四、Docker镜像操作
4.1 搜索镜像
格式: docker search 关键字
#搜索nginx的镜像 [root@localhost ~]# docker search nginx NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 16974 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS… 169 bitnami/nginx Bitnami nginx Docker Image 131 [OK] ubuntu/nginx Nginx, a high-performance reverse proxy & we… 52 bitnami/nginx-ingress-controller Bitnami Docker Image for NGINX Ingress Contr… 18 [OK] rancher/nginx-ingress-controller 10 clearlinux/nginx Nginx reverse proxy server with the benefits… 4 ibmcom/nginx-ingress-controller Docker Image for IBM Cloud Private-CE (Commu… 4 bitnami/nginx-ldap-auth-daemon 3 rancher/nginx 2 bitnami/nginx-exporter 2 vmware/nginx 2 rancher/nginx-ingress-controller-defaultbackend 2 circleci/nginx This image is for internal use 2 vmware/nginx-photon 1 rapidfort/nginx RapidFort optimized, hardened image for NGINX 1 bitnami/nginx-intel 1 kasmweb/nginx An Nginx image based off nginx:alpine and in… 1 wallarm/nginx-ingress-controller Kubernetes Ingress Controller with Wallarm e… 1 ibmcom/nginx-ingress-controller-ppc64le Docker Image for IBM Cloud Private-CE (Commu… 0 rancher/nginx-conf 0 rancher/nginx-ssl 0 continuumio/nginx-ingress-ws 0 rancher/nginx-ingress-controller-amd64 0 ibmcom/nginx-ppc64le Docker image for nginx-ppc64le 0
4.2 获取镜像
格式: docker pull 仓库名称[:标签]
如果下载镜像时不指定标签,则默认会下载仓库中最新版本的镜像,即选择标签为 latest 标签。
#拉取镜像nginx [root@localhost ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx 42c077c10790: Pull complete 62c70f376f6a: Pull complete 915cc9bd79c2: Pull complete 75a963e94de0: Pull complete 7b1fab684d70: Pull complete db24d06d5af4: Pull complete Digest: sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest [root@localhost ~]# [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB [root@localhost ~]# #拉取soscscs仓库中myapp镜像的v1标签 [root@localhost ~]# docker pull soscscs/myapp:v1 v1: Pulling from soscscs/myapp 550fe1bea624: Pull complete af3988949040: Pull complete d6642feac728: Pull complete c20f0a205eaa: Pull complete 438668b6babd: Pull complete bf778e8612d0: Pull complete Digest: sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e Status: Downloaded newer image for soscscs/myapp:v1 docker.io/soscscs/myapp:v1 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB soscscs/myapp v1 d4a5e0eaa84f 4 years ago 15.5MB [root@localhost ~]#
4.3 镜像加速(阿里云)
[root@localhost yum.repos.d]# cd /etc/docker/ [root@localhost docker]# ls key.json [root@localhost docker]# vim daemom.json [root@localhost docker]# systemctl daemon-reload [root@localhost docker]# systemctl restart docker [root@localhost docker]#
4.4 查看镜像信息
镜像下载后存放在 /var/lib/docker
#镜像文件存放在 /var/lib/docker 目录中 [root@localhost ~]# cd /var/lib/docker/ [root@localhost docker]# ls buildkit image overlay2 runtimes tmp volumes containers network plugins swarm trust --------------------------------------------------------------------------------- #image 存放镜像信息 #overlay2 镜像底层文件相关信息 #containers 存放容器信息 --------------------------------------------------------------------------------- #查看下载的镜像文件信息 [root@localhost ~]# cat /var/lib/docker/image/overlay2/repositories.json #查看下载到本地的所有镜像信息 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest f8f4ffc8092c 8 days ago 133MB #REPOSITORY: 镜像所属仓库 #TAG: 镜像的标签信息,标记同一个仓库中的不同镜像 #IMAGE ID :镜像的唯一ID号,唯一标识一个镜像 #CREATED: 镜像创建时间 #SIZE: 镜像大小
4.5 根据镜像的唯一标识ID 号,获取镜像的详细信息
格式: docker inspect 镜像ID号
镜像ID 号可以不用打全。
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB soscscs/myapp v1 d4a5e0eaa84f 4 years ago 15.5MB [root@localhost ~]# docker inspect 0e901e68141f [ { "Id": "sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986 "RepoTags": [ "nginx:latest" ], "RepoDigests": [ "nginx@sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981baf ], ....................
