docker基础再学习
Docker是“码头工人”,码头工人装运集装箱,不关心里面装的是什么货物,也不用直接装运货物,这样省时省力。
集装箱就是容器。
Docker使用Go语言开发。
容器通过运行镜像来启动。
可以基于容器的当前状态创建一个新的镜像。
Docker引擎是一套CS应用。
docker底层依赖的核心技术里的Namespace
ls -l /proc/$$/ns $$代表当前shell的ID
cgroup就是控制组,用于隔离控制组根目录,从linux4.6开始,内核才提供此功能,可以限制、审计、隔离进程组所使用的物理资源(CPU内存等)的一种机制。
docker引擎将名称空间\控制组和联合文件系统打包到一起,所用的就是容器格式(默认是libcontainer)。
用hostnamectl和timedatectl看主机名和时区是极好的。
yum list docker-ce --showduplicates
(这里都是社区CE版docker)看docker版本号,和自己安装的版本,可以来安装指定的版本
安装好后,有必要看一下helloworld是否正常
[root@ecs-d589 ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:62af9efd515a25f84961b70f973a798d2eca956b1b2b026d0a4a63a3b0b6a3f2
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
如果要和docker说bye,还需要手工删除/var/lib/docker,这下你知道镜像容器等放在哪里了
docker守护进程可以充当每个容器的dhcp服务器。
守护进程启动时会创建一个虚拟网桥docker0。
[root@ecs-d589 ~]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5eff:fe8d:a3d2 prefixlen 64 scopeid 0x20<link>
ether 02:42:5e:8d:a3:d2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 746 (746.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@ecs-d589 ~]# docker run -it ubuntu:14.04 /bin/bash
root@fedce93139cb:/# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:736 (736.0 B) TX bytes:0 (0.0 B)
同时在宿主机上多了网络接口vethb1aaab2
vethb1aaab2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e09f:81ff:fe6d:c39f prefixlen 64 scopeid 0x20<link>
ether e2:9f:81:6d:c3:9f txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 1016 (1016.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker network ls 然后可以进一步
docker network inspect bridge 看到bridge网络配置全面的信息
容器和容器和宿主机,就好像连在一个交换机上,是互通的。
不仅如此,docker使用NAT将容器内部监听的端口,与主机端口进行绑定。
同时也是使用NAT使容器们共享宿主机的接口进行上网?
默认桥接网络方案将来可能会被弃用。生产上还是要用自定义桥接网络。
docker attach serene_morse 连接上运行中的容器(并不会默认连接到shell,看容器运行的方式)
Ctrl-P-Q 脱离容器而不停止容器(escape sequence),需要容器运行时带-it选项才有效。如果按Ctrl-C可能会终止容器运行,可以找到attach进程,用kill -9杀掉。(一定要-9)
创建自定义桥接网络inetwork,因为之前建了又删了一个,这里就变成172.19.0.0/16网络了
[root@ecs-d589 ~]# docker network create inetwork
b5a3f4778f2afa6b3b332db75a48034f7e24f0427b2d3609bab66128e7d1b741
[root@ecs-d589 ~]# docker network inspect inetwork
[
{
"Name": "inetwork",
"Id": "b5a3f4778f2afa6b3b332db75a48034f7e24f0427b2d3609bab66128e7d1b741",
"Created": "2022-09-24T09:49:46.356631577+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
- 点赞
- 收藏
- 关注作者
评论(0)