文章最后更新时间:2022年11月25日已超过663天没有更新。
前言:
Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的Linux或Windows操作系统的机器上,也可以实现虚拟化,容器是完全使用沙箱机制,相互之间不会有任何接口。
容器对比KVM的好处:
容器能够提供宿主机的性能,而KVM虚拟机是分配宿主机的硬件资源,性能较弱。
同样配置的宿主机,最多可以启动10个虚拟机的话,那么容器数量却可以启动100+以上。
启动一个KVM虚拟机,得有一个完整的开机过程,花费时间较长,或许20秒左右,而启动一个容器只需要1秒。
KVM需要硬件CPU的虚拟化支持,而容器不需要。
一个完整的Docker有以下几个部分组成:
DockerClient客户端
Docker Daemon守护进程
Docker Image镜像
DockerContainer容器
环境配置
#安装常用包及更换阿里源 yum install -y vim lrzsz wget net-tools nmap tree dos2unix iftop unzip cd /etc/yum.repos.d/ mkdir bak #备份原有的repo文件 mv *.repo bak/ wget wget https://mirrors.aliyun.com/repo/Centos-7.repo wget wget https://mirrors.aliyun.com/repo/epel-7.repo yum clean all yum makecache
开启linux内核的转发流量
[root@localhost yum.repos.d]# cd /etc/sysctl.d/ [root@localhost sysctl.d]# ls 99-sysctl.conf [root@localhost sysctl.d]# touch docker.conf [root@localhost sysctl.d]# echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> docker.conf [root@localhost sysctl.d]# echo 'net.bridge.bridge-nf-call-iptables = 1' >> docker.conf [root@localhost sysctl.d]# echo 'net.ipv4.conf.default.rp_filter = 0' >> docker.conf [root@localhost sysctl.d]# echo 'net.ipv4.conf.all.rp_filter = 0' >> docker.conf [root@localhost sysctl.d]# echo 'net.ipv4.ip_forward = 1' >> docker.conf [root@localhost sysctl.d]# modprobe br_netfilter [root@localhost sysctl.d]# sysctl -p /etc/sysctl.d/docker.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.ip_forward = 1
安装Docker
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo ll /etc/yum.repos.d/ yum clean all yum makecache #查看Docker安装包 yum list docker-ce --showduplicates | sort -r #安装Docker yum install -y docker-ce-20.10.16
配置镜像加速器
用于加速镜像文件的下载
[root@localhost sysctl.d]# mkdir -p /etc/docker/
[root@localhost sysctl.d]# vim /etc/docker/daemon.json
[root@localhost sysctl.d]# cat /etc/docker/daemon.json
{
"registry-mirrors" : [
"https://mirror.ccs.tencentyun.com",
"https://registry.docker-cn.com",
"https://dockerhub.azk8s.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://reg-mirror.qiniu.com",
"https://hub-mirror.c.163.com"
]
}
#加载配置文件
[root@localhost sysctl.d]# systemctl daemon-reload
#设置开机自启
[root@localhost sysctl.d]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#启动docker
[root@localhost sysctl.d]# systemctl start docker
[root@localhost sysctl.d]# ps aux |grep docker
root 18776 0.5 3.2 1029568 60836 ? Ssl 21:40 0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 18913 0.0 0.0 112824 980 pts/0 S+ 21:41 0:00 grep --color=auto docker
#查看docker镜像文件
[root@localhost sysctl.d]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
#查看docker的版本
[root@localhost sysctl.d]# docker version
Client: Docker Engine - Community
Version: 20.10.18
API version: 1.41
Go version: go1.18.6
Git commit: b40c2f6
Built: Thu Sep 8 23:14:08 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.16
API version: 1.41 (minimum version 1.12)
Go version: go1.17.10
Git commit: f756502
Built: Thu May 12 09:18:08 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0启动第一个Docker容器
#1、在镜像仓库,搜索镜像文件是否存在nginx [root@localhost sysctl.d]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 17536 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS… 178 bitnami/nginx Bitnami nginx Docker Image 141 [OK] ubuntu/nginx Nginx, a high-performance reverse proxy & we… 63 bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 20 [OK] rancher/nginx-ingress-controller 11 webdevops/nginx Nginx container 10 [OK] ibmcom/nginx-ingress-controller Docker Image for IBM Cloud Private-CE (Commu… 4 bitnami/nginx-ldap-auth-daemon 3 bitnami/nginx-exporter 