Container 概念介紹及實作

Container 概念介紹及實作 === ###### tags:`Container` `Docker` [TOC] ## 第 1 章：本次 Docker lab 連線方式 開啟 powershell，輸入 ssh {user}@{External IP}，例如：ssh superman@35.206.246.7 ```bash= PS C:\Users\User> ssh {user}@35.206.255.133 ``` ## 第 2 章：確認環境資訊 ### 2-1 查看登入帳號 ```bash= superman@nccu-docker-1:~$ whoami superman ``` ### 2-2 查看預設登入目錄 ```bash= superman@nccu-docker-1:~$ pwd /home/superman ``` ### 2-3 查看作業系統由於 Container 的資源隔離 (如：CPU、RAM、IO) 是使用 `cgroup`，而 `Ubuntu 22.04` 預設使用的是較新的 `cgroup2fs`，有較高的安全性，所以從作業系統、版本以及生命週期都會是需要考量的項目。 ```bash= superman@nccu-docker-1:~$ cat /etc/os-release ``` :::spoiler output ```bash= PRETTY_NAME="Ubuntu 22.04.3 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.3 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy ``` ::: ### 2-4 查看 docekr 版本測試使用自動完成 tab 鍵，例如輸入 doc 後點擊 tab 鍵 ```bash= superman@nccu-docker-1:~$ docker version ``` :::spoiler output ```bash= Client: Docker Engine - Community Version: 24.0.7 API version: 1.43 Go version: go1.20.10 Git commit: afdd53b Built: Thu Oct 26 09:07:41 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.7 API version: 1.43 (minimum version 1.12) Go version: go1.20.10 Git commit: 311b9ff Built: Thu Oct 26 09:07:41 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.26 GitCommit: 3dd1e886e55dd695541fdcd67420c2888645a495 runc: Version: 1.1.10 GitCommit: v1.1.10-0-g18a0cb0 docker-init: Version: 0.19.0 GitCommit: de40ad0 ``` ::: ### 2-5 確認 docker 安裝情形 #### 1. 查看運行中的容器 ```bash= superman@nccu-docker-1:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ``` #### 2. 查看所有容器 ```bash= superman@nccu-docker-1:~$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ``` #### 3. 查看所有映像檔 ```bash= superman@nccu-docker-1:~$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ``` ### 2-6 運行第一個容器 `hello-world` ```bash= superman@nccu-docker-1:~$ docker run hello-world ``` :::spoiler output ```bash= Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 719385e32844: Pull complete Digest: sha256:3155e04f30ad5e4629fac67d6789f8809d74fea22d4e9a82f757d28cee79e0c5 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ ``` ::: :::spoiler 觀察 Container 狀態 ```bash= superman@nccu-docker-1:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES superman@nccu-docker-1:~$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4aba165c76d4 hello-world "/hello" 59 seconds ago Exited (0) 58 seconds ago stupefied_taussig ``` ::: ## 第 3 章：從 Docker hub 蓋一個快樂水族箱 #### 1. `docker pull` ```bash= superman@nccu-docker-1:~$ docker pull wernight/funbox Using default tag: latest latest: Pulling from wernight/funbox f2b6b4884fc8: Pull complete 24876304c826: Pull complete dc2853569c8e: Pull complete f1feacc76ece: Pull complete 47b0568134ef: Pull complete Digest: sha256:5cbbebc6fd1627b122bf7b5e4f562077de9dd52ed58bec2ede0d82071dea5298 Status: Downloaded newer image for wernight/funbox:latest docker.io/wernight/funbox:latest ``` :::spoiler 觀察映像檔下載結果 ```bash= superman@nccu-docker-1:~$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest 9c7a54a9a43c 7 months ago 13.3kB wernight/funbox latest 538c146646c3 5 years ago 1.12GB ``` ::: #### 2. `docker run` ```bash= superman@nccu-docker-1:~$ docker run -it wernight/funbox asciiquarium ``` :::spoiler output ![](https://i.imgur.com/Fcmn0tC.png) ::: > [Docker hub](https://hub.docker.com/search?q=) ## 第 4 章：測試 Docker 的網路功能 ### 4.1 前置作業 #### 1. 建立第一個 ubuntu 容器 `--name $(whoami)-demo1` ```bash= superman@nccu-docker-1:~$ docker run -d -it --name $(whoami)-demo1 ubuntu Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu 5e8117c0bd28: Pull complete Digest: sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb Status: Downloaded newer image for ubuntu:latest 0659dfd642b302b8a54bac49387747a530625f1ead8a2fdcf52f8b13e97fd0a6 ``` #### 2. 