Docker 和虚拟机,物理主机
- 传统虚拟机是虚拟出一个主机硬件,并且运行一个完整的操作系统 ,然后在这个系统上安装和运行软件
- 容器内的应用直接运行在宿主机的内核之上,容器并没有自己的内核,也不需要虚拟硬件,相当轻量化
- 每个容器间是互相隔离,每个容器内都有一个属于自己的独立文件系统,独立的进程空间,网络空间,用户空间等,所以在同一个宿主机上的多个容器之间彼此不会相互影响
Docker 的组成
docker 官网: http://www.docker.com
帮助文档链接: https://docs.docker.com/
docker 镜像: https://hub.docker.com/
docker 中文网站: http://www.docker.org.cn/
Docker 主机(Host): 一个物理机或虚拟机,用于运行Docker服务进程和容器,也称为宿主机,node节点
Docker 服务端(Server): Docker守护进程,运行docker容器
Docker 客户端(Client): 客户端使用 docker 命令或其他工具调用docker API
Docker 镜像(Images): 镜像可以理解为创建实例使用的模板,本质上就是一些程序文件的集合
Docker 仓库(Registry): 保存镜像的仓库,官方仓库: https://hub.docker.com/,可以搭建私有仓库harbor
Docker 容器(Container): 容器是从镜像生成对外提供服务的一个或一组服务,其本质就是将镜像中的程序启动后生成的进程
Namespace
namespace是Linux系统的底层概念,在内核层实现,即有一些不同类型的命名空间被部署在内核,各个docker容器运行在同一个docker主进程并且共用同一个宿主机系统内核,各docker容器运行在宿主机的用户空间,每个容器都要有类似于虚拟机一样的相互隔离的运行空间,但是容器技术是在一个进程内实现运行指定服务的运行环境,并且还可以保护宿主机内核不受其他进程的干扰和影响,如文件系统空
间、网络空间、进程空间等,目前主要通过以下技术实现容器运行空间的相互隔离:
注意:安装Docker前,需要将系统内核版本升级至3.8以后才能获取Docker的完整服务
#mnt namespace
mnt namespace 允许不同namespace 的进程看到的文件结构不同,这样每个namespace 中的进程所看到的文件目录就被隔离开了
#ipc namespace
Container 中进程交互还是采用linux 常见的进程间交互方法(interprocess communication –IPC), 包括常见的信号量、消息队列和共享内存。
Container 的进程间交互实际上还是host上具有相同Pid namespace 中的进程间交互,因此需要在IPC 资源申请时加入namespace 信息- 每个IPC 资源有一个唯一的32 位ID。
#uts namespace
UTS(“UNIX Time-sharing System”) namespace允许每个container 拥有独立的hostname 和domain name, 使其在网络上可以被视作一个独立的节点而非Host 上的一个进程。
#Pid namespace
不同用户的进程就是通过Pid namespace隔离开的,且不同namespace 中可以有相同Pid。
有了Pid namespace, 每个namespace中的Pid 能够相互隔离。
#net namespace
网络隔离是通过net namespace实现的,每个net namespace有独立的network devices, IPaddresses, IP routing tables, /proc/net 目录。
Docker 默认采用veth的方式将container 中的虚拟网卡同host 上的一个docker bridge: docker0连接在一起。
#user namespace
每个container 可以有不同的user 和group id, 也就是说可以在container 内部用container 内部的用户执行程序而非Host 上的用户。
案例:查看docker运行时各名称空间
[root@ubuntu2204 ~]#apt install docker.io -y
[root@ubuntu2204 ~]#docker run -d nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
3f4ca61aafcd: Pull complete
50c68654b16f: Pull complete
3ed295c083ec: Pull complete
40b838968eea: Pull complete
88d3ab68332d: Pull complete
5f63362a3fa3: Pull complete
Digest: sha256:0047b729188a15da49380d9506d65959cce6d40291ccfb4e039f5dc7efd33286
Status: Downloaded newer image for nginx:latest
9c2a8022dd1ed96016915fd1c1c04566972b56e51fb1129998745bd85c35478c
#查看正在运行的名称空间
[root@ubuntu2204 ~]#lsns -t net
NS TYPE NPROCS PID USER NETNSID NSFS COMMAND
4026531840 net 210 1 root unassigned /sbin/init
4026532654 net 3 2129 root 0 /run/docker/netns/92707a3e74ce nginx: master process nginx -g daemon off; --> 一个容器就是一个独立的名称空间
#查看容器内的名称空间
[root@ubuntu2204 ~]#ls /proc/2129/ns --> 容器内部有自己独立的名称空间
cgroup ipc mnt net pid pid_for_children time time_for_children user uts
[root@ubuntu2204 ~]#ll /proc/2129/ns
总用量 0
dr-x--x--x 2 root root 0 1月 3 11:23 ./
dr-xr-xr-x 9 root root 0 1月 3 11:23 ../
lrwxrwxrwx 1 root root 0 1月 3 11:25 cgroup -> 'cgroup:[4026532711]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 ipc -> 'ipc:[4026532652]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 mnt -> 'mnt:[4026532650]'
lrwxrwxrwx 1 root root 0 1月 3 11:23 net -> 'net:[4026532654]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 pid -> 'pid:[4026532653]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 pid_for_children -> 'pid:[4026532653]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 time -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 time_for_children -> 'time:[4026531834]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 1月 3 11:25 uts -> 'uts:[4026532651]'
#查看容器内对应网络名称空间
[root@ubuntu2204 ~]#nsenter -t 2129 -n ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
Control groups
Cgroups 最主要的作用,就是限制一个进程组能够使用的资源上限,包括CPU、内存、磁盘、网络带宽等等。此外,还能够对进程进行优先级设置,资源的计量以及资源的控制(比如:将进程挂起和恢复等操作)。
#Cgroups在内核层默认已经开启
[root@ubuntu2204 ~]#grep CGROUP /boot/config-5.15.0-52-generic
CONFIG_CGROUPS=y
CONFIG_BLK_CGROUP=y
