目錄
Docker已經上市很多年,不是什么新鮮事物了,很多企業或者開發同學以前也不多不少有所接觸,但是有實操經驗的人不多,本系列教程主要偏重實戰,盡量講干貨,會根據本人理解去做闡述,具體官方概念可以查閱官方教程,因為本系列教程對前一章節有一定依賴,建議先學習前面章節內容。
本系列教程導航:
Docker深入淺出系列 | 容器初體驗
課程目標
- 回顧Container與Image核心知識
- 了解如何制作自定義Image的兩種方式
- 了解Dockerfile的一些常用指令
- 了解Image一些常用命令
- 了解如何基於現有Image創建新的Image
- 了解如何運行一個Springboot容器
Container與Image核心知識回顧
在上一篇已經提到過,Docker Image是有多層結構,實際上由一層一層的文件系統組成,底層都是共享宿主Linux內核,Image的分層結構是是為了提高復用性。Image可以看作是Java的class文件,容器可以看成是JAVA的對象去理解,下層的每一層鏡像可以看作是JAVA中的父類,上層鏡像可以共享底層鏡像的組件,類似JAVA中的繼承規則。
Docker Image 基於 Union file systems做鏡像和容器分層,避免在每次以新容器運行圖像時復制一組完整的文件。將更改分隔為其自身層中的容器文件系統,允許將同一容器置於從已知內容重新啟動(因為在刪除容器時,更改的圖層將被關閉)。
面向用戶的是Container層,所有用戶新增環境依賴和數據都會保存在容器層,下層Image只可讀、不可修改。
Container是一種輕量級的虛擬技術,不需要模擬硬件創建虛擬機啟動內核空間,因此啟動速度很快
Docker是基於Linux Kernel的Namespace、CGroups、UnionFileSystem等技術封裝成的一種自
定義容器格式,從而提供一套虛擬運行環境。
- Namespace:對全局系統資源的一種封裝隔離,使得處於不同namespace的進程擁有獨立的全局系統資源,改變一個namespace中的系統資源只會影響當前namespace里的進程,對其他namespace中的進程沒有影響,比如pid[進程]、net[網絡]、mnt[掛載點]等
- CGroups: cgroup和namespace類似,也是將進程進行分組,但它的目的和namespace不一樣,namespace是為了隔離進程組之間的資源,而cgroup是為了對一組進程進行統一的資源監控和限制,比如內存、CPU、進程數等
- Union file systems:用來做image和container分層
制作Docker Image的兩種方式
- 通過Dockerfile制作(推薦) - Dockerfile其內部包含了一條條的指令,每一條指令構建一層,因此每一條指令的內容,就是描述該層應當如何構建。
- 通過
Docker commit操作 - 通過docker commit命令反向基於容器副本創建一個新的鏡像文件。但是使用docker commit看不到Image的創建過程,因此對排查問題不友好。
Dockerfile常用指令
- FROM
指定基礎鏡像,比如FROM centos:6
FROM centos:6 - RUN
在鏡像內部執行一些命令,比如安裝軟件,配置環境等,換行可以使用
groupadd -r mysql && useradd -r -g mysql mysql - ENV
設置變量的值,ENV MYSQL_MAJOR 5.7,可以通過docker run --e key=value修改,后面可以直接使
用${MYSQL_MAJOR}
ENV MYSQL_MAJOR 5.7 - LABEL
設置鏡像標簽
LABEL email="evan08@163.com"
LABEL name="evan"
- VOLUME
定義匿名數據卷。在啟動容器時忘記掛載數據卷,會自動掛載到匿名卷,在啟動容器 docker run 的時候,我們可以通過 -v 參數修改掛載點。
作用:- 避免重要的數據,因容器重啟而丟失,這是非常致命的。
- 避免容器不斷變大。
VOLUME /var/lib/mysql
- COPY
將主機的文件復制到鏡像內,如果目錄不存在,會自動創建所需要的目錄,注意只是復制,不會提取和
解壓
COPY demo-api.jar /usr/loacl/app/ - ADD
將主機的文件復制到鏡像內,和COPY類似,只是ADD會對壓縮文件提取和解壓
ADD demo-api.jar /usr/loacl/app/ - WORKDIR
指定鏡像的工作目錄,之后的命令都是基於此目錄工作,若不存在則創建
WORKDIR /usr/local
WORKDIR tomcat
RUN touch test.txt
會在/usr/local/tomcat下創建test.txt文件
- CMD
容器啟動的時候默認會執行的命令,若有多個CMD命令,則最后一個生效
CMD ["mysqld"] 或CMD mysqld
- ENTRYPOINT
和CMD的使用類似,但docker run執行時,會覆蓋CMD的命令,而ENTRYPOINT不會
ENTRYPOINT ["docker-entrypoint.sh"]
ENTRYPOINT ["/bin/bash", "-C","/start.sh"]
- EXPOSE
聲明容器運行的服務端口,啟動鏡像時,可以使用-p將該端口映射給宿主機
EXPOSE 3306 3307
更多操作可以查看菜鳥教程
Image實戰篇
通過Dockerfile制作Image
(1)在IDEA創建一個Springboot項目
(2)創建一個Rest Api
@RestController
public class DemoController {
@GetMapping("/hello")
public String hello() {
return "Hello";
}
}
(3)通過maven命令 mvn clean package打包應用
target目錄會生成了一個demo-api-0.0.1-SNAPSHOT.jar
(4)進入上一章創建的虛擬機Centos7服務器中創建一個目錄demo-dockerfile目錄
- 使用前一章創建的密碼
evan123去登陸Centos7服務器
Connection to 192.168.100.9 closed.
