This is the third day of my participation in the November Gwen Challenge. Check out the details: the last Gwen Challenge 2021
Like it and see. Make it a habit. Wechat search [a coding] follow this programmer who is struggling in the Internet.
Collect study route, series of articles, interview question bank, self-study materials, 100 e-books, etc.
The years are short, the rest of your life on your shoulders, trials and hardships.
preface
Hello, everyone. I’m One.
Dachang Interview Shock column has published three 10,000-word summary so far, and received more than 500 subscriptions. Thank you for your support.
After the interview of more than 10 large factories of 10,000 words summary – ❤️ collection ❤️
After interviewing more than 10 large companies, 10,000 words summary – ❤️JavaWeb ❤️
After the interview of more than 10 large factories 10,000 words summary – ❤️ Java foundation ❤️
Today, I bring you a 10,000-word summary of Docker. Although we are developing, Docker can not fail. The breadth of technology is reflected here.
Install the docker
Since the equipment used by the students is different, we can’t be persuaded to quit at the first step, so we have prepared the installation methods of the three platforms, please choose by yourself.
Not recommended for Windows installation
mac
Command line installation
Homebrew needs to be installed first
Homebrew domestic mirror
/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/Homebrew.sh)"
Copy the code
After executing, select the image of THE university of Science and Technology, that is, the number 1
Clone time is too long, about 5-10 minutes.
Install the docker
brew install --cask --appdir=/Applications docker
Copy the code
Please be patient when Installing Cask Docker, it will take a long time
DMG installation
Click the link to download and install, with a visual interface. But personally I don’t think it works.
Download.docker.com/mac/edge/Do…
Start the Docker service
Click on the icon or
open /Applications/Docker.app
Copy the code
windows
Not recommended to install on Windows, if you do not have it can be installed.
Tutorial reference: www.runoob.com/docker/wind…
Docker is not a generic container tool. It relies on an existing and running Linux kernel environment.
Docker essentially creates an isolated file environment under an already-running Linux, so it performs almost as efficiently as a deployed Linux host.
Therefore, Docker must be deployed on a Linux kernel system. If other systems want to deploy Docker, they must install a virtual Linux environment.
The method of deploying Docker on Windows is to install a VIRTUAL machine first, and run Docker in the virtual machine that installs Linux system.
Docker Desktop is the official installation method of Docker on Windows 10 and macOS operating system. This method still belongs to the method of installing Linux in the VIRTUAL machine and then installing Docker.
Docker Desktop official download address: hub.docker.com/editions/co…
** Note: ** This method only works with Windows 10 Professional, Enterprise, Education, and some Home editions!
Install the Hyper – V
Hyper-v is a Virtual machine developed by Microsoft that is similar to VMWare or VirtualBox and only works on Windows 10. This is the virtual machine used by Docker Desktop for Windows.
However, QEMU, VirtualBox, or VMWare Workstation versions 15 and below will not be available once this virtual machine is enabled! If you must use other virtual machines on your computer (such as the emulator you must use to develop Android apps), don’t use Hyper-V!
Open the Hyper – V
Right-click the start menu and run PowerShell as an administrator, executing the following command:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Copy the code
Install Docker Desktop for Windows
Click Get Started with Docker Desktop and download the Windows version. If you are not already logged in, you will be asked to register:
Running the installation file
Double-click the downloaded Docker for Windows Installer installation file, go Next, and click Finish to complete the installation.
When the installation is complete, Docker will start automatically. A small whale icon appears on the notification barThis indicates that the Docker is running.
We can run docker version at the command line to see the version number.
Aliyun (Linux)
Ali cloud server based on the installation method, recommended!
Check the configuration
#Viewing the Kernel Version
uname -r
Copy the code
System version: CentOS7
Kernel version: 3.10.0-514.26.2.el7.x86_64
The installation
There are two ways to install:
1. Official script installation (explained in this article)
2. Install it manually
Installation: this is a domestic image. Note If you want to use it as a non-root user, add the user name to the group and restart the system.
curl -fsSL https://get.docker.com/ | sh
Copy the code
⚠️ If an error is reported that deltarpm is missing, run the following command
Yum -y install deltarpm # yum -y install deltarpm # yum -y install deltarpmCopy the code
Start the Docker service
service docker start
Copy the code
❤️ This article is based on the Linux operating system ❤️
Running instance
In keeping with the principle that all languages start with Hello-world, let’s run an official example first.
