Docker container and image of kubernetes

Container and image


Common container States

  • running
  • stopped
  • paused
  • created
  • deleted

Note: to view the commands used for docker status:

  • docker ps: container for viewing running status
  • docker ps -a: View containers in all States
  • docker ps -qa: view all container ID S
  • docker stop $(docker ps -qa): stop all containers
  • docker rm $(docker ps -qa): delete all containers

Use of docker run command

Common options:

--Name: specify the container name
-i: interactive operation and - t are used together, which can be used by - it
-t: Allow tty
-E: set the environment variable for container startup, for example, mysql needs to specify - e mysql for container startup_ ROOT_ Password ='12345 ', etc
-d: detach, running in the background
--Network: specify a network
--restart: always,
-p: Port mapping
-v: Specify storage volume
--rm: delete after running. It needs to be used with - it, but it is mutually exclusive with - d
-m: Limit maximum memory usage
--oom kill disable: prohibit oom
--cpus: limit the CPU capacity used

[root@centos7-node1 ~]# docker run --name redis -d redis:4-alpine

Use of docker exec

Common options:

-d: background operation
-e: specify environment variable
-it: interactive mode
-u: Specify users
-w: Specify work path

[root@centos7-node1 ~]# docker container exec redis netstat -tanlp    #Execute command on container
[root@centos7-node1 ~]# docker exec -it redis /bin/sh 
/data # redis-cli    #Client connection redis> set hello my_name_is_wanghui
OK> get hello

Start stop of container

[root@centos7-node1 ~]# docker stop redis     # When no storage volume is specified, data is lost after the container is stopped
[root@centos7-node1 ~]# docker start redis

Other practices

[root@centos7-node1 ~]# docker image pull nginx:1.18-alpine
[root@centos7-node1 ~]# docker run --name web -it --rm nginx:1.18-alpine /bin/sh      #Exit the interactive mode and delete the container automatically
[root@centos7-node1 ~]# docker run --name web -d nginx:1.18-alpine
[root@centos7-node1 ~]# docker container exec web ifconfig    #Get the ip of the creation machine
[root@centos7-node1 ~]# elinks -dump                     #Visit page
[root@centos7-node1 ~]# docker logs web -f                              #View Nginx scroll log
[root@centos7-node1 ~]# docker stats web                                #View the resource usage of the web container at runtime
[root@centos7-node1 ~]# docker top web                                   #View the process status of the web container

[root@centos7-node1 ~]# docker run --name c2 -it centos:7
[root@f879de456c8d /]# 
[root@f879de456c8d /]# [root@centos7-node1 ~]#     `ctrl+p,ctrl+q`
[root@centos7-node1 ~]# docker ps    #c2 is running
[root@centos7-node1 ~]# docker attach c2     #Enter container


brief introduction

The docker image contains the file system and its contents needed to start the container, so it is used to create and start the container

  • Adopt layered construction mechanism, the bottom layer is bootfs, followed by rootfs
    • bootfs: the file system used for system boot, including bootloader and kernel. After the container is started, it will be unloaded to save memory resources
    • rootfs: on top of bootfs, it represents the root file system of the docker container
      • In the traditional mode, when the system starts, the kernel will first mount the rootfs in read-only mode, and then mount it again in read-write mode after the completion of integrity comparison
        • In docker, rootfs is mounted in read-only mode by kernel, and then an additional writable layer is mounted through joint mount technology

How to build docker image

  • The lower level image is called the parent image, and the lowest level image is the base image
  • The top layer is read-write, and the bottom layer is read-only

Type of graph driver (file system) in which the image is stored

Features: layered overlay, write time replication (COW)
This file system is built on the file system of the underlying operating system to store images. It is recommended that the underlying operating system must use xfs file system
The classification is as follows:

  • Aufs: advanced multi tier unified file system
  • Overlay2
  • DeviceMapper(DM)


  • For joint mount of Linux file system
  • aufs was previously a re implementation of unionFS, developed by Junjiro Okjima in 2006
  • docker initially used aufs as the container file system layer, but now it is still supported as one of the storage backend
  • The competing product of aufs is overlayfs, which started after kernel 3.18 and was incorporated into linux kernel
  • Besides aufs, docker also supports btfs, devicemapper and vfs
    • Under ubuntu, the default file system of docker is aufs, while on cnetos7, the device mapper is used

Docker Registry

  • When the container is started, the docker daemon will try to obtain the relevant image from the local. When the local image does not exist, it will download the image from the Registry and save it to the local

Classification of docker registry

Registry is used to save the docker image, including the hierarchy and metadata of the scene
Users can build their own Registry or use the official dockerhub

  • The classification is as follows:
    • Sponsor restore: a third-party registry for customers and the docker community
    • Mirror Registry: a third-party registry for customers only
    • Vendor Registry: a Registry provided by the vendor that publishes the Docker image
    • Private Registry: a Registry provided by private entities through the roommate firewall and additional security layer

Composition of Docker Registry

  • Repostory

    • An image warehouse consisting of all iterative versions of a specific docker image
    • There can be more than one registry
      • Register can be divided into top-level warehouse and user warehouse
      • User warehouse name is user name / warehouse name
    • Each warehouse can contain multiple tags, and each Tag only corresponds to one image
  • Index: maintain user account, image verification and public namespace information, which is equivalent to providing an interface for Registry to support authentication and retrieval

Image making and pushing

Images in docker registry are created by developers or operation and maintenance personnel, and then pushed to "public" or "private" reputation for others to use
Example: deploy to production

Use of DockerHub

  • Register DockerHub account
  • Create myimg warehouse
  • Upload image to myimg warehouse of dockerHub
[root@centos7-node1]# docker pull busybox:latest
[root@centos7-node1 ~]# docker run --name b1 -it -d busybox /bin/sh
/ # mkdir /data/web/html -p
/ # echo "<h1>this is a test page @busyboxServer</h1>" > /data/web/html/index.html
[root@centos7-node1 ~]# docker container commit b1 wanghui122725501/myimg:v0.1   #Package image of another terminal
[root@centos7-node1 ~]# docker images    #View image
wanghui122725501/myimg v0.1 baf6ad6a846f About a minute ago 1.22MB
[root@centos7-node1 ~]# docker run --name mybbox1 -it wanghui122725501/myimg:v0.1    #Run container
/ # ls /data/web/html/     #This file has been written to the file system
[root@centos7-node1 ~]# docker login    #Log in to dockerhub
[root@centos7-node1 ~]# docker push wanghui122725501/myimg:v0.1    #Push image
[root@centos7-node1 ~]# docker container commit -p -a "" -c "CMD ['/bin/httpd -f -h /data/web/html']" b1 wanghui122725501/myimg:v0.2   #Run httpd in the foreground
[root@centos7-node1 ~]# docker tag wanghui122725501/myimg:v0.2 wanghui122725501/myimg:latest
[root@centos7-node1 ~]# docker push wanghui122725501/myimg:v0.2             #Image push
-----Another terminal, access b1 container
[root@centos7-node1 ~]# docker exec -it b1 sh
/ # /bin/httpd -f -h /data/web/html/                  #Execute httpd
[root@centos7-node1 ~]# curl    #Executed by another terminal
<h1>this is a test page @busyboxServer</h1>

Keywords: Linux Docker Redis Nginx MySQL

Added by shutat on Mon, 01 Jun 2020 11:28:09 +0300