容器引擎 Docker

发表于 2020-03-14 更新于 2023-08-19 分类于云原生阅读次数：本文字数： 9.7k 阅读时长 ≈ 9 分钟

什么是 Docker？

Docker™ provides a way to run applications securely isolated in a container, packaged with all its dependencies and libraries.

环境搭建

下载

CentOS

1
2
3

$ curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
$ systemctl start docker
$ systemctl status docker

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2023-03-25 14:22:34 CST; 18s ago
     Docs: https://docs.docker.com
 Main PID: 1971 (dockerd)
    Tasks: 7
   Memory: 108.2M
   CGroup: /system.slice/docker.service
           └─1971 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Mar 25 14:22:33 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:33.594962610+08:00" level=info msg="Loading containers: start."
Mar 25 14:22:33 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:33.907783608+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be us...red IP address"
Mar 25 14:22:33 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:33.998627114+08:00" level=info msg="Loading containers: done."
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.077496453+08:00" level=warning msg="WARNING: bridge-nf-call-iptables is disabled"
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.077526272+08:00" level=warning msg="WARNING: bridge-nf-call-ip6tables is disabled"
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.077573836+08:00" level=info msg="Docker daemon" commit=bc3805a graphdriver=overlay2 version=23.0.1
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.077678364+08:00" level=info msg="Daemon has completed initialization"
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z systemd[1]: Started Docker Application Container Engine.
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.128839102+08:00" level=info msg="[core] [Server #7] Server created" module=grpc
Mar 25 14:22:34 iZt4n6q3i85nj90kbsfqz5Z dockerd[1971]: time="2023-03-25T14:22:34.162907755+08:00" level=info msg="API listen on /run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.

1	$ docker version

Client: Docker Engine - Community
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.19.5
 Git commit:        a5ee5b1
 Built:             Thu Feb  9 19:51:00 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.5
  Git commit:       bc3805a
  Built:            Thu Feb  9 19:48:42 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.19
  GitCommit:        1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

MacOS

1 2	# https://docs.docker.com/desktop/mac/install/ # 根据芯片类型，下载并安装

Windows

　从 Toolbox 的 Archive 页面找到 DockerToolbox-19.03.1.exe 并下载

Toolbox 项目已经于 2021 年停止了维护

安装

　注意安装组件的时候，选择 Full installation，其他的均使用默认的选项，即可

配置

代理

1	$ vim ~/.docker/config.json

{
  "proxies": {
    "default": {
      "httpProxy": "socks5://127.0.0.1:1080",
      "httpsProxy": "socks5://127.0.0.1:1080",
      "noProxy": "*.yuzhouwan.com"
    }
  }
}

镜像源

https://docker.mirrors.ustc.edu.cn
https://hub-mirror.c.163.com

# 另外，登陆阿里云账号后，可以通过该地址获取到专属的阿里云镜像
# https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

配置文件

1	$ vim ~/.docker/config.json

{
  "registry-mirrors": [
    "https://registry.docker-cn.com"
  ]
}

配置守护程序

1 2	# 增加如下配置项 $ vim /etc/docker/daemon.json

1
2
3

{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

# 重启 Docker 服务使其生效
$ sudo service docker restart

# 校验是否生效
$ docker system info

# ...
Registry Mirrors:
 https://registry.docker-cn.com
# ..

命令行指定

1	$ docker-machine create --engine-registry-mirror=http://hub-mirror.c.163.com -d virtualbox kafka-connect

Desktop 设置

（对 Docker™ 的截图）

Boot 2 Docker

打开 cmd 命令行

$ cmd

查看帮助文档

1	$ docker-machine -h

创建名为 kafka-connect 的镜像

1	$ docker-machine create --driver virtualbox kafka-connect

进入 kafka-connect 镜像

1	$ docker-machine env kafka-connect

SET DOCKER_TLS_VERIFY=1
SET DOCKER_HOST=tcp://127.0.0.1:2376
SET DOCKER_CERT_PATH=C:\Users\BenedictJin\.docker\machine\machines\kafka-connect
SET DOCKER_MACHINE_NAME=kafka-connect
SET COMPOSE_CONVERT_WINDOWS_PATHS=true
REM Run this command to configure your shell:
REM     @FOR /f "tokens=*" %i IN ('docker-machine env kafka-connect') DO @%i

拷贝上面输出的最后一行，去掉 REM 注释，并运行

1	$ @FOR /f "tokens=*" %i IN ('docker-machine env kafka-connect') DO @%i

此时，就可以执行 docker 相关的命令了

1	$ docker info

移除 kafka-connect 镜像

1	$ docker-machine rm kafka-connect

常用命令

build

1
2
3

$ docker build [OPTIONS] PATH | URL | -

$ docker -D build -t apache/druid:tag -f distribution/docker/Dockerfile .

version

1	$ docker version

Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:22:34 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea
  Built:            Wed Nov 13 07:29:19 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

status

1	$ service docker status

Redirecting to /bin/systemctl status  docker.service
● docker.service - LSB: start and stop docker
   Loaded: loaded (/etc/docker/docker; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-09-18 09:54:31 CST; 29min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 14743 ExecStart=/etc/docker/docker start (code=exited, status=0/SUCCESS)
   CGroup: /docker.slice/docker.service
           ├─14907 /opt/ali-iaas/docker/plugins/alinet 127.0.0.1
           ├─14919 /opt/ali-iaas/docker/plugins/tmpfs 127.0.0.1
           └─14933 /opt/ali-iaas/docker/plugins/alilocal 127.0.0.1

logs

1	$ docker logs -f <容器名 or 容器ID>

1	$ docker login reg.docker.yuzhouwan.com

cp

# 从容器中将文件拷贝出来
$ docker cp <容器名 or 容器ID>:/home/benedict_jin/a.txt /opt/
# 从将文件拷贝到容器里面
$ docker cp /opt/ <容器名 or 容器ID>:/home/benedict_jin/a.txt

ps

1 2	# 展示本地 Docker 中的所有容器 $ docker ps [OPTIONS]

push

1
2
3

$ docker push [OPTIONS] NAME[:TAG]

