wxin/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
docker/docker-进阶.md

295 lines
8.2 KiB
Markdown
Raw Normal View History

上传文件至 /
2025-04-04 17:31:23 +08:00
<h2><center>Docker 进阶</center></h2>
------
## 一:端口转发
使用端口转发解决容器端口访问问题
- -p 手工指定
- -P 随机端口
### 1. MySQL 应用端口转发
`-p`
创建应用容器的时候,一般会做端口映射,这样是为了让外部能够访问这些容器里的应用。可以用多个-p指定多个端口映射关系
`mysql`应用端口转发:
```bash
查看本地地址:
[root@docker ~]# ip a
inet 192.168.159.131/24 brd 192.168.159.255 scope global noprefixroute ens33
```
运行容器:使用`-p`作端口转发,把本地`3307`转发到容器的`3306`,其他参数需要查看发布容器的页面提示。
```bash
[root@docker ~]# docker run -it -d --name="mysql-v1" -p 3307:3306 -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_ROOT_HOST='%' mysql:5.7
查看容器ip
[root@docker ~]# docker inspect mysql-v1 | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
```
登入容器mysql
```bash
[root@docker ~]# docker exec -it mysql-v1 mysql -uroot -p
...
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
```
远程登入
```bash
[root@docker ~]# mysql -uroot -P 3307 -h 192.168.159.131 -p
...
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
```
### 2. Redis 应用端口转发
`-P`
Docker 会随机映射一个 49000~49900 的端口到内部容器开放的网络端口。
`redis`应用端口转发:
```bash
查看本地地址:
[root@docker ~]# ip a
inet 192.168.159.131/24 brd 192.168.159.255 scope global noprefixroute ens33
```
运行容器:使用`-p`作端口转发,把本地`6380`转发到容器的`6379`,其他参数需要查看发布容器的页面提示
```bash
[root@docker ~]# docker run -it --name="redis-v1" -p 6380:6379 redis:latest --bind 0.0.0.0
```
登入容器
```bash
[root@docker ~]# docker exec -it redis-v1 redis-cli
127.0.0.1:6379>set name wxin
OK
```
远程登入
```bash
[root@docker ~]# redis-cli -h 192.168.159.131 -p 6380
192.168.159.131:6380> get name
"wxin"
```
## 二Docker 私有仓库
### 1. 仓库镜像
`Docker hub`官方已提供容器镜像`registry`,用于搭建私有仓库
**拉取镜像**
```bash
# docker pull daocloud.io/library/registry:latest
```
### 2. 运行容器
```bash
# docker run --name "pri_registry" --restart=always -d -p 5000:5000 daocloud.io/library/registry
```
注:如果创建容器不成功,报错防火墙,解决方案如下
```bash
# systemctl stop firewalld
# yum install iptables
# systemctl start iptables
# iptables -F
# systemctl restart docker
```
### 3. 查看容器
```bash
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1f444285bed8 daocloud.io/library/registry "/entrypoint.sh /etc/" 23 seconds ago Up 21 seconds 0.0.0.0:5000->5000/tcp elegant_rosalind
```
### 4. 连接容器查看端口状态
```bash
# docker exec -it 1f444285bed8 /bin/sh //这里是sh 不是bash
/# netstat -lnp //查看5000端口是否开启
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::5000 :::* LISTEN 1/registry
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
```
在本机查看能否访问该私有仓库, 看看状态码是不是200
```bash
# curl -I 127.0.0.1:5000 //参数是大写的i
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 08 Oct 2020 05:34:32 GMT
```
### 5. 仓库功能测试
为了方便下载1个比较小的镜像buysbox
```bash
# docker pull busybox
```
上传前必须给镜像打tag 注明ip和端口
```bash
# docker tag busybox  本机IP端口/busybox
```
这是直接从官方拉的镜像,很慢:
