install
Installation under Linux system
wget -qO- https://get.docker.com/ | sh
If you need to use nonroot
User management docker (best practice), users need to be added todocker
Group A: control group
sudo usermod -aG docker your-user
#To view user groups:
# cat /etc/group | grep docker
After adding, please log out before logging in.
- View version information:
docker --version
- Upgrade docker engine (operation under Ubuntu system)
#1. Stop docker daemon and update the installation package list apt-get update #2. Uninstall docker (docker may have different names, list possible names as far as possible) apt-get remove docker docker-engine docker-ce docker.io -y #3. Install the new version wget -qO- https://get.docker.com/ | sh #4. Set the auto start mode systemctl enable docker #5. Check the docker status systemctl is-enabled docker #6. Ensure that the container and service have been restarted docker container ls docker service ls
- Docker and storage driver
There are four kinds of docker storage drivers in Linux system• aufs (the original and oldest) • overlay2 (probably the best choice for the future) • devicemapper • btrfs • zfs #Note: only windows filter driver is supported in windows
A docker host can only have one storage driver (not one for each container)
docker info
View the current storage driver.Installation under Windows 10
Settings > programs and features > enable or disable windows features
Open in WindowsContainers
,Hyper-V
- reachhttps://docs.docker.com/docker-for-windows…Download docker for windows for installation
- Note that after installation, you will be asked to choose the native windows container or the Linux container, that is, the running host environment of the container. Generally, you choose the Linux container (you can switch freely). Run Linux container under windows by
Hyper-V
Virtual technology. (no native MAC container yet) - Docker for windows includes: docker engine (client and daemon), docker
Compose, docker machine and the docker nominal command line
Image
If mirror image is compared to class in programming language, then container is equivalent to instance of class.
- Basic operation of image
- Pull:
docker image pull <repository>/<name>:<tag>
, the default is mirroredlatest
Tag, add-a
Option will pull all tags of the image. For official images, there is no need to declarerepository
- see:
docker image ls
, plus--digests
Output summary information, add--filter
Filter output results - Output details:
docker image inspect xxx
- Delete:
docker image rm xxx
- Delete all:
docker image rm $(docker image ls -q) -f
Of whichimage ls -q
Returns all image IDs - Search:
docker search xxx
- Pull:
- The image is composed of a group of loose read-only layers. The upper layer can cover the lower layer, and multiple images can share one layer
- Multi architecture images: an image may need to support multiple architectures, such as windows and arm. In this case, you can use multi architecture images (record the supported architecture information in the manifest list).
container
A container is a runtime instance of a mirror.
- Docker version information:
docker version
If the user account does not have permission, remember to add it to the docker group - Check docker status:
service docker status
perhapssystemctl is-active docker
- Basic operation of container
- Open a container:
docker container run
-it
: refers to the shell that connects the current terminal to the container, for example:docker container run -it ubuntu /bin/bash
, will start an Ubuntu container and then run its bash shell. Window container example:docker container run -it microsoft/powershell:nanoserver pwsh.exe
- After starting and connecting to bash, you can
ps -elf
View process details. inputexit
Exit bash. The container cannot run without process. If there is no process in the container, it will exit automatically - Press
Ctrl+PQ
Key to exit bash without terminating the container. --name
: set the container name. If it is not specified, it will generate one automatically
- see:
docker container ls
, plus-a
Output all containers at the same time - Press
Ctrl+PQ
Key to exit and return to bash of container:docker container exec -it 3027eb644874 bash
In which the container ID value can bedocker container ls
obtain - stop it:
docker container stop xxx
- Restart:
docker container start xxx
- Delete:
docker container rm xxx
- Open a container:
- Delete container gracefully: stop and delete
- Container restart policy
always
Always restart a stopped container unless the container is explicitly stopped (for example, bydocker container stop
), example:docker container run --name neversaydie -it --restart always alpine sh
unless-stopped
After explicitly stopping, the docker service will not restart againon-failed
When the container exits with a non-zero exit code, or the docker service is restarted
- Specify the restart policy in docker compose or docker stacks, for example:
version: "3" services: myservice: <Snip> restart_policy: condition: always | unless-stopped | on-failure
- Web server example
- function
docker container run -d --name webserver -p 80:8080 nigelpoulton/pluralsight-docker-ci
-d
Represents the background operation, and the foreground operation (entering the container interactive environment) is used-it
-p 80:8080
Map host port 80 to container port 8080
- Then the browser can access the host IP or curl IP to open the web page
- View image details:
docker image inspect nigelpoulton/pluralsight-docker-ci
- function
- Clean all containers:
docker container rm $(docker container ls -aq) -f
Containerization application
Containerization of a single container application
- Download application code:
git clone https://github.com/nigelpoulton/psweb.git
- Check the dockerfile file. The code and comments are as follows:
# All Dockerfiles start with the FROM instruction. This will be the base layer of the image FROM alpine #Metadata, not layer LABEL maintainer="[email protected]" # Alpine apk package manager to install nodejs and nodejs-npm into the image. RUN apk add --update nodejs nodejs-npm # copies in the app files from the build context COPY . /src #Metadata, not layer WORKDIR /src RUN npm install # exposes a web service on TCP port 8080 #Metadata, not layer EXPOSE 8080 # set the main application that the image(container) should run ENTRYPOINT ["node", "./app.js"]
The above code can generate the image diagram:
- Build the image:
docker image build -t web:latest .