CONFIG_CGROUP_WRITEBACK=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_RDMA=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_HUGETLB=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_BPF=y
CONFIG_CGROUP_MISC=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_SOCK_CGROUP_DATA=y
CONFIG_BLK_CGROUP_RWSTAT=y
# CONFIG_BLK_CGROUP_IOLATENCY is not set
CONFIG_BLK_CGROUP_FC_APPID=y
CONFIG_BLK_CGROUP_IOCOST=y
CONFIG_BLK_CGROUP_IOPRIO=y
# CONFIG_BFQ_CGROUP_DEBUG is not set
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
容器管理工具
有了以上的chroot、namespace、cgroups就具备了基础的容器运行环境,但是还需要有相应的容器创建与删除的管理工具、以及怎么样把容器运行起来、容器数据怎么处理、怎么进行启动与关闭等问题需要解决,于是容器管理技术出现了。目前主要是使用docker,早期使用 LXC,使用docker前都需要提前卸载LXC。
Docker 先启动一个容器也需要一个外部模板,也称为镜像,docke的镜像可以保存在一个公共的地方共享使用,只要把镜像下载下来就可以使用,最主要的是可以在镜像基础之上做自定义配置并且可以再把其提交为一个镜像,一个镜像可以被启动为多个容器。
Docker的镜像是分层的,镜像底层为库文件且只读层即不能写入也不能删除数据,从镜像加载启动为一个容器后会生成一个可写层,其写入的数据会复制到宿主机上对应容器的目录,但是容器内的数据在删除容器后也会被随之删除。
[root@ubuntu2204 ~]#systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-01-03 11:19:47 CST; 3h 5min ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 1625 (dockerd)
Tasks: 10
Memory: 199.9M
CPU: 11.846s
CGroup: /system.slice/docker.service
└─1625 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
1月 03 11:19:47 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:19:47.000900731+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/1>
1月 03 11:19:47 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:19:47.224505426+08:00" level=info msg="Loading containers: done."
1月 03 11:19:47 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:19:47.259805223+08:00" level=info msg="Docker daemon" commit=20.10.12-0ubuntu4 graphdriver(s)=overlay2 vers>
1月 03 11:19:47 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:19:47.260004708+08:00" level=info msg="Daemon has completed initialization"
1月 03 11:19:47 ubuntu2204.wang.org systemd[1]: Started Docker Application Container Engine.
1月 03 11:19:47 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:19:47.451236197+08:00" level=info msg="API listen on /run/docker.sock"
1月 03 11:21:22 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:21:22.191879642+08:00" level=info msg="Attempting next endpoint for pull after error: Head \"https://regist>
1月 03 11:21:22 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T11:21:22.197248432+08:00" level=error msg="Handler for POST /v1.41/images/create returned error: Head \"https:>
1月 03 14:13:34 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T14:13:34.011379250+08:00" level=info msg="ignoring event" cnotallow=b558e7b5520ecba1ca796407162a23c556e7bf9d69>
1月 03 14:13:37 ubuntu2204.wang.org dockerd[1625]: time="2023-01-03T14:13:37.100595882+08:00" level=info msg="ignoring event" cnotallow=efafc3af4db1dd96836f91bcd9c52fe9748da64e6c>
案例:k8s利用runc架构图
生产中k8s调用runc服务主流使用方式:
- kubelet - CRI - docker-shim - cri-docker - Docker Engine - containerd - runC - Container
容器 runtime
runtime是真正运行容器的地方,因此为了运行不同的容器runtime需要和操作系统内核紧密合作相互在支持,以便为容器提供相应的运行环境
- runc: 早期libcontainer是Docker公司控制的一个开源项目,OCI的成立后,Docker把libcontainer项目移交给了OCI组织,runC就是在libcontainer的基础上进化而来,目前Docker默认的runtime,runc遵守OCI规范
案例:查看docker的 runtime
[root@ubuntu2204 ~]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-52-generic
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.896GiB
Name: ubuntu2204.mooreyxia.org
ID: 6XVD:CQ22:4ZBD:KQI3:VE46:QXPY:MXXR:SGCF:6UNO:GG7N:XBUB:4SHC
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
#runc本质是一个二进制程序
[root@ubuntu2204 ~]#which runc
/usr/sbin/runc
[root@ubuntu2204 ~]#ll /usr/sbin/runc
-rwxr-xr-x 1 root root 8744840 10月 17 15:48 /usr/sbin/runc*
[root@ubuntu2204 ~]#file /usr/sbin/runc
/usr/sbin/runc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=fd26aac9b4321b984ab32c8020180df843741025, for GNU/Linux 3.2.0, stripped
容器管理工具
管理工具连接runtime与用户,对用户提供图形或命令方式操作,然后管理工具将用户操作传递给runtime执行。
Runc的管理工具是docker engine,docker engine包含后台deamon和cli两部分,经常提到的Docker就是指的docker engine
