一、Docker 加载镜像流程
1、检查本地是否有与启动镜像相匹配的镜像。
2、查询与镜像地址中是否有启动镜像
3、如果在镜像地址中没有完整的地址,则从默认的 Docker Hub 下载。
Docker 加载镜像的两种方式:
公共仓库与私有仓库
二、Docker 镜像基本操作
1、搜索 Docker Hub 有哪些镜像
docker search [镜像名字]
[root@master ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 13652 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1864 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 782 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS… 127 bitnami/nginx Bitnami nginx Docker Image 88 [OK] tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 88 [OK] jc21/nginx-proxy-manager Docker container for managing Nginx proxy ho… 81 alfg/nginx-rtmp NGINX, nginx-rtmp-module and FFmpeg from sou… 74 [OK] nginxdemos/hello NGINX webserver that serves a simple page co… 59 [OK] jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 53 [OK]
2、从 Docker Hub 下载镜像
下载镜像,(没有指定版本,默认会下载最新版 latest)
docker pull nginx:latest = docker pull nginx
[root@master ~]# docker pull nginx:latest
从第三方docker 镜像仓库或者私有仓库下载镜像方法
[root@master ~]# docker pull 123.docker.com/nginx:latest # 这个域名是不存在的
3、镜像加速器
在下载 Docker Hub 镜像非常慢的情况下, 可以使用镜像加速功能。配置加速可以用官网 提供的, 也可以使用私有仓库。
[root@master ~]# mkdir -p /etc/docker [root@master ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://plqjafsr.mirror.aliyuncs.com"] }
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart dock
4、基于容器创建镜像系统
类似虚拟机的克隆功能
在运行当中的容器基础上创建一个新的镜像(相当于 vm 的完整快照)
[root@master ~]# docker ps -a #查看所用容器的命令,运行和停止的 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@master ~]# docker run -d -P nginx #以nginx镜像启动一个容器 aa155e771ee40dfa92d1bcac43ffb23666f527ddec495d167f8ade0ba516df65 [root@master ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES aa155e771ee4 nginx "/docker-entrypoint.…" 10 seconds ago Up 7 seconds 0.0.0.0:32768->80/tcp naughty_kapitsa
[root@master ~]# docker container commit aa155e771ee4 centos-nginx:1.0 # 已aa155e771ee4容器为基础,制作镜像快照
sha256:32192bb5c17ef1f61467b59d133b778bdc3f0e19a0faa5302851f687c6fdca33
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-nginx 1.0 32192bb5c17e 4 minutes ago 133MB
nginx latest 4bb46517cac3 9 days ago 133MB
hello-world latest bf756fb1ae65 7 months ago 13.3kB
[root@master ~]# docker rmi 4bb46517cac3 # 不能删除原来的镜像(父镜像)
Error response from daemon: conflict: unable to delete 4bb46517cac3 (cannot be forced) - image has dependent child images
[root@master ~]# docker ps -a # 可以用快照启动一个容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
638a4f9a5226 centos-nginx:1.0 "/docker-entrypoint.…" 20 seconds ago Up 18 seconds 0.0.0.0:8090->80/tcp festive_dijkstra
aa155e771ee4 nginx "/docker-entrypoint.…" 17 minutes ago Up 17 minutes 0.0.0.0:32768->80/tcp naughty_kapits
5、删除镜像
docker rmi 32192bb5c17e -f # 强制删除镜像--force=-f
