一、Docker介绍
1.1、什么是docker
Docker是一个开源的应用容器引擎,使用Go语言开发,基于Linux内核的cgroup,namespace,Union FS等技术,对应用进程进行封装隔离,并且独立于宿主机与其他进程,这种运行时封装的状态称为容器。
Docker早期版本实现是基于LXC,并进一步对其封装,包括文件系统、网络互联、镜像管理等方面,极大简化了容器管理。从0.7版本以后开始去除LXC,转为自省研发的libcontainer,从1.11版本开始,进一步为使用runC和containerd。
Docker理念是将应用及依赖包打包到一个可移植的容器中,可发布到任意Linux发行版Docker引擎上。使用沙箱机制运行程序,程序之间相互隔离。
1.2、docker结构体系
Containerd:是一个简单的守护进程,使用runC管理容器。向Docker Engine提供接口。
Shim:只负责管理一个容器。
runC:是一个轻量级的工具,只用来运行容器。
- Docker Client:客户端
- Docker Daemon:守护进程
- Docker Images:镜像
- Docker Container:容器
- Docker Registry:镜像仓库
1.3、docker内部组件
Namespaces
命名空间,Linux内核提供的一种对进程资源隔离的机制,例如进程、网络、挂载点等资源。
CGroup
控制组,Linux内核提供的一种限制进程资源的机制;例如CPU、内存等资源。
UnionFS
联合文件系统,支持将不同位置的目录挂载到同一虚拟文件系统,形成一种分层的模型。
1.4、什么是容器
- 对软件和其依赖的标准化打包
- 应用之间相互隔离
- 共享同一个OS Kernel
- 可以运行在很多主流操作系统上
1.5、容器和虚拟机的区别
以KVM为例与Docker对比
启动时间
Docker妙级启动,KVM分钟级启动。
轻量级
容器镜像带下通常以M为单位,虚拟机以G为单位。容器资源占用小,要比虚拟机部署更快捷。
性能
容器共享宿主机内核,系统级虚拟化,占用资源少,没有Hypervisor层开销,容器性能基本接近物理机; 虚拟机需要Hypervisior层支持,虚拟化一些设备,具备完整的GuestOS,虚拟化开销大,因而降低性能,没有容器性能好。
安全性
由于共享宿主机内核,只是进程级隔离,因此隔离性和稳定性不如虚拟机,容器具有一定权限访问宿主机内核,存在一定安全隐患。
使用要求
KVM基于硬件的完全虚拟化、需要赢家CPU虚拟化技术支持; 容器共享所主机内核,可运行在主流的Linux发行版,不用考虑CPU是否支持虚拟化技术。
1.6、docker应用场景
•应用程序打包和发布
•应用程序隔离
•持续集成
•微服务部署
•快速搭建测试环境
•提供PaaS产品(平台即服务)
二、docker安装
2.1、关闭防火墙
systemctl stop firewalldsystemctl disable firewalld
2.2、关闭selinux
vim /etc/selinux/config SELINUX=disabled #设置为disabled reboot #重启服务器 # 查看selinux状态 [root@server04 ~]# getenforce Disabled
2.3、安装所需要的包
yum install -y yum-utils device-mapper-persistent-data lvm2
2.4、配置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
2.5、安装docker-ce
yum install docker-ce -y
2.6、启动
systemctl start docker# 加入开机启动systemctl enable docker
2.7、运行hello-world
docker run hello-world
2.8、查看docker版本
[root@server04 ~]# docker info Client: Docker Engine - CommunityVersion: 24.0.6Context: defaultDebug Mode: falsePlugins:buildx: Docker Buildx (Docker Inc.)Version: v0.11.2Path: /usr/libexec/docker/cli-plugins/docker-buildxcompose: Docker Compose (Docker Inc.)Version: v2.21.0Path: /usr/libexec/docker/cli-plugins/docker-composeServer:Containers: 2Running: 0Paused: 0Stopped: 2Images: 2Server Version: 24.0.6Storage Driver: overlay2Backing Filesystem: xfsSupports d_type: trueUsing metacopy: falseNative Overlay Diff: trueuserxattr: falseLogging Driver: json-fileCgroup Driver: cgroupfsCgroup Version: 1Plugins:Volume: localNetwork: bridge host ipvlan macvlan null overlayLog: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslogSwarm: inactiveRuntimes: runc io.containerd.runc.v2Default Runtime: runcInit Binary: docker-initcontainerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523runc version: v1.1.9-0-gccaecfcinit version: de40ad0Security Options:seccompProfile: builtinKernel Version: 3.10.0-1160.90.1.el7.x86_64Operating System: CentOS Linux 7 (Core)OSType: linuxArchitecture: x86_64CPUs: 4Total Memory: 3.682GiBName: server04ID: be595f37-af7c-486d-aca2-76c3590143f7Docker Root Dir: /var/lib/dockerDebug Mode: falseExperimental: falseInsecure Registries:127.0.0.0/8Registry Mirrors:https://registry.docker-cn.com/Live Restore Enabled: false
2.9、查看运行了哪些docker
