Docker 镜像
镜像是一种轻量级、可执行的独立软件包,用来打包软件运行环境和基于运行环境开发的软件,它包含运行某个软件所需的所有内容,包括代码、运行时、库、环境变量和配置文件。
1. UnionFS(联合文件系统)
以pull为例,在下载的过程中我们可以看到docker的镜像好像是在一层一层的在下载:
Union文件系统(UnionFS)是一种分层、轻量级并且高性能的文件系统,它支持对文件系统的修改作为一次提交来一层层的叠加,同时可以将不同目录挂载到同一个虚拟文件系统下(unite several directories into a single virtual filesystem)。Union文件系统是Docker镜像的基础。镜像可以通过分层来进行继承,基于基础镜像(没有父镜像),可以制作各种具体的应用镜像。 
特性:一次同时加载多个文件系统,但从外面看起来,只能看到一个文件系统,联合加载会把各层文件系统叠加起来,这样最终的文件系统会包含所有底层的文件和目录。
为什么 Docker 镜像要采用这种分层结构呢?
最大的一个好处就是 - 共享资源,方便复制迁移,更好的复用
比如:有多个镜像都从相同的base镜像构建而来,那么宿主机只需在磁盘上保存一份base镜像,同时内存中也只需加载一份base镜像,就可以为所有容器服务了。而且镜像的每一层都可以被共享。
2. Docker镜像加载原理
Docker的镜像实际上由一层一层的文件系统组成,具体的层级的文件系统如下:
- bootfs(boot file system): 主要包含bootloader和kernel, bootloader主要是引导加载kernel, Linux刚启动时会加载bootfs文件系统,在Docker镜像的最底层是bootfs。这一层与我们典型的Linux/Unix系统是一样的,包含boot加载器和内核。当boot加载完成之后整个内核就都在内存中了,此时内存的使用权已由bootfs转交给内核,此时系统也会卸载bootfs。
- rootfs(root file system): 在bootfs之上。包含的就是典型 Linux 系统中的 /dev, /proc, /bin, /etc 等标准目录和文件。rootfs就是各种不同的操作系统发行版,比如Ubuntu,Centos等等。
平时我们安装进虚拟机的Ubuntu都是好几个G,为什么docker这里才200M?? 
对于一个精简的OS,rootfs可以很小,只需要包括最基本的命令、工具和程序库就可以了,因为底层直接用Host的kernel,自己只需要提供 rootfs 就行了。由此可见对于不同的linux发行版, bootfs基本是一致的, rootfs会有差别, 因此不同的发行版可以公用bootfs。
3. Docker镜像特点
Docker镜像层都是只读的,容器层是可写的。当容器启动时,一个新的可写层被加载到镜像的顶部。这一层通常被称作"容器层","容器层"之下的都叫"镜像层"。所有对容器的改动(无论添加删除还是修改文件)都只会发生在容器层中。
4. docker commit命令
格式:docker commit -m="提交的描述信息" -a="作者" 容器ID 要创建的目标镜像名:[标签名] 提交容器副本使之成为一个新的镜像
4.1 从Hub上下载ubuntu镜像到本地并成功运行
sh
[root@hadoop104 ~]# docker run --name myUbuntu -it ubuntu
root@f7703e8e9f71:/#4.2 在镜像中安装vim
sh
root@f7703e8e9f71:/# apt-get update
# 原始的ubuntu镜像不带vim命令
root@f7703e8e9f71:/# apt-get -y install vim
# 查看最近的容器
[root@hadoop104 ~]# docker ps -n 1
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7703e8e9f71 ubuntu "/bin/bash" 4 minutes ago Exited (0) 14 seconds ago myUbuntu4.3 commit当前的镜像
sh
[root@hadoop104 ~]# docker commit -m="vim add" -a="jack" f7703e8e9f71 jack/myubuntu:1.0
sha256:563feb03c432ecb905f3b05948fea3806e75bc59086bdada59aa3a640d8a42c9
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jack/myubuntu 1.0 563feb03c432 6 seconds ago 191MB
jack/bak_tomcat 10 21bcb0153c10 About an hour ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 10 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB总结
Docker中的镜像分层,支持通过扩展现有镜像,创建新的镜像。类似Java继承于一个Base基础类,自己再按需扩展,新镜像是从base镜像一层一层叠加生成的。每安装一个软件,就在现有镜像的基础上增加一层。
5. 本地镜像发布到阿里云
将jack/myubuntu镜像发布到阿里云镜像仓库中。
- 登陆阿里云, 搜索容器镜像服务,进入控制台:
- 点击个人版:
- 选择命名空间,创建命名空间
- 创建仓库名称
- 选择本地仓库,创建成功后,显示仓库信息及操作指南
- 开始推送:
sh
[jack@hadoop104 ~]$ docker login --username=goder@aliyun.com registry.cn-hangzhou.aliyuncs.com
Password:
WARNING! Your password will be stored unencrypted in /home/jack/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded提示需要输入密码,密码是获取凭证不是阿里云密码:
sh
[root@hadoop104 ~]# docker tag 563feb03c432 registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
[root@hadoop104 ~]# docker push registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
The push refers to repository [registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror]
174122ceb801: Pushed
a46a5fb872b5: Pushed
1.0: digest: sha256:3849f9d0e8538120fa85c4c2cb7250d80af400dace308bda8d0b3442f2ec8e47 size: 7416. 将阿里云镜像下载到本地库
先删除本地相同的镜像:
sh
[root@hadoop104 ~]# docker rmi -f 563feb03c432
Untagged: jack/myubuntu:1.0
Untagged: registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
Untagged: registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror@sha256:3849f9d0e8538120fa85c4c2cb7250d80af400dace308bda8d0b3442f2ec8e47