[root@master ~]# docker images # 查看本地docker镜像 REPOSITORY TAG IMAGE ID CREATED SIZE centos-nginx 1.0 32192bb5c17e 12 minutes ago 133MB nginx latest 4bb46517cac3 9 days ago 133MB hello-world latest bf756fb1ae65 7 months ago 13.3kB [root@master ~]# docker rmi 32192bb5c17e # 删除镜像,镜像正在被容器使用 Error response from daemon: conflict: unable to delete 32192bb5c17e (cannot be forced) - image is being used by running container 638a4f9a5226 [root@master ~]# docker ps -a # 查看所有容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 638a4f9a5226 centos-nginx:1.0 "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 0.0.0.0:8090->80/tcp festive_dijkstra aa155e771ee4 nginx "/docker-entrypoint.…" 22 minutes ago Up 21 minutes 0.0.0.0:32768->80/tcp naughty_kapitsa [root@master ~]# docker stop 638a4f9a5226 # 停止容器 638a4f9a5226 [root@master ~]# docker ps -a # 查看所有容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 638a4f9a5226 centos-nginx:1.0 "/docker-entrypoint.…" 4 minutes ago Exited (0) 4 seconds ago festive_dijkstra aa155e771ee4 nginx "/docker-entrypoint.…" 22 minutes ago Up 22 minutes 0.0.0.0:32768->80/tcp naughty_kapitsa [root@master ~]# docker rmi 32192bb5c17e # 删除镜像报错,镜像正在被容器使用(还是报错) Error response from daemon: conflict: unable to delete 32192bb5c17e (must be forced) - image is being used by stopped container 638a4f9a5226 [root@master ~]# docker rmi 32192bb5c17e -f # 强制删除镜像 Untagged: centos-nginx:1.0 Deleted: sha256:32192bb5c17ef1f61467b59d133b778bdc3f0e19a0faa5302851f687c6fdca33
[root@master ~]# docker images # 查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 9 days ago 133MB
hello-world latest bf756fb1ae65 7 months ago 13.3k
6、导出导入镜像
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 9 days ago 133MB
hello-world latest bf756fb1ae65 7 months ago 13.3kB
[root@master ~]# docker image save nginx:latest > nginx.tar.gz # 导出镜像
[root@master ~]# ls
anaconda-ks.cfg nginx.tar.gz
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest bf756fb1ae65 7 months ago 13.3kB
[root@master ~]# docker image load -i nginx.tar.gz # 导入镜像
Loaded image: nginx:latest
[root@master ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 9 days ago 133MB
hello-world latest bf756fb1ae65 7 months ago 13.3
7、镜像tag标签
语法:docker image tag 源_IMAGE[:TAG] 目标_IMAGE[:TAG]
类似linux 硬链接,在推送镜像到私有仓库时,需要添加tag。
[root@master ~]# docker image tag nginx:latest repo.abc.com/nginx:v1.0 # docker image tag 源_IMAGE[:TAG] 目标_IMAGE[:TAG] [root@master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 4bb46517cac3 9 days ago 133MB repo.abc.com/nginx v1.0 4bb46517cac3 9 days ago 133MB hello-world latest bf756fb1ae65 7 months ago 13.3kB [root@master ~]# docker run -d -p 9091:80 repo.abc.com/nginx:v1.0 # 使用新的tag镜像启动容器 6816ade398c36e613b9c52bb7195651725937f5351cf57055228842bf11f2d57 [root@master ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6816ade398c3 repo.abc.com/nginx:v1.0 "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:9091->80/tcp condescending_shaw
8、构建Java基础镜像
之前使用为Docker自带镜像仓库中的镜像,现在我们自己来构建私有镜像
在java 镜像中为什么要构建alpine-glibc ?