docker run -it nginx <<== -it前台运行、再打开一个终端用于查看[root@server04 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5e17bb7f5848 nginx "/docker-entrypoint.…" 35 seconds ago Up 33 seconds 80/tcp modest_wescoff
2.10、查看容器信息
[root@server04 ~]# docker inspect 5e17bb7f5848 [{"Id": "5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c","Created": "2023-09-25T16:11:02.449798245Z","Path": "/docker-entrypoint.sh","Args": ["nginx","-g","daemon off;"],"State": {"Status": "running","Running": true,"Paused": false,"Restarting": false,"OOMKilled": false,"Dead": false,"Pid": 2566,"ExitCode": 0,"Error": "","StartedAt": "2023-09-25T16:11:03.170447828Z","FinishedAt": "0001-01-01T00:00:00Z"},"Image": "sha256:61395b4c586da2b9b3b7ca903ea6a448e6783dfdd7f768ff2c1a0f3360aaba99","ResolvConfPath": "/var/lib/docker/containers/5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c/resolv.conf","HostnamePath": "/var/lib/docker/containers/5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c/hostname","HostsPath": "/var/lib/docker/containers/5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c/hosts","LogPath": "/var/lib/docker/containers/5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c/5e17bb7f58482e8921b45559f2ffddb45f3ad192644e5fe50aaac8f2f055cc2c-json.log","Name": "/modest_wescoff","RestartCount": 0,"Driver": "overlay2","Platform": "linux","MountLabel": "","ProcessLabel": "","AppArmorProfile": "","ExecIDs": null,"HostConfig": {"Binds": null,"ContainerIDFile": "","LogConfig": {"Type": "json-file","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"ConsoleSize": [30,96],"CapAdd": null,"CapDrop": null,"CgroupnsMode": "host","Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "private","Cgroup": "","Links": null,"OomScoreAdj": 0,"PidMode": "","Privileged": false,"PublishAllPorts": false,"ReadonlyRootfs": false,"SecurityOpt": null,"UTSMode": "","UsernsMode": "","ShmSize": 67108864,"Runtime": "runc","Isolation": "","CpuShares": 0,"Memory": 0,"NanoCpus": 0,"CgroupParent": "","BlkioWeight": 0,"BlkioWeightDevice": [],"BlkioDeviceReadBps": [],"BlkioDeviceWriteBps": [],"BlkioDeviceReadIOps": [],"BlkioDeviceWriteIOps": [],"CpuPeriod": 0,"CpuQuota": 0,"CpuRealtimePeriod": 0,"CpuRealtimeRuntime": 0,"CpusetCpus": "","CpusetMems": "","Devices": [],"DeviceCgroupRules": null,"DeviceRequests": null,"MemoryReservation": 0,"MemorySwap": 0,"MemorySwappiness": null,"OomKillDisable": false,"PidsLimit": null,"Ulimits": null,"CpuCount": 0,"CpuPercent": 0,"IOMaximumIOps": 0,"IOMaximumBandwidth": 0,"MaskedPaths": ["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"ReadonlyPaths": ["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"]},"GraphDriver": {"Data": {"LowerDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba-init/diff:/var/lib/docker/overlay2/4f78ae5f917ca08bbde77f1ad187042791389068f8263be9221aef4f9a3e09aa/diff:/var/lib/docker/overlay2/7bbeb264406af998971a0ec5938723699549c21762aae769666fdb49aa6651bc/diff:/var/lib/docker/overlay2/6017b041b54f72167c4b957c71a974c1d702e3219cc39e2f2f65c4f00204658a/diff:/var/lib/docker/overlay2/87e2982f0891eaac69d78567aa1e9f2a8febb3b839af2bf7998920f440c9907d/diff:/var/lib/docker/overlay2/ce8dddff3e864f83ab6dd2a171a361dad987cdc65ad9