对于想了解dockercontainercommands的读者,本文将提供新的信息,并且为您提供关于Containerd1.5发布:重磅支持docker-compose!、DockerCleanupC
对于想了解docker container commands的读者,本文将提供新的信息,并且为您提供关于Containerd 1.5 发布:重磅支持 docker-compose!、Docker Cleanup Commands、docker commandline、Docker commands 和 Dockerfile的有价值信息。
本文目录一览:- docker container commands
- Containerd 1.5 发布:重磅支持 docker-compose!
- Docker Cleanup Commands
- docker commandline
- Docker commands 和 Dockerfile
docker container commands
docker container
Estimated reading time: 2 minutes
Description
Manage containers
Usage
docker container COMMAND
Child commands
| Command | Description |
| docker container attach | Attach local standard input, output, and error streams to a running container |
| docker container commit | Create a new image from a container’s changes |
| docker container cp | Copy files/folders between a container and the local filesystem |
| docker container create | Create a new container |
| docker container diff | Inspect changes to files or directories on a container’s filesystem |
| docker container exec | Run a command in a running container |
| docker container export | Export a container’s filesystem as a tar archive |
| docker container inspect | Display detailed information on one or more containers |
| docker container kill | Kill one or more running containers |
| docker container logs | Fetch the logs of a container |
| docker container ls | List containers |
| docker container pause | Pause all processes within one or more containers |
| docker container port | List port mappings or a specific mapping for the container |
| docker container prune | Remove all stopped containers |
| docker container rename | Rename a container |
| docker container restart | Restart one or more containers |
| docker container rm | Remove one or more containers |
| docker container run | Run a command in a new container |
| docker container start | Start one or more stopped containers |
| docker container stats | Display a live stream of container(s) resource usage statistics |
| docker container stop | Stop one or more running containers |
| docker container top | Display the running processes of a container |
| docker container unpause | Unpause all processes within one or more containers |
| docker container update | Update configuration of one or more containers |
| docker container wait | Block until one or more containers stop, then print their exit codes |
Containerd 1.5 发布:重磅支持 docker-compose!
2021 年 5 月 4 日,Containerd 1.5 正式发布 [1],该版本默认启用了 OCIcrypt 解密功能,并引入了对 NRI、zstd 和 FreeBSD jails 的支持,同时还简化了对 Containerd 的贡献流程。下面就来看看具体更新了哪些功能吧。
默认 OCIcrypt 解密
Containerd 从 1.3 开始就支持从加密的镜像中运行容器,但没有作为默认启用的选项,直到 1.5 版本才默认启用,具体用法请参考文档 [2]。
需要注意的是,必须安装二进制文件 ctd-decoder 才能解密 OCIcrypt 镜像,该二进制文件包含在 cri-containerd-cni-1.5.0-linux-amd64.tar.gz [3] 中,但不包含在 containerd-1.5.0-linux-amd64.tar.gz 中。另外,OCIcrypt 并不适用于 Docker,因为 Docker 目前并没有使用 Containerd 来管理镜像。
NRI: Node Resource Interface
NRI (Node Resource Interface)[4] 即节点资源接口,类似于 CRI,但 NRI 可用于非网络资源,例如 GPU 调度限制和内存配额。具体用法可参考 NRI 示例代码 [5]。
zstd 压缩算法
除了 gzip 之外,Containerd 现在还支持 zstd [6] 镜像压缩算法,压缩速度比 gzip 快好几倍,具体通过 github.com/klauspost/compress/zstd [7] 来实现。关于 zstd 的性能测试结果请参考 zstd 官方文档 [8]。
支持 FreeBSD
Containerd 从 1.5 版本开始实验性地支持 FreeBSD 操作系统,可以使用 FreeBSD jails [9] 运行一个兼容的 OCI 运行时,例如 runj [10]。同时还支持 ZFS 的快照管理,未来版本可能也会支持 unionfs [11]。
简化贡献流程
CRI 插件仓库 [12] 现已合并到 Containerd 主仓库 [13] 中,对用户来说没有明显变化,只是简化了开发者对 Containerd 的贡献流程。
nerdctl
nerdctl [14] 是一个与 Docker 兼容的 CLI,例如:
$ nerdctl run -d --name nginx -p 8080:80 --restart=always nginx
但 nerdctl 的目标并不是单纯地复制 docker 的功能,它还实现了很多 docker 不具备的功能,例如延迟拉取镜像(lazy-pulling [15])、镜像加密(imgcrypt [16])等。
nerdctl 在上个月作为非核心子项目加入了 Containerd 组织,详情请参考终于可以像使用 Docker 一样丝滑地使用 Containerd 了!
