Collect this 20000 word summary, ❤️ Docker ❤️ This piece is guaranteed to be pinched to death. Jesus can't do what I said

Posted by 182x on Mon, 20 Dec 2021 05:56:42 +0100

⭐ Welcome to subscribe Interview raids in big factories Column, interview the high-frequency interview knowledge summarized by more than 10 large factories. In the free stage, please subscribe quickly

More introduction to boutique columns can be found here

⭐ For more java interview learning materials, please send a private letter to "materials"

Years are merciless, the rest of life is boundless, carry life on your shoulders, and go through wind and rain.

preface

Hello, everyone, I'm one.

At present, the column "interview raids in big factories" has published three 10000 word summaries and received 500 + subscriptions. Thank you for your support.

Ten thousand word summary after interviewing more than 10 medium and large factories—— ❤️ Collection article ❤️

Ten thousand word summary after interviewing more than 10 medium and large factories—— ❤️ Java Web ❤️

Ten thousand word summary after interviewing more than 10 medium and large factories—— ❤️ java Basics ❤️

But if you want to be an excellent programmer, "algorithm" + "eight part essay" can only make you pass the first level. With the growth of years, the interviewer will pay more attention to the breadth and depth of your technology, and pay more attention to your experience and problem-solving ability.

So a new column opened Technical expert cultivation , as follows:

  • Explanation of enterprise practice
  • Introduction to middleware microservice
  • Pit encountered in the work and summary

In short, this is the secret to help you become a god step by step!

Today, I'll bring you a 10000 word summary of docker. Although we are developing, docker can't help it. The breadth of technology is presented here.

Install docker

In view of the different equipment used by students, we can't be discouraged in the first step, so the installation methods of the three platforms are ready. Please choose by yourself.

Installation on windows is not recommended

mac

Command line installation

homebrew needs to be installed first

homebrew domestic image

/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/Homebrew.sh)"

After execution, select the image of China University of science and technology, that is, the number 1

clone time is too long, about 5-10 minutes.

Install docker

brew install --cask --appdir=/Applications docker

Please wait patiently when installing the cask docker. It takes a long time

dmg installation

Click the link to download and install, with a visual interface. But I don't think it's easy to use.

https://download.docker.com/mac/edge/Docker.dmg

Start docker service

Click the icon or

open /Applications/Docker.app

windows

It is not recommended to install on windows. If it is not available, you can install it.

Tutorial reference: https://www.runoob.com/docker/windows-docker-install.html

Docker is not a general container tool. It depends on the existing and running Linux kernel environment.

Docker essentially creates an isolated file environment under running Linux, so its execution efficiency is almost equal to that of the deployed Linux host.

Therefore, Docker must be deployed on the Linux kernel system. If other systems want to deploy Docker, they must install a virtual linux environment.

The method of deploying Docker on Windows is to install a virtual machine first and run Docker in the virtual machine installed on Linux system.

Docker Desktop is the official installation method of docker on Windows 10 and macOS operating systems. This method still belongs to the method of installing Linux in the virtual machine before installing docker.

Docker Desktop official download address: https://hub.docker.com/editions/community/docker-ce-desktop-windows

**Note: * * this method is only applicable to professional, enterprise, educational and some home versions of Windows 10 operating system!

Installing Hyper-V

Hyper-V is a virtual machine developed by Microsoft. It is similar to VMWare or VirtualBox and is only applicable to Windows 10. This is the virtual machine used by Docker Desktop for Windows.

However, once this virtual machine is enabled, QEMU, VirtualBox or VMWare Workstation 15 and below will not work! If you have to use other virtual machines on your computer (such as the simulator you must use to develop Android Applications), please do not use Hyper-V!

Turn on Hyper-V

Right click the start menu and run PowerShell as an administrator to execute the following command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

Installing Docker Desktop for Windows

click Get started with Docker Desktop , and download the version of Windows. If you haven't signed in, you will be asked to sign in:

Run setup file

Double click the downloaded Docker for Windows Installer installation file, go all the way to Next, and click Finish to complete the installation.

After installation, Docker will start automatically. A small whale icon will appear on the notification bar, which indicates that Docker is running.

We can execute docker version on the command line to view the version number.

Alicloud (linux)

Alibaba cloud server based installation method, recommended!

