-
Docker容器技术
一、docker部署
仓库部署:
- cd /etc/yum.repos.d/
- vim docker.repo
- [docker]
- name=docker-ce
- baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/x86_64/stable/
- gpgcheck=0
- [update]
- name=centos
- baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos/7/extras/x86_64/
- gpgcheck=0
安装docker-ce
- yum install -y docker-ce
- systemctl enable --now docker
- docker info
激活内核选项
- vim /etc/sysctl.d/docker.conf
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- net.ipv4.ip_forward = 1
- sysctl --system
- systemctl restart docker
启动容器
- docker run -d --name web1 -p 80:80 nginx
- docker ps
删除容器 查询镜像 拉取镜像到本地 启动容器
- docker rm -f web1
- docker search yakexi007
- docker pull yakexi007/game2048
- docker run -d --name web1 -p 80:80 yakexi007/game2048
- docker rm -f web1
二、docker镜像
1、镜像分层结构
删除全部镜像docker rmi `docker images | grep -v REPOSITORY | awk '{print $1":"$2}'`2、镜像构建
docker commit
这种方式不利于安全审计
- docker run -it --name demo busybox
- touch file1
- touch file2
- ctrl+d: 退出容器后容器自动关闭
- ctrl+pq: 退出容器后继续在后台运行
- docker ps -a
- docker start demo
- docker attach demo
- docker commit -m "add files" demo demo:v1 提交容器变更到新的镜像
- docker history demo:v1
- docker rmi demo:v1
Dockerfile
- mkdir docker
- cd docker/
- cp ~/nginx-1.23.3.tar.gz .
- vim Dockerfile
- FROM centos:7
- ADD nginx-1.23.3.tar.gz /mnt
- WORKDIR /mnt/nginx-1.23.3
- RUN yum install -y gcc make pcre-devel openssl-devel
- RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
- RUN ./configure --with-http_ssl_module --with-http_stub_status_module
- RUN make
- RUN make install
- EXPOSE 80
- VOLUME ["/usr/local/nginx/html"]
- CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
构建镜像
- docker build -t webserver:v1 .
- docker images webserver
- docker history webserver:v1
启动容器等
- docker run -d --name web1 webserver:v1
- docker inspect web1
数据卷挂载
自动分配的ip
访问容器
curl 172.17.0.2
3、镜像优化
缩减镜像层
- vim Dockerfile
- FROM centos:7 as build
- ADD nginx-1.23.3.tar.gz /mnt
- WORKDIR /mnt/nginx-1.23.3
- RUN yum install -y gcc make pcre-devel openssl-devel && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --with-http_ssl_module --with-http_stub_status_module && make && make install && cd .. && rm -fr nginx-1.23.3 && yum clean all
- EXPOSE 80
- VOLUME ["/usr/local/nginx/html"]
- CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
- docker build -t webserver:v2 .
- docker images webserver
多阶段构建
- vim Dockerfile
- FROM centos:7 as build
- ADD nginx-1.23.3.tar.gz /mnt
- WORKDIR /mnt/nginx-1.23.3
- RUN yum install -y gcc make pcre-devel openssl-devel && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --with-http_ssl_module --with-http_stub_status_module && make && make install && cd .. && rm -fr nginx-1.23.3 && yum clean all
- FROM centos:7
- COPY --from=build /usr/local/nginx /usr/local/nginx
- EXPOSE 80
- VOLUME ["/usr/local/nginx/html"]
- CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
- docker build -t webserver:v3 .
- docker images webserver
使用最精简的基础镜像
- docker load -i base-debian11.tar
- mkdir new
- cd new/
- vim Dockerfile
- FROM nginx:1.23.3 as base
- # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
- ARG TIME_ZONE
- RUN mkdir -p /opt/var/cache/nginx && \
- cp -a --parents /usr/lib/nginx /opt && \
- cp -a --parents /usr/share/nginx /opt && \
- cp -a --parents /var/log/nginx /opt && \
- cp -aL --parents /var/run /opt && \
- cp -a --parents /etc/nginx /opt && \
- cp -a --parents /etc/passwd /opt && \
- cp -a --parents /etc/group /opt && \
- cp -a --parents /usr/sbin/nginx /opt && \
- cp -a --parents /usr/sbin/nginx-debug /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
- cp -a --parents /usr/lib/x86_64-linux-gnu/libpcre* /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
- cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
- cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
- cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
- cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
- FROM gcr.io/distroless/base-debian11
- COPY --from=base /opt /
- EXPOSE 80 443
- ENTRYPOINT ["nginx", "-g", "daemon off;"]
- docker build -t webserver:v4 .
- docker images webserver
- docker run -d --name web1 webserver:v4
- curl 172.17.0.2
-
相关阅读:
三、python基础——六大基本数据类型
C++类的默认成员函数
Go SSE Demo
LVS-NAT之VMNET环境搭建
语音识别与自然语言处理(NLP):技术前沿与未来趋势
vue自动跳转模拟登陆
CSS media属性的使用-兼容不同设备不同屏幕宽度的写法
PostgreSQL配置主从备份(docker)
电脑换cpu要重装系统吗
陪诊系统|陪诊软件开发|陪诊系统搭建功能
- 原文地址:https://blog.csdn.net/weixin_56744753/article/details/134084565
