1. Docker 简介

1).什么是 Docker?

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。

Docker为应用打包、部署平台,而非单纯的虚拟化技术。

一个完整的 Docker 由以下几个部分组成:

DockerClient 客户端

Docker Daemon 守护进程

Docker Image 镜像

DockerContainer 容器

2).Container 与 VM 的对比

docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_Docker

 从上图可以知道,虚拟机比 docker 容器多了 Guest OS (Guest Operating System),也就是多云西宁虚拟机时需要多消耗内核存储,因为只要虚拟机开启就会消耗内存;而docker 没有这个,运行时是一个进程,所以不会消耗太多的资源。 

3).传统虚拟化与容器技术对比

docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_docker_02

4).docker容器的优势
更高效的利用系统资源
更快速的启动时间
一致的运行环境
持续支付和部署
更轻松的迁移
更轻松的维护和拓展

容器的出现对于开发人员来说,一次构建任何地方都可以运行;
对于运维人员来说,一次构建就可以运行任何。

5).容器工作的原理

docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_容器_03

 

Docker 使用客户端 - 服务器(C/S)架构,使用远程API管理和创建Docker 容器。Docker 客户端与 Docker 守护进程通信,后者负责构建,运行和分发 Docker容器。Docker客户端和守护进程可以在同一系统上运行,也可以将Docker客户端连接到远程Docker守护进程。Docker客户端和守护进程使用REST API,通过UNIX套接字或网络接口进行通信。

Client:客户端通过命令行或其他工具与守护进程通信,客户端会将这些命令发送给守护进程,然后执行这些命令。命令使用Docker API,Docker客户端可以与多个守护进程通信。

Docker daemon:Docker守护进程(docker daemon)监听Docker API请求并管理Docker对象,如镜像,容器,网络和卷。守护程序还可以与其他守护程序通信以管理Docker服务。

Docker Host:Docker Host 是物理机或虚拟机,用于执行Docker守护进程的仓库。

Docker Registry:Docker仓库用于存储Docker镜像,可以是Docker Hub这种公共仓库,也可以是个人搭建的私有仓库。使用docker pull或docker run命令时,将从配置的仓库中提取所需的镜像。使用docker push命令时,镜像将被推送到配置的仓库。

 

2 . Docker 容器的部署

官方站点:Docker Documentation | Docker Documentation

阿里云开源镜像站:

docker-ce-linux-centos-7-x86_64-stable-Packages安装包下载_开源镜像站-阿里云

安装:

[root@node11 ~]# cd /etc/yum.repos.d/
[root@node11 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@node11 yum.repos.d]# ls
docker-ce.repo  redhat.repo  westos.repo
[root@node11 yum.repos.d]# vim docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
gpgcheck=0
[root@node11 yum.repos.d]# yum repolist 列出软件仓库的信息
[root@node11 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo 
https://mirrors.aliyun.com/repo/Centos-7.repo
[root@node11 yum.repos.d]# ls
CentOS-Base.repo  docker-ce.repo  redhat.repo  westos.repo
[root@node11 yum.repos.d]# vim CentOS-Base.repo
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/
gpgcheck=0
[root@node11 yum.repos.d]# yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
extras                                                                             | 2.9 kB  00:00:00
extras/x86_64/primary_db                                                           | 247 kB  00:00:00
repo id                                    repo name                                                status
docker-ce-stable/7Server/x86_64            Docker CE Stable - x86_64                                  164
extras/x86_64                              CentOS-7Server - Extras - mirrors.aliyun.com               512
rhel7.6                                    rhel7.6                                                  5,152
repolist: 5,828
[root@node11 yum.repos.d]# yum install -y docker-ce 安装docker软件包
[root@node11 yum.repos.d]# systemctl enable --now docker   设定开机自启动
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

检验安装是否成功:

[root@node11 yum.repos.d]# docker info   查看信息
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
 runc version: v1.1.3-0-g6724737
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 972.6MiB
 Name: node11
 ID: PTFW:XGQ7:Y6QT:M3R5:BVIK:SKNF:TBQD:ULEU:VFAC:RLEM:64OT:43YO
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

此处有两个问题需要解决,这是容器桥接的问题,是防防火墙的原因,因为容器需要防火墙的支持。

安装成功,但是有两个小问题,接下来解决问题:

[root@node11 yum.repos.d]# sysctl -a|grep bridge-nf-call-iptables
 sysctl: reading key "net.ipv6.conf.all.stable_secret"
 sysctl: reading key "net.ipv6.conf.default.stable_secret"
 net.bridge.bridge-nf-call-iptables = 0
 sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
 sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
 sysctl: reading key "net.ipv6.conf.lo.stable_secret"
 [root@node11 yum.repos.d]# cd /etc/sysctl.d
 [root@node11 sysctl.d]# vim docker.conf

docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_docker 一个服务器只能搞一个嘛_04

[root@node11 sysctl.d]# sysctl --system

 * Applying /usr/lib/sysctl.d/00-system.conf ...

 net.bridge.bridge-nf-call-ip6tables = 0

 net.bridge.bridge-nf-call-iptables = 0

 net.bridge.bridge-nf-call-arptables = 0

 * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...

 kernel.yama.ptrace_scope = 0

 * Applying /usr/lib/sysctl.d/50-default.conf ...

 kernel.sysrq = 16

 kernel.core_uses_pid = 1

 net.ipv4.conf.default.rp_filter = 1

 net.ipv4.conf.all.rp_filter = 1

 net.ipv4.conf.default.accept_source_route = 0

 net.ipv4.conf.all.accept_source_route = 0

 net.ipv4.conf.default.promote_secondaries = 1

 net.ipv4.conf.all.promote_secondaries = 1

 fs.protected_hardlinks = 1

 fs.protected_symlinks = 1

 * Applying /etc/sysctl.d/99-sysctl.conf ...

