Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ 24 Docker recommendations     - On event processing browser compatibility notes (Programming)

- Category prevent DoS attacks against Linux (Linux)

- The difference between equals and == in Java (Programming)

- How to configure MariaDB replication in CentOS Linux (Database)

- Linux user groups, file permissions Detailed (Linux)

- After installing minimize RHEL / CentOS 7 we need to do (Linux)

- Linux system started to learn: Teaches you install Ubuntu 15.04 on VirtualBox (Linux)

- Ubuntu How to mount iso file (Linux)

- How to protect your eyes automatically adjust the screen brightness on Linux (Linux)

- CentOS7 Kubernetes used on container management (Server)

- Binding unofficial Google Drive and Ubuntu 14.04 LTS (Linux)

- Nonstandard IMP-00010 error processing one case (Database)

- Linux operating system security tools of the Logs (Linux)

- Alternative methods of intrusion bundled executable file new thinking (Linux)

- Linux disk and File System Concepts (Linux)

- Fedora network set up simple (Linux)

- Linux process management related content (Linux)

- HDFS Hadoop Distributed File System Works (Server)

- How do I upgrade to Ubuntu 15.04 (Beta) (Linux)

- Spring classic face questions Share (Programming)

 
         
  24 Docker recommendations
     
  Add Date : 2018-11-21      
         
         
         
  In TES GLOBAL, we have fallen in love Docker and start using it from version 0.8 of Docker in a production environment. Many of our developers have participated in the training on DockerCon Europe. Here is our summary of some tips, hope can help students have Docker basis.

1. CLI

1.1 Amenity output docker ps of

Docker ps output through a pipe to less -S, such tabular row will not be collapsed.

docker ps - a | less -S
1.2 Refresh log

docker log no immediate refresh unless you use the -F option:

docker logs & lt; containerid> -F
1.3 gets a single value from a docker inspect the

docker inspect a large number of default output data in JSON format. You can use jq, to get the value for a particular key. Or you can use the built-go templates:

Finally, a docker container is now functioning properly?

docker inspect --format '{{.State.Running}}' $ (docker ps -lq)
1.4 Use docker exec instead of sshd or nsenter

If you viewed Docker release you will you will be very aware of this little trick. exec in New features in version 1.3 are added, it allows you to run a new process inside the container. So you do not run or install sshd nscenter on the host.

2. Dockerfiles

2.1 docker build support git repository

Not only can you create from the local Dockerfile in Docker mirror, you can simply specify a URL to a docker build warehouse, then docker build for you to finish the rest of the things.

2.2 no list of packages

Default image (such as Ubuntu) that does not contain a list of packages, the purpose is to make the mirror smaller. Requiring the need to use apt-get update on any basis in the Dockerfile.

2.3 note version of the package

Note that installing the package, because these commands are also cached up. It means that if you empty the cache, you might get a different version; long or if the cache is not updated, you may not get the latest security updates.

A small volume of 2.4 base image

On Docker Hub has an official true zero volume Docker image, its name is called scratch. So if you have such needs, you can make your image from scratch. And in most cases, you'd better start from busybox, its size is only 2.5M.

2.5 FROM default to obtain the latest

If, after the FROM keyword you do not specify a version of tag, then the default will be to obtain the latest. Note that this point, and to ensure as much as possible to specify a particular version.

2.6 shell or exec mode

Dockerfile can be specified in two ways commands (such as CMD RUN, etc.). If you only write command then it will be wrapped Docker execute sh -c command. You can also write in the form of an array of strings. The wording of the array does not depend on the container shell, because it will go using the exec. Docker developers recommend using the latter approach.

2.7 ADD vs COPY

ADD and COPY can create the container at the time of adding local files. However, there are some additional ADD magic, such as adding a remote file, unzip or untar a number of documents and other packages. Please understand this difference before using ADD.

2.8 WORKDIR and ENV

Each command will create a new temporary image and run in a new shell, so if you can not run cd < directory> in Dockerfile or export < var> = < value>. Use WORKDIR set the working directory and use multiple commands to set the environment variable ENV.

