docker 基础概念


Author: yifei / Created: June 30, 2017, 9:59 p.m. / Modified: July 1, 2017, 10:48 a.m. / Edit

Docker 是一个进程的容器,不是虚拟机。他为一个进程隔离了文件系统、网络和环境变量。最好在其中运行一个且仅运行一个线程,而不是运行多个任务。

docker 中最好运行的是无状态的服务,这样方便于横向扩展,对于有状态的服务,建议把状态 mount 出来。

使用场景

  1. 为有不同需求的应用创建不同的隔离环境, 比如部署两个脚本,一个需要用 Python 2.7,另一个需要用 Python 3.6
  2. Micro services. Micro services are easy to scale up. In this way, run only one process in a container, and use orchestration tools such as compose, kubernetes, swarm.
  3. Daemon Process Manager. Docker is very simple to use as a daemon process manager, to start and list daemon processes has never been this simple
  4. A jail for apps. Docker is good to jail you application, prevent it from hurting your system, especially when you run code from other people(e.g. uploaded by a client)

Docker is so-called kernel containerization, in contrary to user-space containerization such as rkt. Docker stores images in a central base on your machine.

Image vs Container(镜像与容器)

Container is a running instance of image, each time you run an image, a new container is created. You can commit a container back as an image, however, it's a little controversial

Image name format: user/image:tag

basic usage

Note, docker is all about stdio, and if you would like to read something, read it from stdin, if you would like to output something, write to stdout

building docker images

two ways: * commit each change * using dockerfiles

Commands

run

each time you typed docker run, you created a new container based on the image you use, you can use docker start or docker attach to reconnect to that container.

Syntax:

docker run [options] [image name] [command] docker exec -it [container] bash can be used as a ssh equivalent -d detach the container and runs in background -p set ports [host:container] --name set the name --rm clean the container after running --net sets the network connected to -w sets working dir -e sets env variable -u sets user -v sets volume host_file:container_file:options

status

docker ps -a shows which container is running

Image ralated

docker pull
docker images
docker search docker build docker build -t user/image [dir]

网络相关

docker network ls   ls the network interfaces
docker network inspect  inspect the network for details
docker network create/rm    create network interface
docker network connect/disconnect [net] [container] connect a container to a network

by setting network, docker automatically create /etc/hosts file inside the image, and you can use the name of the container to access the others.

docker has two networking modes

Bridge Mode

with `docker run --net="bridge"

docker's default network mode is bridge, it creates a virtual interface called docker0. both the container and the host machine has a ip address on it.

Host Mode

with `docker run --net="host"

every port exposed in docker is exposed on the host machine. and the container use the host's interface

Docker 容器一般来说是无状态的,除了保存到数据库之外,还可以使用卷来吧容器中的状态保存出来。

docker volume create --name hello docker run -d -v hello:/container/path/for/volume container_image my_command

日志

You could use docker logs [contianer] to view stdout logs. But the logs sent to /var/logs/*.log are by default inside the container.

Remove stopped images docker rm $(docker ps -aq)

使用docker的时候不使用 sudo

sudo gpasswd -a ${USER} docker

然后登出再登录当前用户即可

参考

https://blog.talpor.com/2015/01/docker-beginners-tutorial/


评论区