An instance of Hello-world is officially provided. Docker ID needs to be registered on the official website and the warehouse needs to be created before running.
Website: hub.docker.com
When registering, note that the ID is a bit more complex, which is easy to repeat.
Start the Docker service
systemctl start docker
Copy the code
Pull the mirror
docker pull hello-world
Copy the code
Run the mirror
docker run hello-world
Copy the code
Check the container
#-a Displays all information
docker ps -a
Copy the code
Mirror to accelerate
If the speed is too slow, you can accelerate it. If the speed is normal, you can skip this step.
In view of the domestic network problems, it is very slow to pull the Docker image, so we need to configure the accelerator to solve it.
Netease’s mirror address: hub-mirror.c.163.com.
Click the Docker for MAC app icon in the taskbar
Perferences... -> Daemon -> Registry mirrors
Just fill in the accelerator address in the list.
After the changes are made, click the Apply & Restart button and Docker will Restart and Apply the configured image address.
What is a docker?
Docker’s idea comes from the container. What problem does the container solve?
In a large ship, goods can be laid out neatly. And all kinds of goods are standardized by containers, containers do not affect each other. I don’t need ships for fruit and ships for chemicals. As long as the goods are packed in containers, I can take them all out on a big ship.
Docker is a similar idea. Cloud computing is all the rage now. Cloud computing is like a freighter. A Docker is a container.
-
Different applications may have different application environments. For example, a website developed by.NET and a website developed by PHP rely on different software. If the software they rely on is installed on the same server, it will take a long time to debug, and it will be very troublesome, and will cause some conflicts. For example, IIS and Apache access ports conflict. At this point you need to separate.net sites from PHP sites. Generally speaking, we can create different virtual machines on the server and place different applications on different virtual machines, but the overhead of virtual machines is high. Docker can realize the function of virtual machine isolation application environment, and the cost is smaller than virtual machine, small means money.
-
You use Ubuntu for software development, but centos is used for o&M management. When o&M transfers your software from development environment to production environment, it will encounter some problems, such as: There is a special version of the database, only Ubuntu support, centos does not support, in the process of transfer operation and maintenance have to find a way to solve this problem. At this time, if you have docker, you can directly encapsulate the development environment and transfer it to operation and maintenance, and operation and maintenance can directly deploy the Docker you give him. And fast to deploy.
-
In terms of server load, if you run a separate virtual machine, the virtual machine will take up free memory, which will be utilized when Docker is deployed.
In short, Docker is the container principle.
Docker vs. Virtual machines
Physical machine: villa
Vm: Building
Docker: Serviced apartments
The three concepts of Docker
Library: a total repository containing all images, which can be used to fetch images from the library to local.
Mirror: An application pulled from a library such as mysql.
Container: After the image is run, the container and the image can be converted to each other.
Docker workflow
Docker command
Docker instruction basic usage:
Docker command keyword - parameterCopy the code
Basic operation
#View docker information
docker info
#The docker version
docker version
#Find the mirror
docker search nginx
#Pull the mirror
docker pull nginx
Copy the code
An introduction to case
Quick wordpress blog setup
Find the mirror
docker search name
## wordpress
## mariadb
Copy the code
Pull the mirror
docker pull wordpress
#Mariadb is mysql
docker pull mariadb
Copy the code
Run the mirror
docker run --name db -p 3306:3306 --env MYSQL_ROOT_PASSWORD=root -d mariadb
docker run --name mywordpress --link db:mysql -p 8080:80 -d wordpress
Copy the code
Run successfully. Access wordpress
http://libiao:8080
Copy the code
Follow the prompts to configure the database information, a personal blog site is set up
Viewing a Port Mapping
docker ps
docker port CONTAINER_ID
Copy the code
For example, port 8080 of xxjob is mapped to port 8089 of the host
Linux set docker to boot
systemctl enable docker
Copy the code
Look at mirror
docker images
#Because Docker is layered, the file size displayed is larger than the actual disk size
Copy the code
Run the mirror
docker run --name db -p 3306:3306 --env MYSQL_ROOT_PASSWORD=root -d mariadb
#- the name alias
#--env environment variable
#-d Background execution
docker run --name mywordpress --link db:mysql -p 8080:80 -d wordpress
#- link IP mapping
#-p Port mapping
docker logs -f 7a38a1ad55c6
#View the in-container logs as tail -f would
docker top name
#View the processes in the container
Copy the code
Remove the mirror
docker rmi hello-world:latest
docker rmi id
#4 can be
Copy the code
Compound command
docker rm -f $(docker ps -a -q)
#Delete all containers
Copy the code
View running containers
docker ps
Copy the code
docker compose
A yamL file that facilitates the maintenance of multiple containers. Docker considers each container to be a process, but an application can have multiple processes, such as mysql and wordpress above.