Deleted: sha256:563feb03c432ecb905f3b05948fea3806e75bc59086bdada59aa3a640d8a42c9
Deleted: sha256:2c3da70142e77bb0c28e64637a7f785d36f413f1acc9054c577de9807c31aa95拉取镜像:
sh
[root@hadoop104 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
1.0: Pulling from jiebaba/learn_docker_mirror
802008e7f761: Already exists
23e9208f5799: Pull complete
Digest: sha256:3849f9d0e8538120fa85c4c2cb7250d80af400dace308bda8d0b3442f2ec8e47
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror:1.0
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror 1.0 563feb03c432 3 hours ago 191MB
jack/bak_tomcat 10 21bcb0153c10 4 hours ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 10 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
tomcat 9.0.93-jdk8 96353978e6a7 2 months ago 387MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB7. 创建本地私有库
阿里云这样的公共镜像仓库可能不太方便,涉及机密的公司不可能提供镜像给公网,所以需要创建一个本地私人仓库供给团队使用,Docker Registry是官方提供的工具,可以用于构建私有镜像仓库。
7.1 下载Docker Registry镜像
sh
[root@hadoop104 ~]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
1cc3d825d8b2: Pull complete
85ab09421e5a: Pull complete
40960af72c1c: Pull complete
e7bb1dbb377e: Pull complete
a538cc9b1ae3: Pull complete
Digest: sha256:ac0192b549007e22998eb74e8d8488dcfe70f1489520c3b144a6047ac5efbe90
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest7.2 运行Registry镜像
sh
[root@hadoop104 ~]# docker run -d -p 5000:5000 -v /hub/myregistry:/tmp/registry --privileged=true registry
d03ea3d31632c2baeda839376ce747784d5d9e8ef2221bc7180bc3146866125d
[root@hadoop104 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d03ea3d31632 registry "/entrypoint.sh /etc…" 22 seconds ago Up 20 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp elegant_sammet不使用-v,默认情况下,仓库被创建在容器的var/lib/registry目录下,建议自行用容器卷映射,方便于宿主机联调。
7.3 ubuntu镜像添加ifconfig支持
sh
[root@hadoop104 ~]# docker run --name="ubuntu" -it ubuntu /bin/bash
root@37e87bcc975d:/# apt-get update
root@37e87bcc975d:/# apt-get install net-tools -y
root@37e87bcc975d:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
RX packets 6527 bytes 26803191 (26.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6517 bytes 503193 (503.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 07.4 commit新的镜像
使用快捷键ctrl+P+Q退出当前ubuntu的shell,在宿主机上执行命令:
sh
[root@hadoop104 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37e87bcc975d ubuntu "/bin/bash" 5 minutes ago Up 4 minutes ubuntu
d03ea3d31632 registry "/entrypoint.sh /etc…" 10 minutes ago Up 10 minutes 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp elegant_sammet
[root@hadoop104 ~]# docker commit -m="ifconfig added" -a="jiebaba" 37e87bcc975d jiebaba_ubuntu:1.0
sha256:daa1b061aeac3d0dde5a349bd21a09aab91464a8599d6bc713049bbe874fd9a9
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jiebaba_ubuntu 1.0 daa1b061aeac 54 seconds ago 122MB
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror 1.0 563feb03c432 11 hours ago 191MB
jack/bak_tomcat 10 21bcb0153c10 12 hours ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 11 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
tomcat 9.0.93-jdk8 96353978e6a7 2 months ago 387MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
registry latest 75ef5b734af4 12 months ago 25.4MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB7.5 查看私服库的镜像
sh
[root@hadoop104 ~]# curl -XGET http://192.168.101.104:5000/v2/_catalog
{"repositories":[]}可以看到,目前私服库没有任何镜像上传过。
7.6 将新镜像修改为符合私服规范的Tag
格式: docker tag 镜像:Tag Host:PortRepository:Tag
sh
