docker使用记录
使用docker实例命令行
docker exec -it spring-cloud-config-server_1 bash
# 以root实行
docker exec -u 0 -it mycontainer bash
网络配置,使不同的docker实例互相联通
# 连接mysql的docker实例
docker network create mysql_network
docker network connect mysql_network mysql_instance
docker network connect mysql_network spring-cloud-config-server_1
# 查看网络列表
docker network list
# 查看网络详细,找到gateway地址,加上3306即可访问mysql
docker network inspect mysql_network
# 在docker实例中访问host
# 创建实例时添加下面的参数,即可在实例内通过host.docker.internal访问host
--add-host=host.docker.internal:host-gateway
# 使用docker compose的时候
servicename:
extra_hosts:
- "host.docker.internal:host-gateway"
查看实例
# 正在运行中的
docker ps
# 全部
docker ps -a
# 查看实例运行log
docker logs containerName
# 查看实例占用内存等
docker stats
# 查看创建实例时的命令
docker inspect \
--format "$(curl -s https://gist.githubusercontent.com/ictus4u/e28b47dc826644412629093d5c9185be/raw/run.tpl)" \
containerName
查看image
docker image list
docker compose
# 创建
docker compose up
# 销毁
docker compose down
# 启动
docker compose start
# 停止
docker compose stop
在离线电脑上安装image
# 从有网络的机器上下载image包
docker save couchbase > couchbase.tar
# 放到离线机器上安装
docker load < couchbase.tar.xz
非root用户下运行docker
使用spring的maven插件build image的时候,需要当前用户有docker的运行权限
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
docker ps
自建docker注册中心
# 生成一个自签名证书
curl -sS https://raw.githubusercontent.com/antelle/generate-ip-cert/master/generate-ip-cert.sh | bash -s 127.0.0.1
# 不放心的话可以把脚本下载下来
sh generate-ip-cert.sh 127.0.0.1
# 配置证书,把证书放到certs文件夹里
mkdir -p certs
# 启动注册中心
docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
# 查看是否启动成功(-k 忽略证书错误)
curl -k https://127.0.0.1/v2/_catalog
# 虽然部署成功了,但是在往里面push image的时候,会报证书错误
# 添加证书到信任列表
sudo cp domian.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# 重启docker
sudo systemctl daemon-reload
sudo systemctl restart docker
# 查看是否添加成功
curl https://127.0.0.1/v2/_catalog
# 当使用jenkins的时候,用到了docker:dind,
# 这时候在docker:dind的实例里添加证书到信任列表
docker exec -it -u 0 jenkins-docker sh
cat /certs/ca.crt >> /etc/ssl/certs/ca-certificates.crt
# 当无法把文件传到实例里的时候,可以把证书内容复制出来
echo "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
" >> /etc/ssl/certs/ca-certificates.crt
# 之后重启实例
docker restart jenkins-docker
复制容器内文件到host
docker cp mycontainer:/path/to/file file
# 导出容器内全部文件
docker export mycontainer -o container_fs.tar
reference
- Manage Docker as a non-root user
- Spring Boot Maven Plugin Documentation - Builder Configuration
- Starting Spring Boot Application in Docker With Profile
- Introduction to Docker Compose | Baeldung
- Creating Optimized Docker Images for a Spring Boot Application
- spring boot buildpack always downloads latest packeto images from git
- How to show the run command of a docker container
- Root password inside a Docker container - Stack Overflow
- Docker - Ubuntu - bash: ping: command not found - Stack Overflow
- How do I download Docker images without using the pull command?
- Deploy a registry server | Docker Documentation
- How to generate a self-signed SSL certificate for an IP address | by Dimitri Witkowski | Medium
- How to search images from private 1.0 registry in docker?
- curl - Adding a self-signed certificate to the “trusted list” - Unix & Linux Stack Exchange
- ssl - “docker pull” certificate signed by unknown authority - Stack Overflow
- Problem building with docker-in-docker using gitlab Registry Container with self-signed certificate
- Where are my container’s files? Inspecting container filesystems | Pixie Labs Blog
Updated: 2023-09-07 23:20
Created: 2023-05-20 18:00