192:centos7 evan$ ssh root@192.168.100.9
root@192.168.100.9's password:
Last login: Thu Jan 30 03:22:59 2020 from 192.168.100.7
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
[root@10 ~]#
- 創建文件夾
[root@10 /]# mkdir /usr/local/demo-dockerfile
(4)回到宿主機器,上傳demo-api-0.0.1-SNAPSHOT.jar到Centos7服務器demo-dockerfile目錄,我這里用使用命令行操作,其他童鞋可以使用其他sfpt工具上傳
192:centos7 evan$ scp Users/evan/development/repository/eshare-docker-in-action/demo-api/target/demo-api-0.0.1-SNAPSHOT.jar root@192.168.100.9:/usr/local/demo-dockerfile
root@192.168.100.9's password:
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
Users/evan/development/repository/eshare-docker-in-action/demo-api/target/demo-api-0.0.1-SNAPSHOT.jar: No such file or directory
192:centos7 evan$ scp /Users/evan/development/repository/eshare-docker-in-action/demo-api/target/demo-api-0.0.1-SNAPSHOT.jar root@192.168.100.9:/usr/local/demo-dockerfile
root@192.168.100.9's password:
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
demo-api-0.0.1-SNAPSHOT.jar 100% 18MB 105.8MB/s 00:00
192:centos7 evan$
(5)回到虛擬機,在剛才創建的目錄下創建一個Dockerfile文件
192:centos7 evan$ ssh root@192.168.100.9
root@192.168.100.9's password:
Last login: Thu Jan 30 03:25:43 2020 from 192.168.100.7
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
[root@10 ~]# cd /usr/local/demo-dockerfile
[root@10 demo-dockerfile]# mkdir Dockerfile
[root@10 demo-dockerfile]# touch Dockerfile
[root@10 demo-dockerfile]# ls
Dockerfile demo-api-0.0.1-SNAPSHOT.jar
(6)填入以下內容到Dockerfile
FROM openjdk:8
MAINTAINER evan
LABEL name="demo-dockerfile" version="1.0"author="evan" COPY demo-api-0.0.1-SNAPSHOT.jar demo-api-image.jar CMD ["java","-jar","demo-api-image.jar"]
(7)先啟動Docker服務,假如不存在
[root@10 demo-dockerfile]# sudo systemctl start docker
(8)在該目錄下基於Dockerfile構建自定義的鏡像
命令:docker build -t demo-api-image .
運行結果如下:
[root@10 demo-dockerfile]# docker build -t demo-api-image .