```bash
# docker tag busybox 192.168.245.136:5000/busybox
```
下面这个Mysql是我测试的第二个镜像从daocloud拉取的
```bash
# docker tag daocloud.io/library/mysql 192.168.245.136:5000/daocloud.io/library/mysql
```
注意:
`tag`后面可以使用镜像名称也可以使用`id`,我这里使用的镜像名称,如果使用官方的镜像,不需要加前缀,但是`daocloud.io`的得加前缀。
修改请求方式为`http`
```bash
默认为https不改会报以下错误:
Get https://master.up.com:5000/v1/_ping: http: server gave HTTP response to HTTPS client
# vim /etc/docker/daemon.json
{ "insecure-registries":["192.168.245.136:5000"] }
重启docker:
# systemctl restart docker
```
上传镜像到私有仓库
```bash
# docker push 192.168.245.136:5000/busybox
# docker push 192.168.245.136:5000/daocloud.io/library/mysql
```
查看私有仓库里的所有镜像:
```bash
# curl 192.168.245.130:5000/v2/_catalog
{"repositories":["busybox"]}
```
查看私有仓库里的镜像版本:
```bash
# curl 10.11.67.110:5000/v2/busybox/tags/list
{"name":"busybox","tags":["v1","v2"]}
# curl -XGET http://10.11.67.110:3000/v2/busybox/tags/list
{"name":"busybox","tags":["v1","v2"]}
查询镜像digest_hash删除命令里边要填写的 镜像digest_hash 就是 查询结果里边 Docker-Content-Digest: 后边的内容
# curl --header "Accept:application/vnd.docker.distribution.manifest.v2+json" -I -XGET http://10.11.67.110:3000/v2/busybox/manifests/v1
HTTP/1.1 200 OK
Content-Length: 527
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc"
X-Content-Type-Options: nosniff
Date: Thu, 12 Nov 2020 07:29:46 GMT
删除私有库镜像
进入/etc/docker/registry/config.yml添加,在stroage后面加
delete
enabled: true
修改完后重新启动容器
# curl -I -XDELETE http://10.11.67.110:3000/v2/busybox/manifests/sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
HTTP/1.1 202 Accepted
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Thu, 12 Nov 2020 07:30:22 GMT
Content-Length: 0
查看镜像信息可以看到镜像的标签显示为空 null
# curl -XGET http://10.11.67.110:3000/v2/busybox/tags/list
{"name":"busybox","tags":null}
```
## 三Docker 网络
### 1. 容器网络
`docker`安装后,默认会创建三种网络类型,`bridge``host``none`
**显示当前网络:**
```bash
[root@docker ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
3857f7cc9806 bridge bridge local
eb0052691d0f host host local
46decb5eed2f none null local
```
**bridge网络桥接**
默认情况下启动、创建容器都是用该模式,所以每次`docker`容器重启时会按照顺序获取对应`ip`地址,这就导致容器每次重启,`ip`都发生变化。
**none无指定网络**
启动容器时,可以通过`network=none``docker`容器不会分配局域网`ip`
**host主机网络**
`docker`容器的网络会附属在主机上,两者是互通的。
### 2. 创建固定`ip`容器
创建自定义网络类型,并且指定网段:
```bash
[root@docker ~]# docker network create --subnet=192.168.0.0/16 staticnet
[root@docker ~]# docker network list
NETWORK ID NAME DRIVER SCOPE
3857f7cc9806 bridge bridge local
eb0052691d0f host host local
46decb5eed2f none null local
ab85da59edc7 staticnet bridge local
```
通过`docker network ls`可以查看到网络类型中多了一个`staticnet`
使用新的网络类型创建并启动容器:
```bash
[root@docker ~]# docker run -it -d --name="mysql-v2" --net staticnet --ip 192.168.0.2 mysql:5.7 /bin/bash
```
通过`docker inspect`可以查看容器`ip``192.168.0.2`,关闭容器并重启,发现容器`ip`并未发生改变。
Reference in New Issue Copy Permalink