$ docker push asdf2014/druid:fc95c928069537b3f3a6baf86f220b893d42fdc5

The push refers to repository [docker.io/asdf2014/druid]
5f70bf18a086: Pushed
5228ceab8d39: Pushed
1b1abbf7c11b: Pushed
2e786558cfc7: Pushed
a4b1169e928b: Pushed
92ef334e5d67: Pushed
3375b0a62576: Pushed
1d834f05c29e: Pushed
b29380a5a354: Pushed
231bdbae9aea: Pushed
ba16d454860a: Pushed
1a5ede0c966b: Pushed
fc95c928069537b3f3a6baf86f220b893d42fdc5: digest: sha256:eefe3df1bc504516e514aac9d00abd905f4003668c11af604817dfc75caed2ee size: 2832

run

1	$ docker run [OPTIONS] IMAGE[:TAG\|@DIGEST] [COMMAND] [ARG...]

restart

1	$ docker restart <容器名 or 容器ID>

stop

# usage
$ docker stop [OPTIONS] CONTAINER [CONTAINER...]
# example
$ docker stop c269c13a8fee
# stop all
$ docker stop $(docker ps -a -q)

rmi

# usage
$ docker rmi [OPTIONS] IMAGE [IMAGE...]
# example
$ docker rmi k8s.gcr.io/coredns:1.3.1

rm

# usage
$ docker rm <容器名 or 容器ID>
# remove all
$ docker rm $(docker ps -a -f status=exited -q)
$ docker rm $(docker ps -a -f status=exited -f status=created -q)

tag

$ docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]

$ docker tag c42de02bd3e2 asdf2014/druid:fc95c928069537b3f3a6baf86f220b893d42fdc5
$ docker images

1 2	REPOSITORY TAG IMAGE ID CREATED SIZE asdf2014/druid fc95c928069537b3f3a6baf86f220b893d42fdc5 c42de02bd3e2 23 hours ago 689MB

1	$ docker images

REPOSITORY                    TAG                                        IMAGE ID       CREATED              SIZE
apache/druid                  0.22.0_with_conf                           5931517fd053   About a minute ago   687MB
<none>                        <none>                                     4200421fc08b   16 hours ago         133MB
apache/druid                  0.22.0_conf                                1fb62951eede   2 weeks ago          686MB
<none>                        <none>                                     90c3bc4ec0af   2 weeks ago          686MB
apache/druid                  tag                                        c42de02bd3e2   2 weeks ago          689MB
asdf2014/druid                fc95c928069537b3f3a6baf86f220b893d42fdc5   c42de02bd3e2   2 weeks ago          689MB
gcr.io/k8s-minikube/kicbase   v0.0.26                                    b0c9ec980b3d   2 months ago         1.08GB
maven                         3.8.1-jdk-11-slim                          1b6721ada2a1   3 months ago         440MB

1 2	$ docker image tag apache/druid:0.22.0_with_conf asdf2014/druid:0.22.0_with_conf $ docker images

REPOSITORY                    TAG                                        IMAGE ID       CREATED         SIZE
apache/druid                  0.22.0_with_conf                           5931517fd053   2 minutes ago   687MB
asdf2014/druid                0.22.0_with_conf                           5931517fd053   2 minutes ago   687MB
<none>                        <none>                                     4200421fc08b   16 hours ago    133MB
apache/druid                  0.22.0_conf                                1fb62951eede   2 weeks ago     686MB
<none>                        <none>                                     90c3bc4ec0af   2 weeks ago     686MB
apache/druid                  tag                                        c42de02bd3e2   2 weeks ago     689MB
asdf2014/druid                fc95c928069537b3f3a6baf86f220b893d42fdc5   c42de02bd3e2   2 weeks ago     689MB
gcr.io/k8s-minikube/kicbase   v0.0.26                                    b0c9ec980b3d   2 months ago    1.08GB
maven                         3.8.1-jdk-11-slim                          1b6721ada2a1   3 months ago    440MB

实用技巧

Engine API

# 获取到 unhealthy 状态的容器
$ curl --unix-socket /var/run/docker.sock "http://localhost/containers/json?filters=\{\"health\":\[\"unhealthy\"\]\}"

# 获取到容器启动的时间戳
$ curl --unix-socket /var/run/docker.sock "http://localhost/containers/<容器 ID>/json" | jq '.State.StartedAt' | date +%s

踩到的坑

No default Boot2Docker ISO found locally

描述

1	$ docker-machine create --driver virtualbox kafka-connect

1
2
3

Running pre-create checks...
(dataagg) No default Boot2Docker ISO found locally, downloading the latest release...
Error with pre-create check: "Get https://api.github.com/repos/boot2docker/boot2docker/releases/latest: dial tcp 127.0.0.1:443: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."

解决

　到 boot2docker 的 release 页面下载最新的 boot2docker.iso（当前最新版本为 v17.12.1-ce），并放到 C:\Users\BenedictJin\.docker\machine\cache 目录下，再次运行 docker-machine create xxx 命令即可