571216002ef1d50f3e88/diff:/var/lib/docker/overlay2/09530dcf8710fdbc06635f6e9f4e64acf3d2cd790d844124752e60b226c6a125/diff:/var/lib/docker/overlay2/4eb51cab29daf0a9426941427e54e4b6e9257678e1358238b13a16f88348a447/diff","MergedDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/merged","UpperDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/diff","WorkDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/work"},"Name": "overlay2"},"Mounts": [],"Config": {"Hostname": "5e17bb7f5848","Domainname": "","User": "","AttachStdin": true,"AttachStdout": true,"AttachStderr": true,"ExposedPorts": {"80/tcp": {}},"Tty": true,"OpenStdin": true,"StdinOnce": true,"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","NGINX_VERSION=1.25.2","NJS_VERSION=0.8.0","PKG_RELEASE=1~bookworm"],"Cmd": ["nginx","-g","daemon off;"],"Image": "nginx","Volumes": null,"WorkingDir": "","Entrypoint": ["/docker-entrypoint.sh"],"OnBuild": null,"Labels": {"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"},"StopSignal": "SIGQUIT"},"NetworkSettings": {"Bridge": "","SandboxID": "f4c582778308d596719d33523236eac2ef77457d181daea2e5fbed907e855eee","HairpinMode": false,"LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"Ports": {"80/tcp": null},"SandboxKey": "/var/run/docker/netns/f4c582778308","SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"EndpointID": "cb440654ecf1609aeea7fbd6e13c4f0d51280f5d8ee4ff2330f1a320246f7b06","Gateway": "172.17.0.1","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","MacAddress": "02:42:ac:11:00:02","Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "3aca20bdb238ca54726173bf0e92d3973b3f5cb95053800b683aa2639e99a9de","EndpointID": "cb440654ecf1609aeea7fbd6e13c4f0d51280f5d8ee4ff2330f1a320246f7b06","Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02","DriverOpts": null}}}} ]
[root@server04 ~]# curl -I 172.17.0.2 HTTP/1.1 200 OK Server: nginx/1.25.2 Date: Mon, 25 Sep 2023 16:14:01 GMT Content-Type: text/html Content-Length: 615 Last-Modified: Tue, 15 Aug 2023 17:03:04 GMT Connection: keep-alive ETag: "64dbafc8-267" Accept-Ranges: bytes
2.11、进入容器
[root@server04 ~]# docker exec -it 5e17bb7f5848 bash root@5e17bb7f5848:/# ls bin docker-entrypoint.d home lib64 mnt root srv usr boot docker-entrypoint.sh lib libx32 opt run sys var dev etc lib32 media proc sbin tmp root@5e17bb7f5848:/# exit exit
三、镜像管理
3.1、镜像是什么
- 一个分层存储的文件
- 一个软件的环境
- 一个镜像可以创建N个容器
- 一种标准化的交付
- 一个不包含Linux内核而又精简的Linux操作系统
镜像不是一个单一的文件,而是有多层构成。我们可以通过docker history <ID/NAME>查看镜像中各层内容及大小,每层对应着Dockerfile中的一条指令。Docker镜像默认存储在/var/lib/docker/<storage-driver>中。
[root@server04 ~]# docker history nginx IMAGE CREATED CREATED BY SIZE COMMENT 61395b4c586d 5 days ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon… 0B <missing> 5 days ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B <missing> 5 days ago /bin/sh -c #(nop) EXPOSE 80 0B <missing> 5 days ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr… 0B <missing> 5 days ago /bin/sh -c #(nop) COPY file:9e3b2b63db9f8fc7… 4.62kB <missing> 5 days ago /bin/sh -c #(nop) COPY file:57846632accc8975… 3.02kB <missing> 5 days ago /bin/sh -c #(nop) COPY file:3b1b9915b7dd898a… 298B <missing> 5 days ago /bin/sh -c #(nop) COPY file:caec368f5a54f70a… 2.12kB <missing> 5 days ago /bin/sh -c #(nop) COPY file:01e75c6dd0ce317d… 1.62kB <missing> 5 days ago /bin/sh -c set -x && groupadd --system -… 112MB <missing> 5 days ago /bin/sh -c #(nop) ENV PKG_RELEASE=1~bookworm 0B <missing> 5 days ago /bin/sh -c #(nop) ENV NJS_VERSION=0.8.0 0B <missing> 5 days ago /bin/sh -c #(nop) ENV NGINX_VERSION=1.25.2 0B <missing> 5 days ago /bin/sh -c #(nop) LABEL maintainer=NGINX Do… 0B <missing> 5 days ago /bin/sh -c #(nop) CMD ["bash"] 0B <missing> 5 days ago /bin/sh -c #(nop) ADD file:a1398394375faab8d… 74.8MB [root@server04 ~]# cd /var/lib/docker [root@server04 /var/lib/docker]# ls buildkit engine-id network plugins swarm volumes containers image overlay2 runtimes tmp [root@server04 /var/lib/docker]# cd overlay2/ [root@server04 /var/lib/docker/overlay2]# ls 09530dcf8710fdbc06635f6e9f4e64acf3d2cd790d844124752e60b226c6a125 12f1fd113a660071b93a2a2fa91ab50fd1be168ef6130ab563fb0cb3dc88bd40 13c917e7c0cf4484a29961b08161654dbc20848becd993cb4d07105d7e8dd7a0 13c917e7c0cf4484a29961b08161654dbc20848becd993cb4d07105d7e8dd7a0-init 2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba 2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba-init 417fab199b09d8d1114518d0ae8e28890221cbb13b7066eeaac09b14bfec6b47 4eb51cab29daf0a9426941427e54e4b6e9257678e1358238b13a16f88348a447 4f78ae5f917ca08bbde77f1ad187042791389068f8263be9221aef4f9a3e09aa 6017b041b54f72167c4b957c71a974c1d702e3219cc39e2f2f65c4f00204658a 7bbeb264406af998971a0ec5938723699549c21762aae769666fdb49aa6651bc 8381dcc4c841c5e9c156e709a55aec14db57fecc48f62bac8dbb76806048f4a2 8381dcc4c841c5e9c156e709a55aec14db57fecc48f62bac8dbb76806048f4a2-init 87e2982f0891eaac69d78567aa1e9f2a8febb3b839af2bf7998920f440c9907d backingFsBlockDev ce8dddff3e864f83ab6dd2a171a361dad987cdc65ad9571216002ef1d50f3e88 l [root@server04 /var/lib/docker/overlay2]#
3.2、镜像从哪里来
Docker Hub是由Docker公司负责维护的公共注册中心,包含大量的容器镜像,Docker工具默认从这个公共镜像库下载镜像。地址:https://hub.docker.com/explore
3.3、配置进镜像加速器
https://www.daocloud.io/mirrorcurl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.iosystemctl restart docker
3.4、镜像与容器的联系
如图,容器其实是在镜像的最上面加了一层读写层,在运行容器里文件改动时,会先从镜像里面要写的文件复制到容器自己的文件系统中(读写层)。
如果容器删除了,最上面的读写层也就被删除了,改动也就丢失了。所以无论多少个容器共享一个镜像,所做的写操作都是从镜像的文件系统中复制过来操作的,并不会修改镜像的源文件,这种方式提高磁盘利用率。
若想持久化这些改动,可以通过docker commit将容器保存成一新的镜像。
[root@server04 ~]# docker run -itd nginx 4a29bf71d65abab063f697c7101786ad09be2823e4ade796c4c10cc4eaec0bb0 [root@server04 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4a29bf71d65a nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 80/tcp beautiful_lichterman ac118f15419c nginx "/docker-entrypoint.…" 33 seconds ago Up 32 seconds 80/tcp quizzical_wescoff 5e17bb7f5848 nginx "/docker-entrypoint.