Docker compose is composed for python, docker compose, docker compose, docker compose, docker compose, Docker compose, Docker compose
Docker Compose is usually installed with Docker, so the version is required
docker version
docker-compose --version
Copy the code
After the name, version, and port mapping of the image is specified in the YAML file, use up -d to start the image
docker-compose.yaml up -d
Copy the code
See the log
docker-compose logs
Copy the code
Container management
Into the container
docker exec -it name /bin/sh
Copy the code
View container details
The container details are returned as JSON.
# docker inspect name
[root@lib mysh]# docker inspect mywordpress
[
{
"Id": "6253e66959047c6f8de891abe1c661f7766fdef7407f00e07d1788310e0ea6a9"."Created": "The 2021-08-04 T20:" 649001354 z"."Path": "docker-entrypoint.sh"."Args": [
"apache2-foreground"]."State": {
"Status": "running"."Running": true."Paused": false."Restarting": false."OOMKilled": false."Dead": false."Pid": 28041."ExitCode": 0."Error": ""."StartedAt": "The 2021-08-04 T20:" 947511209 z"."FinishedAt": "0001-01-01T00:00:00Z"
}
"Name": "/mywordpress".Copy the code
Container start-stop
docker start name
docker stop name
docker restart name
Copy the code
Remove the container
#The container needs to be in a stopped state for deletion
docker rm name
Copy the code
See the log
# docker ps -a
docker logs container_Id
Copy the code
Occupancy resources
docker stats name
Copy the code
Image features
An image is a lightweight, executable, standalone package used to package a software runtime environment and software developed based on the runtime environment. It contains everything needed to run a piece of software, including code, runtime libraries, environment variables, and configuration files. All applications and environments can be packaged as Docker images and run directly.
The image name and version number together form a unique identifier, which defaults to the latest version, lastest
Hierarchical principle
Docker’s image will overlay the layers of file systems together by combining file systems.
Guide the way
- Bootfs: a file system used for booting the system, including the BootLoader and kernel. After the container is started, it is uninstalled to save memory resources.
- Rootfs: On top of bootfs, represented as the root file system of the Docker container
- In traditional mode, the kernel is mounted in “read only” mode at system startup and “read/write” mode after completing all self-checks.
- In Docker, rootfs is mounted in “read-only” mode by the kernel, and then a “writable” layer is mounted by UFS technology.
⚠️ Note: Existing layers can only be read but not written, and upper-layer mirrors have a higher priority than lower-layer mirrors
When we use the pull command, we can see that the docker image is downloaded layer by layer. The biggest benefit of this is resource sharing.
For example, if multiple images are built from the Base image, the host only needs to keep one Base image on disk and load only one Base image in memory, so that all containers can be served, and each layer of the image can be shared. To view image layering, use the docker image inspect command.
All Docker images start with a base image. When changes are made or new content is added, a new image layer is created on top of the current image layer. While adding additional image layers, the image always keeps the combination of all current images. Docker realizes the stack of image layers by means of storage engine, and ensures that multiple image layers are displayed as a unified file system.
UFS (Joint File System)
UFS is a layered, lightweight, and high-performance file system.
It supports layer upon layer of file system changes as a single commit while mounting different directories to the same virtual file system.
UnionFS is the basis for Docker mirroring. Images can be inherited by layers. Based on basic images, specific application images can be created. Loading multiple file systems at a time, but only one file system can be seen from the outside. Joint loading adds layers of files and systems on top of each other so that the final file system contains all the underlying files and directories.
Loading principle
Linux loads the bootfs file system at startup, bootfs at the bottom of the Docker image.
When the boot load is complete, the entire kernel is in memory. At this time, the use of memory has been transferred to the kernel by bootFS, and the system will uninstall bootFS. Rootfs on top of bootfs, rootfs contains directories and files such as /dev, /proc, /bin, and /etc in a typical Linux system. Rootfs are different operating system distributions.
Docker File
What if the warehouse does not have a mirror?
Can I create my own image?
Container -> Image
docker commit CID -t xx.xx.xx
Copy the code
⚠️⚠️⚠️⚠️ At least one daemons work in the foreground
Netease Honeycomb: Open-source image repository
Write the docker file
A Dockerfile is a text file used to build an image. The text content contains the instructions and instructions required to build the image.
Instructions on
FROM
Specify base mirror, must be the first command, there is only one
# FROM <image>
# FROM <image>:<tag>
# FROM <image>@<digest>
FROM mysql:5.6
Copy the code
MAINTAINER
Creator information
# MAINTAINER <name>
MAINTAINER yitiao
Copy the code
RUN
Commands can be executed in the image container in either of the following ways:
# shell perform
# RUN
# the exec perform
# RUN ["executable", "param1", "param2"]
RUN apk update
RUN ["/etc/execfile"."arg1"."arg1"]
Copy the code
ADD
After local files are added to the container, tar files are automatically decompressed (network compressed resources are not decompressed) and network resources can be accessed, similar to wGET
# ADD <src>... <dest>
ADDhom? .txt /mydir/#? Instead of a single character, e.g. "home.txt"
Copy the code
COPY
Function is similar to ADD, but it does not automatically decompress files and cannot access network resources
CMD
Called after the container is built, that is, when the container is started.
# CMD command param1 param2
CMD echo "This is a test." | wc -
#CMD is different from RUN, where CMD is used to specify the commands to be executed when the container is started, whereas RUN is used to specify the commands to be executed when the image is built
Copy the code
ENTRYPOINT
Configure the container to make it executable. With CMD, you can omit “application” and use only parameters.
# ENTRYPOINT ["executable", "param1", "param2"]
# ENTRYPOINT command param1 param2 (shell internal command)FROM Ubuntu
ENTRYPOINT ["top"."-b"]
CMD ["-c"]
Copy the code
LABEL
Used to add metadata to a mirror
# LABEL <key>=<value> <key>=<value> <key>=<value> ...
LABEL version="1.0" description="一条coding" by="A"
Copy the code
ENV
Setting environment Variables
# ENV <key> <value>
Everything after #
is treated as part of its
, so only one variable can be set at a time
# ENV <key>=<value> ...
=
ENV myName John Doe
ENV myDog Rex The Dog
ENV myCat=fluffy
Copy the code
EXPOSE
Specifies the port for external interaction
Format:EXPOSE<port> [<port>...] Example:EXPOSE 80 443
EXPOSE 8080
EXPOSE 11211/tcp 11211/ udp note:EXPOSEThe container's port is not allowed to access the host. To make it accessible, it needs to be in DockerrunThese ports are published with -p when the container is run, or all the ports exported with EXPOSE are published with the -p argument
Copy the code
VOLUME
Used to specify the persistence directory
Format:VOLUME ["/path/to/dir"]Example:VOLUME ["/data"]
VOLUME ["/var/www"."/var/log/apache2"."/etc/apache2"Note: A volume can exist in one or more containers in a specified directory that bypasses the federated file system and has the following features:1Volumes can be shared and reused between containers2Containers do not have to share volumes with other containers3The modification takes effect immediately4The volume modification has no impact on the mirror5The volume persists until no container is using itCopy the code
WORKDIR
Working directory, similar to the CD command
# WORKDIR /path/to/workdir
WORKDIR /a /a = /a
WORKDIR b /a/b
WORKDIR c /a/b/c
RUN, CMD, ENTRYPOINT, ADD, COPY, etc. The following commands in Dockerfile will be executed under this directory. When running the container with Docker Run, you can override the working directory set at build time with the -w argument.
Copy the code
USER
Specify the user name or UID to RUN the container, and subsequent runs will also use the specified user. When specifying a USER using USER, you can use a USER name, UID, GID, or a combination of the two. When a service does not require administrator rights, you can use this command to specify a running user. And you can create the required users before.
After specifying a USER using USER, the subsequent commands RUN, CMD, and ENTRYPOINT in Dockerfile will use the USER. After the image is built, when the container is run through Docker run, the specified user can be overwritten with the -u parameter.
# USER user
# USER user:group
# USER uid
# USER uid:gid
USER www
Copy the code
ARG
Used to specify variables passed to the build run time
# ARG <name>[=<default value>]
ARG site
ARG build_user=www
Copy the code
ONBUILD device
Used to set mirroring trigger
# ONBUILD [INSTRUCTION]
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/src
# When the image being built is used as a base image for other images, triggers in that image will be triggered by the key
Copy the code
A picture to understand, YYDS
Pictures from the Internet
docker file demo
# 一条coding
# Version 1.0
# Base images
FROM centos
#MAINTAINER MAINTAINER information
MAINTAINER tianfeiyu
#ENV Sets the environment variable
ENV PATH /usr/local/nginx/sbin:$PATH
The #ADD file is placed in the current directory and will be automatically decompressed when copied
ADDNginx - 1.8.0 comes with. Tar. Gz/usr /local/
ADD epel-release-latest-7.noarch.rpm /usr/local/
#RUN RUN the following command
RUN rpm -ivh /usr/local/epel-release-latest-7.noarch.rpm
RUN yum install -y wget lftp gcc gcc-c++ make openssl-devel pcre-devel pcre && yum clean all
RUN useradd -s /sbin/nologin -M www
#WORKDIR corresponds to CD
WORKDIR /usr/local/ nginx - 1.8.0 comes with
RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-pcre && make && make install
RUN echo "daemon off;" >> /etc/nginx.conf
#EXPOSE Map port
EXPOSE 80
#CMD Run the following command
CMD ["nginx"]
Copy the code
Network communication
How does Docker exchange data internally and externally?
- Inside the container
- Inside access outside
- External access to internal
Network knowledge supplement
eth0
The eth0 physical NIC is the actual network interface device on the server. The device is used to receive Ethernet data interfaces, and packets are forwarded and routed among the nodes.
veth
Veth As the name implies, VETH-pair is a pair of virtual device interfaces that appear in pairs.
One end is connected to the protocol stack, and the other end is connected to each other. After one device reads data from the protocol stack, it sends the data to another device.
Because of this feature, it often acts as a Bridge connecting various virtual network devices. Typical examples are “the connection between two namespaces”, “the connection between Bridge and OVS”, “the connection between Docker containers”, etc., so as to build a very complex virtual network structure. For example, OpenStack Neutron.
Bridge A Bridge device is a virtual switch implemented only by software and can implement Layer 2 forwarding of switches. Functions like a real-world switch.
Like other virtual network devices, you can configure IP addresses and MAC addresses. The main function of a Bridge is to forward packets between multiple network interfaces connected to the Bridge.
A network model
When we use docker run to create a Docker container, we can use the — NET option to specify the network mode of the container, Docker has the following 4 network modes:
-
Host mode, specified using –net=host.
-
Container mode: use –net=container:NAME_or_ID to specify the container mode.
-
None mode, specified with –net= None.
-
Bridge mode, specified using –net=bridge, default setting.
In addition to these four basic models, a variety of custom models are supported.
Container access
Typically, Docker uses bridge +NAT to communicate. Bridge mode creates a separate network namespace for the container, with a separate network card and other grid stacks.
NAT: it can be interpreted as a network adapter
Dcoker0: bridge, switch, ifConfig visible
On the same host, containers created in Bridge mode will be linked to Docker0 through DHCP, and network communication can be realized through Docker0. Containers are connected to each other over a bridge called Docker0, which acts as a virtual switch that allows containers to communicate with each other.
Internal and external communication
The IP address of the host is not in the same network segment as the IP address of container veth pair. Therefore, networks outside the host cannot actively discover the container and cannot directly communicate with the container. Therefore, Docker provides port mapping, that is, mapping port traffic on the host to the port in the container.
Ok, this is all the knowledge of Docker summary, as Java development, master this is enough to make you like a duck in water.
Like it!
The last
In order to give back to your fans, we prepared a high-quality resources accumulated over the years, including learning routes, interview materials, 100 e-books and so on. To receive