点击上方蓝色“3分钟云计算”关注我们,设个星标,每天学习点云计算知识
程序员最爱说的是:“ 我这本地运行的好好的,怎么在客户那就不行了呢!”
关于Docker 的文章和相关书籍非常繁多,从Docker 的概念,架构,到容器的编排管理等等,内容很多。但是对于非运维人员来说,其实一篇文章就够了,那些书籍,可以当作工具书使用,需要的时候再去查。
本文将给出一个简单的例子,带你轻松了解Docker到底是做什么的,为啥如今这么火?
1,安装Docker
- 此部分略过,你买的Docker书籍上都有,估计得占了一个章节,如果你之前有过Linux 相关经验,一条指令的事。本示例基于Red Hat Fedora 28, Docker 19. 如下:
[jzhang@dhcp-140-36 show]$ cat /etc/redhat-release
Fedora release 28 (Twenty Eight)
[root@preserve-olm-env data]# docker version
Client: Docker Engine - Community
Version: 19.03.9
API version: 1.40
Go version: go1.13.10
Git commit: 9d988398e7
Built: Fri May 15 00:25:27 2020
OS/Arch: linux/amd64
Experimental: false- 当你安装好Docker后,会生成一个可执行文件,也叫docker. 查看帮助信息,指令很多,但是,别慌~ 日常使用,也就会用到那几个而已
[root@preserve-olm-env data]# which docker
/usr/bin/docker
[root@preserve-olm-env data]# docker --help
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set
with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
builder Manage builds
checkpoint Manage checkpoints
config Manage Docker configs
container Manage containers
context Manage contexts
engine Manage the docker engine
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
deploy Deploy a new stack or update an existing stack
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.2,编写一个简单程序。Golang 代码,输出 Hello Docker! 如下,
代码语言:javascript复制package main
import (
"fmt"
"net/http"
)
func main() {
http.HandleFunc("/docker", handleDocker)
http.ListenAndServe(":8080", nil)
}
func handleDocker(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "Hello Docker!")
}- 编译运行,我是在一个虚拟机上运行的。
[jzhang@dhcp-140-36 show]$ export CGO_ENABLED=0
[jzhang@dhcp-140-36 show]$ go build
[jzhang@dhcp-140-36 show]$ ls
main.go show
[jzhang@dhcp-140-36 show]$ ./show
- 在浏览器窗口输入http://10.66.140.36:8080/docker 效果如下:
3,容器化,也就是把这个程序放到容器中去运行
- 编写Dockerfile, 具体的FROM, Add, CMD 等指令可以参考那些工具书,这里略过。
[jzhang@dhcp-140-36 show]$ ls
Dockerfile main.go show
[jzhang@dhcp-140-36 show]$ cat Dockerfile
FROM scratch
Add show /
CMD ["/show"]- 创建Docker 镜像
[jzhang@dhcp-140-36 show]$ docker build -t quay.io/jiazha/show:v1 .
Sending build context to Docker daemon 7.399MB
Step 1/3 : FROM scratch
--->
Step 2/3 : Add show /
---> e1d83a8ffad9
Step 3/3 : CMD ["/show"]
---> Running in 8a13dafb50df
Removing intermediate container 8a13dafb50df
---> 55ccf78c9a91
Successfully built 55ccf78c9a91
Successfully tagged quay.io/jiazha/show:v1- 查看镜像大小,才7M 左右,相当nice~
[jzhang@dhcp-140-36 show]$ docker image ls quay.io/jiazha/show:v1
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/jiazha/show v1 55ccf78c9a91 4 minutes ago 7.39MB4, 容器化运行
- 因为现在show 可执行文件是在镜像中了,所以运行它时,使用的是容器的8080端口,并不是之前的那台虚拟机的。我们来看下,
[jzhang@dhcp-140-36 show]$ docker run quay.io/jiazha/show:v1
- docker ps 查看该容器ID.
[jzhang@dhcp-140-36 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
61326acc97fb quay.io/jiazha/show:v1 "/show" 8 seconds ago Up 7 seconds kind_haibt- docker inspect 指令查看该容器IP 地址
[jzhang@dhcp-140-36 ~]$ docker inspect 61326acc97fb --format='{{.NetworkSettings.IPAddress}}'
172.17.0.2- curl 指令检查 show 是否在容器中正常运行
[jzhang@dhcp-140-36 ~]$ curl 172.17.0.2:8080/docker
Hello Docker!- 输出Hello Docker! Prefect!
- 补充:那如何访问改虚拟机端口来获取输出呢?可以使用端口映射,如下,把容器的8080端口映射到虚拟机的80端口
[jzhang@dhcp-140-36 show]$ docker run -p 80:8080 quay.io/jiazha/show:v1
- 打开浏览器访问虚拟的8080端口,预期失败。
- 改为访问80端口,成功。
到此,程序容器化已经完成了,是不是很简单?
5, 发布该镜像
- 我是用的是Red Hat 的quay.io 镜像仓库,跟dockerhub一样,主要是镜像的托管服务,漏洞检测等。把镜像推送到名叫jiazha的registry.
[jzhang@dhcp-140-36 show]$ docker push quay.io/jiazha/show:v1
The push refers to repository [quay.io/jiazha/show]
ce5f0c851050: Pushed
v1: digest: sha256:f052362823506b97b738ba48d4227981758936fd1c6c30ab69e76492825b3243 size: 5286, 换个平台,运行show 镜像,这里使用的是Mac
- 下载上边发布的镜像,然后运行,映射到本地8083端口。
mac:~ jianzhang$ docker pull quay.io/jiazha/show:v1
v1: Pulling from jiazha/show
038b2980cdca: Pull complete
Digest: sha256:f052362823506b97b738ba48d4227981758936fd1c6c30ab69e76492825b3243
Status: Downloaded newer image for quay.io/jiazha/show:v1
mac:~ jianzhang$ docker run -p 8083:8080 quay.io/jiazha/show:v1- 去浏览器验证,完美!
看到没,在Fedora 系统编译的show 指令,在Mac 上完美运行。其实,它是在容器中运行的。
END
Docker 其实是提供了一个统一的运行环境,一次构建,随处运行。类似集装箱,把程序运行所需要的文件,配置都放到一个箱子里,不管这个箱子最终被搬到哪里,哪个平台,开箱即用。完美解决了开发环境与客户实际运行环境不一致的问题。
程序员还敢说开篇那句话吗?
