1. Docker 简介
1).什么是 Docker?
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。
Docker为应用打包、部署平台,而非单纯的虚拟化技术。
一个完整的 Docker 由以下几个部分组成:
DockerClient 客户端
Docker Daemon 守护进程
Docker Image 镜像
DockerContainer 容器
2).Container 与 VM 的对比
从上图可以知道,虚拟机比 docker 容器多了 Guest OS (Guest Operating System),也就是多云西宁虚拟机时需要多消耗内核存储,因为只要虚拟机开启就会消耗内存;而docker 没有这个,运行时是一个进程,所以不会消耗太多的资源。
3).传统虚拟化与容器技术对比
4).docker容器的优势
更高效的利用系统资源
更快速的启动时间
一致的运行环境
持续支付和部署
更轻松的迁移
更轻松的维护和拓展
容器的出现对于开发人员来说,一次构建任何地方都可以运行;
对于运维人员来说,一次构建就可以运行任何。
5).容器工作的原理
Docker 使用客户端 - 服务器(C/S)架构,使用远程API管理和创建Docker 容器。Docker 客户端与 Docker 守护进程通信,后者负责构建,运行和分发 Docker容器。Docker客户端和守护进程可以在同一系统上运行,也可以将Docker客户端连接到远程Docker守护进程。Docker客户端和守护进程使用REST API,通过UNIX套接字或网络接口进行通信。
Client:客户端通过命令行或其他工具与守护进程通信,客户端会将这些命令发送给守护进程,然后执行这些命令。命令使用Docker API,Docker客户端可以与多个守护进程通信。
Docker daemon:Docker守护进程(docker daemon)监听Docker API请求并管理Docker对象,如镜像,容器,网络和卷。守护程序还可以与其他守护程序通信以管理Docker服务。
Docker Host:Docker Host 是物理机或虚拟机,用于执行Docker守护进程的仓库。
Docker Registry:Docker仓库用于存储Docker镜像,可以是Docker Hub这种公共仓库,也可以是个人搭建的私有仓库。使用docker pull或docker run命令时,将从配置的仓库中提取所需的镜像。使用docker push命令时,镜像将被推送到配置的仓库。
2 . Docker 容器的部署
官方站点:Docker Documentation | Docker Documentation
阿里云开源镜像站:
docker-ce-linux-centos-7-x86_64-stable-Packages安装包下载_开源镜像站-阿里云
安装:
[root@node11 ~]# cd /etc/yum.repos.d/
[root@node11 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@node11 yum.repos.d]# ls
docker-ce.repo redhat.repo westos.repo
[root@node11 yum.repos.d]# vim docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
gpgcheck=0
[root@node11 yum.repos.d]# yum repolist 列出软件仓库的信息
[root@node11 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo
https://mirrors.aliyun.com/repo/Centos-7.repo
[root@node11 yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo redhat.repo westos.repo
[root@node11 yum.repos.d]# vim CentOS-Base.repo
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/
gpgcheck=0
[root@node11 yum.repos.d]# yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
extras | 2.9 kB 00:00:00
extras/x86_64/primary_db | 247 kB 00:00:00
repo id repo name status
docker-ce-stable/7Server/x86_64 Docker CE Stable - x86_64 164
extras/x86_64 CentOS-7Server - Extras - mirrors.aliyun.com 512
rhel7.6 rhel7.6 5,152
repolist: 5,828
[root@node11 yum.repos.d]# yum install -y docker-ce 安装docker软件包
[root@node11 yum.repos.d]# systemctl enable --now docker 设定开机自启动
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
检验安装是否成功:
[root@node11 yum.repos.d]# docker info 查看信息
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
runc version: v1.1.3-0-g6724737
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 972.6MiB
Name: node11
ID: PTFW:XGQ7:Y6QT:M3R5:BVIK:SKNF:TBQD:ULEU:VFAC:RLEM:64OT:43YO
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
此处有两个问题需要解决,这是容器桥接的问题,是防防火墙的原因,因为容器需要防火墙的支持。
安装成功,但是有两个小问题,接下来解决问题:
[root@node11 yum.repos.d]# sysctl -a|grep bridge-nf-call-iptables
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
net.bridge.bridge-nf-call-iptables = 0
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@node11 yum.repos.d]# cd /etc/sysctl.d
[root@node11 sysctl.d]# vim docker.conf
[root@node11 sysctl.d]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/docker.conf ...