View configuration

# Kernel version view
uname -r

System version: CentOS7

Kernel version: 3.10.0 0-514.26. 2.el7. x86_ sixty-four

install

There are two ways to install:

1. Official script installation (explained in this article)

2. Manual installation

Installation: This is a domestic image. Tips after installation: if you want to use it for non root users, you need to add the name to the group and restart.

curl -fsSL https://get.docker.com/ | sh

⚠️ If an error is reported and deltarpm is missing, execute the following command

yum provides '*/applydeltarpm'    #View the location of dependent packages
yum -y  install deltarpm             #Installation command

Start docker service

service docker start

❤️ All the explanations below are based on Linux system ❤️

Run instance

Based on the principle that all languages start from Hello world, let's run the official example to experience it.

An example of Hello world is officially provided. Before running, you need to register docker id on the official website and create a warehouse.

Official website address: https://hub.docker.com

When registering, pay attention to the complexity of id, which is easy to repeat.

Start docker service

systemctl start docker

Pull image

docker pull hello-world

Run mirror

docker run hello-world

View container

# -a view all
docker ps -a

Image acceleration

If you feel that the speed is too slow when pulling the image just now, you can configure acceleration. If the speed is normal, you can skip this step.

In view of the domestic network problems, it is very slow to pull the Docker image later. We need to configure an accelerator to solve it.

Netease's image address: http://hub-mirror.c.163.com.

Click the Docker for mac application icon in the taskbar

Perferences... -> Daemon -> Registry mirrors

Fill in the accelerator address in the list.

After the modification, click the apply & restart button, and Docker will restart and apply the configured image address.

What is docker?

Docker's idea comes from the container. What problem does the container solve?

In a large ship, the goods can be placed neatly. And all kinds of goods are standardized by containers, and containers will not affect each other. Then I don't need a ship for fruit and a ship for chemicals. As long as the goods are well sealed in the container, I can take them all away in a big ship.

docker is a similar concept. Cloud computing is popular now. Cloud computing is like a large cargo ship. docker is a container.

  • Different applications may have different application environments, such as net website and php website depend on different software. If the software they depend on is installed on a server, it will take a long time to debug, which is very troublesome and will cause some conflicts. For example, IIS and Apache access ports conflict. You'll be quarantined at this time net and php. Generally speaking, we can create different virtual machines on the server and place different applications on different virtual machines, but the cost of virtual machines is relatively high. docker can realize the function of isolating the application environment of virtual machines, and the overhead is smaller than that of virtual machines, which means saving money.

  • When you develop software, you use Ubuntu, but the O & M management is centos. When O & M transfers your software from the development environment to the production environment, it will encounter some problems of converting Ubuntu to centos. For example, there is a special version of database, which is only supported by Ubuntu and not supported by centos. In the process of transfer, O & M has to find ways to solve such problems. At this time, if there is a docker, you can directly package and transfer the development environment to the O & M, and the O & M can directly deploy the docker you gave him. And the deployment speed is fast.

  • In terms of server load, if you open a separate virtual machine, the virtual opportunity will occupy free memory, which will be used when docker is deployed.

In short, docker is the principle of container.

Comparison between docker and virtual machine

Physical machine: Villa

Virtual machine: Building

docker: Serviced Apartment

Three concepts of docker

Library: a general warehouse that contains all images. When in use, images can be taken from the library to the local.

Image: an application pulled from the library, such as mysql.

Container: after the image runs, it is the container. Container and image can be converted to each other.

docker workflow

docker command

Basic usage of docker instruction:

docker Command keyword -parameter

basic operation

# View docker information
docker info

# docker version
docker version

# Find mirror
docker search nginx

#Pull image
docker pull nginx

Introductory case

Quickly build wordpress blog

Find mirror

docker search name
## wordpress
## mariadb

Pull image

docker pull wordpress
# mariadb is mysql
docker pull mariadb

Run mirror

docker run --name db -p 3306:3306 --env MYSQL_ROOT_PASSWORD=root -d mariadb
docker run --name mywordpress --link db:mysql -p 8080:80 -d wordpress

Run successfully, access wordpress

http://libiao:8080

According to the prompt to configure the database information, a personal blog website will be built

View port mapping

docker ps

docker port CONTAINER_ID

For example, port 8080 of xxjob is mapped to port 8089 of the host

Setting docker to start automatically on linux

systemctl enable docker

View mirror

docker images

#Because docker is hierarchical, the displayed file size should be larger than the actual disk size

