cgrddv/obsidian_note
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
nas
obsidian_note/技术探究/docker容器/docker cmd.md

133 lines
3.3 KiB
Markdown
Raw Permalink Normal View History

vault backup: 2025-12-04 09:12:56
2025-12-04 09:12:56 +08:00
# docker cmd
## bash
`docker exec -it <container> bash`
[Docker image的导入导出 - 简书](https://www.jianshu.com/p/69b6c4c556ad)
## 导出image 导出镜像
[docker load | Docker Documentation](https://docs.docker.com/engine/reference/commandline/load/)
```bash
docker save -o /home/user/images/ubuntu_14.04.tar ubuntu:14.04
```
## 导入image 导入镜像
```bash
docker load --input ubuntu_14.04.tar
```
## 导入导出压缩
```bash
docker save mp_info | gzip > /home/userapp/xiewei/mp_info/mp_info.tar.gz
# gunzip -c /home/userapp/xiewei/mp_info/mp_info.tar.gz | docker load
docker save gcr.io/cadvisor/cadvisor:latest | gzip > cadvisor.tar.gz
docker load -i cadvisor.tar.gz
# Load an image or repository from a tar archive (even if compressed with gzip, bzip2, or xz) from a file or STDIN. It restores both images and tags.
# 直接读取,不解压也可以
docker load -i /home/userapp/xiewei/mp_info/mp_info.tar.gz
```
## docker run
最后面的 `server /data` 是指定需要在容器内执行的命令。
```sh
docker run -p 9000:9000 --name myminio \
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE" \
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" \
-v /mnt/data:/data \
-v /mnt/config:/root/.minio \
minio/minio server /data
```
```yml
version: '3'
services:
minio:
image: minio/minio:latest
container_name: myminio
ports:
- 9000:9000
volumes:
- /var/minio/data:/data
- /var/minio/config:/root/.minio
environment:
MINIO_ACCESS_KEY: "root"
MINIO_SECRET_KEY: "password"
command: server /data
restart: always
```
## docker stack
单机模式下,我们可以使用 Docker Compose 来编排多个服务,而 Docker Swarm 只能实现对单个服务的简单部署。本文的主角 Docker Stack ,通过 Docker Stack 我们只需对已有的 docker-compose.yml 配置文件稍加改造就可以完成 Docker 集群环境下的多服务编排
## docker cp
```bash
# Docker容器向宿主机传送文件
docker cp container_id:<docker容器内的路径> <本地保存文件的路径>
# ---
# 宿主机向Docker容器传送文件
docker cp 本地文件的路径 container_id:<docker容器内的路径>
```
## docker stats
资源监控
```shell
docker top xxx
docker stats
```
## docker 进入未启动的容器 `How To Run Commands In Stopped Docker Containers`
[How To Run Commands In Stopped Docker Containers · Thorsten Hans](https://www.thorsten-hans.com/how-to-run-commands-in-stopped-docker-containers/)
```bash
# Commit the stopped image
docker commit 0dfd54557799 xxx
# now we have a new image
docker images list
REPOSITORY TAG IMAGE ID CREATED SIZE
debug/ubuntu <none> cc9db32dcc2d 2 seconds ago 64.3MB
# create a new container from the "broken" image
docker run -it --rm --entrypoint sh xxxx
# inside of the container we can inspect - for example, the file system
$ ls /app
App.dll
App.pdb
App.deps.json
# CTRL+D to exit the container
# delete the container and the image
docker image rm xxx
```
>端口映射 实际上就是  SNAT+DNAT
都是NAT
SNAT源地址转换和DNAT目的地址转换
这个是 容器不能访问其他容器的情况
```bash
iptables -I INPUT -i docker0 -j ACCEPT
iptables -t nat -L -n -v
```
Reference in New Issue Copy Permalink