2月17日 23:37
What are the core concepts, common commands, and best practices of Linux container technologies (Docker, Kubernetes)?
Linux container technology is the core technology for modern application deployment and microservice architecture. Docker and Kubernetes are the most mainstream container solutions.
Docker basic concepts:
- Image: read-only filesystem template containing all dependencies needed to run the application
- Container: running instance of an image, lightweight and isolated runtime environment
- Repository: place to store and distribute images, such as Docker Hub
- Dockerfile: text file used to build images
- Docker Compose: tool for defining and running multi-container applications
Docker common commands:
- Image management:
- docker images: list local images
- docker pull image: pull image
- docker build -t name .: build image
- docker rmi image: delete image
- docker tag image newname: tag image
- Container management:
- docker run: run container
- docker ps: view running containers
- docker ps -a: view all containers
- docker stop container: stop container
- docker start container: start container
- docker restart container: restart container
- docker rm container: delete container
- docker exec -it container /bin/bash: enter container
- Container operations:
- docker logs container: view container logs
- docker cp file container:/path: copy file to container
- docker cp container:/path file: copy file from container
- docker inspect container: view detailed container information
- docker stats: view container resource usage
Dockerfile instructions:
- FROM: specify base image
- RUN: execute command
- COPY: copy files to image
- ADD: copy files to image (supports decompression and URL)
- CMD: command to execute when container starts
- ENTRYPOINT: entry point to execute when container starts
- ENV: set environment variables
- ARG: build-time variables
- EXPOSE: declare ports listened by container
- VOLUME: declare mount points
- WORKDIR: set working directory
- USER: set running user
Docker Compose:
- Configuration file: docker-compose.yml
- Common commands:
- docker-compose up: start services
- docker-compose down: stop and remove services
- docker-compose ps: view service status
- docker-compose logs: view service logs
- docker-compose exec service command: execute command in service
- Configuration example:
yaml
version: '3' services: web: build: . ports: - "80:80" volumes: - ./data:/data environment: - ENV=value
Kubernetes basic concepts:
- Pod: smallest deployment unit, contains one or more containers
- Node: physical or virtual machine running Pods
- Service: provides stable network access for Pods
- Deployment: manages Pod replicas and updates
- ReplicaSet: ensures specified number of Pod replicas are running
- StatefulSet: manages stateful applications
- DaemonSet: runs one Pod on each node
- ConfigMap: configuration data
- Secret: sensitive data
- Namespace: resource isolation
- Ingress: HTTP/HTTPS routing
Kubernetes common commands:
- Cluster management:
- kubectl cluster-info: view cluster information
- kubectl get nodes: view nodes
- kubectl get namespaces: view namespaces
- Pod management:
- kubectl get pods: view Pods
- kubectl describe pod podname: view Pod details
- kubectl logs podname: view Pod logs
- kubectl exec -it podname /bin/bash: enter Pod
- kubectl delete pod podname: delete Pod
- Service management:
- kubectl get services: view services
- kubectl describe service servicename: view service details
- Deployment management:
- kubectl get deployments: view deployments
- kubectl apply -f yaml: apply configuration
- kubectl rollout status deployment/deploymentname: view deployment status
- kubectl scale deployment/deploymentname --replicas=3: scale replicas
Kubernetes configuration examples:
- Pod configuration:
yaml
apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: mycontainer image: nginx ports: - containerPort: 80 - Deployment configuration:
yaml
apiVersion: apps/v1 kind: Deployment metadata: name: mydeployment spec: replicas: 3 selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: mycontainer image: nginx ports: - containerPort: 80
Container networking:
- Docker network modes:
- bridge: default mode, containers communicate through Docker bridge
- host: container uses host network stack
- none: no network
- container: share another container's network
- Kubernetes network model:
- Pod network: all Pods in the same flat network
- Service network: provides stable IP for Pods
- Ingress: external access entry point
Container storage:
- Docker storage drivers: overlay2, aufs, btrfs, zfs
- Volume: persistent storage
- Bind Mount: mount host directory to container
- Kubernetes StorageClass: dynamic storage allocation
- PersistentVolume: cluster-level storage resource
- PersistentVolumeClaim: user's request for storage
Container security:
- Image security:
- Use official or trusted images
- Regularly update images
- Scan images for vulnerabilities
- Minimize image size
- Runtime security:
- Run containers as non-root user
- Limit container resources
- Use read-only filesystem
- Limit container capabilities
- Kubernetes security:
- RBAC: role-based access control
- Network Policy: network policy
- Pod Security Policy: Pod security policy
Container orchestration best practices:
- Microservice architecture: split application into multiple microservices
- Health checks: configure liveness and readiness probes
- Resource limits: set CPU and memory limits
- Rolling updates: gradually update applications to avoid service interruption
- Auto-scaling: automatically adjust replicas based on load
- Configuration management: use ConfigMap and Secret to manage configuration
- Log collection: centrally collect and analyze container logs
- Monitoring and alerting: monitor container and cluster status