Run mirror

docker run --name db -p 3306:3306 --env MYSQL_ROOT_PASSWORD=root -d mariadb

# --name alias

# --env environment variable

#-d background execution

docker run --name mywordpress --link db:mysql -p 8080:80 -d wordpress

# --link ip mapping

# -p port mapping

docker logs -f 7a38a1ad55c6

# View the log in the container like tail -f

docker top name

#View the processes in the container

delete mirror

docker rmi hello-world:latest

docker rmi id

# 4 digits

Compound command

docker rm -f $(docker ps -a -q)

#Delete all containers

View running containers

docker ps

docker compose

A yaml file that is convenient for maintaining multiple containers. docker thinks that a container corresponds to a process, but an application will have multiple processes, such as mysql and wordpress above.

Personally, I think docker compose is similar to shell script, but it is actually implemented in python and accesses some api of docker.

Docker compose is generally installed with docker, so the version is required to correspond

docker version

docker-compose --version

Make the name, version and port mapping of the image in the yaml file and start it with up -d

docker-compose.yaml up -d

view log

docker-compose logs

Container management

Enter container

docker exec -it name /bin/sh

View container details

The details of the container are returned as json.

# docker inspect name
[root@lib mysh]# docker inspect mywordpress

[
    {
       "Id": "6253e66959047c6f8de891abe1c661f7766fdef7407f00e07d1788310e0ea6a9",

        "Created": "2021-08-04T20:11:43.649001354Z",

        "Path": "docker-entrypoint.sh",

        "Args": [

            "apache2-foreground"

        ],

        "State": {

            "Status": "running",

            "Running": true,

            "Paused": false,

            "Restarting": false,

            "OOMKilled": false,

            "Dead": false,

            "Pid": 28041,

            "ExitCode": 0,

            "Error": "",

            "StartedAt": "2021-08-04T20:11:43.947511209Z",

            "FinishedAt": "0001-01-01T00:00:00Z"

        }

        "Name": "/mywordpress",

......

Vessel start stop

docker start name

docker stop name

docker restart name

Delete container

# The container needs to be stopped when deleting

docker rm name

view log

# docker ps -a
docker logs container_Id

Occupied resources

docker stats name

Mirror properties

Image is a lightweight and executable independent software package used to package software running environment and software developed based on running environment. It contains all the contents required to run a software, including code, runtime library, environment variables and configuration files. All applications and environments can be directly packaged as docker images and run directly.

The image name and version number together form a unique identification. The default is the latest version - lastest

Layering principle

The image of Docker overlaps the file systems of various layers through the federated file system.

Guiding mode

  • bootfs: a traditional operating system. The file system used for system boot, including BootLoader and kernel, will be unloaded after the container is started to save memory resources.

  • rootfs: located above bootfs and represented as the root file system of the docker container
    • In the traditional mode, when the system starts, the kernel is first mounted in the "read-only" mode, and then mounted in the "read-write" mode after completing all self-test.
    • In docker, rootfs is mounted in "read-only" mode by the kernel, and then a "writable" layer is mounted through UFS technology.

⚠️ Note: the existing layered image can only be read and cannot be written, and the priority of the upper layer image is higher than that of the lower layer image

When we use the pull command, we can see that the docker image is downloaded layer by layer. The biggest advantage of this is resource sharing.

For example, if multiple images are built from the base image, the host only needs to keep one base image on the disk, and only one base image needs to be loaded in memory, so that it can serve all containers, and each layer of the image can be shared. You can view the image hierarchy through the docker image inspect command.

All Docker images start from a basic image. When modifying or adding new content, a new image layer will be created on top of the current image layer. While adding an additional mirror layer, the mirror always maintains the combination of all current mirrors,
Docker implements the image layer stack through the storage engine, and ensures that multiple image layers are displayed as a unified file system.

UFS (Federated file system)

UFS is a layered, lightweight and high-performance file system.

It supports the modification of the file system as a layer by layer superposition of one submission, and can mount different directories to the same virtual file system.

UnionFS is the foundation of Docker image. Images can be inherited through layering. Based on the basic image, various specific application images can be made. Multiple file systems are loaded at the same time, but from the outside, only one file system can be seen. Joint loading will stack all layers of files and systems, so that the final file system will contain all underlying files and directories.