Sending build context to Docker daemon 19.32MB
Step 1/5 : FROM openjdk:8
8: Pulling from library/openjdk
146bd6a88618: Already exists
9935d0c62ace: Already exists
db0efb86e806: Already exists
e705a4c4fd31: Already exists
3d3bf7f7e874: Already exists
49371c5b9ff6: Already exists
3f7eaaf7ad75: Already exists
Digest: sha256:7b7408b997615b4d6aaf6c1f0de8a32182497250288ee0a27b4e98cf14a52fb3
Status: Downloaded newer image for openjdk:8
---> 8c6851b1fc09
Step 2/5 : MAINTAINER evan
---> Running in 8fb93afccef8
Removing intermediate container 8fb93afccef8
---> 1f516267494a
Step 3/5 : LABEL name="demo-dockerfile" version="1.0"author="evan"
---> Running in 12cf6c64acf8
Removing intermediate container 12cf6c64acf8
---> 5ab38f113669
Step 4/5 : COPY demo-api-0.0.1-SNAPSHOT.jar demo-api-image.jar
---> d752dc61c8a9
Step 5/5 : CMD ["java","-jar","demo-api-image.jar"]
---> Running in d8bb64f014ee
Removing intermediate container d8bb64f014ee
---> cd026463e853
Successfully built cd026463e853
Successfully tagged demo-api-image:latest
(9)基於我們自定義的image啟動容器,容器命名為demo-api
docker run -d --name demo-api -p 8999:8080 demo-api-image
(10)查看容器的啟動日志
[root@10 demo-dockerfile]# docker logs demo-api
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.2.4.RELEASE)
2020-01-30 04:32:29.537 INFO 1 --- [ main] com.example.demo.api.DemoApiApplication : Starting DemoApiApplication v0.0.1-SNAPSHOT on 4b90fdd0dd97 with PID 1 (/demo-api-image.jar started by root in /)
2020-01-30 04:32:29.540 INFO 1 --- [ main] com.example.demo.api.DemoApiApplication : No active profile set, falling back to default profiles: default
2020-01-30 04:32:30.478 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2020-01-30 04:32:30.488 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2020-01-30 04:32:30.489 INFO 1 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.30]
2020-01-30 04:32:30.540 INFO 1 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2020-01-30 04:32:30.540 INFO 1 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 895 ms
2020-01-30 04:32:30.712 INFO 1 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2020-01-30 04:32:30.888 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2020-01-30 04:32:30.890 INFO 1 --- [ main] com.example.demo.api.DemoApiApplication : Started DemoApiApplication in 1.756 seconds (JVM running for 2.25)
(11)在宿主機器上訪問容器服務,測試Api是否成功部署
[root@10 demo-dockerfile]# curl localhost:8999/hello
Hello
(12)再啟動多一個容器實例測試
[root@10 demo-dockerfile]# docker run -d --name demo-api02 -p 8998:8080 demo-api-image
3029d6b4325a6773ddcacca8d39917b1abfe12d6004cc8a765608f7f2d64edb3
[root@10 demo-dockerfile]# curl localhost:8998/hello
Hello
(12)登陸Docker鏡像倉庫,沒有賬號的童鞋提前到hub.docker.com注冊
[root@10 demo-dockerfile]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: 10856214
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
(13)推送定制的Docker鏡像到遠程倉庫,鏡像名稱要跟Docker id一致
[root@10 demo-dockerfile]# docker tag demo-api-image 10856214/demo-api-image
[root@10 demo-dockerfile]# docker push 10856214/demo-api-image
The push refers to repository [docker.io/10856214/demo-api-image]
9fb0d7d193ef: Pushed
a6ded049566a: Mounted from library/openjdk
e7fe5541de5f: Mounted from library/openjdk
03ff63c55220: Mounted from library/openjdk
bee1e39d7c3a: Mounted from library/openjdk
1f59a4b2e206: Mounted from library/openjdk
0ca7f54856c0: Mounted from library/openjdk
ebb9ae013834: Mounted from library/openjdk
latest: digest: sha256:32afd9d8ca8205d6e667543a66163330c5067c5a37ebd80d53e9563b809e8bb4 size: 2007
(14)查看Image是否已經成功推送到遠程倉庫
(15)從遠程倉庫把Image拉到本地
[root@10 demo-dockerfile]# docker pull 10856214/demo-api-image
Using default tag: latest
latest: Pulling from 10856214/demo-api-image
Digest: sha256:32afd9d8ca8205d6e667543a66163330c5067c5a37ebd80d53e9563b809e8bb4
Status: Image is up to date for 10856214/demo-api-image:latest
docker.io/10856214/demo-api-image:latest
(16)基於遠程10856214/demo-api-image啟動容器
[root@10 demo-dockerfile]# docker run -d --name demo-api03 -p 8997:8080 10856214/demo-api-image