现在 nerdctl 还推出了一个爆炸性功能:直接兼容 docker-compose 的语法!也就是说,可以直接通过 docker-compose.yaml 启动容器:
$ nerdctl compose -f docker-compose.yaml up
求 Docker 此时内心的阴影面积。。
本来 Docker 在 Kubernetes 社区的地位就在急剧下滑,现在 Containerd 易用性的空缺也被 nerdctl 填补上了,连 docker-compose 也能兼容了,如今 Docker 就更不受待见了。虽说廋死的骆驼比马大,但 Docker 的辉煌时代终究一去不复返了。
脚注
[1] Containerd 1.5 正式发布: https://github.com/containerd/containerd/releases/tag/v1.5.0
[2] 参考文档: https://github.com/containerd/containerd/blob/v1.5.0-rc.2/docs/cri/decryption.md
[3] cri-containerd-cni-1.5.0-linux-amd64.tar.gz: https://github.com/containerd/containerd/releases
[4] NRI(Node Resource Interface): https://github.com/containerd/nri
[5] NRI 示例代码: https://github.com/containerd/nri#sample-plugin
[6] zstd: https://github.com/containerd/containerd/pull/4809
[7] github.com/klauspost/compress/zstd: https://github.com/klauspost/compress/tree/master/zstd
[8] zstd 官方文档: https://github.com/klauspost/compress/blob/master/zstd/README.md
[9] FreeBSD jails: https://en.wikipedia.org/wiki/FreeBSD_jail
[10] runj: https://github.com/samuelkarp/runj
[11] unionfs: https://www.freebsd.org/cgi/man.cgi?query=unionfs&sektion=8&manpath=freebsd-release-ports
[12] CRI 插件仓库: https://github.com/containerd/cri
[13] Containerd 主仓库: https://github.com/containerd/cri
[14] nerdctl: https://github.com/containerd/nerdctl
[15] lazy-pulling: https://github.com/containerd/nerdctl/blob/master/docs/stargz.md
[16] imgcrypt: https://github.com/containerd/nerdctl/blob/master/docs/ocicrypt.md
Docker Cleanup Commands
I''ve been working quite a bit with Docker these last few weeks and one thing that I found really annoying was all these unused containers and images taking up precious disk space.
I wish Docker has a ''docker clean'' command that would delete stopped containers and untagged images. Perhaps sometime in the near future as the project is very active. But for the time being, these commands should do the job.
Kill all running containers
docker kill $(docker ps -q)Delete all stopped containers (including data-only containers)
docker rm $(docker ps -a -q)Delete all ''untagged/dangling'' (<none>) images
docker rmi $(docker images -q -f dangling=true)Delete ALL images
docker rmi $(docker images -q)It might also be useful to create bash aliases for these commands, for example:
# ~/.bash_aliases
# Kill all running containers.
alias dockerkillall=''docker kill $(docker ps -q)''
# Delete all stopped containers.
alias dockercleanc=''printf "\n>>> Deleting stopped containers\n\n" && docker rm $(docker ps -a -q)''
# Delete all untagged images.
alias dockercleani=''printf "\n>>> Deleting untagged images\n\n" && docker rmi $(docker images -q -f dangling=true)''
# Delete all stopped containers and untagged images.
alias dockerclean=''dockercleanc || true && dockercleani''Update (9/9/2015):
Also check out this script if your /var/lib/docker directory seems to be getting unusually big as there may be a bunch of orphaned Docker volumes that can be cleaned up. We ran into this issue recently where developers were starting to ran out of space on their hard drive and turned out we had so many orphaned volumes.