案例:查看docker engine
[root@ubuntu2204 ~]#docker version
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 17:10:06 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 15:57:50 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.9-0ubuntu3.1
GitCommit:
runc:
Version: 1.1.0-0ubuntu1.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
镜像仓库 Registry
统一保存镜像而且是多个不同镜像版本的地方,叫做镜像仓库
- Docker hub: docker官方的公共仓库,已经保存了大量的常用镜像,比如阿里云,网易等第三方镜像的公共仓库
- Image registry: docker 官方提供的私有仓库部署工具,无web管理界面,目前使用较少
- Harbor: vmware 提供的自带web界面自带认证功能的镜像私有仓库,目前有很多公司使用
容器编排工具
多容器多主机面临的问题:
- 当多个容器在多个主机运行的时候,单独管理容器是相当复杂而且很容易出错,而且也无法实现某一台主机宕机后容器自动迁移到其他主机从而实现高可用的目的,也无法实现动态伸缩的功能,因此需要有一种工具可以实现统一管理、动态伸缩、故障自愈、批量执行等功能,这就是容器编排引擎
容器编排通常包括容器管理、调度、集群定义和服务发现等功能
- Docker compose : docker 官方实现单机的容器的编排工具
- Docker swarm: docker 官方开发的容器编排引擎,支持overlay network
- Mesos+Marathon: Mesos是Apache下的开源分布式资源管理框架,它被称为是分布式系统的内核。
- Kubernetes: google领导开发的容器编排引擎,内部项目为Borg,且其同时支持 docker 和CoreOS,当前已成为容器编排工具事实上的标准
Docker 安装及删除
官方文档: https://docs.docker.com/install/linux/docker-ce/ubuntu/
阿里云文档:https://mirrors.aliyun.com/docker-ce/?spm=a2c6h.13651104.0.0.32d63317ZPee2F
案例:安装
# 注意:
# 官方软件源默认启用了最新的软件,您可以通过编辑软件源的方式获取各个版本的软件包。
#Ubuntu
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# apt-cache madison docker-ce
# docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.1~ce-0~ubuntu-xenial)
# sudo apt-get -y install docker-ce=[VERSION]
#centos 7
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo service docker start
# vim /etc/yum.repos.d/docker-ce.repo
# 将[docker-ce-test]下方的enabled=0修改为enabled=1
#
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
# Loading mirror speeds from cached hostfile
# Loaded plugins: branch, fastestmirror, langpacks
# docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
# docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable
# docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
# Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]
案例:删除
#Ubuntu
[root@ubuntu2204 ~]#apt purge docker-ce
[root@ubuntu2204 ~]#rm -rf /var/lib/docker
#centos 7
[root@centos7 ~]#yum remove docker-ce
[root@centos7 ~]#rm -rf /var/lib/docker
案例:冷迁移docker镜像
#Ubuntu
[root@ubuntu2204 ~]#systemctl stop docker.server
[root@ubuntu2204 ~]#cp -a /var/lib/docker/* 目录路径
从Docker官方下载通用安装脚本
[root@ubuntu2204 ~]#curl -fsSL get.docker.com -o get-docker.sh
[root@ubuntu2204 ~]#sh get-docker.sh --mirror Aliyun
Docker 命令帮助
官方文档:https://docs.docker.com/reference/
[root@ubuntu2204 ~]#docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
案例:Docker 优化
#默认配置信息
[root@ubuntu2204 ~]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 3
Running: 1
Paused: 0
Stopped: 2
Images: 2
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-52-generic
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.896GiB
Name: ubuntu2204.wang.org
ID: 6XVD:CQ22:4ZBD:KQI3:VE46:QXPY:MXXR:SGCF:6UNO:GG7N:XBUB:4SHC
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
#优化处理
vim /etc/docker/daemon.json
{
"registry-mirrors": [ --> 更换镜像下载源
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries": ["serverIP"], --> 公司内部私有仓库地址
"exec-opts": ["native.cgroupdriver=systemd"], --> 以服务的方式进行托管,新版已经默认
"graph": "/data/docker", --> 指定docker数据目录,之后所有的容器都会在这里生成,建议单独设置一个大容量的SSD高速磁盘挂载
"max-concurrent-downloads": 10, --> 最大并发下载
"max-concurrent-uploads": 5, --> 最大并发上传
"log-opts": { --> 设置每个文件的日志大小
"max-size": "300m",
"max-file": "2"
},
"live-restore": true --> 重启docker-daemon 不关闭容器
}
[root@ubuntu2204 ~]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-52-generic
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.896GiB
Name: ubuntu2204.wang.org
ID: 6XVD:CQ22:4ZBD:KQI3:VE46:QXPY:MXXR:SGCF:6UNO:GG7N:XBUB:4SHC
Docker Root Dir: /data/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
http://hub-mirror.c.163.com/
https://docker.mirrors.ustc.edu.cn/
Live Restore Enabled: true
案例:查看 docker0 网卡