(the last (.) sign indicates that the construction context is the current directory) - see:
docker image ls
- Push to docker hub
- Sign in:
docker login
(you need to register an account first) - Label the image:
docker image tag web:latest nigelpoulton/web:latest
The following parameters are:<current-tag> <new-tag>
- Push:
docker image push nigelpoulton/web:latest
- Sign in:
- Running application:
docker container run -d --name c1 \ -p 80:8080 \ web:latest
- View apps:
docker container ls
- Test application: access the corresponding address
- To view the construction history of the image:
docker image history web:latest
Deploy to production using multi-phase build
The construction process is divided into multiple images, and the latter image can copy the necessary files from the former image to avoid too large image size.
-
reference material
-
Build the image:
docker image build
-t
: add label-f
: Specifies the dockefile file--no-cache=true
No caching--squash
Press into a layer to reduce the size of the imageapt-get install
add tono-install-recommends
-
FROM
Specifies the base image for the new image -
COPY
Copy program source code to image -
EXPOSE
Specify the network port of the application -
ENTRYPOINT
When the image is started, the default program is to run
Compose
Compose is used to deploy and manage multi container applications in single engine mode (single node).
- Installation under Linux system: Reference https://github.com/docker/compose/releases
- View version:
docker-compose --version
- Use yaml format configuration file, the default file name is
docker-compose.yml
,-f
You can specify a custom file - Configuration file example
#Version, reference: https://docs.docker.com/compose/compose-file/compose-versioning/ version: "3.5" #The following configuration includes services (containers): Web Fe, redis services: web-fe: #Use the dockerfile of the current directory to build the image build: . #Run when container starts (this sentence can be omitted because dockerfile has been defined) command: python app.py #Map port 5000 in the container to port 5000 of the host ports: - target: 5000 published: 5000 #Indicates which network to add to networks: - counter-net #Mount the volume counter Vol to the / code directory of the container volumes: - type: volume source: counter-vol target: /code redis: #From redis:alpine Building a mirror image image: "redis:alpine" networks: counter-net: #Network networks: counter-net: #Volume volumes: counter-vol:
The above configuration can be divided into four parts: version, services, networks and volumes
- Deploy with compose
- Download code: git clonehttps://github.com/nigelpoulton/counter-ap…
- Switch to the counter app directory and start the application:
docker-compose up &
(add&
(output log)- The default name of the compose configuration file is
dockercompose.yml
ordocker-compose.yaml
- If not, you can
-f
appoint -d
Background operation
- The default name of the compose configuration file is
- Managing containers with compose
- View service (container)
docker-compose ps
- List the processes for each service:
docker-compose top
- Stop application:
docker-compose stop
- Stop and delete:
docker-compose down
- Restart:
docker-compose restart
- Delete:
docker-compose rm
- View service (container)
Docker Swarm
It consists of two parts
- Secure cluster: organize docker nodes to become clusters
- Choreography engine: API for deployment and management
Composition diagram:
Create a secure swarm cluster
- Open port
- 2377/tcp: for secure client-to-swarm communication
- 7946/tcp and 7946/udp: for control plane gossip
- 4789/udp: for VXLAN-based overlay networks
- Swarm mode and single engine mode
- Run on a single engine mode docker host:
docker swarm init
, the node will be converted to swarm mode, and a new swarm will be created, which will become the first manager - Other nodes can join as workers or managers
-
Example (create a swarm, manager: mgr1-mgr3, worker: wrk1-wrk3)
-
Log in to mgr1 host and initialize a swarm:
docker swarm init \ --Ad vertise addr 10.0.0.1:2377 other nodes connect the IP and port of the manager node --Listen addr 10.0.0.1:2377 the IP and port to be monitored are generally the same as above
-
View node:
docker node ls
-
stay
mgr1
function:docker swarm join-token manager
Generate command to add manager node (including token)
The output is like this:To add a manager to this swarm, run the following command: docker swarm join \ --token SWMTKN-1-0uahebax...ue4hv6ps3p \ 10.0.0.1:2377
Similarly, the
manager