4.6 为本地镜像添加新的标签
格式: docker tag 名称:[ 标签]
[root@localhost ~]# docker tag nginx:latest nginx:stevelu [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB nginx stevelu 0e901e6814 1f 3 weeks ago 142MB soscscs/myapp v1 d4a5e0eaa84f 4 years ago 15.5MB
4.7 删除镜像
格式1: docker rmi 仓库名称:标签
当一个镜像有多个标签时,只是删除其中指定的标签
格式2: docker rmi 镜像ID [-f]
会彻底删除镜像
注意:如果该镜像已经被容器使用,正确的做法是先删除依赖该镜像的所有容器,再去删除镜像
#通过仓库:标签 删除镜像 [root@localhost ~]# docker rmi nginx:stevelu Untagged: nginx:stevelu [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB soscscs/myapp v1 d4a5e0eaa84f 4 years ago 15.5MB [root@localhost ~]# #使用镜像ID号删除,如果有多个标签只删除其中一个标签 #使用镜像号彻底删除该镜像, 要使用 -f 表示强制 root@localhost ~]# docker rmi d4a5e0eaa84f Untagged: soscscs/myapp:v1 Untagged: soscscs/myapp@sha256:9eeca44ba2d410e54fccc54cbe9c021802aa8b9836a0bcf3d3229354e4c8870e Deleted: sha256:d4a5e0eaa84f28550cb9dd1bde4bfe63a93e3cf88886aa5dad52c9a75dd0e6a9 Deleted: sha256:bf5594a16c1ff32ffe64a68a92ebade1080641f608d299170a2ae403f08764e7 Deleted: sha256:b74f3c20dd90bf6ead520265073c4946461baaa168176424ea7aea1bc7f08c1f Deleted: sha256:8943f94f7db615e453fa88694440f76d65927fa18c6bf69f32ebc9419bfcc04a Deleted: sha256:2020231862738f8ad677bb75020d1dfa34159ad95eef10e790839174bb908908 Deleted: sha256:49757da6049113b08246e77f770f49b1d50bb97c93f19d2eeae62b485b46e489 Deleted: sha256:d39d92664027be502c35cf1bf464c726d15b8ead0e3084be6e252a161730bc82 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB
4.8 存储镜像
将镜像保存为本地文件。
格式: docker save -o 存储文件名 存储的镜像
[root@localhost ~]# docker save -o /opt/nginx.tar nginx:latest [root@localhost ~]# ls /opt/ containerd nginx.tar rh #将本地镜像传给另一台主机 [root@localhost ~]# scp /opt/nginx.tar 192.168.109.134:/opt The authenticity of host '192.168.109.134 (192.168.109.134)' can't be established. ECDSA key fingerprint is SHA256:uk2RhFkZuoTGCWvs9fyAQSNjlTa7Lz/pi4TLhyIydDU. ECDSA key fingerprint is MD5:0a:a2:e0:b1:ab:3e:3d:de:37:12:4b:84:e5:1f:ac:f5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.109.134' (ECDSA) to the list of known hosts. root@192.168.109.134's password: nginx.tar 100% 139MB 87.4MB/s 00:01
4.9 载入镜像
将镜像文件导入到镜像仓库中
格式1: docker load < 存储的文件
格式2: docker load i 存储的文件
#在192.168.109.134主机加载 [root@localhost opt]# docker load -i nginx.tar #或 [root@localhost opt]# docker load < nginx.tar
4.10 上传镜像到公有仓库
默认上传到 docker Hub 官方公共仓库,需要注册使用公共仓库的账号。https://hub.docker.com
可以使用 docker login 命令来输入用户名、密码和邮箱来完成注册和登录。(docker logout 登出)
在上传镜像之前,还需要先对本地镜像添加新的标签,然后再使用 docker push 命令进行上传
