docker知识图谱

yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo

yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

查找

拉取镜像

获取本地镜像列表

镜像历史构建信息

镜像信息

删除镜像

清理未使用的镜像

为镜像设置tag

将镜像推送到镜像仓库

将镜像导出到tar文件

将tar文件加载镜像

将容器文件系统tar文件导入镜像

从dockerfile构建镜像

运行容器

常用参数

创建容器

查看容器列表

查看容器信息

在正在运行容器中执行命令

启动容器

停止容器

重启容器

杀掉容器

查看容器日志

移除容器

移除已经停止的容器

查看容器进程信息

拷贝文件到容器/到宿主机

查看容器端口映射列表

为容器重命名

查看容器资源使用

导出容器文件系统到tar文件

将容器提交为镜像

更新容器的资源(cpu/mem)限制

挂载到docker volume数据区

系统目录

挂载宿主机系统磁盘目录

挂载在宿主机内存中

docker volume create

docker volume inspect

docker volume ls

docker volume rm

docker volume prune

--mount src=volumeName,dst=dpath

-v volumeName:dpath

--mount type=bind,src=spath,dst=dpath

-v spath:dpath

指定基础镜像

指定维护者信息

构建镜像运行的指令

拷贝文件或目录到容器中

可指定压缩文件进行自动解压或URL进行自动下载

拷贝文件或目录到容器中

设置容器环境变量

声明容器暴漏的端口

指定挂载卷

自动创建匿名卷并进行挂载

指定工作目录

指定执行命令的用户

健康检查

HEALTHCHECK --interval=5m --timeout=3s --retries=3 CMD command || exit 1

运行容器时执行的命令

在运行容器时可被覆盖

运行容器时执行的命令

在运行容器时指定的命令和参数传递给ENTERYPOINT执行命令的参数

定义构建参数

参数

一个应用的容器，可以运行若干容器实例

由一组关联的容器组成的完整业务单元

docker-compose.yaml

示例

docker-compose文件版本

定义服务

服务名称

services.name.build

services.name.build.context

services.name.build.dockerfile

services.name.build.args

services.name.image

services.name.ports

services.name.depends_on

services.name.cap_add

services.name.cap_drop

services.name.command

services.name.container_name

services.name.dns

services.name.tmpfs

services.name.env_file

services.name.environment

services.name.expose

services.name.extra_hosts

services.name.healthcheck

services.name.labels

services.name.logging

services.name.network_mode

services.name.networks

services.name.pid

services.name.secrets

services.name.stop_signal

services.name.sysctls

services.name.ulimits

services.name.volumes

services.name.entrypoint

services.name.user

services.name.working_dir

services.name.domainname

services.name.hostname

services.name.mac_address

services.name.privileged

services.name.restart

services.name.read_only

services.name.stdin_open

services.name.tty

定义网络

定义数据卷

检查docker-compose.yaml是否正确

构建镜像

启动容器

-d

查看镜像

进入容器

查看日志

查看端口映射

查看容器列表

停止服务

启动服务

重启服务

调整容器数量

查看进程

运行命令

停止容器

拉去镜像

推送镜像到镜像仓库

https://github.com/goharbor/harbor/releases

https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 36500 \ -subj "/C=CN/ST=XI'AN/L=XI'AN/O=silence/OU=personal/CN=ca.com" \ -key ca.key \ -out ca.crt

openssl genrsa -out server.key 4096

openssl req -sha512 -new \ -subj "/C=CN/ST=XI'AN/L=XI'AN/O=silence/OU=personal/CN=registry.silence.com" \ -key server.key \ -out server.csr

openssl x509 -req -sha512 -days 36500 \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in server.csr \ -out server.crt

# Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: registry.silence.com # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /opt/pki/server.crt private_key: /opt/pki/server.key # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor12345 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 # The default data volume data_volume: /data # Harbor Storage settings by default is using /data dir on local filesystem # Uncomment storage_service setting If you want to using external storage # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable to true when you want to disable registry redirect # redirect: # disabled: false # Clair configuration clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 jobservice: # Maximum number of job workers in job service max_job_workers: 10 notification: # Maximum retry count for webhook job webhook_job_max_retry: 10 chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled # Log configurations log: # options are debug, info, warning, error, fatal level: info # configs for logs in local storage local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor # Uncomment following lines to enable external syslog endpoint. # external_endpoint: # # protocol used to transmit log to external endpoint, options is tcp or udp # protocol: tcp # # The host of external endpoint # host: localhost # # Port of external endpoint # port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 1.9.0 # Uncomment external_database if using external database. # external_database: # harbor: # host: harbor_db_host # port: harbor_db_port # db_name: harbor_db_name # username: harbor_db_username # password: harbor_db_password # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 # clair: # host: clair_db_host # port: clair_db_port # db_name: clair_db_name # username: clair_db_username # password: clair_db_password # ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port # db_name: notary_signer_db_name # username: notary_signer_db_username # password: notary_signer_db_password # ssl_mode: disable # notary_server: # host: notary_server_db_host # port: notary_server_db_port # db_name: notary_server_db_name # username: notary_server_db_username # password: notary_server_db_password # ssl_mode: disable # Uncomment external_redis if using external Redis server # external_redis: # host: redis # port: 6379 # password: # # db_index 0 is for core, it's unchangeable # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca # Global proxy # Config http proxy for components, e.g. http://my.proxy.com:3128 # Components doesn't need to connect to each others via http proxy. # Remove component from `components` array if want disable proxy # for it. If you want use proxy for replication, MUST enable proxy # for core and jobservice, and set `http_proxy` and `https_proxy`. # Add domain to the `no_proxy` field, when you want disable proxy # for some special registry. proxy: http_proxy: https_proxy: no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair components: - core - jobservice - clair

./prepare

./install.sh

docker-compose ps

https://10.1.0.202

/etc/hosts

echo "10.1.0.202 registry.silence.com" >> /etc/hosts

mkdir -p /etc/docker/certs.d/registry.silence.com/

scp root@10.1.0.202:/opt/pki/server.crt /etc/docker/certs.d/registry.silence.com/

docker login registry.silence.com

docker image tag nginx:latest registry.silence.com/test/nginx:v1

docker push registry.silence.com/test/nginx:v1