replace withworker
To generate a command to add a worker node -
Add a worker node: log in to wkr1 and run:
docker swarm join \ --token SWMTKN-1-0uahebax...c87tu8dx2c \ 10.0.0.1:2377 \ --advertise-addr 10.0.0.4:2377 \ --listen-addr 10.0.0.4:2377
This node will be added to swarm as a worker
-
Similarly, wrk2 and wrk3 nodes can be added
-
Add a manager node: log in to mgr2 and run:
docker swarm join \ --token SWMTKN-1-0uahebax...ue4hv6ps3p \ 10.0.0.1:2377 \ --advertise-addr 10.0.0.2:2377 \ --listen-addr 10.0.0.1:2377
Similarly, mgr3 management node can be added
-
Check again
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 0g4rl...babl8 * mgr2 Ready Active Reachable 2xlti...l0nyp mgr3 Ready Active Reachable 8yv0b...wmr67 wrk1 Ready Active 9mzwf...e4m4n wrk3 Ready Active d21ly...9qzkx mgr1 Ready Active Leader e62gf...l5wt6 wrk2 Ready Active
- The (*) represents the node where the command is currently running
-
Swarm manager high availability
- Swarm manager native support high availability
- A manager in active state is called a leader, which is responsible for distributing tasks and forwarding tasks of other managers
- RAF consensus algorithm is used in the internal management coordination between the management node clusters, which ensures the high availability (HA) of the management nodes
- Best practices:
- Deploy odd number of managers (reduce split brain)
- Don’t deploy too many managers (3-5 is better)
- Built in security protection of Swarm: CA settings, join tokens, mutual TLS, encrypted cluster store, encrypted networks, cryptographic node ID’s, etc
- Lock swarm
- Restart the old manager, restore the old backup and other operations may cause security problems or erase the current configuration
- Add on initialization
--autolock=true
- Or for an existing swarm update:
docker swarm update --autolock=true
Note to save the generated key and use it to unlock when manager restarts - Restart one of the docker nodes:
service docker restart
To see if it can be automatically added to the cluster - To view the nodes in the cluster:
docker node ls
(there will be an error and prompt to unlock) docker swarm unlock
Unlock and enter key
Swarm services
- Create, example:
docker service create --name web-fe -p 8080:8080 --replicas 5 nigelpoulton/pluralsight-docker-ci
- Declare a service named
web-fe
- The 8080 port of each swarm node is mapped to the 8080 port of the service replica
--replicas 5
Represents the creation of five service replicas- After pressing enter, the manager initializes five copies as the leader, and each manager and worker pulls the image and starts a container running on port 8080. The leader also ensures that the required state of the service is saved on the cluster and copied to each manager of swarm.
- All services will be monitored by swarm. If it does not meet the required status, swarm will take action to restore the required status.
- For example, if a copy fails, docker will restart a copy to restore it to the required state
- Declare a service named
- View services:
docker service ls
(if you view the service immediately after creating it, you may not be able to view it. You need to wait until the deployment is completed.) - To view a list of service replicas:
docker service ps <service-name or serviceid>
- Details:
docker service inspect xxx
- There are two modes of service
- Replicated (default): Specifies the number of replicas and distributes them as evenly as possible on the cluster
- Global: start a replica on each eligible node, and the creation is a plus
--mode global
- One service
- For example, if the traffic is increasing sharply, you need to add a service replica
docker service scale web-fe=10
, up to 10 copies docker service ls
View services,docker service ps
View all copiesdocker service scale web-fe=5
Change the number of copies back to 5
- For example, if the traffic is increasing sharply, you need to add a service replica
- Remove service:
docker service rm web-fe
- Rollover
- Suppose that the image needs to be updated from V1 to v2
docker service update \ --image nigelpoulton/tu-demo:v2 \ --Update parallelism 2 # update two copies at a time --Update delay 20s Uber SVC # 20s delay
- Suppose that the image needs to be updated from V1 to v2
- Troubleshooting
- View swarm service log:
docker service logs <service-name>
, the default log driver isjson-file
,json-file
andjournald
Both support this command
- View swarm service log:
- reference material
This work adoptsCC agreementReprint must indicate the author and the link of this article