docker build 常用参数和用法详见 https://www.runoob.com/docker/docker-build-command.html
[root@master jdk]# docker pull frolvlad/alpine-glibc
[root@master jdk]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 9 days ago 133MB
repo.abc.com/nginx v1.0 4bb46517cac3 9 days ago 133MB
frolvlad/alpine-glibc latest 4c5945fbf221 13 days ago 17.9MB
hello-world latest bf756fb1ae65 7 months ago 13.3kB
[root@master jdk]# vim Dockerfile # 添加以下内容
FROM frolvlad/alpine-glibc
MAINTAINER TOT
RUN echo "https://mirror.tuna.tsinghua.edu.cn/alpine/v3.4/main/" > /etc/apk/repositories
RUN apk add --no-cache bash
ADD jre1.8.0_211.tar.gz /usr/java/jdk/
ENV JAVA_HOME /usr/java/jdk/jre1.8.0_211
ENV PATH ${PATH}:${JAVA_HOME}/bin
RUN chmod +x /usr/java/jdk/jre1.8.0_211/bin/java
WORKDIR /opt
[root@master jdk]# docker build -t jre8:1.0 . #有个点注意 需要把 jre1.8.0_211.tar.gz 放到与 Dockerfile 同级目录
[root@master jdk]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jre8 1.0 51dc450551eb 2 minutes ago 137MB
frolvlad/alpine-glibc latest 4c5945fbf221 13 days ago 17.9MB
[root@master jdk]# docker run -it jre8:1.0 bash # 运行测试
bash-4.3# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
[root@master jdk]# docker ps -a # 查看镜像
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b0b7fa7f53b9 jre8:1.0 "/bin/sh" 6 seconds ago Exited (0) 5 seconds ago dazzling_poitras
[root@master jdk]# docker tag jre8:1.0 123.docker.com/jre:1.0 # 打tag推到镜像仓库
[root@master jdk]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
123.docker.com/jre 1.0 51dc450551eb 22 minutes ago 137MB
jre8 1.0 51dc450551eb 22 minutes ago 137M
三、镜像构建过程
1、构建容器:通过父镜像上创建一个容器,重新封装成一个镜像,变成下一个新启动容器的 只读层(LOWER)。 但是如果当前容器需要对镜像进行修改,就需要加载所有镜像的只读层 到容器中进行修改。 #特别注意之前提到的容器启动,修改镜像内容是不会修改源镜像;只是修改启动容器的 内容。在下一节将详细讲述镜像存储的原理。
查看容器的构建历史
missing 为当前镜像的源镜像构建历史 FROM frolvlad/alpine-glibc
# f83c32dc03f3 为当前镜像构建的历史
[root@master jdk]# docker history jre8:1.0 IMAGE CREATED CREATED BY SIZE COMMENT 51dc450551eb 40 minutes ago /bin/sh -c #(nop) WORKDIR /opt 0B 2d9264ec03bc 40 minutes ago /bin/sh -c chmod +x /usr/java/jdk/jre1.8.0_2… 8.46kB 45b754790e67 40 minutes ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:… 0B a641e4dc4936 40 minutes ago /bin/sh -c #(nop) ENV JAVA_HOME=/usr/java/j… 0B db369aefe7b1 40 minutes ago /bin/sh -c #(nop) ADD file:d614f1012c68493ba… 116MB c333c00be796 40 minutes ago /bin/sh -c apk add --no-cache bash 3.56MB 7f770ad0aa04 41 minutes ago /bin/sh -c echo "https://mirror.tuna.tsinghu… 54B 603ded5080cf 41 minutes ago /bin/sh -c #(nop) MAINTAINER TOT 0B 4c5945fbf221 13 days ago /bin/sh -c ALPINE_GLIBC_BASE_URL="https://gi… 12.3MB <missing> 13 days ago /bin/sh -c #(nop) ENV LANG=C.UTF-8 0B <missing> 2 months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B <missing> 2 months ago /bin/sh -c #(nop) ADD file:c92c248239f8c7b9b… 5.57MB
2、查询镜像详情
存储信息
[root@master jdk]# docker image inspect jre8:1.
四、Docker 镜像和 Overlay2 关系
Docker 需要OverlayFS文件系统存储
1、Docker中的镜像采用分层构建设计,每个层可以称之为"layer", 镜像文件默认存在目
录:/var/lib/docker/overlay2
2、Docker支持的文件存储如下: AUFS、OverlayFS、VFS、Brtfs等。
3、通过Docker Info命令查看当前的存储驱动
[root@master jdk]# docker info | grep -E " Storage Driver|Server Version" Server Version: 19.03.6 Storage Driver: overlay2
4)通常ubuntu类的系统默认采用的是AUFS,centos7.1+系列采用的是OverlayFS。