容器技術(shù)
鏡像管理
commit 打包鏡像
docker commit 容器id 新鏡像名稱:標(biāo)簽
[root@docker-0001 ~]# docker run -it centos:latest
[root@02fd1719c038 ~]# rm -f /etc/yum.repos.d/*.repo
[root@02fd1719c038 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud.com/repo/CentOS-Base-7.repo
[root@02fd1719c038 ~]# yum install -y net-tools vim-enhanced tree bash-completion iproute psmisc && yum clean all
[root@02fd1719c038 ~]# exit
[root@docker-0001 ~]# docker commit 02fd1719c038 myos:latest
Dockerfile打包鏡像
Dockerfile語(yǔ)法
| 語(yǔ)法指令 | 語(yǔ)法說(shuō)明 |
|---|---|
| FROM | 基礎(chǔ)鏡像 |
| RUN | 制作鏡像時(shí)執(zhí)行的命令,可以有多個(gè) |
| ADD | 復(fù)制文件到鏡像凰狞,自動(dòng)解壓 |
| COPY | 復(fù)制文件到鏡像篇裁,不解壓 |
| EXPOSE | 聲明開放的端口 |
| ENV | 設(shè)置容器啟動(dòng)后的環(huán)境變量 |
| WORKDIR | 定義容器默認(rèn)工作目錄(等于cd) |
| CMD | 容器啟動(dòng)時(shí)執(zhí)行的命令,僅可以有一條CMD |
使用Dockerfile創(chuàng)建鏡像
docker build -t 鏡像名稱:標(biāo)簽 Dockerfile所在目錄
制作apache鏡像
CMD 指令可以查看 service 文件的啟動(dòng)命令 ExecStart(/lib/systemd/system/httpd.service)
ENV 環(huán)境變量查詢服務(wù)文件中的環(huán)境變量配置文件 EnvironmentFile 指定的文件內(nèi)容
[root@docker-0001 ~]# mkdir apache; cd apache
[root@docker-0001 apache]# vim Dockerfile
FROM myos:latest
RUN yum install -y httpd php
ENV LANG=C
ADD webhome.tar.gz /var/www/html/
WORKDIR /var/www/html/
EXPOSE 80
CMD ["/usr/sbin/httpd", "-DFOREGROUND"]
# 拷貝 webhome.tar.gz 到當(dāng)前目錄中
[root@docker-0001 apache]# docker build -t myos:httpd .
查看與驗(yàn)證鏡像
[root@docker-0001 web]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
myos httpd db15034569da 12 seconds ago 412MB
myos latest 867409e412c8 2 hours ago 281MB
[root@docker-0001 web]# docker rm -f $(docker ps -aq)
[root@docker-0001 web]# docker run -itd myos:httpd
[root@docker-0001 web]# curl http://172.17.0.2/info.php
<pre>
Array
(
[REMOTE_ADDR] => 172.17.0.1
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /info.php
)
php_host: 6c9e124bee1a
1229
制作php-fpm鏡像
[root@docker-0001 ~]# mkdir php; cd php
[root@docker-0001 php]# vim Dockerfile
FROM myos:latest
RUN yum install -y php-fpm
EXPOSE 9000
CMD ["/usr/sbin/php-fpm", "--nodaemonize"]
[root@docker-0001 php]# docker build -t myos:php-fpm .