#在docker安装启动之后,默认会生成一个名称为docker0的网桥并且默认IP地址为172.17.0.1的网卡,之后生成新的docker时会自动生成172.17.0.xxx的网址
[root@ubuntu2204 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:df:99:92 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.200/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:9992/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:9b:89:63:9c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:9bff:fe89:639c/64 scope link
valid_lft forever preferred_lft forever
[root@ubuntu2204 ~]#brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02429b89639c no
[root@ubuntu2204 ~]#route -n
内核 IP 路由表
目标 网关 子网掩码 标志 跃点 引用 使用 接口
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
docker 存储引擎
- AUFS: (Advanced Mult-Layered Unification Filesystem,版本2之前旧称AnotherUnionFS)是一种 Union FS ,是文件级的存储驱动。Aufs是之前的UnionFS的重新实现,2006年由JunjiroOkajima开发。所谓 UnionFS就是把不同物理位置的目录合并 mount 到同一个目录中。简单来说就是支持将不同目录挂载到一个虚拟文件系统下的。这种可以层层地叠加修改文件。无论底下有多少都是只读的,最上系统可写的。当需要修改一个文件时, AUFS 创建该文件的一个副本,使用 CoW 将文件从只读层复制到可写进行修改,结果也保存在Docker 中,底下的只读层就是 image,可写层就是Container
- Overlay: 一种 Union FS 文件系统, Linux 内核 3.18 后支持
- Overlay2: Overlay 的升级版,到目前为止,所有 Linux 发行版推荐使用的存储类 型,也是docker默认使用的存储引擎为overlay2,需要磁盘分区支持d-type功能,因此需要系统磁盘的额外支持,相对AUFS来说Overlay2 有以下优势: 更简单地设计; 从3.18开始就进入了Linux内核主线;资源消耗更少
镜像结构和原理
Linux文件系统由 bootfs 和 rootfs 两部分组成:
- bootfs(boot file system) 主要包含bootloader和kernel,bootloader主要用于引导加载 kernel,Linux刚启动时会加载bootfs文件系统,当boot加载完成后,kernel 被加载到内存中后接管系统的控制权,bootfs会被 umount 掉
- rootfs (root file system) 包含的就是典型 Linux 系统中的/dev,/proc,/bin,/etc 等标准目录和文件,不同的 linux 发行版(如 ubuntu 和 CentOS ) 主要在 rootfs 这一层会有所区别。
- 镜像即创建容器的模版,含有启动容器所需要的文件系统及所需要的内容,因此镜像主要用于方便和快速的创建并启动容器
- 镜像含里面是一层层的文件系统,叫做 Union FS(联合文件系统),联合文件系统,可以将几层目录挂载到一起,形成一个虚拟文件系统,虚拟文件系统的目录结构就像普通 linux 的目录结构一样,镜像通过这些文件再加上宿主机的内核共同提供了一个 linux 的虚拟环境,每一层文件系统叫做一层 layer,联合文件系统可以对每一层文件系统设置三种权限,只读(readonly)、读写(readwrite)和写出(whiteout-able),但是镜像中每一层文件系统都是只读的。
- 构建镜像的时候,从一个最基本的操作系统开始,每个构建提交的操作都相当于做一层的修改,增加了一层文件系统,一层层往上叠加,上层的修改会覆盖底层该位置的可见性。
案例:查看nginx镜像的分层结构
[root@ubuntu2204 ~]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-52-generic
Operating System: Ubuntu 22.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.896GiB
Name: ubuntu2204.wang.org
ID: 6XVD:CQ22:4ZBD:KQI3:VE46:QXPY:MXXR:SGCF:6UNO:GG7N:XBUB:4SHC
Docker Root Dir: /data/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
http://hub-mirror.c.163.com/
https://docker.mirrors.ustc.edu.cn/
Live Restore Enabled: true
[root@ubuntu2204 ~]#du -sh /data/docker/
244K /data/docker/
[root@ubuntu2204 ~]#tree /data/docker/image/
/data/docker/image/
└── overlay2
├── distribution
├── imagedb
│ ├── content
│ │ └── sha256
│ └── metadata
│ └── sha256
├── layerdb
└── repositories.json
8 directories, 1 file
#拉取镜像 - 实际上可以理解为一个磁盘文件
[root@ubuntu2204 ~]#docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
3f4ca61aafcd: Downloading
50c68654b16f: Download complete
3ed295c083ec: Download complete
40b838968eea: Download complete
88d3ab68332d: Download complete
5f63362a3fa3: Download complete
latest: Pulling from library/nginx
3f4ca61aafcd: Pull complete
50c68654b16f: Pull complete
3ed295c083ec: Pull complete
40b838968eea: Pull complete
88d3ab68332d: Pull complete
5f63362a3fa3: Pull complete
Digest: sha256:0047b729188a15da49380d9506d65959cce6d40291ccfb4e039f5dc7efd33286
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest
[root@ubuntu2204 ~]#du -sh /data/docker/
151M /data/docker/
[root@ubuntu2204 ~]#tree /data/docker/image/
/data/docker/image/
└── overlay2
├── distribution
│ ├── diffid-by-digest
│ │ └── sha256
│ │ ├── 3ed295c083ec7246873f1b98bbc7b634899c99f6d2d901e2f9f5220d871830dd
│ │ ├── 3f4ca61aafcd4fc07267a105067db35c0f0ac630e1970f3cd0c7bf552780e985
│ │ ├── 40b838968eeab5abc9fb941a8e3ee1377660bb02672153cada52bc9d4e0595b7
│ │ ├── 50c68654b16f458108a537c9842c609f647a022fbc5a9b6bde1ffb60b77c2349
│ │ ├── 5f63362a3fa390a685ae42e1936feeca3e4fba185bdc46fb66cf184036611f7d
│ │ └── 88d3ab68332da2aa6cc8d83c9dfe95905dc899d9b8fb302ebae2bf9a6b167c40
