[root@master ~]# curl http://localhost:5000/v2/_catalog
{"repositories":[]}

You can also use a browser to visit http://server-ip :5000/v2/_catalog, the result is the same, all are empty without any files.

Client operation

Modify the downloaded mirror source

[root@slave1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"]
}
[root@slave1 ~]# systemctl restart docker

Download the test image

[root@slave1 ~]# docker pull nginx
Using default tag: latest
Trying to pull repository docker.io/library/nginx ... 
latest: Pulling from docker.io/library/nginx
683abbb4ea60: Pull complete 
6ff57cbc007a: Pull complete 
162f7aebbf40: Pull complete 
Digest: sha256:636dd2749d9a363e5b57557672a9ebc7c6d041c88d9aef184308d7434296feea
Status: Downloaded newer image for docker.io/nginx:latest

Tag the mirror

[root@slave1 ~]# docker tag nginx:latest 192.168.3.82:5000/nginx:v1
[root@slave1 ~]# docker images
REPOSITORY                TAG       IMAGE ID        CREATED       SIZE
192.168.3.82:5000/nginx   v1        649dcb69b782    8 hours ago   109 MB
docker.io/nginx           latest    649dcb69b782    8 hours ago   109 MB

Upload image

[root@slave1 ~]# docker push 192.168.3.82:5000/nginx:v1
The push refers to a repository [192.168.3.82:5000/nginx]
Get https://192.168.3.82:5000/v1/_ping: http: server gave HTTP response to HTTPS client
#注意这里出现报错提示，从提示信息可以看出需要使用https的方式才能上传，解决方案如下：
[root@slave1 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://registry.docker-cn.com"],
 "insecure-registries":["192.168.3.82:5000"]
}
#添加私有镜像服务器的地址，注意书写格式为json，有严格的书写要求，需要重启docker服务生效配置
[root@slave1 ~]# systemctl restart docker
[root@slave1 ~]# docker push 192.168.3.82:5000/nginx:v1
The push refers to a repository [192.168.3.82:5000/nginx]
6ee5b085558c: Pushed 
78f25536dafc: Pushed 
9c46f426bcb7: Pushed 
v1: digest: sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7 size: 948

Review the mirror warehouse

[root@master ~]# curl http://localhost:5000/v2/_catalog
{"repositories":["nginx"]}
[root@master ~]# curl http://localhost:5000/v2/nginx/tags/list
{"name":"nginx","tags":["v1"]}
#查看有哪些版本

Test download

#首先删除客户端主机之前从公共库下载下来的镜像文件
[root@slave1 ~]# docker images
REPOSITORY                TAG      IMAGE ID        CREATED        SIZE
192.168.3.82:5000/nginx   v1       649dcb69b782    10 hours ago   109 MB
docker.io/nginx           latest   649dcb69b782    10 hours ago   109 MB
[root@slave1 ~]# docker image rmi -f 649dcb69b782
Untagged: 192.168.3.82:5000/nginx:v1
Untagged: 192.168.3.82:5000/nginx@sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7
Untagged: docker.io/nginx:latest
Untagged: docker.io/nginx@sha256:636dd2749d9a363e5b57557672a9ebc7c6d041c88d9aef184308d7434296feea
Deleted: sha256:649dcb69b782d4e281c92ed2918a21fa63322a6605017e295ea75907c84f4d1e
Deleted: sha256:bf7cb208a5a1da265666ad5ab3cf10f0bec1f4bcb0ba8d957e2e485e3ac2b463
Deleted: sha256:55d02c20aa07136ab07ab47f4b20b97be7a0f34e01a88b3e046a728863b5621c
Deleted: sha256:9c46f426bcb704beffafc951290ee7fe05efddbc7406500e7d0a3785538b8735
[root@slave1 ~]# docker images
REPOSITORY       TAG             IMAGE ID        CREATED         SIZE
#此时客户端所有的镜像文件全部删除
[root@slave1 ~]# docker pull 192.168.3.82:5000/nginx:v1
Trying to pull repository 192.168.3.82:5000/nginx ... 
v1: Pulling from 192.168.3.82:5000/nginx
683abbb4ea60: Pull complete 
6ff57cbc007a: Pull complete 
162f7aebbf40: Pull complete 
Digest: sha256:edad5e71815c79108ddbd1d42123ee13ba2d8050ad27cfa72c531986d03ee4e7
Status: Downloaded newer image for 192.168.3.82:5000/nginx:v1
[root@slave1 ~]# docker images
REPOSITORY                TAG     IMAGE ID       CREATED         SIZE
192.168.3.82:5000/nginx   v1      649dcb69b782   11 hours ago    109 MB
#可以看出，客户端已正常从远端服务器拉取到所需要的镜像文件，其它内网服务器也可以正常共享这台镜像服

The above steps are the process and testing of quickly building a private mirror warehouse by using docker Registry. I can actually pass: Use Harbor to build an enterprise-level private mirror warehouse .