3 vmware/nginx 2 rancher/nginx-ingress-controller-defaultbackend 2 rapidfort/nginx RapidFort optimized, hardened image for NGINX 2 kasmweb/nginx An Nginx image based off nginx:alpine and in… 2 rancher/nginx 2 bitnami/nginx-intel 1 wallarm/nginx-ingress-controller Kubernetes Ingress Controller with Wallarm e… 1 vmware/nginx-photon 1 rancher/nginx-conf 0 rapidfort/nginx-ib RapidFort optimized, hardened image for NGIN… 0 ibmcom/nginx-ingress-controller-ppc64le Docker Image for IBM Cloud Private-CE (Commu… 0 rancher/nginx-ssl 0 continuumio/nginx-ingress-ws 0 rancher/nginx-ingress-controller-amd64 0 ibmcom/nginx-ppc64le Docker image for nginx-ppc64le 0 #2、拉取nginx镜像 [root@localhost sysctl.d]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx a2abf6c4d29d: Pull complete a9edb18cadd1: Pull complete 589b7251471a: Pull complete 186b1aaa4aa6: Pull complete b4df32aa5a72: Pull complete a0bcbecc962e: Pull complete Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest #3、查看本地镜像文件 [root@localhost sysctl.d]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 605c77e624dd 9 months ago 141MB #4、删除镜像文件docker rmi 镜像ID(记录使用,别操作,不然还得重新下载nginx镜像) [root@localhost sysctl.d]# docker rmi 605c77e624dd Untagged: nginx:latest Untagged: nginx@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 Deleted: sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85 Deleted: sha256:b625d8e29573fa369e799ca7c5df8b7a902126d2b7cbeb390af59e4b9e1210c5 Deleted: sha256:7850d382fb05e393e211067c5ca0aada2111fcbe550a90fed04d1c634bd31a14 Deleted: sha256:02b80ac2055edd757a996c3d554e6a8906fd3521e14d1227440afd5163a5f1c4 Deleted: sha256:b92aa5824592ecb46e6d169f8e694a99150ccef01a2aabea7b9c02356cdabe7c Deleted: sha256:780238f18c540007376dd5e904f583896a69fe620876cabc06977a3af4ba4fb5 Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f #5、通过nginx镜像运行出nginx容器,提供nginx服务 docker run 镜像名字/镜像id -d 表示后台运行 -p 80:80 表示端口映射 宿主机端口:容器内端口 你访问宿主机端口就可以访问到容器内的端口 [root@localhost sysctl.d]# docker run -d -p 80:80 nginx 39174b8eee2b9768ec3d534a359549636a6f92e6a9e8ea2f5e0492060eca4822 #6、查看容器是否在运行 [root@localhost sysctl.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 39174b8eee2b nginx "/docker-entrypoint.…" 42 seconds ago Up 42 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp gifted_wing #查看端口: 80端口已经被docker调用了 [root@localhost sysctl.d]# netstat -pltun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 965/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1591/master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19319/docker-proxy tcp6 0 0 :::22 :::* LISTEN 965/sshd tcp6 0 0 ::1:25 :::* LISTEN 1591/master tcp6 0 0 :::80 :::* LISTEN 19326/docker-proxy udp 0 0 0.0.0.0:68 0.0.0.0:* 8442/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 697/chronyd udp6 0 0 ::1:323 :::* 697/chronyd
网页访问:
关闭容器:
[root@localhost sysctl.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 39174b8eee2b nginx "/docker-entrypoint.…" 12 minutes ago Up 12 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gifted_wing # docker stop 容器ID [root@localhost sysctl.d]# docker stop 39174b8eee2b 39174b8eee2b [root@localhost sysctl.d]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@localhost sysctl.d]# netstat -pltun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 965/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1591/master tcp6 0 0 :::22 :::* LISTEN 965/sshd tcp6 0 0 ::1:25 :::* LISTEN 1591/master udp 0 0 0.0.0.0:68 0.0.0.0:* 8442/dhclient udp 0 0 127.0.0.1:323 0.0.0.0:* 697/chronyd udp6 0 0 ::1:323 :::* 697/chronyd
文章版权声明:除非注明,否则均为柳三千运维录原创文章,转载或复制请以超链接形式并注明出处。
