Alicloud official image station:
https://developer.aliyun.com/mirror/?utm_content=g_1000303593
1, Container introduction
Docker is the engine for managing containers.
Docker is an application packaging and deployment platform, rather than a simple virtualization technology.
Advantages of docker container:
For developers: Build once, Run anywhere.
For O & M personnel: Configure once, Run anything.
2, Container deployment
docker source:
[root@server1 yum.repos.d]# cat docker.repo
[docker] name=docker-ce baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/ gpgcheck=0
Because there are many dependencies when installing docker CE, which are Centos sources
We build Centos source in warehouse source
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/re...
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
Edit Centos warehouse source:% s / $releaser / 7 / g
Install docker ceyum install docker ce - y
systemctl enable --now docker
An error will be reported when docker info is executed
[root@server1 sysctl.d]# pwd /etc/sysctl.d [root@server1 sysctl.d]# cat docker.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 sysctl --system
There will be no error
3, Docker image
1. Hierarchical structure of image
Shared host's kernel
The base image provides the smallest Linux distribution
The same docker host supports running multiple Linux distributions
The biggest advantage of adopting hierarchical structure is to share resources
Copy on write writable container layer
All mirror layers below the container layer are read-only
docker looks for files from top to bottom
The container layer holds the changed part of the image and does not make any changes to the image itself
A mirror can have up to 127 layers
2. Image construction
docker commit build a new image Trilogy
Run container
Modify container
Save the container as a new mirror
Disadvantages:
Low efficiency, weak repeatability and error prone
The user cannot audit the image, which is a potential security hazard
docker commit -m "add files" demoo demo:v1
Or create a Dockerfile:
cat /root/Docker
FROM busybox RUN touch file1 RUN mkdir LINUX
To build a mirror:
docker build -t demo:v1 .
To view the hierarchy of the mirror:
[root@server11 Docker]# docker history demo:v1 IMAGE CREATED CREATED BY SIZE COMMENT 08d1b013dbd9 39 minutes ago /bin/sh -c mkdir westos 0B 655ad284a2b5 39 minutes ago /bin/sh -c touch file1 0B 59788edf1f3e 2 years ago /bin/sh -c #(nop) CMD ["sh"] 0B <missing> 2 years ago /bin/sh -c #(nop) ADD file:63eebd629a5f7558c... 1.15MB
4, Dockerfile details:
dockerfile common instructions:
FROM
Specify the base image. If it does not exist locally, it will be downloaded from the remote warehouse.
MAINTAINER
Set the author of the image, such as user mailbox.
COPY
Copy the file from build context to the image
Two forms are supported: COPY src dest and COPY ["src", "dest"]
src must specify a file or directory in the build context
ADD
The usage is similar to that of COPY, except that src can be an archive compressed file, and the file will be automatically decompressed to dest
ENV
Set environment variables, which can be used by subsequent instructions:
ENV HOSTNAME sevrer1.example.com
EXPOSE
If the application service is running in the container, the service port can be exposed:
EXPOSE 80
VOLUME
Declare the data volume, which usually specifies the application data hanging point:
VOLUME ["/var/www/html"]
WORKDIR
Set the current working directory in the image for RUN, CMD, ENTRYPOINT, ADD and COPY instructions. If the directory does not exist, it will be created automatically.
RUN
Run the command in the container and create a new mirror layer, which is commonly used to install software packages:
RUN yum install -y vim
CMD and ENTRYPOINT
These two instructions are used to set the commands to be executed after the container is started, but CMD will be overwritten by the command line after docker run, and ENTRYPOINT will not be ignored and will be executed.
The parameters after docker run can be passed to the ENTRYPOINT instruction as parameters.
Only one entry point can be specified in Dockerfile. If many are specified, only the last one is valid.
cat /root/dockerfile
FROM demo:v1 stay demo:v1 Based on RUN touch file3 establish file3 COPY index.html / Copy files to container ADD test.tar.gz /mnt Add this compressed package to the container/mnt lower ENV HOSTNAME server11 Define variables $HOSTNAME=server11 EXPOSE 80 Exposed 80 ports VOLUME ["/data"] The files created in this directory are displayed in/var/lib/docker/volumes/There is a newly created file in the directory data under. If you create a file in this directory, it will also be synchronized to the container.
docker build -t demo:v9 . [root@server11 Docker]# docker run -it --rm demo:v9 / # ls LINUX data file1 home proc tmp westos REDHAT dev file2 index.html root usr bin etc file3 mnt sys var / # env HOSTNAME=server11 SHLVL=1 HOME=/root TERM=xterm PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PWD=/ / # cd /mnt/ /mnt # ls etc
Original link: https://blog.csdn.net/qq_4928...