Docker visualization tool

Docker is a very popular container technology and is now widely used in all walks of life. However, how to manage Docker containers is a problem, so I will introduce two Docker visualization tools to you today, hoping to help you.

Portainer

Portainer is a Docker visual management tool that allows us to conveniently view and manage Docker containers on the web.

To use Portainer is very simple, just run the following two commands. These commands will create a Portainer dedicated volume, and then create and run containers on ports 8000 and 9000.

$ docker volume create portainer_data$ docker run --name portainer -d -p 8000:8000 -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer

Then open the corresponding address in the browser, you will find that it runs successfully. You need to set up an account when you run it for the first time, and then select the Docker host you want to manage.

Set up an account

Select the host to be managed

After that, you can see the Docker containers running on this machine, and click on them to manage the containers. The items on the left can manage volumes, create containers, view host information, and so on. Basically, there are all the functions that should be there, and this is a tool I recommend.

LazyDocker

LazyDocker is a terminal-based visual query tool that supports keyboard operations and mouse clicks. It may not be so professional compared to Portainer, but it may be easier to use for developers. Because most developers use the command line to run Docker, you can use LazyDocker when you occasionally need to view it graphically.

Official website demo diagram

Installing LazyDocker is also very simple, just run the following command.

docker run --rm -it -v \/var/run/docker.sock:/var/run/docker.sock \-v ~/.config/lazydocker:/.config/jesseduffield/lazydocker \lazyteam/lazydocker

Of course, if you find that LazyDocker is very useful and you are ready to use it frequently, you can also add it as abbreviation to the shell configuration file, so that it can be turned into a simple command. For example, if I use zsh, add the following to the .zshrc file. In the future, you can directly use lzd to call LazyDocker.

alias lzd='docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v ~/.config/lazydocker:/.config/jesseduffield/lazydocker lazyteam/lazydocker'

Then you can view the Docker container, image, and volume information in the terminal. LazyDocker supports keyboard operations and mouse clicks, and you can view the corresponding information by clicking directly with the mouse.

It should be noted that if the graphics display of your terminal LazyDocker is messy, don't worry, it's just a display font problem. It can be solved by resetting the terminal font.

The above content comes from: https://www.toutiao.com/i6780014313227682316/

The Docker community has created many open source tools that can help us handle various use cases. In this article, the author recommends 5 Docker tools that I think are the most useful, namely Watchtower (automatically update Docker containers), docker-gc (garbage collection of containers and images), docker-slim (container slimming), rocker: breakthrough Dockerfile Restrictions, and ctop (the top-level interface of the container).
The Docker community has created many open source tools, and the use cases they can handle for you will even exceed your imagination.
You can find many cool Docker tools on the Internet, most of which are open source and can be found on Github. In the past two years, I have been very passionate about Docker and have used it in most development projects. When you start using Docker, you will find that it is applicable to more scenarios than you initially expected. You want Docker to do as much for you as possible, and it won't let you down!
The Docker community is very active, and many useful tools appear every day. It is difficult to keep an eye on all the innovations that occur in the community. To help you, I have collected some interesting and practical Docker tools that I use in my daily work. These tools have improved my work efficiency and reduced the work that would otherwise have to be done manually.

Recommend some practical tools to everyone: 5 open source Docker tools you should know... , Docker service terminal UI management tool , you finally choose the right tool to manage according to your own usage habits and actual production needs Docker container.

Docker container monitoring system

With the full dockerization of online services, the monitoring of docker containers is very important. SA's monitoring system is the monitoring of physical machines. In the case of a physical machine running multiple containers, we cannot distinguish the resource occupancy of each container from a monitoring chart.

I recommend everyone to read this: to build a highly compelling, visualized Docker container monitoring system platform

Docker log management best practices

10 unpopular but very practical Docker tips

In normal work, docker has a lot of contact. In addition to frequently used commands such as docker run and docker stop, docker also has many very useful but infrequently used commands. Here is a summary:

1. docker top

This command is used to view process information in a container. For example, when you want to view several nginx processes in an nginx container, you can do this:

docker top 3b307a09d20d
UID      PID    PPID    C    STIME  TTY    TIME       CMD
root     805    787     0    Jul13   ?   00:00:00  nginx: master process nginx -g daemon off;
systemd+ 941     805     0   Jul13    ?   00:03:18  nginx: worker process

2. docker load && docker save

I generally use these two commands to download and package the image of Kubernetes, because you know that the domestic network speed is not as fast as abroad.

