本文记录指令信息供之后查询。
begin
link:docker-docs
docker build
docker build -t tag-name .build: 用dockerfile来建立映像。
-t flag your image,后面跟着名字。
. current directory to find Dockerfile
docker run
docker run -dp 3000:3000 tag-namerun 运行docker
-d 分离“detached”mode运行。
-p map from host’s port to container’s port
update code
docker ps
# swap out container-id with ID from docker ps
docker stop container-id
docker rm container-id
# or stop&rm:docker rm -f container-idps:运行中容器list
stop stop 运行
rm:remove container(默认需要stop后)
-f:强制。
以上仍然需要麻烦的持续性重头再来。
push docker-hub
docker-hub:先创个仓库。后面会直接给你个代码:
docker push namespace/tagname然而只有这个是不够的。
docker login -u USER-NAME
docker tag image-name USER-NAME/NEW-NAME
docker push USER-NAME/NEW-NAMEtag一下,才能找到正确的image捏。
DB
一个容器运行的时候,他是用映像里头的多个层作为文件系统的,每个容器还有自己的暂存空间来创建/更新/删除文件,任何更改都不会在另一个容器看到。
比如:
docker run -d ubuntu bash -c "shuf -i 1-10000 -n 1 -o /data.txt && tail -f /dev/null"
docker exec container-id cat /data.txtthen, we can use volume!
named volumes
数据bucket,持久化指定位置的最后改动数据,
用卷持久化:
docker volume create volume-name
docker run -dp 3000:3000 -v volume-name:<where?> <container-name>where is the volume?
docker volume inspect volume-namebind mounts
named volume持续化数据还是不错的。
这里讲的bind mounts,可以控制确切的挂载点。我们可以用其持久化数据,但它通常用于提供额外的数据给容器。用其可以立刻看到所需的更改。
various volume
当然,其中还是有别的volume的,这里只有bind mounts和named volumed。
docker run -dp 3000:3000 \
-w /app -v "$(pwd):/app" \
node:12-alpine \
sh -c "yarn install && yarn run dev"-w app:set working directory
-v "$(pwd):/app"bind mount the current(pwd?)directory into the /app directory in the container
node:12-alpline image to use(base image)
sh -c.... alpine:shell running command。
查看docker日志:
docker logs -f container-id多应用:多容器
container networking
两种方式:
- 开始的时候给你来个网
- 连接现成的container
docker network create network-name
# create network,and then:
docker run -d \
--network todo-app --network-alias mysql \
-v todo-mysql-data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=secret \
-e MYSQL_DATABASE=todos \
mysql:5.7可以看到,-e设置了环境变量.
new volume?
在这里,自动创建了个volume,因此出现了从未出现的卷名。
docker run -it --network todo-app nicolaka/netshootuse dig tool,we could find the mysql ip,docker可以将名字和网络地址联系:use--network-aliasflag。
connect mysql with app
# mysql version8.0 and higher:
mysql> ALTER USER 'root' IDENTIFIED WITH mysql_native_password BY 'secret';
mysql> flush privileges;
mysql> exit
# docker:connect
docker run -dp 3000:3000 \
-w /app -v "$(pwd):/app" \
--network todo-app \
-e MYSQL_HOST=mysql \
-e MYSQL_USER=root \
-e MYSQL_PASSWORD=secret \
-e MYSQL_DB=todos \
node:12-alpine \
sh -c "yarn install && yarn run dev"
# operate, and show mysql imformation
docker exec -it <mysql-container-id> mysql -p todos
mysql> select * from todo_items;
+--------------------------------------+--------------------+-----------+
| id | name | completed |
+--------------------------------------+--------------------+-----------+
| c906ff08-60e6-44e6-8f49-ed56a0853e85 | Do amazing things! | 0 |
| 2912a79e-8486-4bc3-a4c5-460793a575ab | Be awesome! | 0 |
+--------------------------------------+--------------------+-----------+Docker Compose
and then: create docker-compose.yml in root directory.
不想写了,看连接吧
you can see detail in here
addition
扫描安全漏洞
docker scan --login
docker scanf image-name查看Image Layering
docker image histroy image-name
# 可以看到Image-id,create-time,create-by,size,comment
docker image history --no-trunc getting-started
# 忽略截断捏。layer changes
Once a layer changes, all downstream layers have to be recreated as well
.dockerignore
.dockerignore文件中:
node_modules使用缓存speed up。
multi-stage builds
# syntax=docker/dockerfile:1
FROM maven AS build
WORKDIR /app
COPY . .
RUN mvn package
FROM tomcat
COPY --from=build /app/target/file.war /usr/local/tomcat/webapps
# react example
# syntax=docker/dockerfile:1
FROM node:12 AS build
WORKDIR /app
COPY package* yarn.lock ./
RUN yarn install
COPY public ./public
COPY src ./src
RUN yarn run build
FROM nginx:alpine
COPY --from=build /app/build /usr/share/nginx/html多阶段构建可以减少整体image size。