…" 13 minutes ago Up 13 minutes 80/tcp modest_wescoff [root@server04 ~]# docker exec -it 5e17bb7f5848 bash root@5e17bb7f5848:/# ls bin dev docker-entrypoint.sh home lib32 libx32 mnt proc run srv tmp var boot docker-entrypoint.d etc lib lib64 media opt root sbin sys usr root@5e17bb7f5848:/# touch nginx.txt root@5e17bb7f5848:/# exit exit [root@server04 ~]# docker inspect 5e17bb7f5848 ..."GraphDriver": {"Data": {"LowerDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba-init/diff:/var/lib/docker/overlay2/4f78ae5f917ca08bbde77f1ad187042791389068f8263be9221aef4f9a3e09aa/diff:/var/lib/docker/overlay2/7bbeb264406af998971a0ec5938723699549c21762aae769666fdb49aa6651bc/diff:/var/lib/docker/overlay2/6017b041b54f72167c4b957c71a974c1d702e3219cc39e2f2f65c4f00204658a/diff:/var/lib/docker/overlay2/87e2982f0891eaac69d78567aa1e9f2a8febb3b839af2bf7998920f440c9907d/diff:/var/lib/docker/overlay2/ce8dddff3e864f83ab6dd2a171a361dad987cdc65ad9571216002ef1d50f3e88/diff:/var/lib/docker/overlay2/09530dcf8710fdbc06635f6e9f4e64acf3d2cd790d844124752e60b226c6a125/diff:/var/lib/docker/overlay2/4eb51cab29daf0a9426941427e54e4b6e9257678e1358238b13a16f88348a447/diff","MergedDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/merged","UpperDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/diff","WorkDir": "/var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba/work"},"Name": "overlay2" ...[root@server04 ~]# cd /var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba [root@server04 /var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba]# ls diff link lower merged work [root@server04 /var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba]# ls diff <<==与镜像差异 etc nginx.txt root run var [root@server04 /var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba]# ls merged/ <<==Nginx工作的数据驱动存储 bin dev docker-entrypoint.sh home lib32 libx32 mnt opt root sbin sys usr boot docker-entrypoint.d etc lib lib64 media nginx.txt proc run srv tmp var [root@server04 /var/lib/docker/overlay2/2f69c7685d3203344082158551d1b6a5800836b31e5170747ba904178939daba]# ls work work
3.5、管理镜像常用命令
docker image --help
下载镜像 docker pull nginx //下载镜像 docker pull nginx:v1.4.14运行镜像 docker run -it nginx //运行镜像 docker run -it --rm ubuntu:18.04 bash // 运行镜像并进入shell 退出后删除镜像 docker run --name webserver -d -p 80:80 nginx // 运行镜像,--name 给镜像取一个名字 -d 后台运行模式 -p 镜像端口映射镜像帮助信息 docker image --help // 获取镜像操作的命令帮助搜索镜像 docker search nginx // 搜索nginx镜像查看镜像历史信息 docker image history nginx // 查看镜像历史查看镜像详细信息 docker image inspect nginx //查看镜像详细信息列出镜像 docker images //列出镜像 docker image ls //列出镜像 docker image ls -a //docker image ls 命令列表中只显示顶层镜像。-a 参数可以显示包括中间层在内的所有镜像 docker image ls nginx //根据仓库名列出镜像 docker image ls nginx:v2 //根据某个特定标签列出镜像 docker image ls -f since=mongo:3.2 //mongo:3.2 之后建立的镜像 before 之前 docker image ls -f label=dev //列出标签是dev的镜像 docker images -q -f reference='eshop/*:dev' // 根据名称和标签匹配并只显示id docker image ls --format "{{.ID}}: {{.Repository}}" // 模板语法查看镜像、容器、数据卷大小 docker system df //查看镜像、容器、数据卷所占的空间大小删除镜像 docker image rm centos:v7 // 按照标签tag删除镜像,也可以根据image id删除 //删除镜像的前提是该镜像没有运行成容器;docker image rm 等同docker rmi命令;如果需要强行删除已经运行为容器的镜像,可以使用-f选项来指定; docker image rm af34 //根据ID删除镜像,一般取前3个字符或以上就可以了 docker image rm $(docker image ls -q nginx) //过滤删除命令。删除所有仓库名为 nginx 的镜像 docker image rm $(docker image ls -q -f before=nginx:v2) docker image rm $(docker images -q -f reference='eshop/*:dev') //-f docker image prune //删除虚悬镜像给镜像打tag docker tag centos centos:v6.7 //给镜像打标签 tag
四、容器管理
4.1、创建容器常用选项
docker container run --help
4.2、容器资源限制
示例:
内存限额