Docker
source /dev/stdin <<< "$(curl -sSL https://raw.githubusercontent.com/fzinfz/scripts/master/linux/docker.sh)"
RUN apt update && apt install -y--no-install-recommends && rm -r /var/lib/apt/lists/*
# install pip3RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && rm get-pip.pyRUN apk add --no-cache --virtual .build-deps \curl ca-certificates jq \&& apk del .build-deps
https://github.com/krallin/tini
docker run --init
https://github.com/just-containers/s6-overlay
https://docs.docker.com/storage/storagedriver/select-storage-driver/#docker-engine---community
When possible, overlay2 is the recommended storage driver.Supported backing filesystems: xfs with ftype=1, ext4 ( where /var/lib/docker/ is located )
http://jpetazzo.github.io/assets/2015-06-04-deep-dive-into-docker-storage-drivers.html#80
https://docs.docker.com/engine/reference/commandline/build/
docker build [-f Dockerfile.custom] [--target multi-stage] Dockerfile-Root-Folderdocker build - < Dockerfile # no context, local ADD not workingcurl example.com/remote/Dockerfile | docker build -f - .Get-Content Dockerfile | docker build - # Powershelldocker build -f ctx/Dockerfile http://server/ctx.tar.gzdocker build https://github.com/user/repo.git
Build Syntax Suffix | Commit Used | Build Context Used |
myrepo.git#mytag:myfolder | refs/tags/mytag | /myfolder |
myrepo.git#mybranch:myfolder | refs/heads/mybranch | /myfolder |
Squashing does not destroy any existing image, rather it creates a new image.
docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]docker export container_name > container.tardocker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]docker save image_name > image.tardocker load < image.tar[.gz]
https://docs.docker.com/engine/reference/commandline/cp/
docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|-docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH
https://docs.docker.com/engine/reference/run/ https://docs.docker.com/engine/admin/resource_constraints/
--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]-m, --memory=""-c, --cpu-shares=0 CPU shares (relative weight)--dns=[] : Set custom dns servers for the container--network="bridge" : Connect a container to a network'bridge': create a network stack on the default Docker bridge'none': no networking'container:<name|id>': reuse another container's network stack'host': use the Docker host network stack'<network-name>|<network-id>': connect to a user-defined network--network-alias=[] : Add network-scoped alias for the container--add-host="" : Add a line to /etc/hosts (host:IP)--mac-address="" : Sets the container's Ethernet device's MAC address--ip="" : Sets the container's Ethernet device's IPv4 address--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses--read-only :prohibiting writes to locations other than the specified volumesVolume labels`:z` => shared`:Z` => private`--entrypoint` will clear out `CMD`echo test | docker run --rm -i alpine catdocker run --security-opt seccomp:unconfined # may fix chromium start error
http://wiki.ros.org/docker/Tutorials/GUI https://people.ece.cornell.edu/skand/post/x-forwarding-on-docker/
--env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw"
https://docs.docker.com/engine/reference/commandline/container_update/
docker container update [OPTIONS] CONTAINER [CONTAINER...] --cpus="1.5" # one and a half of the CPUs --cpu-shares , -c --memory , -m Memory limit --memory-reservation Memory soft limit --restart
docker container prunedocker system prune # Remove unused data
Ctrl+p & Ctrl+q
https://docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file
/etc/docker/daemon.json # delete `,` & `#...`# `dockerd` for debugging: https://docs.docker.com/engine/admin/{"live-restore": true, # containers remain running if daemon unavailable"graph": "/data/docker-fs","storage-driver": "overlay2","registry-mirrors": ["https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"],# https://cr.console.aliyun.com/#/accelerator# https://mirror.ccs.tencentyun.com}
https://docs.docker.com/engine/admin/systemd/#httphttps-proxy
mkdir -p /etc/systemd/system/docker.service.dcat > /etc/systemd/system/docker.service.d/http-proxy.conf << EOF[Service]Environment="HTTP_PROXY=http://192.168.88.11:1080/" "NO_PROXY=localhost,127.0.0.1,192.168.*.*.172.16.*.*"EOFsudo systemctl daemon-reloadsystemctl restart dockersystemctl show --property=Environment docker
TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes TCP and UDP port 4789 for overlay network traffic --opt encrypted => protocol 50 (ESP) is open
https://docs.docker.com/engine/swarm/admin_guide/#/add-manager-nodes-for-fault-tolerance
docker swarm init --advertise-addr 10.2.0.1docker swarm join-token managerdocker swarm join-token workerdocker swarm init --force-new-cluster # without losing datadocker node lsdocker node update --label-add server=s1 stnetstat -lntup | egrep '2377|7946|4789|50'docker service create --name nginx -p 8080:80 --replicas 3 nginxdocker service create --name nginx -p 80:80 -p 443:443 --network web --mode global nginxdocker service lsdocker service ps nginxdocker inspect <ID> | grep Err
https://docs.docker.com/engine/reference/commandline/service_create/
docker network create \--driver overlay \--subnet 10.66.3.0/24 \--opt encrypted \webdocker network ls# node IPip addr | grep -P -o '\d+\.\d+\.\d+\.\d+(?=/24)'# service VIPip addr | grep -P -o '\d+\.(?!255)\d+\.\d+\.\d+(?=/32)'
https://coreos.com/releases/
vi /etc/coreos/update.confupdate_engine_client -update
https://github.com/boot2docker/boot2docker Lightweight Linux for Docker
echo EXTRA_ARGS="--foo=bar" >> /var/lib/boot2docker/profile
https://docs.docker.com/engine/installation/windows/ https://docs.docker.com/machine/drivers/ https://forums.docker.com/t/how-can-i-ssh-into-the-betas-mobylinuxvm/10991/
https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