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
* Applying /etc/sysctl.conf ...
再次检验:
[root@node11 sysctl.d]# docker info 此时再次查看就没有报错
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
runc version: v1.1.3-0-g6724737
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-957.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 972.6MiB
Name: node11
ID: PTFW:XGQ7:Y6QT:M3R5:BVIK:SKNF:TBQD:ULEU:VFAC:RLEM:64OT:43YO
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
禁掉交换分区
[root@node11 sysctl.d]# swapon -s
Filename Type Size Used Priority
/dev/dm-1 partition 2097148 0 -2
[root@node11 sysctl.d]# swapoff -a
[root@node11 sysctl.d]# swapon -s
[root@node11 sysctl.d]# vim /etc/fstab
docker 的简单命令:
[root@node11 sysctl.d]# cd
[root@node11 ~]# docker search yakexi007 搜索镜像
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
yakexi007/game2048 0
yakexi007/mario 0
yakexi007/nginx 0
yakexi007/myapp 0
yakexi007/busyboxplus 0
yakexi007/base-debian10 0
yakexi007/base-debian11 0
yakexi007/webserver 0
yakexi007/trivy-k8s-webhook 0
[root@node11 ~]# docker pull yakexi007/game2048 拉取镜像
Using default tag: latest
latest: Pulling from yakexi007/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for yakexi007/game2048:latest
docker.io/yakexi007/game2048:latest
[root@node11 ~]# docker run -d --name demo -p 80:80 yakexi007/game2048运行容器
其中在运行容器中加入的参数含义:
run -->创建并启动
-d --> 打入后台
–name --> 起名
-p --> 做端口影射,为了访问容器内的镜像,:前面为真实主机的端口地址,后面为容器内的端口信息。
03cc44c01460bd2464b247da62fb75c0b97b910183a6bd6626f5b40c6c6d4ccf
此时在网页中访问本机的80端口时,会映射到容器中的80 端口;
[root@node11 ~]# docker ps 列出当前运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
03cc44c01460 yakexi007/game2048 "/bin/sh -c 'sed -i …" 19 seconds ago Up 18 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp, 443/tcp demo
[root@node11 ~]# docker rm -f demo 删除容器
demo
开启容器之后,在当前主机上会开启一个桥接接口;此处所有容器的网关为docker0 上的信息;
[root@node11 docker]# docker images ##查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
[root@node11 docker]# docker history yakexi007/game2048 ##查看镜像的打包历史
IMAGE CREATED CREATED BY SIZE COMMENT
19299002fdbe 4 years ago /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "sed … 0B
<missing> 4 years ago /bin/sh -c #(nop) EXPOSE 80/tcp 0B
<missing> 4 years ago /bin/sh -c #(nop) COPY dir:cb74e9c037a3d501c… 600kB
<missing> 4 years ago /bin/sh -c #(nop) MAINTAINER Golfen Guo <go… 0B
<missing> 4 years ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B
<missing> 4 years ago /bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp 0B
<missing> 4 years ago /bin/sh -c #(nop) COPY file:d15ceb73c6ea776c… 1.1kB
<missing> 4 years ago /bin/sh -c #(nop) COPY file:af94db45bb7e4b8f… 643B
<missing> 4 years ago /bin/sh -c GPG_KEYS=B0F4253373F8F6F510D42178… 50.1MB
<missing> 4 years ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.11.7 0B
<missing> 4 years ago /bin/sh -c #(nop) MAINTAINER NGINX Docker M… 0B
<missing> 4 years ago /bin/sh -c #(nop) ADD file:7afbc23fda8b0b387… 4.8MB
[root@node11 docker]# docker ps -a ##列出所有的容器包括没有运行的
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42ce251ebfa9 yakexi007/game2048 "/bin/sh -c 'sed -i …" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 443/tcp demo