│ └── v2metadata-by-diffid
│ └── sha256
│ ├── 2b3eec3578075bf2ebce00bd6958f1c21b4b5624fcdde301a01b4bda7b8a9bc7
│ ├── 2dadbc36c170719f910a91a5417bf49deabd05bc39ccff3819a391462675ecd0
│ ├── 8a70d251b65364698f195f5a0b424e0d67de81307b79afbe662abd797068a069
│ ├── 9a0ef04f57f54323637935c32b46a2cae3e0451a39b1c306d5b4bc6d4f479e0b
│ ├── c72d75f45e5b50e9d16b482faac4646268abc644f1bd68dc2f45100defcf08a2
│ └── d13aea24d2cb0aee650b72ffa8a0c7863a5b06327542ae46fe5987f223cb836c
├── imagedb
│ ├── content
│ │ └── sha256
│ │ └── 1403e55ab369cd1c8039c34e6b4d47ca40bbde39c371254c7cba14756f472f52
│ └── metadata
│ └── sha256
├── layerdb
│ ├── sha256
│ │ ├── 0274f249eda4c376bde7cbe0b719ea3aef10201846d7262f37f7a0fc0b4fcf90
│ │ │ ├── cache-id
│ │ │ ├── diff
│ │ │ ├── parent
│ │ │ ├── size
│ │ │ └── tar-split.json.gz
│ │ ├── 2c1c6d39cbcc4767b0798aacc03f203951057e77c5edebca1fdfbcd4997f2919
│ │ │ ├── cache-id
│ │ │ ├── diff
│ │ │ ├── parent
│ │ │ ├── size
│ │ │ └── tar-split.json.gz
│ │ ├── 8a70d251b65364698f195f5a0b424e0d67de81307b79afbe662abd797068a069
│ │ │ ├── cache-id
│ │ │ ├── diff
│ │ │ ├── size
│ │ │ └── tar-split.json.gz
│ │ ├── b2a367ee540c5d40c704fdece005b422f55f85a61b96a25bd99d6847669958a0
│ │ │ ├── cache-id
│ │ │ ├── diff
│ │ │ ├── parent
│ │ │ ├── size
│ │ │ └── tar-split.json.gz
│ │ ├── d260638126e1d2d3202dec36b67f124624fbcdad3afedd334e7260bf75dad8da
│ │ │ ├── cache-id
│ │ │ ├── diff
│ │ │ ├── parent
│ │ │ ├── size
│ │ │ └── tar-split.json.gz
│ │ └── e01fc49cb889c5dd6b11390e9863ba00f886315c5a403ee5955fb5c88d2aa576
│ │ ├── cache-id
│ │ ├── diff
│ │ ├── parent
│ │ ├── size
│ │ └── tar-split.json.gz
│ └── tmp
└── repositories.json
20 directories, 43 files
#查看镜像分层历史
[root@ubuntu2204 ~]#docker image history nginx
IMAGE CREATED CREATED BY SIZE COMMENT
1403e55ab369 12 days ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 12 days ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B
<missing> 12 days ago /bin/sh -c #(nop) EXPOSE 80 0B
<missing> 12 days ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B
<missing> 12 days ago /bin/sh -c #(nop) COPY file:e57eef017a414ca7… 4.62kB
<missing> 12 days ago /bin/sh -c #(nop) COPY file:abbcbf84dc17ee44… 1.27kB
<missing> 12 days ago /bin/sh -c #(nop) COPY file:5c18272734349488… 2.12kB
<missing> 12 days ago /bin/sh -c #(nop) COPY file:7b307b62e82255f0… 1.62kB
<missing> 12 days ago /bin/sh -c set -x && addgroup --system -… 61.3MB
<missing> 12 days ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~bullseye 0B
<missing> 12 days ago /bin/sh -c #(nop) ENV NJS_VERSION=0.7.9 0B
<missing> 12 days ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.23.3 0B
<missing> 12 days ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B
<missing> 13 days ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 13 days ago /bin/sh -c #(nop) ADD file:73e68ae6852c9afbb… 80.5MB
[root@ubuntu2204 ~]#du -sh /data/docker/*
88K /data/docker/buildkit
4.0K /data/docker/containers
596K /data/docker/image
40K /data/docker/network
150M /data/docker/overlay2
16K /data/docker/plugins
4.0K /data/docker/runtimes
4.0K /data/docker/swarm
4.0K /data/docker/tmp
4.0K /data/docker/trust
28K /data/docker/volumes
[root@ubuntu2204 ~]#du -sh /data/docker/overlay2/*
88M /data/docker/overlay2/0812214ceaaa259893a78e3df52e3e787594d92d676ef3c1c3ce9a4f9453b705 --> 操作系统层文件
32K /data/docker/overlay2/25ebf3757e65a5d01803e27214304288689844af5d247da930eda9314f73e4af
28K /data/docker/overlay2/aded9ef9c146c1aa21183dd21f8949125b489dc31b1b943ec278b4f5986e5319
28K /data/docker/overlay2/d1bfc2060ff074bfc29d071897f5f0fbd53d08eb65aa4ebc0254c605d1d8e7e1
24K /data/docker/overlay2/e894eaf5b71767c6956f09c20768ea81a65e9c1477d5a08821d634fe58a888c8
62M /data/docker/overlay2/f7ad75e3645a7d6b9c77c35a547c6bf421170d206d006674873427eab92c392e --> nginx服务层文件
28K /data/docker/overlay2/l
#查看nginx层的基础配置
[root@ubuntu2204 ~]#docker inspect --help
Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...]
