Docker 是一个构建在 Linux 内核之上的容器程序,其拥有许多类似 Linux 系统的特性:
有自身的命名空间, IPC,文件系统,网络系统,用户管理系统以及硬件资源管理;
(from Docker in Action)
因此,为方便对相关命令的记忆,特按此分类整理相关命令;
- Running Docker
|
docker run |
--detach -d
|
|
||
|
|
--interactive --tty
-it |
|
||
|
|
|
|
||
|
pid namespace |
Without a PID namespace, the processes running inside a container would share the same ID space as those in other containers or on the host. A container would be able to determine what other processes were running on the host machine
|
|
||
|
|
(--pid [host]) |
optional |
||
|
|
|
|
||
|
container ID |
|
|
||
|
1. ID |
unique identifier . These are hex-encoded 1024-bit numbers |
docker create
|
||
|
2. Name
|
docker run --name [containerName] |
|
||
|
|
docker rename [containerName] [newName]
|
|
||
|
|
|
|
||
|
Environment
|
Environment variables are key-value pairs that are made available to programs through their execution context
|
|
||
|
|
--env
-e |
|
||
|
|
|
|
||
|
Volumes /File System
|
A volume is a mount point on the container’s directory tree where a portion of the host directory tree has been mounted.
|
|
||
|
|
--volume -v
The map key (the path before the colon) is the absolute path of a location on the host file system, and the value (the path after the colon) is the location where it should be mounted inside the container.
You can use bind mount volumes to mount individual files. the file must exist on the host before you create the container. Otherwise, Docker will assume that you wanted to use a directory, create it on the host, and mount it at the desired location (even if that location is occupied by a file).
|
|
||
|
|
--volumes-from
flag that will copy the volumes from one or more containers to the new container
|
|
||
|
|
|
|
||
|
Network /IP namespace
|
two specific networks The first network is the one that your computer is connected to. The second is a virtual network that Docker creates to connect all of the running containers to the network that the computer is connected to. That second network is called a bridge.
each container is assigned a unique private IP address that’s not directly reachable from the external network. Connections are routed through the Docker bridge interface called docker0.
|
|
||
|
|
--publish
-p <containerPort> -p <hostPort>:<containerPort> -p <ip>::<containerPort> -p <ip>:<hostPort>:<containerPort>
|
|
||
|
dependency |
--link
|
|
||
|
|
--link a:alias-a is like an IP mapping to a hostName
Links work by determining the network information of a container (IP address and exposed ports) and then injecting that into a new container.
The nature of links is such that dependencies are directional, static, and nontransitive. Nontransitive means that linked containers won’t inherit links.
|
|
||
|
topology |
--net [none/bridge/host]
|
bridge is default |
||
|
dns |
--hostname [localhost] to set the host name of a new container. This flag adds an entry to the DNS override system inside the container. The entry maps the provided host name to the container’s bridge IP address
--add-host [test:192.168.0.0] a custom mapping for an IP address and host name pair
|
|
||
|
|
|
|
||
|
Resource |
memory, cpu, access to devices
|
|
||
|
|
|
|
||
|
IPC namespace |
The IPC namespace prevents processes in one container from accessing the memory on the host or in other containers
|
|
||
|
|
--ipc [<IPCname>|host]
|
|
||
|
|
|
|
||
|
User Permission |
user (USR) namespace that allows users in one namespace to be mapped to users in another
Docker hasn’t yet been integrated with the USR namespace. This means that a container running with a user ID (number, not name) that’s the same as a user on the host machine has the same host file permissions as that user.
|
|
||
|
|
--user -u [username] -u [username]:[groupname]
You can entirely avoid the default user problem if you change the run-as user when you create the container. The quirk with using this is that the username must exist on the image you’re using.
|
|
||
|
|
docker run --rm busybox:latest awk -F: '$0=$1' /etc/passwd
get a list of available users in an image |
|
- Images
|
docker images |
only show you repositories
|
|
docker images -a
|
the list will include every installed intermediate image or layer |
|
docker rmi |
allows you to specify a space-separated list of images to be removed
|
3. life cycle
|
docker run
|
|
|
docker create
|
|
|
docker start
|
|
|
docker stop
|
|
|
docker rm
|
to delete the stopped container
docker rm -f docker run -rm
docker rm -vf docker rm -v |
|
|
|
|
docker ps
|
Running the command will display the following information about each running container: container ID image used command executed in the container time since the container was created duration that the container has been running network ports exposed by the container name of the container
docker ps -a |
|
docker top
|
see what processes are running inside this container |
- Building images
|
a. create a container from an existing image
|
docker run --name [container] image:latest touch /HelloWorld
|
These changes will be written to a new layer on the union file system for the container.
|
|
Once the changes are committed, you’ll be able to create new containers from the resulting image. |
docker commit [container] [image]
docker commit -a "@author" -m "comment" ...
docker rm -vf container
|
|
|
|
|
docker diff [containerName] |
to review the list of files that have been modified in a container
|
|
docker images docker images -a
|
|
|
docker run --entrypoint [git|action] [imageName]
|
to set an entrypoint on the image to git. An entrypoint is the program that will be executed when the container starts. If the entrypoint isn’t set, the default command will be executed directly. If the entrypoint is set, the default command and its arguments will be passed to the entrypoint as arguments.
|
|
docker tag [containerName]:tagName [containerName] |
If you want to copy an image, you only need to create a new tag or repository from the existing one.
Every repository contains a “latest” tag by default. That will be used if the tag is omitted like in the previous command
|
|
docker history [image]
|
|
浙公网安备 33010602011771号