查看運行中的容器 ```bash= superman@nccu-docker-1:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0659dfd642b3 ubuntu "/bin/bash" About a minute ago Up About a minute superman-demo1 ``` #### 3. 進入 $(whoami)-demo1 安裝 `ping` ```bash= superman@nccu-docker-1:~$ docker exec -it $(whoami)-demo1 /bin/bash root@0d35b9fbbfb1:/# apt-get update && apt-get install iputils-ping -y ``` #### 4. 建立第二個 ubuntu 容器 --name $(whoami)-demo2 ```bash= superman@nccu-docker-1:~$ docker run -d -it --name $(whoami)-demo2 ubuntu Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu 5e8117c0bd28: Pull complete Digest: sha256:8eab65df33a6de2844c9aefd19efe8ddb87b7df5e9185a4ab73af936225685bb Status: Downloaded newer image for ubuntu:latest 0659dfd642b302b8a54bac49387747a530625f1ead8a2fdcf52f8b13e97fd0a6 ``` #### 5. 查看 $(whoami)-demo1 及 $(whoami)-demo2 的 IP ```bash= superman@nccu-docker-1:~$ docker network inspect bridge [ { "Name": "bridge", "Id": "854483047cc4c204fb72ddf7f937541f69ac2a635dd772ca9541a5519181bcf9", "Created": "2023-12-13T14:07:15.167375673+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "40eb223bb4fabc8714d88211b855bbc844da8f248afc6daa93dad37539d0698f": { "Name": "superman-demo2", "EndpointID": "57d624cee893330d145c59377d180391201c6267e2c11a4dccc31a8101dbb801", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "54d0215228b977044ef8f9edf1ad78c10c1104a74f09a013aba59d7acc9d1c0b": { "Name": "superman-demo1", "EndpointID": "c066c0a41da6673bb5abb29f7dd63cab49cbc1e39e656853822dfbaa97a51862", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] ``` #### 6. 重新進入 $(whoami)-demo1 ```bash= superman@nccu-docker-1:~$ docker exec -it $(whoami)-demo1 /bin/bash root@0d35b9fbbfb1:/# ``` ### 4.2 實際測試 #### 1. 測試 $(whoami)-demo1 是否能夠存取到自己 ```bash= superman@nccu-docker-1:~$ docker exec -it $(whoami)-demo1 /bin/bash root@54d0215228b9:/# ping 172.17.0.2 -c1 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.026 ms --- 172.17.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms ``` #### 2. 測試 $(whoami)-demo1 是否能夠存取到 localhost ```bash= root@54d0215228b9:/# ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.027 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.044 ms 64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.038 ms ^C --- localhost ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2040ms rtt min/avg/max/mdev = 0.027/0.036/0.044/0.007 ms ``` #### 3. 測試 $(whoami)-demo1 是否能夠存取到 $(whoami)-demo2 ```bash= root@54d0215228b9:/# ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.097 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.072 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.076 ms ^C --- 172.17.0.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2038ms rtt min/avg/max/mdev = 0.072/0.081/0.097/0.011 ms ``` #### 4. 測試 $(whoami)-demo1 是否能夠存取到外網 ```bash= rroot@54d0215228b9:/# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=0.762 ms ^C --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.762/0.762/0.762/0.000 ms root@54d0215228b9:/# ping google.com PING google.com (142.251.170.113) 56(84) bytes of data. 64 bytes from tc-in-f113.1e100.net (142.251.170.113): icmp_seq=1 ttl=117 time=1.03 ms 64 bytes from tc-in-f113.1e100.net (142.251.170.113): icmp_seq=2 ttl=117 time=0.351 ms 64 bytes from tc-in-f113.1e100.net (142.251.170.113): icmp_seq=3 ttl=117 time=0.319 ms ^C --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 0.319/0.566/1.030/0.327 ms ```