Return low-level information on Docker objects
Options:
-f, --format string Format the output using the given Go template
-s, --size Display total file sizes if the type is container
--type string Return JSON for specified type
[root@ubuntu2204 ~]#docker inspect nginx
[
{
"Id": "sha256:1403e55ab369cd1c8039c34e6b4d47ca40bbde39c371254c7cba14756f472f52",
"RepoTags": [
"nginx:latest"
],
"RepoDigests": [
"nginx@sha256:0047b729188a15da49380d9506d65959cce6d40291ccfb4e039f5dc7efd33286"
],
"Parent": "",
"Comment": "",
"Created": "2022-12-21T11:28:36.032076444Z",
"Container": "998db7a2435fd5f47cc2066317b9c502c84c6d386ee02e932fcae89b956d64d1",
"ContainerConfig": {
"Hostname": "998db7a2435f",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.23.3",
"NJS_VERSION=0.7.9",
"PKG_RELEASE=1~bullseye"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"nginx\" \"-g\" \"daemon off;\"]"
],
"Image": "sha256:54be6ffbe9af301b35b9af81ecfae9044801d34e735798a0607839ba6a10ff23",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"DockerVersion": "20.10.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.23.3",
"NJS_VERSION=0.7.9",
"PKG_RELEASE=1~bullseye"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "sha256:54be6ffbe9af301b35b9af81ecfae9044801d34e735798a0607839ba6a10ff23",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": [
"/docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"StopSignal": "SIGQUIT"
},
"Architecture": "amd64",
"Os": "linux",
"Size": 141812353,
"VirtualSize": 141812353,
"GraphDriver": {
"Data": {
"LowerDir": "/data/docker/overlay2/d1bfc2060ff074bfc29d071897f5f0fbd53d08eb65aa4ebc0254c605d1d8e7e1/diff:/data/docker/overlay2/aded9ef9c146c1aa21183dd21f8949125b489dc31b1b943ec278b4f5986e5319/diff:/data/docker/overlay2/e894eaf5b71767c6956f09c20768ea81a65e9c1477d5a08821d634fe58a888c8/diff:/data/docker/overlay2/f7ad75e3645a7d6b9c77c35a547c6bf421170d206d006674873427eab92c392e/diff:/data/docker/overlay2/0812214ceaaa259893a78e3df52e3e787594d92d676ef3c1c3ce9a4f9453b705/diff",
"MergedDir": "/data/docker/overlay2/25ebf3757e65a5d01803e27214304288689844af5d247da930eda9314f73e4af/merged",
"UpperDir": "/data/docker/overlay2/25ebf3757e65a5d01803e27214304288689844af5d247da930eda9314f73e4af/diff",
"WorkDir": "/data/docker/overlay2/25ebf3757e65a5d01803e27214304288689844af5d247da930eda9314f73e4af/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:8a70d251b65364698f195f5a0b424e0d67de81307b79afbe662abd797068a069",
"sha256:2dadbc36c170719f910a91a5417bf49deabd05bc39ccff3819a391462675ecd0",
"sha256:2b3eec3578075bf2ebce00bd6958f1c21b4b5624fcdde301a01b4bda7b8a9bc7",
"sha256:d13aea24d2cb0aee650b72ffa8a0c7863a5b06327542ae46fe5987f223cb836c",
"sha256:9a0ef04f57f54323637935c32b46a2cae3e0451a39b1c306d5b4bc6d4f479e0b",
"sha256:c72d75f45e5b50e9d16b482faac4646268abc644f1bd68dc2f45100defcf08a2"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
搜索镜像
官方网站进行镜像的搜索
http://hub.docker.comhttp://dockerhub.com
alpine 介绍
目前 Docker 官方已开始推荐使用 Alpine 替代之前的 Ubuntu 做为基础镜像环境。这样会带来多个好处。包括镜像下载速度加快,镜像安全性提高,主机之间的切换更方便,占用更少磁盘空间等。
查看本地镜像
[root@ubuntu2204 ~]#docker images --help
Usage: docker images [OPTIONS] [REPOSITORY[:TAG]]
List images
Options:
-a, --all Show all images (default hides intermediate images)
--digests Show digests
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
--no-trunc Don't truncate output
-q, --quiet Only show image IDs
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 1403e55ab369 12 days ago 142MB
alpine latest 49176f190c7e 5 weeks ago 7.05MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
执行结果的显示信息说明:
REPOSITORY #镜像所属的仓库名称
TAG #镜像版本号(标识符),默认为latest
IMAGE ID #镜像唯一ID标识,如果ID相同,说明是同一个镜像有多个名称
CREATED #镜像在仓库中被创建时间
VIRTUAL SIZE #镜像的大小
#显示完整的ImageID
[root@ubuntu2204 ~]#docker images --no-trunc
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest sha256:1403e55ab369cd1c8039c34e6b4d47ca40bbde39c371254c7cba14756f472f52 12 days ago 142MB
alpine latest sha256:49176f190c7e9cdb51ac85ab6c6d5e4512352218190cd69b08e6fd803ffbf3da 5 weeks ago 7.05MB
hello-world latest sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412 15 months ago 13.3kB
#只查看指定REPOSITORY的镜像
[root@ubuntu2204 ~]#docker images alpine
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 49176f190c7e 5 weeks ago 7.05MB
#查看指定镜像的详细信息
[root@ubuntu2204 ~]#docker image inspect alpine
[
{
"Id": "sha256:49176f190c7e9cdb51ac85ab6c6d5e4512352218190cd69b08e6fd803ffbf3da",
"RepoTags": [
"alpine:latest"
],
"RepoDigests": [
"alpine@sha256:8914eb54f968791faf6a8638949e480fef81e697984fba772b3976835194c6d4"
],
"Parent": "",
"Comment": "",
"Created": "2022-11-22T22:19:29.008562326Z",
"Container": "4700accf8884be7b6e6eb7c3fc8ea8af0d01e91787f8c446c56ee841f779a323",
"ContainerConfig": {
"Hostname": "4700accf8884",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"/bin/sh\"]"
],
"Image": "sha256:60643c78796d4d33b3533adf6df1994ab846fb22ca117abe6f6cbc53d93e5205",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "20.10.12",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh"
],
"Image": "sha256:60643c78796d4d33b3533adf6df1994ab846fb22ca117abe6f6cbc53d93e5205",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 7049688,
"VirtualSize": 7049688,
"GraphDriver": {
"Data": {
"MergedDir": "/data/docker/overlay2/4f1e571f109868c90e38a6f0538c5abf9daff5c47ffedb19894d56ce1edd9b37/merged",
"UpperDir": "/data/docker/overlay2/4f1e571f109868c90e38a6f0538c5abf9daff5c47ffedb19894d56ce1edd9b37/diff",
"WorkDir": "/data/docker/overlay2/4f1e571f109868c90e38a6f0538c5abf9daff5c47ffedb19894d56ce1edd9b37/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf"
]
},
"Metadata": {
"LastTagTime": "0001-01-01T00:00:00Z"
}
}
]
镜像导出和导入
案例:
[root@ubuntu2204 ~]#docker image
Usage: docker image COMMAND
Manage images
Commands:
build Build an image from a Dockerfile
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Display detailed information on one or more images
load Load an image from a tar archive or STDIN
ls List images
prune Remove unused images
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rm Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
Run 'docker image COMMAND --help' for more information on a command.
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 1403e55ab369 12 days ago 142MB
alpine latest 49176f190c7e 5 weeks ago 7.05MB
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
------------------------镜像导出---------------------------------------------------
常见用法:
#导出为tar格式
docker save -o /path/file.tar IMAGE1 IMAGE2 ...
docker save IMAGE1 IMAGE2 ... > /path/file.tar
#导出为压缩格式
docker save IMAGE1 IMAGE2 ... | gzip > /path/file.tar.gz
[root@ubuntu2204 ~]#docker image save nginx:latest alpine:latest -o /data/images1.tar
[root@ubuntu2204 ~]#ll /data/images1.tar
-rw------- 1 root root 153581056 1月 3 17:49 /data/images1.tar
#默认压缩为tar格式
[root@ubuntu2204 ~]#file /data/images1.tar
/data/images1.tar: POSIX tar archive
#支持重定向的方式
[root@ubuntu2204 ~]#docker image save nginx:latest alpine:latest > /data/images2.tar
[root@ubuntu2204 ~]#ll /data/images* -h
-rw------- 1 root root 147M 1月 3 17:49 /data/images1.tar
-rw-r--r-- 1 root root 147M 1月 3 17:50 /data/images2.tar
*注意不要使用image id 进行文件压缩,否则在导入时会丢失仓库名称和版本号信息
[root@ubuntu2204 ~]#docker image save 1403e55ab369 49176f190c7e > /data/images3.tar
[root@ubuntu2204 ~]#ll /data/images* -h
-rw------- 1 root root 147M 1月 3 17:49 /data/images1.tar
-rw-r--r-- 1 root root 147M 1月 3 17:50 /data/images2.tar
-rw-r--r-- 1 root root 147M 1月 3 17:55 /data/images3.tar
#导出为压缩格式
[root@ubuntu2204 ~]#docker image save nginx:latest alpine:latest | gzip > /data/images4.tar.gz
[root@ubuntu2204 ~]#ll /data/images* -h
-rw------- 1 root root 147M 1月 3 17:49 /data/images1.tar
-rw-r--r-- 1 root root 147M 1月 3 17:50 /data/images2.tar
-rw-r--r-- 1 root root 147M 1月 3 17:55 /data/images3.tar
-rw-r--r-- 1 root root 56M 1月 3 18:02 /data/images4.tar.gz
#导出所有镜像至不同的文件中
[root@ubuntu2204 ~]#docker images | awk 'NR!=1{print $1,$2}' | while read repo tag; do docker save $repo:$tag -o /data/images-pack/$repo-$tag.tar ;done
[root@ubuntu2204 ~]#ll -h /data/images-pack/
总用量 147M
drwxr-xr-x 2 root root 4.0K 1月 3 18:07 ./
drwx--x--x 4 root root 4.0K 1月 3 18:06 ../
-rw------- 1 root root 7.1M 1月 3 18:07 alpine-latest.tar
-rw------- 1 root root 24K 1月 3 18:07 hello-world-latest.tar
-rw------- 1 root root 140M 1月 3 18:07 nginx-latest.tar
#将所有镜像导入到一个文件中,此方法导入后可以看REPOSITORY和TAG
#方式1:
[root@ubuntu2204 ~]# docker images|awk 'NR!=1{print $1":"$2}'
nginx:latest
alpine:latest
hello-world:latest
[root@ubuntu2204 ~]#docker image save `docker images|awk 'NR!=1{print $1":"$2}'` -o /data/all1.tar
[root@ubuntu2204 ~]#ll /data/all1.tar -h
-rw------- 1 root root 147M 1月 3 18:11 /data/all1.tar
#方式2:
[root@ubuntu2204 ~]#docker image ls --format "{{.Repository}}:{{.Tag}}"
nginx:latest
alpine:latest
hello-world:latest
[root@ubuntu2204 ~]#docker image save `docker image ls --format "{{.Repository}}:{{.Tag}}"` -o /data/all2.tar
[root@ubuntu2204 ~]#ll /data/all* -h
-rw------- 1 root root 147M 1月 3 18:11 /data/all1.tar
-rw------- 1 root root 147M 1月 3 18:16 /data/all2.tar
------------------------镜像导入---------------------------------------------------
常见用法:
docker load -i /path/file.tar
docker load < /path/file.tar
[root@ubuntu2204 ~]#scp /data/images* 10.0.0.202:/data
root@10.0.0.202's password:
images1.tar 100% 146MB 100.9MB/s 00:01
images2.tar 100% 146MB 66.3MB/s 00:02
images3.tar 100% 146MB 52.9MB/s 00:02
images4.tar.gz 100% 56MB 44.5MB/s 00:01
[root@ubuntu2204 ~]#docker image load -i /data/images1.tar
#或者
[root@ubuntu2204 ~]#docker load < /data/images1.tar
8a70d251b653: Loading layer [==================================================>] 83.97MB/83.97MB
2dadbc36c170: Loading layer [==================================================>] 62.21MB/62.21MB
2b3eec357807: Loading layer [==================================================>] 3.584kB/3.584kB
d13aea24d2cb: Loading layer [==================================================>] 4.608kB/4.608kB
9a0ef04f57f5: Loading layer [==================================================>] 3.584kB/3.584kB
c72d75f45e5b: Loading layer [==================================================>] 7.168kB/7.168kB
Loaded image: nginx:latest
ded7a220bb05: Loading layer [==================================================>] 7.338MB/7.338MB
Loaded image: alpine:latest
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 1403e55ab369 12 days ago 142MB
alpine latest 49176f190c7e 5 weeks ago 7.05MB
------------------------镜像删除---------------------------------------------------
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 1403e55ab369 12 days ago 142MB
alpine latest 49176f190c7e 5 weeks ago 7.05MB
[root@ubuntu2204 ~]#docker image rm 1403e55ab369
Untagged: nginx:latest
Deleted: sha256:1403e55ab369cd1c8039c34e6b4d47ca40bbde39c371254c7cba14756f472f52
Deleted: sha256:0274f249eda4c376bde7cbe0b719ea3aef10201846d7262f37f7a0fc0b4fcf90
Deleted: sha256:e01fc49cb889c5dd6b11390e9863ba00f886315c5a403ee5955fb5c88d2aa576
Deleted: sha256:b2a367ee540c5d40c704fdece005b422f55f85a61b96a25bd99d6847669958a0
Deleted: sha256:2c1c6d39cbcc4767b0798aacc03f203951057e77c5edebca1fdfbcd4997f2919
Deleted: sha256:d260638126e1d2d3202dec36b67f124624fbcdad3afedd334e7260bf75dad8da
Deleted: sha256:8a70d251b65364698f195f5a0b424e0d67de81307b79afbe662abd797068a069
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 49176f190c7e 5 weeks ago 7.05MB
[root@ubuntu2204 ~]#docker image rm alpine:latest
Untagged: alpine:latest
Deleted: sha256:49176f190c7e9cdb51ac85ab6c6d5e4512352218190cd69b08e6fd803ffbf3da
Deleted: sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
#强制删除正在使用的镜像,也会删除对应的容器
[root@ubuntu2204 ~]#docker rmi -f nginx:latest
#删除所有镜像
[root@ubuntu2204 ~]#docker rmi -f `docker images -q`
------------------------镜像标签Tag---------------------------------------------------
[root@ubuntu2204 ~]#docker image tag --help
Usage: docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
#先导出不含标记的镜像
[root@ubuntu2204 ~]#docker image save 1403e55ab369 49176f190c7e > /data/images3.tar
[root@ubuntu2204 ~]#ll /data/images* -h
-rw------- 1 root root 147M 1月 3 17:49 /data/images1.tar
-rw-r--r-- 1 root root 147M 1月 3 17:50 /data/images2.tar
-rw-r--r-- 1 root root 147M 1月 3 17:55 /data/images3.tar
#导入
[root@ubuntu2204 ~]#docker image load < /data/images3.tar
8a70d251b653: Loading layer [==================================================>] 83.97MB/83.97MB
2dadbc36c170: Loading layer [==================================================>] 62.21MB/62.21MB
2b3eec357807: Loading layer [==================================================>] 3.584kB/3.584kB
d13aea24d2cb: Loading layer [==================================================>] 4.608kB/4.608kB
9a0ef04f57f5: Loading layer [==================================================>] 3.584kB/3.584kB
c72d75f45e5b: Loading layer [==================================================>] 7.168kB/7.168kB
ded7a220bb05: Loading layer [==================================================>] 7.338MB/7.338MB
Loaded image ID: sha256:1403e55ab369cd1c8039c34e6b4d47ca40bbde39c371254c7cba14756f472f52
Loaded image ID: sha256:49176f190c7e9cdb51ac85ab6c6d5e4512352218190cd69b08e6fd803ffbf3da
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 1403e55ab369 12 days ago 142MB
<none> <none> 49176f190c7e 5 weeks ago 7.05MB
#添加标记
[root@ubuntu2204 ~]#docker image tag 1403e55ab369 nginx:1.23.3
[root@ubuntu2204 ~]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.23.3 1403e55ab369 12 days ago 142MB
<none> <none> 49176f190c7e 5 weeks ago 7.05MB
注意:公司内部自己搭建镜像仓库的情况下,REPOSITORY 应该命名为项目镜像的存放路径,否则就会去官方找镜像资源
我是moore,大家一起加油!