#上传到公共仓库,必须在前面添加上自己的dockerhub的仓库名 [root@localhost ~]# docker tag nginx:latest stevelugyq/nginx [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 0e901e68141f 3 weeks ago 142MB stevelugyq/nginx latest 0e901e68141f 3 weeks ago 142MB [root@localhost ~]# #使用docker login 输入用户名密码登录注册的公有仓库账号 [root@localhost ~]# docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one. Username: stevelugyq Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #上传镜像 [root@localhost ~]# docker push stevelugyq/nginx Using default tag: latest The push refers to repository [docker.io/stevelugyq/nginx] 33e3df466e11: Mounted from library/nginx 747b7a567071: Mounted from library/nginx 57d3fc88cb3f: Mounted from library/nginx 53ae81198b64: Mounted from library/nginx 58354abe5f0e: Mounted from library/nginx ad6562704f37: Mounted from library/nginx latest: digest: sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 size: 1570 #退出登录 [root@localhost ~]# docker logout Removing login credentials for https://index.docker.io/v1/ [root@localhost ~]# #拉取上传到自己仓库的镜像 [root@localhost ~]# docker pull stevelugyq/nginx Using default tag: latest latest: Pulling from stevelugyq/nginx 42c077c10790: Pull complete 62c70f376f6a: Pull complete 915cc9bd79c2: Pull complete 75a963e94de0: Pull complete 7b1fab684d70: Pull complete db24d06d5af4: Pull complete Digest: sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 Status: Downloaded newer image for stevelugyq/nginx:latest docker.io/stevelugyq/nginx:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE stevelugyq/nginx latest 0e901e68141f 3 weeks ago 142MB
总结
面试常问
docker是什么?能干什么?
docker是基于go语言开发的开源容器引擎,可以在任何主机上运行容器应用,并且每个容器都是一个轻量级的虚拟机
docker 容器和虚拟机的区别?
| 不同点 | Docker容器 | 虚拟机 |
| 启动速度 | 快,几秒钟 | 慢,几分钟 |
| 运行性能 | 接近原生(直接在内核中运行) | 运行于Hypervisor上,50%左右损失 |
| 磁盘占用 | 小,甚至几十KB(根据镜像层的情况) | 非常大,上GB |
| 并发性 | 一台宿主机可以启动成百上千个容器 | 最多几十个虚拟机 |
| 隔离性 | 进程级别 | 资源隔离/限制 | 系统级别(更彻底)| 完全隔离 |
| 操作系统 | 主要支持Linux | 几乎所有(KVM) |
| 封装程度 | 只打包项目代码和依赖关系,共享宿主机内核 | 完整的操作系统,与宿主机隔离 |
linux六大namespace?
namespace |
系统调用参数 | 隔离内容 |
| UTS | CLONE_NEWUTS | 主机名和域名 |
| IPC | CLONE_NEWWIPS | 信号量,消息队列和共享内存 |
| PID | CLONE_NEWPID | 进程编号 |
| NETWORK | CLONE_NEWNET | 网络设备,网络栈,端口等 |
| MOUNT | CLONE_NEWNS | 挂载点(文件系统) |
| USER | CLONE_NEWUSER | 用户和用户组(3.8以后的内核才支持) |
docker三大核心概念?
镜像、容器、仓库
镜像管理命令
| 命令 | 说明 |
| docker info | 查看信息 |
| docker version / docker -v | 查看版本 |
| docker search <仓库/镜像> | 查找镜像 |
| docker pull <镜像名称> | 获取镜像 |
| docker images | 查看docker下载的镜像 |
| docker inspect <镜像ID> | 查看镜像详细信息 |
| docker rmi <镜像ID/镜像名称:标签> [ -f ] | 删除镜像 |
| docker save -o 导出文件.tar 镜像名称:标签 | 存储镜像 |
| docker load -i 或 [<] 镜像文件 | 导入镜像 |
| docker login | 登录仓库 |
| docker push 仓库名/镜像名:标签 | 上传镜像到仓库 |