驗(yàn)證服務(wù)
[root@docker-0001 ~]# docker run -itd myos:php-fpm
deb37734e52651161015e9ce7771381ee6734d1d36bb51acb176b936ab1b3196
[root@docker-0001 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
deb37734e526 myos:php-fpm "/usr/sbin/php-fpm -…" 17 seconds ago Up 15 seconds
[root@docker-0001 ~]# docker exec -it deb37734e526 /bin/bash
[root@deb37734e526 ~]# ss -ltun
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 127.0.0.1:9000 *:*
[root@deb37734e526 ~]#
制作nginx鏡像
1赡若、制作 nginx 軟件包
[root@docker-0001 ~]# yum install -y gcc make pcre-devel openssl-devel
[root@docker-0001 ~]# useradd nginx
[root@docker-0001 ~]# tar -zxvf nginx-1.12.2.tar.gz
[root@docker-0001 ~]# cd nginx-1.12.2
[root@docker-0001 nginx-1.12.2]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module
[root@docker-0001 nginx-1.12.2]# make && make install
[root@docker-0001 nginx-1.12.2]# # 拷貝 docker-images/info.html和info.php 到 nginx/html 目錄下
[root@docker-0001 nginx-1.12.2]# cd /usr/local/
[root@docker-0001 local]# tar czf nginx.tar.gz nginx
2达布、制作鏡像
[root@docker-0001 local]# mkdir /root/nginx ;cd /root/nginx
[root@docker-0001 nginx]# cp /usr/local/nginx.tar.gz ./
[root@docker-0001 nginx]# vim Dockerfile
FROM myos:latest
RUN yum install -y pcre openssl && useradd nginx
ADD nginx.tar.gz /usr/local/
EXPOSE 80
WORKDIR /usr/local/nginx/html
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@docker-0001 nginx]# docker build -t myos:nginx .
驗(yàn)證服務(wù)
[root@docker-0001 ~]# docker rm -f $(docker ps -aq)
deb37734e526
[root@docker-0001 ~]# docker run -itd myos:nginx
e440b53a860a93cc2b82ad0367172c344c7207def94c4c438027c60859e94883
[root@docker-0001 ~]# curl http://172.17.0.2/info.html
<html>
<marquee behavior="alternate">
<font size="12px" color=#00ff00>Hello World</font>
</marquee>
</html>
[root@docker-0001 ~]#
發(fā)布容器服務(wù)
對(duì)外發(fā)布服務(wù)
給 docker-0001 綁定一個(gè)公網(wǎng)IP
docker run -itd -p 宿主機(jī)端口:容器端口 鏡像名稱:標(biāo)簽
# 把 docker-0001 變成 apache 服務(wù)
[root@docker-0001 ~]# docker run -itd -p 80:80 myos:httpd
# 把 docker-0001 變成 nginx 服務(wù),首先必須停止 apache
[root@docker-0001 ~]# docker stop $(docker ps -q)
[root@docker-0001 ~]# docker run -itd -p 80:80 myos:nginx
驗(yàn)證方式: 通過(guò)瀏覽器訪問(wèn)即可
容器共享卷
docker run -itd -v 宿主機(jī)對(duì)象:容器內(nèi)對(duì)象 鏡像名稱:標(biāo)簽
使用共享卷動(dòng)態(tài)修改容器內(nèi)配置文件
[root@docker-0001 ~]# mkdir /var/webconf
[root@docker-0001 ~]# cp /usr/local/nginx/conf/nginx.conf /var/webconf/
[root@docker-0001 ~]# vim /var/webconf/nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
[root@docker-0001 ~]# docker run -itd -p 80:80 --name nginx \
-v /var/webconf/nginx.conf:/usr/local/nginx/conf/nginx.conf myos:nginx
驗(yàn)證方式: 使用 exec 進(jìn)入容器查看
[root@docker-0001 ~]# docker exec -it nginx /bin/bash
[root@e440b53a860a html]# cat /usr/local/nginx/conf/nginx.conf
[root@e440b53a860a html]# # 查看 php 相關(guān)配置是否被映射到容器內(nèi)
容器間網(wǎng)絡(luò)通信
實(shí)驗(yàn)架構(gòu)圖例
graph LR
subgraph docker-0001
style docker-0001 fill:#ffffc0,color:#ff00ff
subgraph 容器1
style 容器1 color:#00ff00,fill:#88aaff
APP1[(Nginx)];NET1{{共享網(wǎng)絡(luò)}}
end
subgraph 容器2
