docker revisited


Author: yifei / Created: June 30, 2017, 9:59 p.m. / Modified: July 1, 2017, 10:48 a.m. / Edit

Docker is useful in many ways:

  1. A virtula env. Ease of development and deployment, you just wrap everything in an image, much like vagrant, but lighter. example: https://github.com/eugeneware/docker-wordpress-nginx
  2. Micro services. Micro services are easy to scale up. In this way, run only one process in a container, and use orchestration tools such as compose, kubernetes, swarm.
  3. Daemon Process Manager. Docker is very simple to use as a daemon process manager, to start and list daemon processes has never been this simple
  4. A jail for apps. Docker is good to jail you application, prevent it from hurting your system, especially when you run code from other people(e.g. uploaded by a client)

Docker controls a group of processes in one namespace, and make them think they are on a different machine.

Docker is so-called kernel containerization, in contrary to user-space containerization such as rkt. Docker stores images in a central base on your machine

Questions:

Docker is used to isolate processes, but is it too aggressive to isolate every process in the OS?

Image vs Container

Container is a running instance of image, each time you run an image, a new container is created. You can commit a container back as an image, however, it's a little controversial

Image name format: user/image:tag

basic usage

Note, docker is all about stdio, and if you would like to read something, read it from stdin, if you would like to output something, write to stdout

building docker images

two ways: * commit each change * using dockerfiles

commit

docker commit $(docker ps -lq) IMAGE_NAME

Docker has an unusual mechanism for specifying which registry to push to. You have to tag an image with the private registry's location in order to push to it. Let's tag our image to our private registry:

docker tag IMAGE_NAME DOCKER_REGISTRY/IMAGE_NAME

weird.

then push it to our private repository

docker push DOCKER_REGISTRY/IMAGE_NAME

Commands

run

each time you typed docker run, you created a new container based on the image you use, you can use docker start or docker attach to reconnect to that container.

Syntax:

docker run [options] [image name] [command] docker exec -it [container] bash can be used as a ssh equivalent -d detach the container and runs in background -p set ports [host:container] --name set the name --rm clean the container after running --net sets the network connected to -w sets working dir -e sets env variable -u sets user -v sets volume host_file:container_file:options

status

docker ps -a shows which container is running

Image ralated

docker pull
docker images
docker search docker build docker build -t user/image [dir]

Network

docker network ls ls the network interfaces docker network inspect inspect the network for details docker network create/rm create network interface docker network connect/disconnect [net] [container] connect a container to a network

by setting network, docker automatically create /etc/hosts file inside the image, and you can use the name of the container to access the others.

Logs

You could use docker logs [contianer] to view stdout logs. But the logs sent to /var/logs/*.log are by default inside the container.

Remove stopped images docker rm $(docker ps -aq)


评论区