f6907cc3f8b7c21e26111c748de23d923f96f5b2ffef54478ff49d8c03416651
[root@10 demo-dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f6907cc3f8b7 10856214/demo-api-image "java -jar demo-api-…" 4 seconds ago Up 3 seconds 0.0.0.0:8997->8080/tcp demo-api03
3029d6b4325a demo-api-image "java -jar demo-api-…" About an hour ago Up About an hour 0.0.0.0:8998->8080/tcp demo-api02
4b90fdd0dd97 demo-api-image "java -jar demo-api-…" About an hour ago Up About an hour 0.0.0.0:8999->8080/tcp demo-api
[root@10 demo-dockerfile]#
通過Docker Commit創建Image
(1)查看運行中的容器
[root@10 demo-dockerfile]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f6907cc3f8b7 10856214/demo-api-image "java -jar demo-api-…" 2 hours ago Up 2 hours 0.0.0.0:8997->8080/tcp demo-api03
3029d6b4325a demo-api-image "java -jar demo-api-…" 3 hours ago Up 3 hours 0.0.0.0:8998->8080/tcp demo-api02
4b90fdd0dd97 demo-api-image "java -jar demo-api-…" 3 hours ago Up 3 hours 0.0.0.0:8999->8080/tcp demo-api
[root@10 demo-dockerfile]#
(2)進入我們在上一節從遠程倉庫拉回來的自定義鏡像內部
[root@10 demo-dockerfile]# docker exec -it demo-api03 bash
root@f6907cc3f8b7:/#
(3)修改容器demo-api03,在容器內部安裝yum工具
- 嘗試運行yum指令,默認是不帶yum工具,因為容器里的linux操作系統只保留基本指令
root@f6907cc3f8b7:/# yum
bash: yum: command not found
root@f6907cc3f8b7:/#
- 查看下容器內部的linux操作系統版本
root@f6907cc3f8b7:/# cat /etc/issue
Debian GNU/Linux 9 \n \l
內置的操作系統用的Debian
- 使用apt-get更新系統組件
root@f6907cc3f8b7:/# apt-get update
Ign:1 http://deb.debian.org/debian stretch InRelease
Get:2 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Get:3 http://deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Get:4 http://deb.debian.org/debian stretch Release [118 kB]
Get:5 http://security.debian.org/debian-security stretch/updates/main amd64 Packages [516 kB]
Get:6 http://deb.debian.org/debian stretch-updates/main amd64 Packages [27.9 kB]
Get:7 http://deb.debian.org/debian stretch Release.gpg [2365 B]
Get:8 http://deb.debian.org/debian stretch/main amd64 Packages [7086 kB]
Fetched 7936 kB in 1min 18s (101 kB/s)
Reading package lists... Done
- 安裝容器內置操作系統必要依賴
apt-get install build-essential
- 下載安裝yum組件
apt-get install yum
- 測試
yum是否安裝成功
root@f6907cc3f8b7:/# yum --help
Usage: yum [options] COMMAND
List of Commands:
check Check for problems in the rpmdb
check-update Check for available package updates
clean Remove cached data
deplist List a package's dependencies
...
(4)通過以上步驟,我們已經成功修改了容器,接下來我們推出容器,基於當前容器版本創建一個新的Image,命名為demo-api-image-v1
[root@10 demo-dockerfile]# docker commit demo-api03 demo-api-image-v1
sha256:7887668690a3e53c27535669252f67b0391d54443776f1a431f91fe5800958be
[root@10 demo-dockerfile]#
這時候創建出來的Image是默認已經攜帶了yum組件
(5)基於上面更新的新鏡像demo-api-image-v1創建一個容器
[root@10 demo-dockerfile]# docker run -d -it --name demo-api-v1 demo-api-image-v1
6363450e8f7af1f53f935e345d50f7bbfd3ff82bb2409fd5fd75a0f253ed1de8
(6)進入demo-api-v2容器驗證是否已經存在yum組件
[root@10 demo-dockerfile]# docker exec -it demo-api-v1 bash
root@6363450e8f7a:/# yum
You need to give some command
Usage: yum [options] COMMAND
List of Commands:
check Check for problems in the rpmdb
check-update Check for available package updates
clean Remove cached data
deplist List a package's dependencie
...
附錄
Image常用操作
- 查看本地image列表
docker images docker image ls - 獲取遠端鏡像
docker pull - 刪除鏡像[注意此鏡像如果正在使用,或者有關聯的鏡像,則需要先處理完]
docker image rm imageid docker rmi -f imageid docker rmi -f $(docker image ls)刪除所有鏡像 - 運行鏡像
docker run image - 發布鏡像
docker push
Container常用操作
- 根據鏡像創建容器
docker run -d --name -p 9090:8080 my-tomcat tomcat - 查看運行中的container
docker ps - 查看所有的container[包含退出的]
docker ps -a - 刪除container
docker rm containerid docker rm -f $(docker ps -a)刪除所有container - 進入到一個container中
docker exec -it container bash - 根據container生成image
docker commit demo-api03 demo-api-image-v1 - 查看某個container的日志
docker logs container - 查看容器資源使用情況
docker stats - 查看容器詳情信息
docker inspect container - 停止/啟動容器
docker stop/start container
項目Demo Github
https://github.com/EvanLeung08/eshare-docker-in-action.git
有興趣的朋友,歡迎加我公眾號一起交流,有問題可以留言,平時工作比較忙,我也抽時間盡量回復每位朋友的留言,謝謝!
