Skip to content

Latest commit

 

History

History
117 lines (72 loc) · 3.77 KB

docker.md

File metadata and controls

117 lines (72 loc) · 3.77 KB

##Install

Mac: https://docs.docker.com/docker-for-mac/install/

Desktop vs Tookbox https://docs.docker.com/docker-for-mac/docker-toolbox/

Docker storage module

To support varias linux file system, like ext4,xfs. docker need to use network driver. there are many network driver docker support, like aufs, device mapper and overlay2.

Docker supports the following storage module

  1. Using host machine volumn like a random host machine volumn is mount to docker /tmp/myfolder
 `docker run -itd -v /tmp/myfolder -name data-volumn busybox sleep 1000`

2. Using a fix folder in host
 
   `docker run -itd -v /home/litaocdl:/tmp/myfolder ... `
   
3. Use a volumn container

   `docker run -d --volumns-from data-volumn --name busy-box2 sleep 1000`

Network module

  • Bridge

    1. Use docker0 bridge (created by docker daemon), in each container, create a veth (eth0 - veth) from container to docker0 bridge. when docker visit the outside network, will use NAT to change the source or target ip address. when access outside, use SNAT (Source NAT), when outside visit docker, use DNAT (Dest NAT). by default, outside can visit the docker network, it is controlled by ip forward. set net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_forward=1

      NAT to change the target ip address

      NAT to change the source ip address

  • Host

    1. Share ip address with host, share port with host, no port mapping.

  • None

    1. No network, Can only use loopback network. handle batch work.

  • Container

    1. Share network module with another existed container. in k8s, inner one pod, the pause container will start first ,all the other containers in one pad use --net=Container:pause with this pause container.

  • Overlay latest network module docker created to support NFS. besides the overlay docker created, there are others like flannel, weave and calico etc. Docker is using CNM (container network module) to use those network modules CNM contains:

    • Endpoints
    • Network
    • Sandbox

Create docker registry

reference: https://docs.docker.com/registry/deploying/

  1. Prepare CA certification

    We will get a my.crt, my.key and intermediatecert.pem and caroot.pem keys if intermediatecert and caroot is in der format, change it to pem

     openssl x509 -inform der -in carootcert.der -out carootcert.pem

    merge the caroot and intermediatecert into my.crt using cat.

  2. Install docker registry image

docker run -d --privileged \
--restart=always \
--name registry \
-v /mnt/certs:/certs \
-v /mnt/registry:/var/lib/registry
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/my_own.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/my_own.key \
-p 443:443 \
registry:2

if we met the permission denied error when visiting /certs, issue su -c "setenforce 0"

after the docker registry started, we can visit from https://taoos11.fyre.ibm.com/v2/

and can also docker push and docker pull

  docker push taoos11.fyre.ibm.com/uc/base-images
  docker pull taoos11.fyre.ibm.com/uc/base-images