一 Docker 版本选择
Docker之前没有区分版本,但是2017年初推出(将docker更名为)新的项目Moby,github地址:https://github.com/moby/moby,Moby项目属于Docker项目的全新上游Docker将是一个隶属于Moby的子产品,而且之后的版本开始区分为CE版本(社区版本)和EE(企业收费版),CE社区版本和EE企业版本都是每个季度发布一个新版本,但是EE版本提供后期安全维护1年,而CE版本是4个月。
与kubernetes结合使用的时候,要安装经过kubernetes官方测试通过的docker版本,避免出现不兼容等未知的及不可预估的问题发生,juberbetes测试过的docker版本可以在github查询,具体如下:
https://github.com/kubernetes/kubernetes/blob/master/build/dependencies.yaml
二 Docker安装
官方文档: https://docs.docker.com/engine/install/
2.1 ubuntu安装docker
2.1.1 安装docker依赖
root@ubuntu:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common2.1.2 安装GPG证书
root@ubuntu:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
OK2.1.3 写入软件源信息
root@ubuntu:~# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"2.1.4 查找docker-ce版本
点击查看代码
root@ubuntu:~# apt-cache madison docker-ce
docker-ce | 5:20.10.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.15~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.14~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.13~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.12~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.11~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.3~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.2~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.0~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.03.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages2.1.5 安装docker-ce
点击查看代码
root@ubuntu:~# apt-get -y install docker-ce=5:19.03.15~3-0~ubuntu-bionic
After this operation, 391 MB of additional disk space will be used.
Get:1 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:3 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B]
Get:4 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.4.11-1 [23.7 MB]
Get:5 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:20.10.10~3-0~ubuntu-bionic [38.8 MB]
Get:6 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB]
Get:7 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-scan-plugin amd64 0.9.0~ubuntu-bionic [3,518 kB]
Selecting previously unselected package pigz.
(Reading database ... 77629 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package aufs-tools.
Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...
Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...
Unpacking cgroupfs-mount (1.4) ...
Selecting previously unselected package containerd.io.
Preparing to unpack .../3-containerd.io_1.4.11-1_amd64.deb ...
Unpacking containerd.io (1.4.11-1) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../4-docker-ce-cli_5%3a20.10.10~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-scan-plugin.
Preparing to unpack .../6-docker-scan-plugin_0.9.0~ubuntu-bionic_amd64.deb ...
Unpacking docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ...
Setting up containerd.io (1.4.11-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up cgroupfs-mount (1.4) ...
Setting up docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Setting up pigz (2.4-1) ...
Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
Processing triggers for systemd (237-3ubuntu10.51) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...2.1.5 删除docker-ce
root@ubuntu:~# apt purge docker-ce
root@ubuntu:~# rm -rf /var/lib/docker三 查看docker相关信息
3.1 查看docker版本
点击查看代码
root@ubuntu:~# docker version Client: Docker Engine - Community Version: 20.10.10 API version: 1.40 Go version: go1.16.9 Git commit: b485636 Built: Mon Oct 25 07:42:57 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community
Engine:
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:20 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.18.0
GitCommit: fec3683
3.2 查看docker详细信息
点击查看代码
root@ubuntu:~# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0)Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-161-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985MiB
Name: ubuntu
ID: SCQL:4CVE:RNUG:KOSE:P3QB:I3WQ:5C5Z:VD6X:ESEQ:6NPV:TARW:KFOM
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
3.3 查看docker网卡信息
点击查看代码
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1452 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:87:29:22 brd ff:ff:ff:ff:ff:ff
inet 172.16.10.248/24 brd 172.16.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe87:2922/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:14:9a:a1:3e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever3.4 docker 存储引擎
3.4.1 docker 存储引擎简介
目前docker的默认存储引擎为overlay2,不同的存储引擎需要相应的系统支持,如需要磁盘分区的时候传递d-type文件分层功能,即需要传递内核参数开启格式化磁盘的时候指定功能。
存储驱动类型:
- AUFS(AnotherUnionFS)是一种Union FS,是文件级的存储驱动。所谓Union FS就是吧不同物理位置的目录合并mount到同一个目录中。简单来说就是支持将不同目录挂载到同一个虚拟文件系统下的文件系统。这种文件系统可以一层一层地叠加修改文件。无论地下多少层都是只读的,只有最上层的文件系统是可写的,当需要修改一个文件时,AUFS创建该文件副本,使用COW将文件从只读层复制到可写层进行修改,结果也保存在可写层。在Docker中,底下的只读层就是image,可写层就是container,是Docker 18.06及更早版本的首选存储驱动程序.