docker commandline
https://docs.docker.com/engine/reference/commandline/run/
- docker run – Runs a command in a new container.
- docker start – Starts one or more stopped containers
- docker stop – Stops one or more running containers
- docker build – Builds an image form a Docker file
- docker pull – Pulls an image or a repository from a registry
- docker push – Pushes an image or a repository to a registry
- docker export – Exports a container’s filesystem as a tar archive
- docker exec – Runs a command in a run-time container
- docker search – Searches the Docker Hub for images
- docker attach – Attaches to a running container
- docker commit – Creates a new image from a container’s changes
--ipc=host and --ipc=container:id选项已添加到Docker create和run命令中以共享IPC资源。
--ipc="" : Set the IPC mode for the container, 'container:<name|id>': reuses another container's IPC namespace 'host': use the host's IPC namespace inside the container
Configure namespaced kernel parameters (sysctls) at runtime
The --sysctl sets namespaced kernel parameters (sysctls) in the container. For example, to turn on IP forwarding in the containers network namespace, run this command:
$ docker run --sysctl net.ipv4.ip_forward=1 someimage
Note
Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced.
CURRENTLY SUPPORTED SYSCTLS
IPC Namespace:
kernel.msgmax,kernel.msgmnb,kernel.msgmni,kernel.sem,kernel.shmall,kernel.shmmax,kernel.shmmni,kernel.shm_rmid_forced.- Sysctls beginning with
fs.mqueue.* - If you use the
--ipc=hostoption these sysctls are not allowed.
Network Namespace:
- Sysctls beginning with
net.* - If you use the
--network=hostoption using these sysctls are not allowed.
System V共享内存(shmget、shmat、shmdt)以及Mmap映射Regular File。System V共享内存支持一定程度上的内存数据持久化,即当程序创建共享内存对象后,如果不显式删除或物理主机重启,该IPC对象会一直保留,其中的数据也不会丢 失;mmap映射Regular File的方式支持内存数据持久化到文件中,即便物理主机重启,这部分数据依旧不会丢失,除非显式删除文件。
mmap常见的有两类共享内存映射方式,一种映射到/dev/zero,另外一种则是映射到 Regular Fiile。前者在程序退出后数据自动释放,后者则保留在映射的文件中。
一个启动的Docker容器就是一个拥有了自己的内核名字空间的进程,其pid、net、ipc、mnt、uts、user等均与其他进程隔离,对于运行于该容器内的程序而言,它仿佛会觉得它独占了一台“主机”。
在docker容器中的centos无法使用gdb调试:在docker run 命令中加上参数--cap-add=SYS_PTRACE
docker机器上不能使用date -s修改时间: --cap-add=SYS_TIME
Docker commands 和 Dockerfile
Docker commands 和 Dockerfile
标签 : docker
[TOC]
本文主要对 Docker commands 和 Dockerfile 的相关知识进行整理
Docker commands
官网传送门:
- Docker run reference
- Docker commands
首先,当然是配置命令自动补全,只需要把一个文件用 curl 下载 copy 到特定路径即可,具体操作参考 Command-line Completion
其实 docker 有很完备的命令帮助提示,对哪个指令不清楚,只需要在后面加 --help 就能看到帮助说明。例如:
- 输入
docker --help可以看到所有可执行的命令。 - 随便挑一个,比如
run命令,则输入docker run --help又能看到run的相关帮助了。
常用命令:
- 查看本地 images:
docker images
- 运行 image
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
//i.e.