Loading principle

Bootfs file system will be loaded when Linux is just started, and bootfs will be loaded at the bottom of Docker image.

After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs. rootfs is on top of bootfs. rootfs contains directories and files such as / dev, / proc, / bin, / etc in a typical Linux system. rootfs is a variety of operating system distributions.

Docker File

What if there is no image in the warehouse?

Can I create an image myself?

Container - > mirror

docker commit CID -t xx.xx.xx

⚠️⚠️⚠️⚠️ At least one daemon working in the foreground

Netease honeycomb: open source image warehouse

Write docker file

Dockerfile is a text file used to build an image. The text content contains instructions and instructions required to build an image.

Instruction explanation

FROM

Specify the base image, which must be the first command, with and only one

# FROM <image>
# FROM <image>:<tag>
# FROM <image>@<digest>
FROM mysql:5.6

MAINTAINER

Creator information

# MAINTAINER <name>
MAINTAINER yitiao

RUN

It is used to execute commands in the mirror container. There are two command execution modes:

#shell execution
#    RUN <command>
#exec execution
#    RUN ["executable", "param1", "param2"]
RUN apk update
RUN ["/etc/execfile", "arg1", "arg1"]

ADD

Add local files to the container, and tar files will be automatically decompressed (network compressed resources will not be decompressed). You can access network resources, similar to wget

# ADD <src>... <dest>
ADD hom?.txt /mydir/      # ?  Replace a single character, for example: "home.txt"

COPY

The function is similar to ADD, but it will not automatically decompress files or access network resources

CMD

After the container is called, it is called when the container starts.

# CMD command param1 param2 (execute shell internal command)
CMD echo "This is a test." | wc -
#CMD is different from RUN. CMD is used to specify the command to be executed when the container is started, while RUN is used to specify the command to be executed when the image is built

ENTRYPOINT

Configure the container to make it executable. With CMD, "application" can be omitted and only parameters can be used.

# ENTRYPOINT ["executable", "param1", "param2"] (executable, priority)
# ENTRYPOINT command param1 param2 (shell internal command) FROM ubuntu
ENTRYPOINT ["top", "-b"]
CMD ["-c"]

LABEL

Used to add metadata to the image

# LABEL <key>=<value> <key>=<value> <key>=<value> ...
LABEL version="1.0" description="One coding" by="One"

ENV

Setting environment variables

# ENV <key> <value>  
# All contents after < key > will be considered as part of its < value >, so only one variable can be set at a time
# ENV <key>=<value> ...  
# Multiple variables can be set, and each variable is a key value pair of "< key > = < value >"
ENV myName John Doe
ENV myDog Rex The Dog
ENV myCat=fluffy

EXPOSE

Specifies the port for external interaction

Format:
    EXPOSE <port> [<port>...]
Example:
    EXPOSE 80 443
    EXPOSE 8080
    EXPOSE 11211/tcp 11211/udp
 Note:
  EXPOSE The port of the container is not allowed to access the host. To make it accessible, you need to docker run Pass when running container-p To publish these ports, or through-P Parameters to publish EXPOSE All ports exported

VOLUME

Used to specify the persistent directory

Format:
    VOLUME ["/path/to/dir"]
Example:
    VOLUME ["/data"]
    VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"
Note:
  A volume can exist in a specified directory of one or more containers, which can bypass the federated file system and has the following functions:
1 Volumes can be shared and reused between containers
2 Containers do not have to share volumes with other containers
3 Changes to the volume take effect immediately
4 Modifications to the volume have no effect on the mirror
5 The volume exists until no container is using it

WORKDIR

Working directory, similar to the cd command

# WORKDIR /path/to/workdir
WORKDIR /a  #(the working directory is / a)
WORKDIR b  #(the working directory is / a/b)
WORKDIR c  #(the working directory is / a/b/c)
#adopt WORKDIR After setting the working directory, Dockerfile Subsequent commands in RUN,CMD,ENTRYPOINT,ADD,COPY Wait for the order#Execute under this directory. When using docker run to run the container, you can override the working directory set during construction with the - w parameter.

USER

Specify the USER name or UID when running the container, and subsequent runs will also use the specified USER. When using USER to specify a USER, you can use a USER name, UID, GID, or a combination of both. When the service does not require administrator privileges, you can specify the running USER through this command. And you can create the required users before.

