docker run -d -p 5000:5000 --restart=always \
–v /opt/docker/registry/data:/var/lib/registry --name registry registry:2
② 推送一个镜像到镜像仓库
[root@dockertest ~]# docker tag nginx:latest 192.168.10.131:5000/nginx:latest
[root@dockertest ~]# docker push 192.168.10.131:5000/nginx:latest
The push refers to repository [192.168.10.131:5000/nginx]
Get https://192.168.10.131:5000/v2/: http: server gave HTTP response to HTTPS client
[root@dockertest registry]# mkdir -p certs
[root@dockertest registry]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
> -x509 -days 365 -out certs/domain.crt
Generating a 4096 bit RSA private key
...........++
..............................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:192.168.10.131:5000
Email Address []:
③将刚生成的domain.crt复制到/etc/docker/certs.d/192.168.100.9:5000/ca.crt,并重启docker
[root@localhost ~]# docker pull 192.168.10.131:5000/nginx
Using default tag: latest
Error response from daemon: Get https://192.168.10.131:5000/v2/: x509: certificate signed by unknown authority
#发现报错,原因是没有证书,将192.168.10.131上的证书拷贝到这台机器为/etc/docker/certs.d/192.168.10.131:5000/ca.crt,并重启docker
[root@dockertest ~]# docker volume create v2
v2
[root@dockertest ~]# docker run -it --mount source=v2,target=/backup --name datamove centos
[root@19de5488667a /]# cd /backup/
[root@19de5488667a backup]# touch {a,b,c,d,ss}
[root@19de5488667a backup]# ls
a b c d ss
②数据卷的备份
[root@dockertest ~]# docker run --volumes-from datamove -v /dockerdata/:/back --name backup centos tar cvf /back/backup.tar /backup
tar: Removing leading `/' from member names
/backup/
/backup/a
/backup/b
/backup/c
/backup/d
/backup/ss
[root@dockertest ~]# ls /dockerdata/
backup.tar
③创建一个容器savedata还原数据卷
[root@dockertest ~]# docker run --volumes-from datamove -v /dockerdata/:/back --name savedata centos tar xvf /back/backup.tar
backup/
backup/a
backup/b
backup/c
backup/d
backup/ss
④创建一个容器挂载savedata
[root@dockertest ~]# docker run -dit --volumes-from savedata --name savetest centos
faa008b4f18360b0bed3619f740ccc6a326d7e718020347bdb3027750d48ef60
[root@dockertest ~]# docker exec -it savetest ls /backup
a b c d ss
六、网络配置
1.端口映射
①一对一映射
[root@dockertest ~]# docker run -dit -p 80:80 --name port1 centos
[root@dockertest ~]# docker run -dit -p :80 --name port3 centos
④映射UDP端口
[root@dockertest ~]# docker run -dit -p :80/udp --name port4 centos
⑤查看端口映射
[root@dockertest ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dbdbe92054f2 centos "/bin/bash" 7 minutes ago Up 7 minutes 0.0.0.0:32769->80/udp port4
3880ae523333 centos "/bin/bash" 7 minutes ago Up 7 minutes 0.0.0.0:32769->80/tcp port3
8293f668125f centos "/bin/bash" 7 minutes ago Up 7 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:8088->8088/tcp port2
e01160b11472 centos "/bin/bash" 8 minutes ago Up 7 minutes 0.0.0.0:80->80/tcp port1 2.容器互联
①新建一个网络
[root@dockertest ~]# docker network create -d bridge my-net
cf09779c2aac2043c84b98a9728ed597c2dac7e8f67c8946b57dc4b9aa3f7cd2
[root@dockertest ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
da971fe6813b bridge bridge local
eec69c6ab2da host host local
cf09779c2aac my-net bridge local
d2be30ca65ba none null local
[root@a6e5609d4e6f /]# ping web1
PING web1 (172.18.0.2) 56(84) bytes of data.
64 bytes from web1.my-net (172.18.0.2): icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from web1.my-net (172.18.0.2): icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from web1.my-net (172.18.0.2): icmp_seq=3 ttl=64 time=0.053 ms
^C
--- web1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.045/0.066/0.102/0.026 ms
[root@a6e5609d4e6f /]#
3.配置DNS
①在容器中查看挂载信息
[root@ac92ecff44e1 /]# mount | grep etc
/dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hostname type xfs (rw,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hosts type xfs (rw,relatime,attr2,inode64,noquota)
[root@ac92ecff44e1 /]#
这种机制可以让宿主主机 DNS 信息发生更新后,所有 Docker容器的DNS配置通过/etc/resolv.conf 文件会得到更新。