awesome/DockerCheatSheet
1
0
Fork 0
mirror of https://github.com/eon01/DockerCheatSheet.git synced 2024-11-16 00:58:57 +02:00
Code

change default readme

Browse Source
This commit is contained in:
Aymen EL AMRI 2020-02-17 14:04:54 +01:00
parent a1b83e9bce
commit 16a35ddd9c
2 changed files with 754 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
README.md
View File

@ -1,28 +1,28 @@
> 如你如见,最近这个仓库在 GIthub 上变的流行。不久的将来,我们会进一步完善它。
> 感谢你的支持。
> This repository is trending on Github since some days now. Watch it, we will add many updates in the future.
> Thank you for your support.
点击 [网址](http://dockercheatsheet.painlessdocker.com).
Check [the website](http://dockercheatsheet.painlessdocker.com).
*查看其他语言版本: [英语](README.md), [俄语](README.ru.md), [波斯语](README.fa.md)*
*Read this in other languages: [English](README.md), [Russian](README.ru.md), [Persian](README.fa.md), [Chinese](README.zh.md)*
# 目录
# Table of Contents
* [安装](#安装)
* [Docker 仓管中心和仓库](#Docker-仓管中心和仓库)
* [运行容器](#运行容器)
* [启动 & 停止容器](#启动--停止容器)
* [获取容器相关详细](#获取容器相关详细)
* [网络](#网络)
* [镜像安全性](#镜像安全性)
* [清理 Docker](#清理-Docker)
* [Installation](#installation)
* [Docker Registries & Repositories](#docker-registries--repositories)
* [Running Containers](#running-containers)
* [Starting & Stopping Containers](#starting--stopping-containers)
* [Getting Information about Containers](#getting-information-about-containers)
* [Networking](#networking)
* [Security](#security)
* [Cleaning Docker](#cleaning-docker)
* [Docker Swarm](#docker-swarm)
* [附录](#附录)
* [Notes](#notes)
# 安装
# Installation
## Linux
查看 [这里](https://docs.docker.com/install/#server) 获取更多信息。
For more information, see [here](https://docs.docker.com/install/#server)
```
curl -sSL https://get.docker.com/ | sh
@ -30,9 +30,9 @@ curl -sSL https://get.docker.com/ | sh
## Mac
查看 [这里](https://docs.docker.com/docker-for-mac/install/) 获取更多信息
For more information, see [here](https://docs.docker.com/docker-for-mac/install/)
使用下面连接下载 dmg 文件.
Use this link to download the dmg.
```
https://download.docker.com/mac/stable/Docker.dmg
@ -40,17 +40,17 @@ https://download.docker.com/mac/stable/Docker.dmg
## Windows
查看 [这里](https://docs.docker.com/docker-for-windows/install/) 获取更多信息
For more information, see [here](https://docs.docker.com/docker-for-windows/install/)
通过 msi 文件安装:
Use the msi installer:
```
https://download.docker.com/win/stable/InstallDocker.msi
```
# Docker 仓管中心和仓库
# Docker Registries & Repositories
## 登录镜像仓库
## Login to a Registry
```
docker login
@ -60,7 +60,7 @@ docker login
docker login localhost:8080
```
## 从镜像仓库退出登录
## Logout from a Registry.
```
docker logout
@ -70,7 +70,7 @@ docker logout
docker logout localhost:8080
```
## 搜索镜像
## Searching an Image
```
docker search nginx
@ -80,7 +80,7 @@ docker search nginx
docker search --filter stars=3 --no-trunc nginx
```
## 拉取镜像
## Pulling an Image
```
docker image pull nginx
@ -90,7 +90,7 @@ docker image pull nginx
docker image pull eon01/nginx localhost:5000/myadmin/nginx
```
## 推送镜像
## Pushing an Image
```
docker image push eon01/nginx
@ -100,124 +100,124 @@ docker image push eon01/nginx
docker image push eon01/nginx localhost:5000/myadmin/nginx
```
# 运行容器
# Running Containers
## 创建并运行一个简单的容器
## Create and Run a Simple Container
> - 启动[ubuntu:latest](https://hub.docker.com/_/ubuntu/) 镜像
> - 绑定**容器**的 `80` 端口到**宿主机**的 `3000` 端口
> - 将主机 `/data` 目录挂载到容器中
> - 注意: 在 **windows** 系统中,你需将 `-v ${PWD}:/data` 改为`-v "C:\Data":/data`
> - Start an [ubuntu:latest](https://hub.docker.com/_/ubuntu/) image
> - Bind the port `80` from the **CONTAINER** to port `3000` on the **HOST**
> - Mount the current directory to `/data` on the CONTAINER
> - Note: on **windows** you have to change `-v ${PWD}:/data` to `-v "C:\Data":/data`
```
docker container run --name infinite -it -p 3000:80 -v ${PWD}:/data ubuntu:latest
```
## 创建容器
## Creating a Container
```
docker container create -t -i eon01/infinite --name infinite
```
## 运行容器
## Running a Container
```
docker container run -it --name infinite -d eon01/infinite
```
## 重命名容器
## Renaming a Container
```
docker container rename infinite infinity
```
## 删除容器
## Removing a Container
```
docker container rm infinite
```
容器只有停止后才可被删除,通过 ```docker stop``` 命令停止容器。为避免这个可在容器启动时加上```--rm``` 选项。
A container can be removed only after it has been stopped using the ```docker stop``` command. To avoid this, add the ```--rm``` flag while running the container.
## 更新容器配置
## Updating a Container
```
docker container update --cpu-shares 512 -m 300M infinite
```
## 在运行的容器中执行命令
## Running a command within a running container
```
docker exec -it infinite sh
```
上例中,如果报错可将 ```bash``` 可替换为 ```sh``` .
In the example above, ```bash``` can replace ```sh``` as an alternative if the above is giving an error.