style 容器2 color:#00ff00,fill:#88aaff
APP2[(PHP)]
end
APP1 & APP2 --> NET1 & L((共享存儲(chǔ)卷))
end
U((用戶)) --> APP1
實(shí)驗(yàn)步驟
[root@docker-0001 ~]# mkdir -p /var/{webroot,webconf}
[root@docker-0001 ~]# cd kubernetes/docker-images
[root@docker-0001 ~]# cp info.php info.html /var/webroot/
[root@docker-0001 ~]# cp /usr/local/nginx/conf/nginx.conf /var/webconf/
[root@docker-0001 ~]# vim /var/webconf/nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# 啟動(dòng)前端 nginx 服務(wù)逾冬,并映射共享目錄和配置文件
[root@docker-0001 ~]# docker run -itd --name nginx -p 80:80 \
-v /var/webconf/nginx.conf:/usr/local/nginx/conf/nginx.conf \
-v /var/webroot:/usr/local/nginx/html myos:nginx
# 啟動(dòng)后端 php 服務(wù)黍聂,并映射共享目錄
[root@docker-0001 ~]# docker run -itd --network=container:nginx \
-v /var/webroot:/usr/local/nginx/html myos:php-fpm
驗(yàn)證服務(wù)
[root@docker-0001 ~]# curl http://docker-0001/info.html
<html>
<marquee behavior="alternate">
<font size="12px" color=#00ff00>Hello World</font>
</marquee>
</html>
[root@docker-0001 ~]# curl http://docker-0001/info.php
<pre>
Array
(
[REMOTE_ADDR] => 172.17.0.1
[REQUEST_METHOD] => GET
[HTTP_USER_AGENT] => curl/7.29.0
[REQUEST_URI] => /info.php
)
php_host: f705f89b45f9
1229
docker私有倉(cāng)庫(kù)
docker私有倉(cāng)庫(kù)圖例
graph TB
H1[(容器服務(wù)器<br>docker-0001)] & H2[(容器服務(wù)器<br>docker-0002)] --> I{{鏡像倉(cāng)庫(kù)}}
style I fill:#77ff77
私有倉(cāng)庫(kù)配置
| 主機(jī)名 | ip地址 | 最低配置 |
|---|---|---|
| registry | 192.168.1.100 | 1CPU,1G內(nèi)存 |
[root@registry ~]# yum install -y docker-distribution
[root@registry ~]# systemctl enable --now docker-distribution
[root@registry ~]# curl http://192.168.1.100:5000/v2/_catalog
{"repositories":[]}
docker客戶端配置
所有node節(jié)點(diǎn)都需要配置,這里 docker-0001身腻,docker-0002都要配置
native.cgroupdriver cgroup驅(qū)動(dòng)产还,docker默認(rèn) cgroupfs
registry-mirrors 默認(rèn)下載倉(cāng)庫(kù),使用國(guó)內(nèi)源能快一點(diǎn)
insecure-registries 私有倉(cāng)庫(kù)地址(重點(diǎn))
[root@docker-0001 ~]# vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://hub-mirror.c.163.com"],
"insecure-registries":["192.168.1.100:5000", "registry:5000"]
}
[root@docker-0001 ~]# docker rm -f $(docker ps -aq)
[root@docker-0001 ~]# systemctl restart docker
上傳鏡像
# 上傳 myos:latest, myos:httpd, myos:nginx, myos:php-fpm
[root@docker-0001 ~]# docker tag myos:latest 192.168.1.100:5000/myos:latest
[root@docker-0001 ~]# docker push 192.168.1.100:5000/myos:latest
驗(yàn)證測(cè)試
curl http://倉(cāng)庫(kù)IP:5000/v2/_catalog
curl http://倉(cāng)庫(kù)IP:5000/v2/鏡像名稱/tags/list
[root@docker-0002 ~]# curl http://192.168.1.100:5000/v2/_catalog
{"repositories":["myos"]}
[root@docker-0002 ~]# curl http://192.168.1.100:5000/v2/myos/tags/list
{"name":"myos","tags":["latest"]}
# 使用遠(yuǎn)程鏡像啟動(dòng)容器
[root@docker-0002 ~]# docker run -it 192.168.1.100:5000/myos:latest
Unable to find image '192.168.1.100:5000/myos:latest' locally
latest: Pulling from myos
7dc0dca2b151: Pull complete
95c297b4d705: Pull complete
Digest: sha256:d61ffc053895e2dc16f63b8a2988dfe5f34207b48b1e74d397bb3267650ba4ce
Status: Downloaded newer image for 192.168.1.100:5000/myos:latest
[root@674ebe359e44 /]#