[root@hadoop104 ~]# docker tag jiebaba_ubuntu:1.0 192.168.101.104:5000/jiebaba_ubuntu:1.0
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.101.104:5000/jiebaba_ubuntu 1.0 daa1b061aeac 9 minutes ago 122MB
jiebaba_ubuntu 1.0 daa1b061aeac 9 minutes ago 122MB
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror 1.0 563feb03c432 11 hours ago 191MB
jack/bak_tomcat 10 21bcb0153c10 12 hours ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 11 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
tomcat 9.0.93-jdk8 96353978e6a7 2 months ago 387MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
registry latest 75ef5b734af4 12 months ago 25.4MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB7.7 修改配置文件支持http
由于Docker做了安全加固,上传镜像只支持https,需要修改配置将本地加入白名单:
sh
[root@hadoop104 ~]# vim /etc/docker/daemon.json
[root@hadoop104 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.1ms.run",
"https://docker.m.daocloud.io",
"https://docker.rainbond.cc",
"https://docker.chenby.cn",
"https://docker.1panel.live",
"https://wnjwhe4c.mirror.aliyuncs.com"
],
"insecure-registries":["192.168.101.104:5000"]
}配置修改后重启Docker生效,然后启动registry容器。
7.8 push推送到私服库
sh
[root@hadoop104 ~]# docker push 192.168.101.104:5000/jiebaba_ubuntu:1.0
The push refers to repository [192.168.101.104:5000/jiebaba_ubuntu]
6af086f1d357: Pushed
a46a5fb872b5: Pushed
1.0: digest: sha256:fd03586c01dffd5c5a49c0f7c81fd936758d5357b994a5ee6a24e3e9b0c514b4 size: 7417.9 curl验证私服库
sh
[root@hadoop104 ~]# curl -XGET http://192.168.101.104:5000/v2/_catalog
{"repositories":["jiebaba_ubuntu"]}7.10 pull本地私服库
先删除本地相同的镜像,然后在拉取私服库的镜像:
sh
[root@hadoop104 ~]# docker rmi -f 192.168.101.104:5000/jiebaba_ubuntu:1.0
Untagged: 192.168.101.104:5000/jiebaba_ubuntu:1.0
Untagged: 192.168.101.104:5000/jiebaba_ubuntu@sha256:fd03586c01dffd5c5a49c0f7c81fd936758d5357b994a5ee6a24e3e9b0c514b4
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jiebaba_ubuntu 1.0 daa1b061aeac 28 minutes ago 122MB
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror 1.0 563feb03c432 11 hours ago 191MB
jack/bak_tomcat 10 21bcb0153c10 13 hours ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 11 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
tomcat 9.0.93-jdk8 96353978e6a7 2 months ago 387MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
registry latest 75ef5b734af4 12 months ago 25.4MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB
[root@hadoop104 ~]# docker pull 192.168.101.104:5000/jiebaba_ubuntu:1.0
1.0: Pulling from jiebaba_ubuntu
Digest: sha256:fd03586c01dffd5c5a49c0f7c81fd936758d5357b994a5ee6a24e3e9b0c514b4
Status: Downloaded newer image for 192.168.101.104:5000/jiebaba_ubuntu:1.0
192.168.101.104:5000/jiebaba_ubuntu:1.0
[root@hadoop104 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.101.104:5000/jiebaba_ubuntu 1.0 daa1b061aeac 30 minutes ago 122MB
jiebaba_ubuntu 1.0 daa1b061aeac 30 minutes ago 122MB
registry.cn-hangzhou.aliyuncs.com/jiebaba/learn_docker_mirror 1.0 563feb03c432 11 hours ago 191MB
jack/bak_tomcat 10 21bcb0153c10 13 hours ago 466MB
ubuntu latest 59ab366372d5 9 days ago 78.1MB
tomcat latest 0bcf1082c8a0 11 days ago 465MB
redis latest f02a7f566928 2 weeks ago 117MB
nginx latest 3b25b682ea82 2 weeks ago 192MB
jenkins/jenkins lts bac101b69b63 2 weeks ago 470MB
tomcat 9.0.93-jdk8 96353978e6a7 2 months ago 387MB
redmine latest 4c3c82c1166d 4 months ago 633MB
mysql 5.7 5107333e08a8 10 months ago 501MB
registry latest 75ef5b734af4 12 months ago 25.4MB
hello-world latest d2c94e258dcb 17 months ago 13.3kB