手记

Docker常用指令(操作镜像、操作容器)

操作镜像
  • 搜索镜像
    docker search [OPTIONS] TERM
    Options:
    -f, --filter filter   Filter output based on conditions provided
      --format string   Pretty-print search using a Go template
      --limit int       Max number of search results (default 25)
      --no-trunc        Don't truncate output
    # e.g
    [root@localhost ~]# docker search nginx --limit 5
    NAME                                     DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
    nginx                                    Official build of Nginx.                        9370                [OK]                
    jwilder/nginx-proxy                      Automated Nginx reverse proxy for docker con…   1388                                    [OK]
    richarvey/nginx-php-fpm                  Container running Nginx + PHP-FPM capable of…   609                                     [OK]
    jrcs/letsencrypt-nginx-proxy-companion   LetsEncrypt container to use with nginx as p…   396                                     [OK]
    bitnami/nginx                            Bitnami nginx Docker Image                      57                                      [OK]
  • 获取镜像

    docker pull [OPTIONS] NAME[:TAG|@DIGEST]
    Options:
    -a, --all-tags                下载所有版本的镜像
      --disable-content-trust   跳过镜像验证 (default true)
    # e.g
    docker pull centos
    Using default tag: latest
    # 默认下载最新稳定版本
  • 列出镜像

    docker images [OPTIONS] [REPOSITORY[:TAG]]
  • 删除本地镜像

    docker image rm [选项] <镜像1> [<镜像2> ...]
    Options:
    -a, --all             Show all images (default hides intermediate images)
      --digests         Show digests
    -f, --filter filter   Filter output based on conditions provided
      --format string   Pretty-print images using a Go template
      --no-trunc        Don't truncate output
    -q, --quiet           Only show numeric IDs
  • 构建镜像

    • 1、创建文本文件并命名为Dockerfile
    • 2、编写内容(以nginx为例)

      FROM nginx
      RUN echo '<h1>hello world</h1>' > /usr/share/nginx/html/index.html
    • 3、编译

      docker build -t nginx:v1 .
    • 4、查看制作好的镜像

      docker images
      REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
      nginx               v1                  bc19667caea3        6 seconds ago       109MB
      nginx               latest              c82521676580        4 weeks ago         109MB
    • 5、运行制作好的镜像

      docker run --name web2 -d -p 81:80 nginx:v1
    • 6、Dockerfile指令
      #FROM:指定基础镜像
      #RUN:执行命令(shell格式、exec格式)
      #COPY:复制文件
      #ADD:更高级的复制文件
      #CMD:容器启动命令
      #ENTRYPOINT:入口点
      #ENV:设置环境变量
      #ARG:构建参数
      #VOLUME:定义匿名卷
      #EXPOSE:声明端口
      #WORKDIR:指定工作目录
      #USER:指定当前用户
      #HEALTHCHECK 健康检查
操作Docker容器
  • 启动容器

    docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
    Options:
      --add-host list                  添加自定义主机到ip映射(主机:ip)
    -a, --attach list                    附加到STDIN、STDOUT或STDERR上
      --blkio-weight uint16            Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
      --blkio-weight-device list       Block IO weight (relative device weight) (default [])
      --cap-add list                   Add Linux capabilities
      --cap-drop list                  Drop Linux capabilities
      --cgroup-parent string           Optional parent cgroup for the container
      --cidfile string                 将容器ID写入文件
      --cpu-period int                 限制CPU CFS(完全公平调度程序)周期
      --cpu-quota int                  Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int              Limit CPU real-time period in microseconds
      --cpu-rt-runtime int             Limit CPU real-time runtime in microseconds
    -c, --cpu-shares int                 CPU 共享 (相对权重)
      --cpus decimal                   CPU的数量
      --cpuset-cpus string             允许执行的cpu (0-3, 0,1)
      --cpuset-mems string             允许执行的MEMs (0-3, 0,1)
    -d, --detach                         在后台运行容器并打印容器ID
      --detach-keys string             Override the key sequence for detaching a container
      --device list                    Add a host device to the container
      --device-cgroup-rule list        Add a rule to the cgroup allowed devices list
      --device-read-bps list           Limit read rate (bytes per second) from a device (default [])
      --device-read-iops list          Limit read rate (IO per second) from a device (default [])
      --device-write-bps list          Limit write rate (bytes per second) to a device (default [])
      --device-write-iops list         Limit write rate (IO per second) to a device (default [])
      --disable-content-trust          Skip image verification (default true)
      --dns list                       Set custom DNS servers
      --dns-option list                Set DNS options
      --dns-search list                Set custom DNS search domains
      --entrypoint string              Overwrite the default ENTRYPOINT of the image
    -e, --env list                       Set environment variables
      --env-file list                  Read in a file of environment variables
      --expose list                    Expose a port or a range of ports
      --group-add list                 Add additional groups to join
      --health-cmd string              Command to run to check health
      --health-interval duration       Time between running the check (ms|s|m|h) (default 0s)
      --health-retries int             Consecutive failures needed to report unhealthy
      --health-start-period duration   Start period for the container to initialize before starting health-retries
                                       countdown (ms|s|m|h) (default 0s)
      --health-timeout duration        Maximum time to allow one check to run (ms|s|m|h) (default 0s)
      --help                           Print usage
    -h, --hostname string                Container host name
      --init                           Run an init inside the container that forwards signals and reaps processes
    -i, --interactive                    Keep STDIN open even if not attached
      --ip string                      IPv4 address (e.g., 172.30.100.104)
      --ip6 string                     IPv6 address (e.g., 2001:db8::33)
      --ipc string                     IPC mode to use
      --isolation string               Container isolation technology
      --kernel-memory bytes            Kernel memory limit
    -l, --label list                     Set meta data on a container
      --label-file list                Read in a line delimited file of labels
      --link list                      Add link to another container
      --link-local-ip list             Container IPv4/IPv6 link-local addresses
      --log-driver string              Logging driver for the container
      --log-opt list                   Log driver options
      --mac-address string             Container MAC address (e.g., 92:d0:c6:0a:29:33)
    -m, --memory bytes                   Memory limit
      --memory-reservation bytes       Memory soft limit
      --memory-swap bytes              Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --memory-swappiness int          Tune container memory swappiness (0 to 100) (default -1)
      --mount mount                    Attach a filesystem mount to the container
      --name string                    Assign a name to the container
      --network string                 Connect a container to a network (default "default")
      --network-alias list             Add network-scoped alias for the container
      --no-healthcheck                 Disable any container-specified HEALTHCHECK
      --oom-kill-disable               Disable OOM Killer
      --oom-score-adj int              Tune host's OOM preferences (-1000 to 1000)
      --pid string                     PID namespace to use
      --pids-limit int                 Tune container pids limit (set -1 for unlimited)
      --privileged                     Give extended privileges to this container
    -p, --publish list                   将容器的端口映射到主机(主机端口:容器端口)
    -P, --publish-all                    Publish all exposed ports to random ports
      --read-only                      Mount the container's root filesystem as read only
      --restart string                 Restart policy to apply when a container exits (default "no")
      --rm                             Automatically remove the container when it exits
      --runtime string                 Runtime to use for this container
      --security-opt list              Security Options
      --shm-size bytes                 Size of /dev/shm
      --sig-proxy                      Proxy received signals to the process (default true)
      --stop-signal string             Signal to stop a container (default "SIGTERM")
      --stop-timeout int               Timeout (in seconds) to stop a container
      --storage-opt list               Storage driver options for the container
      --sysctl map                     Sysctl options (default map[])
      --tmpfs list                     Mount a tmpfs directory
    -t, --tty                            Allocate a pseudo-TTY
      --ulimit ulimit                  Ulimit options (default [])
    -u, --user string                    Username or UID (format: <name|uid>[:<group|gid>])
      --userns string                  User namespace to use
      --uts string                     UTS namespace to use
    -v, --volume list                    绑定挂载卷
      --volume-driver string           Optional volume driver for the container
      --volumes-from list              Mount volumes from the specified container(s)
    -w, --workdir string                 Working directory inside the container
    # 示例
    docker  run ubuntu:14.04 /bin/echo 'hello docker'
    hello docker
    docker run -t -i ubuntu:14.04 /bin/bash
    # -t 选项表示让Docker分配一个伪终端并绑定到容器的标准输入上
    # -i 则让容器的标准输入保持打开
  • 获取运行中的容器

    docker ps [OPTIONS]
    Options:
    -a, --all             显示全部容器(默认只显示运行中的容器)
    -f, --filter filter   根据提供的条件过滤输出
      --format string   使用Go模板打印格式化后的容器信息
    -n, --last int        显示最后创建的容器(包括所有状态)(默认全部)
    -l, --latest          显示最新创建的容器(包括所有状态)
      --no-trunc        不截断输出
    -q, --quiet           只显示容器ID
    -s, --size            显示文件大小
  • 获取容器的输出信息

    docker logs [OPTIONS] CONTAINER
    Options:
     --details        显示提供给日志的额外细节
    -f, --follow        在终端跟踪日志输出
      --since string   显示时间戳之后的日志(例如2013-01-02T13:23:37)或相对日志(例如42m, 42分钟)
      --tail string    从日志末尾显示的行数(默认为“all”)
    -t, --timestamps     显示时间戳
      --until string    显示时间戳之前的日志(例如2013-01-02T13:23:37)或相对日志(例如42m, 42分钟)
  • 停止容器

    docker stop [OPTIONS] CONTAINER [CONTAINER...]
    Options:
    -t, --time int   在停止之前等待几秒钟(默认10秒)
  • 启动容器

    docker start [OPTIONS] CONTAINER [CONTAINER...]
    Options:
    -a, --attach               Attach STDOUT/STDERR and forward signals
      --detach-keys string   Override the key sequence for detaching a container
    -i, --interactive          Attach container's STDIN
  • 重新启动容器

    docker restart [OPTIONS] CONTAINER [CONTAINER...]
    Options:
    -t, --time int   在停止之前等待几秒钟(默认10秒)
  • 进入容器

    docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
    Options:
    -d, --detach               Detached mode: run command in the background
      --detach-keys string   Override the key sequence for detaching a container
    -e, --env list             Set environment variables
    -i, --interactive          Keep STDIN open even if not attached
      --privileged           Give extended privileges to the command
    -t, --tty                  Allocate a pseudo-TTY
    -u, --user string          Username or UID (format: <name|uid>[:<group|gid>])
    -w, --workdir string       Working directory inside the container
  • 删除容器
    docker rm [OPTIONS] CONTAINER [CONTAINER...]
    Options:
    -f, --force     删除运行中的容器
    -l, --link      Remove the specified link
    -v, --volumes   Remove the volumes associated with the container
    # 清洗所有处于终止状态的容器
    docker container prune
1人推荐
随时随地看视频
慕课网APP