docker save can save an image to a tar file, you can do this:

~ docker save registry:2.7.1 >registry-2.7.1.tar
#同时 docker load 可以把镜像从 tar 文件导入到 docker 中
~ docker load < registry-2.7.1.tar

3. docker search

This command can help you easily search for images in DockerHub from the command line, such as:

~ docker search nginx
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
nginx                              Official build of Nginx.                        13519               [OK]
jwilder/nginx-proxy                Automated Nginx reverse proxy for docker con…   1846                                    [OK]
richarvey/nginx-php-fpm            Container running Nginx + PHP-FPM capable of…   780                                     [OK]
linuxserver/nginx                  An Nginx container, brought to you by LinuxS…   123
bitnami/nginx                      Bitnami nginx Docker Image                      87                                      [OK]
tiangolo/nginx-rtmp                Docker image with Nginx using the nginx-rtmp…   85                                      [OK]
jc21/nginx-proxy-manager           Docker container for managing Nginx proxy ho…   73
alfg/nginx-rtmp                    NGINX, nginx-rtmp-module and FFmpeg from sou…   71                                      [OK]
nginxdemos/hello                   NGINX webserver that serves a simple page co…   57                                      [OK]
jlesage/nginx-proxy-manager        Docker container for Nginx Proxy Manager        53                                      [OK]
nginx/nginx-ingress                NGINX Ingress Controller for Kubernetes         37
......

Of course, this function may not be particularly useful in China, because...

4. docker events

This command can help you get real-time information about various events of docker, such as creating a container.

~ docker events
2020-07-28T21:28:46.000403018+08:00 image load sha256:432bf69f0427b52cad10897342eaf23521b7d973566354118e9a59c4d31b5fae (name=sha256:432bf69f0427b52cad10897342eaf23521b7d973566354118e9a59c4d31b5fae)

5. docker update

When you run docker run, but you find that some parameters are not in the state you want, such as the nginx container cpu you set or the memory is too small, you can use docker update to modify these parameters at this time.

~ docker update nginx --cpus 2

6. docker history

You can use this command when you modify a mirror but forget the modification commands for each layer, or you want to see how a mirror is built, for example:

~ docker history  traefik:v2.1.6
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
5212a87ddaba        5 months ago        /bin/sh -c #(nop)  LABEL org.opencontainers.…   0B
<missing>           5 months ago        /bin/sh -c #(nop)  CMD ["traefik"]              0B
<missing>           5 months ago        /bin/sh -c #(nop)  ENTRYPOINT ["/entrypoint.…   0B
<missing>           5 months ago        /bin/sh -c #(nop)  EXPOSE 80                    0B
<missing>           5 months ago        /bin/sh -c #(nop) COPY file:59a219a1fb7a9dc8…   419B
<missing>           5 months ago        /bin/sh -c set -ex;  apkArch="$(apk --print-…   52.9MB
<missing>           5 months ago        /bin/sh -c apk --no-cache add ca-certificate…   1.85MB
<missing>           6 months ago        /bin/sh -c #(nop)  CMD ["/bin/sh"]              0B
<missing>           6 months ago        /bin/sh -c #(nop) ADD file:a1906f14a4e217a49…   4.81MB

7. docker wait

This command can view the exit status of the container, such as:

~ docker wait 7f7f0522a7d0
0

So you can know whether the container exited normally or abnormally.

8. docker pause && docker unpause

When you run a container but want to pause it, you can use this command.

~ docker pause 7f7f0522a7d0

9. docker diff

You can use this command when you run a container, but you don't know which files have been modified in the container, for example:

~ docker diff 38c59255bf6e
C /etc
A /etc/localtime
C /var
C /var/lib
A /var/lib/registry

10. docker stats

This is the built-in monitoring command of docker. You can use this command when you want to view the memory and cpu usage of all containers under the current host.

~ docker stats

CONTAINER ID        NAME                        CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
1c5ade04e7f9        redis                        0.08%               17.53MiB / 47.01GiB   0.04%               10.9GB / 37GB       0B / 0B             4
afe6d4ebe409        kafka-exporter                0.09%               16.91MiB / 47.01GiB   0.04%               1.97GB / 1.53GB     752MB / 0B          23
f0c7c01a9c34        kafka-docker_zookeeper         0.01%               308.8MiB / 47.01GiB   0.64%               20.2MB / 12.2MB     971MB / 3.29MB      28
da8c5008955f        kafka-docker_kafka-manager     0.08%               393.2MiB / 47.01GiB   0.82%               1.56MB / 2.61MB     1.14GB / 0B         60
c8d51c583c49        kafka-docker_kafka            1.63%               1.256GiB / 47.01GiB   2.67%               30.4GB / 48.9