- Overlay: 一种Union FS文件系统,Linux内核3.18后支持。
- overlay2:Overlay的升级版,到目前为止,所有linux发行版推荐使用的存储类型。
- devicemapper:是centos和rhel的推荐存储驱动程序,因为之前的内核版本不支持overlay2,但是当前较新版本的centos和rhel现在已经支持overlay2,因此推荐使用overlay2.
- ZFS/btrfs:目前没有广泛使用。
- vfs:用于测试环境,适用于无法使用copy-on-write文件系统的情况。此存储驱动程序的性能很差,通常不建议用于生产。
3.4.2 修改docker存储引擎
官方文档:https://docs.docker.com/storage/storagedriver/overlayfs-driver/
如果docker数据目录是一块单独的磁盘分区而且是xfs格式的,需要在格式化的时候加上参数-n ftype=1,否则后期在启动容器的时候会报错不支持d-type。
修改存储引擎会导致所有容器丢失,所以先备份在修改。
root@ubuntu:~# vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -s overlay2 -H fd:// --containerd=/run/containerd/containerd.sock
root@ubuntu:~# systemctl daemon-relaod
root@ubuntu:~# systemctl restart docker
四 docker服务进程
4.1 查看宿主机进程树
点击查看代码
root@ubuntu:~# pstree -p
systemd(1)─┬─ModemManager(1031)─┬─{ModemManager}(1058)
│ └─{ModemManager}(1062)
├─NetworkManager(1018)─┬─{NetworkManager}(1074)
│ └─{NetworkManager}(1077)
├─accounts-daemon(1029)─┬─{accounts-daemon}(1037)
│ └─{accounts-daemon}(1046)
├─agetty(1132)
├─atd(1024)
├─ceph-crash(1025)
├─chronyd(1103)
├─containerd(7510)─┬─containerd-shim(11079)─┬─sh(11106)
│ │ ├─{containerd-shim}(11080)
│ │ ├─{containerd-shim}(11081)
│ │ ├─{containerd-shim}(11082)
│ │ ├─{containerd-shim}(11083)
│ │ ├─{containerd-shim}(11084)
│ │ ├─{containerd-shim}(11085)
│ │ ├─{containerd-shim}(11086)
│ │ └─{containerd-shim}(11087)
│ ├─{containerd}(7514)
│ ├─{containerd}(7515)
│ ├─{containerd}(7516)
│ ├─{containerd}(7517)
│ ├─{containerd}(7529)
│ ├─{containerd}(7530)
│ ├─{containerd}(7546)
│ └─{containerd}(9800)
├─cron(1028)
├─dbus-daemon(988)
├─dockerd(9151)─┬─docker-proxy(11074)─┬─{docker-proxy}(11075)
│ │ ├─{docker-proxy}(11076)
│ │ ├─{docker-proxy}(11077)
│ │ └─{docker-proxy}(11078)
│ ├─{dockerd}(9171)
│ ├─{dockerd}(9172)
│ ├─{dockerd}(9173)
│ ├─{dockerd}(9174)
│ ├─{dockerd}(9180)
│ ├─{dockerd}(9181)
│ ├─{dockerd}(9204)
│ ├─{dockerd}(9682)
│ └─{dockerd}(9696)4.2 查看containerd进程关系
docker相关的四个进程
- dockerd:服务器程序,被client直接访问,其父进程为宿主机的systemd守护进程。
- docker-proxy:每个进程docker-proxy实现对应一个需要网络通信的容器,管理宿主机和容器之间端口映射,其父进程为dockerd,如果容器不需要网络则不需启动。
- containerd:被docker进程调用以实现与runc交互。
- containerd-shim:真正运行容器的载体,每个容器对应一个conntainerd-shim进程,其父进程为containerd
点击查看代码
root@ubuntu:~# ps -ef | grep containerd root 7510 1 0 13:14 ? 00:00:16 /usr/bin/containerd root 9151 1 0 14:07 ? 00:00:04 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 11079 7510 0 16:45 ? 00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/427f20a455226581ee9724fe01872ac1a91b9a2499c500b15c0ec20f9d433ec2 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root@ubuntu:~# ps -ef | grep docker-proxy
root 11074 9151 0 16:45 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 9000
4.3 容器的创建与管理过程
- dockerd通过grpc和containerd模块通信,dockerd由libcontainerd负责和containerd进行交换,dockerd和containerd通信socket文件:/var/run/containerd/containerd.sock。
- containerd在dockerd启动时被启动,然后containerd启动grpc请求监听,containerd处理grpc请求,根据请求做相应动作。
- 若是run,start或是exec容器,containerd拉起一个container-shim,并进行相应的操作。
- container-shim被拉起后,start/exec/create拉起runC进程,通过exit、control文件和containerd通信,通过父子进程关系和SIGCHLD监控容器中进程状态。
- 在整个容器生命周期中,containerd通过epoll监控容器文件,监控容器事件。