Original Address: http://blog.jboost.cn/2019/07/16/docker-4.html
In Docker, the application is to run through the vessel, while the vessel is running mirror-based, object-oriented design is similar to the relationship between objects and classes - the class definition does not mention on the creation and use of an example, without mirroring it would not create the definition and operation of the vessel.
1. Obtain Mirror
Mirroring come from, generally two ways, one is the public image library, such as the official image library Docker Hub, above a large number of high-quality image can be directly used to use; the second is the custom, we may be based on an existing image, add layer on its basis (recall tiered storage characteristics mirrored bar), and then formed to build their own image.
If we know the name of a mirror, you can directly docker pulldownload the image to a local, such as ubuntu, redis, nginx, etc., docker pullcommand format is as follows (in parentheses indicate there may be no)
docker pull [options] [Docker Registry address [: Port Number] /] warehouse name [: label]
Which options can be set:
- -a, -all-tags: download all tags in the warehouse (generally refers to the version) of the mirror
- -disable-content-trust: skipped image authentication, the default is true
Docker Registry address i.e. mirror warehouse address, typically a DNS name or IP plus port number, if not specified, the default is Docker Hub; repository name consists of two parts, <user name> / <software name>, for Docker Hub, if not to the user name, the default for the library, represent the official; the label usually corresponds to the software version number, if not specified, the default is latest.
For example, we want the next nginx mirror, you can execute the following command
[root@iZwz9dbodbaqxj1gxhpnjxZ ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx fc7181108d40: Already exists d2e987ca2267: Pull complete 0b760b431b11: Pull complete Digest: sha256:48cbeee0cb0a3b5e885e36222f969e0a2f41819a68e07aeb6631ca7cb356fed1 Status: Downloaded newer image for nginx:latest
Here we have no option is specified, nor specify the mirror warehouse address, then the default will get a mirror from Docker Hub (but Docker Hub due in a foreign country, more slowly, so generally set the domestic accelerator, reference Docker notes (three): Docker installation and configuration part II: domestic mirrors arranged), did not give the user name, the default library (third row), the tag is not specified, the default is the latest (second row), seen from the fourth to the sixth row, this image consists of three layers, a first layer and the existing (previously downloaded image already contains this layer, directly multiplexing), the mirror and the concept of the hierarchical multiplexing layer, it should have been understood.
If we do not know the full name of the mirror how to do, search, there are two ways, one is through the command, assuming that we can not remember the full name of the nginx, just remember ngi, you can search by the following command
[root@iZwz9dbodbaqxj1gxhpnjxZ ~]# docker search ngi NAME DESCRIPTION STARS OFFICIAL AUTOMATED nginx Official build of Nginx. 11693 [OK] jwilder/nginx-proxy Automated Nginx reverse proxy for docker con… 1628 [OK] richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable of… 726 [OK] bitnami/nginx Bitnami nginx Docker Image 69 [OK] linuxserver/nginx An Nginx container, brought to you by LinuxS… 69 tiangolo/nginx-rtmp Docker image with Nginx using the nginx-rtmp… 48 [OK] nginx/nginx-ingress NGINX Ingress Controller for Kubernetes 20 nginxdemos/hello NGINX webserver that serves a simple page co… 18 [OK] jlesage/nginx-proxy-manager Docker container for Nginx Proxy Manager 17 [OK] schmunk42/nginx-redirect A very simple container to redirect HTTP tra… 17 [OK] crunchgeek/nginx-pagespeed Nginx with PageSpeed + GEO IP + VTS + more_s… 13 blacklabelops/nginx Dockerized Nginx Reverse Proxy Server. 12 [OK] ...
This command contains from Docker Hub search image name ngiof the image, wherein STARS represents a collection number of users, OFFICIAL is [OK] represents the mirror provided by the official, AUTOMATED [OK] represented constructed generated by automated, usually selected STARS most official mirror .
This way to obtain limited information, such as which version specifically includes not know. Another way is to search directly on Docker Hub site, open https://hub.docker.com , enter in the search box ngi, as shown below
Will list all meet the conditions of the mirror, opening the nginxresults link, you can see the version supplied (you can see links defined by the corresponding Dockerfile mirrored version), and the corresponding documentation. Information obtained in this way is more comprehensive, it is recommended this way!
Further, when we do not performed docker pulldirectly by docker run xxthe time to run a container, if no corresponding image, it will automatically download the image first, and then start image based on a container, such as we note Docker (three): Docker installation and configuration of the test run when the installation was successful dockerhello-world
2. Manage local mirror
After downloading the image to a local, we can based on the mirror to create, run container, and the mirror management.