docker run image
docker run -it image /bin/bash
常用的一些参数:
-
--rm:container 退出后自动删除 -
-i和-t常常一起用,-it: 以超级管理员权限打开一个命令行窗口 -
-d: 后台运行 container -
--name: 给 container 命名 -
查看当前 container
docker ps -a
- 删除所有状态的 container
docker rm $(docker ps -a -q)
- 通过另外的 tty 查看已经运行的容器
docker exec -it ${container_id} /bin/bash
- 查看容器的信息
docker inspect ${container_id}
另外, 在以上指令中,容器名和容器的 container_id 都是可以使用的,如果用户没有指定容器名,docker 会默认给每个容器分配一个比较友好的随机名称,像 fervent_perlman,high_galileo 等等
Dockerfile
官网传送门:
- Dockerfile reference
- Best practices for writing Dockerfiles
感觉文档里说了很全了,这里稍微提几个容易困惑的点
1.exec form vs shell form
在 CMD 和 ENTRYPOINT 都涉及到着两种形式 (CMD 多一种完全作为参数的形式),例如:
CMD ["executable","param1","param2"](exec 形式,推荐)CMD command param1 param2(shell 形式)
至于两种形式的区别,官方的几点说明挺详细的,主要就是变量替换,脚本环境等方面有差别:
- Note: If CMD is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified with the JSON array format.
- Note: The exec form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).
- Note: Unlike the shell form, the exec form does not invoke a command shell. This means that normal shell processing does not happen. For example, CMD [ "echo", "$HOME" ] will not do variable substitution on $HOME. If you want shell processing then either use the shell form or execute a shell directly, for example: CMD [ "sh", "-c", "echo $HOME" ].
2.ENTRYPOINT vs CMD
读完官方的 Understand how CMD and ENTRYPOINT interact ,觉得这两者特别相似,对这两者有什么区别和联系还是有些困惑,阅读下面这篇文章:
Dockerfile: ENTRYPOINT vs CMD
简而言之,ENTRYPOINT 更像一个写死的可执行指令,CMD 更像默认的一个可选项。
一个 image 只做一个单一的用途,就像一个可执行的命令时,建议使用 ENTRYPOINT,把 CMD 作为默认参数 (第三种形式 CMD ["param1","param2"] (as default parameters to ENTRYPOINT))。因为一般而言,ENTRYPOINT 是不被覆盖的 (除非在 run 时显式使用 --entrypoit), 而 CMD 是 defaults 的选项,从前文的 run 命令格式 docker run [OPTIONS] IMAGE [COMMAND] [ARG...] 可知,用户可以在运行 images 时输入自己的 COMMAND 来覆盖默认的 CMD。
3.ADD vs COPY
这两个好像都是把东西从 host 拷贝到 docker 的 container 里,官方比较如下:
Although ADD and COPY are functionally similar, generally speaking, COPY is preferred. That’s because it’s more transparent than ADD. COPY only supports the basic copying of local files into the container, while ADD has some features (like local-only tar extraction and remote URL support) that are not immediately obvious. Consequently, the best use for ADD is local tar file auto-extraction into the image, as in ADD rootfs.tar.xz /.
简单来说,主要就两点区别:
- COPY 只能把本地文件拷贝到 container 里;ADD 还支持从远程拷贝 (remote URL support)
- ADD 可以自动解压本地压缩文件
官方建议用 COPY (preferred)
参考链接
- Reference - ADD or COPY
- Stackoverflow - Docker COPY vs ADD
我们今天的关于docker container commands的分享已经告一段落,感谢您的关注,如果您想了解更多关于Containerd 1.5 发布:重磅支持 docker-compose!、Docker Cleanup Commands、docker commandline、Docker commands 和 Dockerfile的相关信息,请在本站查询。
本文标签:
