Docker is an open source application container engine developed based on Go. Docker allows developers to package their applications and dependencies into a lightweight, portable container that can be distributed not only to any popular Linux machine, but also installed on Windows and Macs, as well as virtualized. The container is completely sandbox mechanic. Docker is divided into CE (Community Edition) and EE (Enterprise Edition) versions from 17.03 (2017.03).
After 1.17.0.3, we will release stable version every quarter, edge version every month, and community version will stop maintenance four months after release.
Containerd: Dockerd actually calls containerd’s API (RPC implementation). Containerd is an intermediate communication component between Dockerd and runc
Docker-shim: is a real shim carrier of a real running container. Every time a container is started, a new shim process is started, which calls the RUNC API to create a container with the specified three parameters: container ID, boundle directory, runc binary (default runc).
Runc: is a command-line tool that creates and runs containers according to ocI (Open Container Organization) standards. Realize container start and stop, resource isolation and other functions. Docker provides the Docker-runc implementation by default. In fact, containerd can specify the runc implementation when the Docker Daemon is started.
1 Installation and Deployment
Yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ yum remove docker \ docker-client \ docker-client-latest \ Docker-latest -logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine Yum install -y yum-utils Yum - config - manager - add - repo https://download.docker.com/linux/centos/docker-ce.repo third step installation view all version: Yum list docker - ce - showduplicates | sort - r specifies the version installed: yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io systemctl enable docker systemctl 1. After docker is installed, run cat > daemon.json << EOF {"insecure-registries" in /etc/docker-/ : [" 10.180.210.196"]} EOF systemctl restart Docker The configuration takes effect when docker is restarted.2. Login docker login 10.180.210.196 and enter the username admin and password Harbor12345 as promptedCopy the code
2 Docker image making
FROM: Reference base image format: FROM [--platform=<platform>] <image>[:<tag>] [AS <name>] Pull image FROM public or private repository, platform identifies system architecture: Linux/AMD64, Linux/ARM64, or Windows/AMD64. RUN: Commands can be executed in either of the following formats: RUN <command> (/bin/sh -c on Linux or CMD /S/c on Windows) RUN ["executable", "param1", "param2"] (exec form) RUN mkdir /test/ touch /test/hello # ENV <key> <value> ENV <key1>=<value1> <key2>=<value2> ... Example: ENV myName John ENV myCat fluffy or ENV myName=John myCat=fluffy EXPOSE: Specify the port format on which the container runs to listen: EXPOSE <port> [<port>/<protocol>...] EXPOSE 80/ TCP EXPOSE 80/ UDP ADD: To ADD a file from the local or URL to the mirror file system, the local file must be in the context (Dockerfile) of the current directory or subdirectory. ADD [--chown=<user>:<group>] < SRC >... < dest > ADD [- chown = < user >, < group >] [" < SRC >, "... "< dest >"] example: ADD the test. The tar. Gz / # automatic decompression COPY: Similar to the ADD command, but missing two function points (no files can be added from the URL, no automatic decompression) CMD ["executable","param1","param2"] (exec form, this is the preferred form) CMD ["param1","param2"] (as default parameters to ENTRYPOINT) CMD command param1 param2 (shell form) ENTRYPOINT: ENTRYPOINT format for container startup: ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred) ENTRYPOINT command param1 param2 (shell form)Copy the code3 CMD command:
The main purpose of a CMD is to provide defaults for an executing container.
CMD provides commands and arguments when the container is run.
CMD [“executable”,”param1″,”param2″] (exec form, this is the preferred form)
CMD [“param1″,”param2”] (as default parameters to ENTRYPOINT)
CMD command param1 param2 (shell form)
First use: Run an executable file and supply parameters. Second usage: Specify parameters for ENTRYPOINT. Third use (shell form) : the command is executed in the “/bin/sh-c” method. If you specify:
Run CMD [” /bin/echo “, “this is an echo test”] build (assuming the image name is EC):
Docker run ec will print: this is an echo test
The docker run command overwrites CMD arguments if specified: Docker run -it ubuntu /bin/bash is an ubuntu /bin/bash parameter. It is not an ubuntu /bin/bash parameter.
Also the ec image above starts:
docker run ec /bin/bash
This is an echo test because the CMD command is overwritten by “/bin/bash”.
4 ENTRYPOINT
Literally means point of entry, and it functions exactly as intended.
An ENTRYPOINT allows you to configure a container that will run as an executable. It makes your container function behave like an executable program.
What does it mean that the container function behaves like an executable program?
Let me give you an example:
Example 1:
Construct the image using the following ENTRYPOINT:
ENTRYPOINT [“/bin/echo”] then docker build after the container functions like a /bin/echo program:
For example, if I build an image named ImageEcho, I can use it like this:
Docker run -it imageecho “this is a test” will output “this is a test”, and the imageecho container corresponding to the function of an echo program. The parameter you add “this is a test” will be added to ENTRYPOINT, so /bin/echo “this is a test”. Now you know what an entry point means.
Example 2:
ENTRYPOINT [“/bin/cat”]
You can run the constructed image like this (let’s say it’s called ST) :
Docker run it st /etc/fstab this is equivalent to the /etc/fstab command: /bin/cat /etc/fstab Run it and print the contents of /etc/fstab.
5 CMD VS ENTRYPOINT
5.1 CMD
FROM centos CMD["ps","aux"] docker run centos:CMDtest USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 4.0 0.0 41812 1520? Rs 12:1900 /usr/bin/ps aux -elf docker run centos:CMDtest -elf docker: Error Response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"-elf\": executable file not found in $PATH": unknown. Docker run centos:CMDtest ps -elf F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 R root 1 0 0 80 docker run centos:CMDtest ps -elf F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 R root 1 0 0 80 0-10453-12:20? 00:00:00 ps -elfCopy the code5.2 ENTRYPOINT
FROM centos ENTRYPOINT ["ps"] CMD ["aux"] docker run centos:CMDtest USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 41812 1516? Rs 12:27:00 ps aux -elf docker run centos:CMDtest -elf F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 4 R root 1 0 1 80 0 - 10453 - the children? If ENTRYPOINT is specified, CMD is passed to the ENTRYPOINT command as an argument. If ENTRYPOINT is specified, CMD is passed to the ENTRYPOINT command as an argument. <ENTRYPOINT> "<CMD>" ENTRYPOINT specifies the default run command, CMD specifies the default run parameter because when ENTRYPOINT and CMD exist together, Docker will concatenate CMD commands after ENTRYPOINTCopy the code
6 Docker command
Docker ps -l docker ps -a docker ps -f docker ps -f Status = RUNNING (exited/dead/ Restarter) Query docker images based on the status view docker image history image_id View all layers of the image docker build-t images_name:v1 Dockerfile_dir/. docker build -t images_name:v1 -f Dockerfile.centos . docker exec -it container_id bash Docker logs -f container_id Docker rmi -f image_id Delete the image docker rm -f container_id Delete the container docker rm -f $(docker rm -f $ Ps -a -f status=exited -q) Delete containers in the exited state in batches docker run it image_name:version (CMD) Docker run -d -p --name=test1 Image (CMD) background generate container, Docker run -d --name test --network my-net image docker run -d --name test --network my-net image Docker network connect <container-name> <other-netCopy the code