Alicloud official image station:

https://developer.aliyun.com/mirror/?utm_content=g_1000303593

1, Container introduction

Docker is the engine for managing containers.

Docker is an application packaging and deployment platform, rather than a simple virtualization technology.

Advantages of docker container:

For developers: Build once, Run anywhere.

For O & M personnel: Configure once, Run anything.

2, Container deployment

docker source:

[root@server1 yum.repos.d]# cat docker.repo

[docker]
name=docker-ce
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0

Because there are many dependencies when installing docker CE, which are Centos sources

We build Centos source in warehouse source

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/re...

sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

Edit Centos warehouse source:% s / $releaser / 7 / g

Install docker ceyum install docker ce - y

systemctl enable --now  docker

An error will be reported when docker info is executed

[root@server1 sysctl.d]# pwd
/etc/sysctl.d
[root@server1 sysctl.d]# cat docker.conf 
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
sysctl  --system

There will be no error

3, Docker image

1. Hierarchical structure of image

Shared host's kernel

The base image provides the smallest Linux distribution

The same docker host supports running multiple Linux distributions

The biggest advantage of adopting hierarchical structure is to share resources

Copy on write writable container layer

All mirror layers below the container layer are read-only

docker looks for files from top to bottom

The container layer holds the changed part of the image and does not make any changes to the image itself

A mirror can have up to 127 layers

2. Image construction

docker commit build a new image Trilogy

Run container

Modify container

Save the container as a new mirror

Disadvantages:

Low efficiency, weak repeatability and error prone

The user cannot audit the image, which is a potential security hazard

docker commit -m "add files" demoo demo:v1

Or create a Dockerfile:
cat /root/Docker

FROM busybox
RUN touch file1
RUN mkdir LINUX

To build a mirror:

docker build -t demo:v1 .

To view the hierarchy of the mirror:

[root@server11 Docker]# docker history  demo:v1
IMAGE          CREATED          CREATED BY                                      SIZE      COMMENT
08d1b013dbd9   39 minutes ago   /bin/sh -c mkdir westos                         0B        
655ad284a2b5   39 minutes ago   /bin/sh -c touch file1                          0B        
59788edf1f3e   2 years ago      /bin/sh -c #(nop)  CMD ["sh"]                   0B        
<missing>      2 years ago      /bin/sh -c #(nop) ADD file:63eebd629a5f7558c...   1.15MB    

4, Dockerfile details:

dockerfile common instructions:

FROM

Specify the base image. If it does not exist locally, it will be downloaded from the remote warehouse.

MAINTAINER

Set the author of the image, such as user mailbox.

COPY

Copy the file from build context to the image

Two forms are supported: COPY src dest and COPY ["src", "dest"]

src must specify a file or directory in the build context

ADD

The usage is similar to that of COPY, except that src can be an archive compressed file, and the file will be automatically decompressed to dest

ENV

Set environment variables, which can be used by subsequent instructions:

ENV HOSTNAME sevrer1.example.com

EXPOSE

If the application service is running in the container, the service port can be exposed:

EXPOSE 80

VOLUME

Declare the data volume, which usually specifies the application data hanging point:

VOLUME ["/var/www/html"]

WORKDIR

Set the current working directory in the image for RUN, CMD, ENTRYPOINT, ADD and COPY instructions. If the directory does not exist, it will be created automatically.

RUN

Run the command in the container and create a new mirror layer, which is commonly used to install software packages:

RUN yum install -y vim

CMD and ENTRYPOINT

These two instructions are used to set the commands to be executed after the container is started, but CMD will be overwritten by the command line after docker run, and ENTRYPOINT will not be ignored and will be executed.

The parameters after docker run can be passed to the ENTRYPOINT instruction as parameters.
Only one entry point can be specified in Dockerfile. If many are specified, only the last one is valid.

cat /root/dockerfile

FROM demo:v1  stay demo:v1 Based on
RUN touch file3  establish file3
COPY index.html /   Copy files to container
ADD test.tar.gz /mnt  Add this compressed package to the container/mnt lower
ENV HOSTNAME server11  Define variables $HOSTNAME=server11
EXPOSE 80       Exposed 80 ports
VOLUME ["/data"] The files created in this directory are displayed in/var/lib/docker/volumes/There is a newly created file in the directory data under. If you create a file in this directory, it will also be synchronized to the container.

docker build -t demo:v9 .
[root@server11 Docker]# docker run  -it --rm demo:v9
/ # ls
LINUX       data        file1       home        proc        tmp         westos
REDHAT      dev         file2       index.html  root        usr
bin         etc         file3       mnt         sys         var
/ # env
HOSTNAME=server11
SHLVL=1
HOME=/root
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
/ # cd /mnt/
/mnt # ls
etc

Original link: https://blog.csdn.net/qq_4928...