Docker 入门
A brief explanation of containers
An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files.
A container is a runtime instance of an image—what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so.
Containers run apps natively on the host machine’s kernel. They have better performance characteristics than virtual machines that only get virtual access to host resources through a hypervisor. Containers can get native access, each one running in a discrete process, taking no more memory than any other executable.
Containers vs. virtual machines
| Virtual Machine diagram | Container diagram |
|---|---|
 |
 |
Note
You may need to add your user to the docker group to call this command without sudo
Manage Docker as a non-root user
The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.
If you don't want to use sudo when you use the docker command, Create a Unix group called docker and users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
To create to docker group and add your user:
- Create the docker group.
sudo groupadd docker
- Add your user to the docker group.
sudo usermod -aG docker $USER
- Log out and log back in so that your group membership is re-evaluated.
如果在虚拟机上测试,可能需要重新启动虚拟机,使更改生效。
在桌面Linux环境如X-Windows,注销您的会话,然后重新登录。
Containers
| 命令 | 注释 |
|---|---|
| docker build -t friendlyhello . | # Create image using this directory's Dockerfile |
| docker run -p 4000:80 friendlyhello | # Run "friendlyname" mapping port 4000 to 80 |
| docker run -d -p 4000:80 friendlyhello | # Same thing, but in detached mode |
| docker container ls | # List all running containers |
| docker container ls -a | # List all containers, even those not running |
| docker container stop <hash> | # Gracefully stop the specified container |
| docker container kill <hash> | # Force shutdown of the specified container |
| docker container rm <hash> | # Remove specified container from this machine |
| docker container rm $(docker container ls -a -q) | # Remove all containers |
| docker image ls -a | # List all images on this machine |
| docker image rm <image id> | # Remove specified image from this machine |
| docker image rm $(docker image ls -a -q) | # Remove all images from this machine |
| docker login | # Log in this CLI session using your Docker credentials |
| docker tag <image> username/repository:tag | # Tag <image> for upload to registry |
| docker push username/repository:tag | # Upload tagged image to registry |
| docker run username/repository:tag | # Run image from a registry |
Services
| 命令 | 注释 |
|---|---|
| docker stack ls | # List stacks or apps |
| docker stack deploy -c <composefile> <appname> | # Run the specified Compose file |
| docker service ls | # List running services associated with an app |
| docker service ps <service> | # List tasks associated with an app |
| docker inspect <task or container> | # Inspect task or container |
| docker container ls -q | # List container IDs |
| docker stack rm <appname> | # Tear down an application |
| docker swarm leave –force | # Take down a single node swarm from the manager |
Swarms
| 命令 | 注释 |
|---|---|
| docker-machine create –driver virtualbox myvm1 | # Create a VM (Mac, Win7, Linux) |
| docker-machine create -d hyperv –hyperv-virtual-switch "myswitch" myvm1 | # Win10 |
| docker-machine env myvm1 | # View basic information about your node |
| docker-machine ssh myvm1 "docker node ls" | # List the nodes in your swarm |
| docker-machine ssh myvm1 "docker node inspect <node ID>" | # Inspect a node |
| docker-machine ssh myvm1 "docker swarm join-token -q worker" | # View join token |
| docker-machine ssh myvm1 | # Open an SSH session with the VM; type "exit" to end |
| docker node ls | # View nodes in swarm (while logged on to manager) |
| docker-machine ssh myvm2 "docker swarm leave" | # Make the worker leave the swarm |
| docker-machine ssh myvm1 "docker swarm leave -f" | # Make master leave, kill swarm |
| docker-machine ls | # list VMs, asterisk shows which VM this shell is talking to |
| docker-machine start myvm1 | # Start a VM that is currently not running |
| docker-machine env myvm1 | # show environment variables and command for myvm1 |
| eval $(docker-machine env myvm1) | # Mac command to connect shell to myvm1 |
| docker stack deploy -c <file> <app> | # Deploy an app; command shell must be set to talk to manager (myvm1), uses local Compose file |
| docker-machine scp docker-compose.yml myvm1:~ | # Copy file to node's home dir (only required if you use ssh to connect to manager and deploy the app) |
| docker-machine ssh myvm1 "docker stack deploy -c <file> <app>" | # Deploy an app using ssh (you must have first copied the Compose file to myvm1) |
| eval $(docker-machine env -u) | # Disconnect shell from VMs, use native docker |
| docker-machine stop $(docker-machine ls -q) | # Stop all running VMs |
| docker-machine rm $(docker-machine ls -q) | # Delete all VMs and their disk images |
Comments:
Email questions, comments, and corrections to hi@smartisan.dev.
Submissions may appear publicly on this website, unless requested otherwise in your email.