After USER is used to specify the USER, the subsequent commands RUN, CMD and ENTRYPOINT in Dockerfile will use the USER. After the image is built, when running the container through docker run, you can override the specified USER through the - u parameter.

# USER user
# USER user:group
# USER uid
# USER uid:gid
USER www

ARG

Specifies the variables passed to the build runtime

# ARG <name>[=<default value>]
ARG site
ARG build_user=www

ONBUILD Manager

Used to set the mirror trigger

# ONBUILD [INSTRUCTION]
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/src
#When the constructed image is used as the basic image of other images, the trigger in the image will be triggered by the key

One picture understanding, yyds

Pictures from the Internet

docker file demo

# One coding
# Version 1.0

# Base images base images
FROM centos

#MAINTAINER maintainer information
MAINTAINER tianfeiyu 

#ENV setting environment variables
ENV PATH /usr/local/nginx/sbin:$PATH

#ADD files are placed in the current directory and will be automatically decompressed after copying
ADD nginx-1.8.0.tar.gz /usr/local/  
ADD epel-release-latest-7.noarch.rpm /usr/local/  

#RUN executes the following command 
RUN rpm -ivh /usr/local/epel-release-latest-7.noarch.rpm
RUN yum install -y wget lftp gcc gcc-c++ make openssl-devel pcre-devel pcre && yum clean all
RUN useradd -s /sbin/nologin -M www

#WORKDIR is equivalent to cd
WORKDIR /usr/local/nginx-1.8.0 

RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-pcre && make && make install

RUN echo "daemon off;" >> /etc/nginx.conf

#Export mapping port
EXPOSE 80

#CMD runs the following command
CMD ["nginx"]

Network Communications

How does docker exchange data internally and externally?

  • Inside container
  • Internal access external
  • External access internal

Network knowledge supplement

eth0

eth0 physical network card refers to the actual network interface device on the server. The device is used to receive Ethernet data interface, and data packets are forwarded and routed in each node.

veth

veth as the name suggests, veth pair is a pair of virtual device interfaces, which appear in pairs.

One end is connected to the protocol stack and the other end is connected to each other. After a device reads data from the protocol stack, it will send the data to another device.

Because of this feature, it often acts as a Bridge to connect various virtual network devices. Typical examples are "connection between two namespace s", "connection between Bridge and OVS", "connection between Docker containers" and so on, so as to build a very complex virtual network structure, such as OpenStack Neutron.

bridge
Bridge device is a virtual switch implemented by pure software, which can realize layer-2 forwarding of the switch. Similar to real-world switches.

Like other virtual network devices, IP and MAC can be configured. The main function of the Bridge is to forward data packets between multiple network interfaces connected to the Bridge.

network model

When using docker run to create a docker container, we can use the -- net option to specify the network mode of the container. Docker has the following four network modes:

  • Host mode, specified with – net=host.

  • Container mode, using – net=container:NAME_or_ID assignment.

  • None mode, specified with – net=none.

  • Bridge mode, specified with – net=bridge, default setting.

In addition to these four basic, it also supports various custom models.

Container internal access

Usually, docker uses bridge + NAT to communicate. Bridge mode will create an independent network namespace for the container, with independent grid stacks such as network cards.

NAT: it can be understood as a network card

Dcoker0: it refers to the bridge, switch and ifconfig

On the same host, the container created by Bridge mode will be linked to docker0 through DHCP to realize network interworking through docker0. "Containers are connected to docker0 Bridge, which acts as a virtual switch to enable containers to communicate with each other.".

Internal and external communication

The IP address of the host and the IP address of the container veth pair are not in the same network segment. The network outside the host cannot actively discover the existence of the container and cannot communicate with the container directly. Therefore, Docker provides port mapping, that is, forwarding the port traffic mapping on the host to the port in the container.

ok, so far, all the knowledge of docker has been summarized. As a java development, mastering these is enough to make you feel like a fish in water.

❤️ You can collect it three times!! ❤️

last

⭐ Today is the 45th / 100th day to insist on writing more questions

⭐ Your likes, concerns, collections, comments and subscriptions are the biggest driving force for creation

⭐ More dry goods welcome to subscribe to the column Technical expert cultivation

In order to give back to all fans and return gifts, we have prepared a high-quality resource accumulated over the years, including learning videos, interview materials, collection of e-books, etc

Please send "information" to your friends who need it. Remember to pay attention first!

Topics: Java Linux Docker network Interview