 * Applying /etc/sysctl.d/docker.conf ...

 net.bridge.bridge-nf-call-iptables = 1

 net.bridge.bridge-nf-call-ip6tables = 1

 * Applying /etc/sysctl.conf ...

再次检验:

[root@node11 sysctl.d]# docker info 此时再次查看就没有报错
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.17
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
 runc version: v1.1.3-0-g6724737
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-957.el7.x86_64
 Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 972.6MiB
 Name: node11
 ID: PTFW:XGQ7:Y6QT:M3R5:BVIK:SKNF:TBQD:ULEU:VFAC:RLEM:64OT:43YO
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

禁掉交换分区

[root@node11 sysctl.d]# swapon -s
Filename                                Type            Size    Used    Priority
/dev/dm-1                               partition       2097148 0       -2
[root@node11 sysctl.d]# swapoff -a 
[root@node11 sysctl.d]# swapon -s
[root@node11 sysctl.d]# vim /etc/fstab


docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_Docker_05

 docker 的简单命令:

[root@node11 sysctl.d]# cd
[root@node11 ~]# docker search yakexi007 搜索镜像
NAME                          DESCRIPTION   STARS     OFFICIAL   AUTOMATED
yakexi007/game2048                          0
yakexi007/mario                             0
yakexi007/nginx                             0
yakexi007/myapp                             0
yakexi007/busyboxplus                       0
yakexi007/base-debian10                     0
yakexi007/base-debian11                     0
yakexi007/webserver                         0
yakexi007/trivy-k8s-webhook                 0
[root@node11 ~]# docker pull yakexi007/game2048  拉取镜像
Using default tag: latest
latest: Pulling from yakexi007/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for yakexi007/game2048:latest
docker.io/yakexi007/game2048:latest
[root@node11 ~]# docker run -d --name demo -p 80:80 yakexi007/game2048运行容器
其中在运行容器中加入的参数含义:
run -->创建并启动
-d --> 打入后台
–name --> 起名
-p --> 做端口影射,为了访问容器内的镜像,:前面为真实主机的端口地址,后面为容器内的端口信息。
03cc44c01460bd2464b247da62fb75c0b97b910183a6bd6626f5b40c6c6d4ccf
此时在网页中访问本机的80端口时,会映射到容器中的80 端口;
[root@node11 ~]# docker ps  列出当前运行的容器
CONTAINER ID   IMAGE                COMMAND                  CREATED          STATUS          PORTS                                        NAMES
03cc44c01460   yakexi007/game2048   "/bin/sh -c 'sed -i …"   19 seconds ago   Up 18 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp, 443/tcp   demo
[root@node11 ~]# docker rm -f demo  删除容器
demo

开启容器之后,在当前主机上会开启一个桥接接口;此处所有容器的网关为docker0 上的信息;

docker 一个服务器只能搞一个嘛 一台服务器部署多少docker_docker 一个服务器只能搞一个嘛_06

[root@node11 docker]# docker images		##查看镜像
REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
yakexi007/game2048   latest              19299002fdbe        4 years ago         55.5MB

[root@node11 docker]# docker history yakexi007/game2048		##查看镜像的打包历史
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
19299002fdbe        4 years ago         /bin/sh -c #(nop)  CMD ["/bin/sh" "-c" "sed …   0B                  
<missing>           4 years ago         /bin/sh -c #(nop)  EXPOSE 80/tcp                0B                  
<missing>           4 years ago         /bin/sh -c #(nop) COPY dir:cb74e9c037a3d501c…   600kB               
<missing>           4 years ago         /bin/sh -c #(nop)  MAINTAINER Golfen Guo <go…   0B                  
<missing>           4 years ago         /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemon…   0B                  
<missing>           4 years ago         /bin/sh -c #(nop)  EXPOSE 443/tcp 80/tcp        0B                  
<missing>           4 years ago         /bin/sh -c #(nop) COPY file:d15ceb73c6ea776c…   1.1kB               
<missing>           4 years ago         /bin/sh -c #(nop) COPY file:af94db45bb7e4b8f…   643B                
<missing>           4 years ago         /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D42178…   50.1MB              
<missing>           4 years ago         /bin/sh -c #(nop)  ENV NGINX_VERSION=1.11.7     0B                  
<missing>           4 years ago         /bin/sh -c #(nop)  MAINTAINER NGINX Docker M…   0B                  
<missing>           4 years ago         /bin/sh -c #(nop) ADD file:7afbc23fda8b0b387…   4.8MB  
[root@node11 docker]# docker ps -a		##列出所有的容器包括没有运行的
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                         NAMES
42ce251ebfa9        yakexi007/game2048   "/bin/sh -c 'sed -i …"   3 minutes ago       Up 3 minutes        0.0.0.0:80->80/tcp, 443/tcp   demo