2.9 CMD and ENTRYPOINT

CMD is a mirror when running the default command will be executed. ENTRYPOINT default is / bin / sh -c, then the CMD will be passed as a parameter. We can cover ENTRYPOINT in Dockerfile to let container like accepting command line parameters (specified in the default parameter CMD Dockerfile in).

Dockerfile in

ENTRYPOINT / bin / ls
CMD [ "-a"]
We cover the command line but still netrypoint ls

docker run training / ls -l
2.10 ADD placed at the end

If the file is changed, ADD will cache invalidation. Do not add things Dockerfile constantly changing in order to avoid caching. Your code in the end, will depend on libraries and foremost. For Node.js applications, this means package.json on the front, running nmp install and then add your code.

3. Docker network

Docker has a built-in IP pool for the specified container ip address. It is not visible outside, through the network port can access to the bridge.

Find 3.1 port mapping

docker run received an explicit port mapping as a parameter, or you can map all of the ports through the -P option. The advantage of the second approach is to prevent conflict. Through the following command to find the specified port:

docker port containerID portNumber
or

docker inspect --format '{{.NetworkSettings.Ports}}'
containerID
3.2 IP address of the container

Each container has its own IP address belonging to a private network (default 172.17.0.0/16). IP may vary at restart, if you want to know the address, you can use:

docker inspect --format '{{.NetworkSettings.IPAddress}}' containerID
Docker tries to check for conflicts, in case of need to use a different network address.

3.3 to take over the host's network

docker run --net = host network can be reused. But do not do it.

4. Volume (volume)

A bypass directory or single file copy-on-write (copy-on-write) file system is close to zero load (bind mounts).

4.1 content volume will not be saved in the docker commit time

Write your volumes do not have much significance in the mirror after the establishment.

4.2 The default volume is readable and writable

But there is one: ro flag.

4.3 volumes and containers exist separately

As long as there is a container volume will use their presence. It can be shared by --volumes-from options between the container.

4.4 mount your docker.sock

You can only mount docker.sock can make your container to access Docker's API. Then you can run the command Docker in the container. Such containers can even kill themselves, run a Docker guardian process in which a vessel is not necessary.

5. Security

5.1 running as root Docker

Docker API to give access to the root, because you can use the / mapped to a volume, and then read or write. Or you can --net host to take over the host of the network. Do not expose Docker API if you need to use TLS.

5.2 Dockerfile of USER

By default Docker can run any command as root, but you can use USER. Docker without the user's name space, so the container will be seen as a user on the host user. But only UID and therefore you need to add the user inside the container.

5.3 Use TLS operation Docker API

Docker 1.3 release adds support for the TLS. They use manual authentication mechanism: the client and the server has a Key. Key is seen as the root user's password. Starting with version 1.3, Boot2docker default TLS and will generate a key for you.

Key generate additional support needs OpenSSL 1.0.1 or higher, then Docker daemon process needs to add --tls-verify option to run, Docker uses the secure port (2376).
     
         
         
         
  More:      
 
- Android memory optimization of the memory cache (Linux)
- The difference between IPython and Python (Linux)
- Linux the best download manager uGet (Linux)
- MySQL remote connection settings (Database)
- Python decorators to learn and practice the actual usage scenarios (Programming)
- Let VMware ESXi virtual switch support VLAN (Linux)
- GNU Linux use diff to generate a patch with the patch (Linux)
- After SSH change the default port, how to use Git (Linux)
- SecureCRT in Python scripting study guide (Programming)
- Ubuntu 14.04 LTS compiler installation R Source Code (Linux)
- Linux operating system security settings initial understanding (Linux)
- To repair Shell script by default open in Ubuntu (Linux)
- using Docker Kitematic on windows (Linux)
- iOS development -Launch Image and Launchscreen (Programming)
- Linux, Chrome browser font settings beautification (Linux)
- Axel install plug under CentOS 5/6 acceleration yum downloads (Linux)
- Win7 + Ubuntu Kylin + CentOS 6.5 installed three systems (Linux)
- Firewall Configuration Red Hat Enterprise Linux 4 (Linux)
- iOS used in the development --UITabBarController tag controller (Programming)
- Use libcurl library download url image (Programming)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.