Check local mirror
[root@iZwz9dbodbaqxj1gxhpnjxZ ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest f68d6e55e065 2 weeks ago 109MB mysql latest c7109f74d339 5 weeks ago 443MB hello-world latest fce289e99eb9 6 months ago 1.84kB
上面各列依次列出了镜像名称、标签(版本)、镜像ID、创建时间、镜像大小。镜像可以拥有多个标签(版本)。镜像的大小总和一般要大于实际的磁盘占有量,为什么?回忆一下镜像的分层存储概念,层是可以复用的,某个层其中一个镜像有了,另一个镜像就不会再下载了。口说无凭,我们来验证下,docker system df可列出镜像、容器、数据卷所占用的空间
[root@iZwz9dbodbaqxj1gxhpnjxZ ~]# docker system df TYPE TOTAL ACTIVE SIZE RECLAIMABLE Images 3 1 497.1MB 497.1MB (99%) Containers 1 0 0B 0B Local Volumes 0 0 0B 0B Build Cache 0 0 0B 0B
通过docker image ls列出的各镜像大小总共约552MB,但这里列出的镜像大小只有约497MB,这下有凭有据了吧。
根据条件列出镜像
docker image ls nginx # 根据名称列出镜像 docker image ls nginx:latest # 根据名称与标签列出镜像 docker image ls -f since=hello-world:latest # -f 是--filter的缩写,过滤器参数,列出在hello-world:latest之后建立的镜像,before=hello-world:latest则查看之前建立的镜像
指定显示格式
docker image ls -q # 只显示镜像ID docker image ls --digests # 列出镜像摘要 docker image ls --format "{{.ID}}: {{.Repository}}" # 使用Go的模板语法格式化显示,这里显示格式为 镜像ID:镜像名称 docker image ls --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" # 自己定义表格格式
虚悬镜像
有时候会看到某些镜像既没有仓库名,也没有标签,均为 <none>。这些镜像原本是有镜像名和标签的,随着官方镜像维护,发布了新版本后(新版本会复用之前的镜像名称与标签,一般是bug修复版),重新docker pull xx 时, 这个镜像名被转移到了新下载的镜像身上,而旧的镜像上的这个名称则被取消,从而成为了<none> 。除了docker pull可能导致这种情况, docker build也同样可以导致这种现象。由于新旧镜像同名,旧镜像名称被取消,从而出现仓库名、标签均为 <none> 的镜像。这类无标签镜像被称为虚悬镜像(dangling image) ,可以用下面的命令专门显示这类镜像:
docker image ls -f dangling=true
一般虚悬镜像没什么意义了,可以通过如下命令删除
docker image prune
中间层镜像
为了加速镜像构建、重复利用资源,Docker会利用中间层镜像。所以在使用一段时间后,可能会看到一些依赖的中间层镜像。默认的docker image ls列表中只会显示顶层镜像,如果希望显示包括中间层镜像在内的所有镜像的话,可以加 -a
$ docker image ls -a
这样会看到很多无标签的镜像,与虚悬镜像不同,这些无标签的镜像很多都是中间层镜像,是其它镜像所依赖的镜像。这些无标签镜像不应该删除,否则会导致上层镜像因为依赖丢失而出错。实际上,这些镜像也没必要删除,因为相同的层只会存一遍,而这些镜像是别的镜像的依赖,因此并不会因为它们被列出来而多存了一份,无论如何你也会需要它们。只要删除那些依赖它们的镜像后,这些依赖的中间层镜像也会被连带删除。
删除镜像
删除镜像命令格式
docker image rm [选项] <镜像1> [<镜像2> ...]
选项可以设置:
- -f, –force 强制删除镜像
- –no-prune 不删除没有标签的父镜像
<镜像1>、<镜像2> 等可以是镜像的名称,镜像的全ID,也可以是镜像ID的前面几个数字(只要与其它镜像区分开来就行),或者是镜像摘要。 如删除镜像名称为mysql的镜像
[root@iZwz9dbodbaqxj1gxhpnjxZ ~]# docker image rm mysql Untagged: mysql:latest Untagged: mysql@sha256:415ac63da0ae6725d5aefc9669a1c02f39a00c574fdbc478dfd08db1e97c8f1b Deleted: sha256:c7109f74d339896c8e1a7526224f10a3197e7baf674ff03acbab387aa027882a Deleted: sha256:35d60530f024aa75c91a123a69099f7f6eaf5ad7001bb983f427f674980d8482 Deleted: sha256:49d8bb533eee600076e3a513a203ee24044673fcef0c1b79e088b2ba43db2c17 ...
由上面命令的执行结果可见,删除镜像包括另个行为:Untagged、Deleted。
当我们使用上面命令来删除镜像的时候,实际上是在要求删除某个/某些标签的镜像。所以首先需要做的是将满足要求的所有镜像标签都取消,这就是Untagged的行为。一个镜像可以对应多个标签,因此当我们删除了所指定的标签后,可能还有别的标签指向了这个镜像,如果是这种情况,那么Delete行为就不会发生,仅仅是取消了这个镜像的符合要求的所有标签。所以并非所有的docker image rm都会产生删除镜像的行为,有可能仅仅是取消了某个标签而已。
当该镜像所有的标签都被取消了,该镜像很可能就失去了存在的意义,因此会触发删除行为。镜像是多层存储结构,因此在删除的时候也是从上层向基础层方向依次进行判断删除。如果某个其它镜像正依赖于当前镜像的某一层,这种情况,依旧不会触发删除该层的行为。直到没有任何镜像依赖当前层时,才会真实的删除当前层。
另外还需要注意是容器对镜像的依赖。如果基于镜像启动的容器存在(即使容器没有运行处于停止状态) ,同样不可以删除这个镜像。我们之前说了容器是以镜像为基础,再加一层容器存储层组成的多层存储结构去运行的。所以如果这些容器是不需要的,应该先将它们删除,然后再来删除镜像。
通过组合命令来删除
docker image rm $(docker image ls -q nginx) # 删除镜像名称为nginx的所有镜像 docker image rm $(docker image ls -q -f since=hello-world:latest) # 删除所有在hello-world:latest之后建立的镜像
3. 总结
In this paper, the basic administrative image acquisition and a local mirror to do a presentation, image acquisition path this article are available directly from the warehouse mirror, the mirror is another way to get the custom, the next will be introduced by way of example, welcome attention .
My personal blog address: http://blog.jboost.cn
my micro-channel public number: jboost-ksxy (a technique not only dry numbers of the public are welcome attention, timely access to updates)
-------- -------------------------------------------------- -