# 启动 & 停止容器
# Starting & Stopping Containers
## 启动
## Starting
```
docker container start nginx
```
## 停止
## Stopping
```
docker container stop nginx
```
## 重启
## Restarting
```
docker container restart nginx
```
## 暂停
## Pausing
```
docker container pause nginx
```
## 取消暂停
## Unpausing
```
docker container unpause nginx
```
## 阻塞容器
## Blocking a Container
```
docker container wait nginx
```
## 杀掉容器
## Sending a SIGKILL
```
docker container kill nginx
```
## 发送其他信号
## Sending another signal
```
docker container kill -s HUP nginx
```
## 连接现有容器
## Connecting to an Existing Container
```
docker container attach nginx
```
# 获取容器相关详细
# Getting Information about Containers
## 查看运行的容器
## Running Containers
简写:
Shortest way:
```
docker ps
```
或者:
Alternative:
```
docker container ls
```
## 查看所有容器
## All containers.
```
docker ps -a
```
@ -225,19 +225,19 @@ docker ps -a
docker container ls -a
```
## 查看容器日志
## Container Logs
```
docker logs infinite
```
## 追踪容器日志
## Follow Container Logs
```
docker container logs infinite -f
```
## 检查容器
## Inspecting Containers
```
docker container inspect infinite
@ -247,46 +247,46 @@ docker container inspect infinite
docker container inspect --format '{{ .NetworkSettings.IPAddress }}' $(docker ps -q)
```
## 查看容器事件
## Containers Events
```
docker system events infinite
```
## 查看容器端口
## Public Ports
```
docker container port infinite
```
## 运行进程
## Running Processes
```
docker container top infinite
```
## 查看容器资源使用情况
## Container Resource Usage
```
docker container stats infinite
```
## 检查容器文件系统上文件或目录的更改情况
## Inspecting changes to files or directories on a container’s filesystem
```
docker container diff infinite
```
## 操作镜像
## Manipulating Images
## 列示镜像
## Listing Images
```
docker image ls
```
## 构建镜像
## Building Images
```
docker build .
@ -318,13 +318,13 @@ curl example.com/remote/Dockerfile | docker build -f - .
## 删除镜像
## Removing an Image
```
docker image rm nginx
```
## 从压缩文件中导入镜像
## Loading a Tarred Repository from a File or the Standard Input Stream
```
docker image load < ubuntu.tar.gz
@ -334,40 +334,40 @@ docker image load < ubuntu.tar.gz
docker image load --input ubuntu.tar
```
## 将镜像保存为 Tar 包
## Save an Image to a Tar Archive
```
docker image save busybox > ubuntu.tar
```
## 展示镜像历史
## Showing the History of an Image
```
docker image history busybox
docker image history
```
## 将容器保存为镜像
## Creating an Image From a Container
```
docker container commit nginx
```
## 给镜像打标签
## Tagging an Image
```
docker image tag nginx eon01/nginx
```
## 推送镜像
## Pushing an Image
```
docker image push eon01/nginx
```
# 网络
# Networking
## 创建网络
## Creating Networks
```
docker network create -d overlay MyOverlayNetwork
@ -389,147 +389,147 @@ docker network create -d overlay \
MyOverlayNetwork
```
## 删除某网络
## Removing a Network
```
docker network rm MyOverlayNetwork
```
## 列示现有网络
## Listing Networks
```
docker network ls
```
## 获取网络信息
## Getting Information About a Network
```
docker network inspect MyOverlayNetwork
```
## 将运行中的容器接入某一网络
## Connecting a Running Container to a Network
```
docker network connect MyOverlayNetwork nginx
```
## 启动容器时,将其接入某一网络
## Connecting a Container to a Network When it Starts
```
docker container run -it -d --network=MyOverlayNetwork nginx
```
## 将容器从某网络中断开连接
## Disconnecting a Container from a Network
```
docker network disconnect MyOverlayNetwork nginx
```
## 暴露端口
## Exposing Ports
使用 Dockerfile, 你可以暴露容器端口:
Using Dockerfile, you can expose a port on the container using:
```
EXPOSE <port_number>
```
你还可以通过下面方式,将容器端口映射为宿主机端口:
You can also map the container port to a host port using:
docker run -p $HOST_PORT:$CONTAINER_PORT --name <container_name> -t <image>
例如
e.g.
```
docker run -p $HOST_PORT:$CONTAINER_PORT --name infinite -t infinite
```
# 镜像安全性
# Security
## 构建安全镜像的一些指导建议
## Guidelines for building secure Docker images
1. 选择最精简的基础镜像
2. 创建用户并分配使其用镜像基础权限
3. 署名并校验镜像以避免中间人攻击(MITM) 攻击
4. 寻找、修复和关注开源漏洞
5. 不要在镜像中泄露敏感信息
6. 使用明确固定的镜像标签
7. 使用 COPY 代替 ADD
8. 为元数据创建标签
9. 采用多阶段构建以获得小且安全的镜像
10. 使用 linter
1. Prefer minimal base images
2. Dedicated user on the image as the least privileged user
3. Sign and verify images to mitigate MITM attacks
4. Find, fix and monitor for open source vulnerabilities
5. Don’t leak sensitive information to docker images
6. Use fixed tags for immutability
7. Use COPY instead of ADD
8. Use labels for metadata
9. Use multi-stage builds for small secure images
10. Use a linter
详细内容参考 Snyk 的 [10 Docker Image Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/) blog
More detailed information on Snyk's [10 Docker Image Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/) blog
# 清理 Docker
# Cleaning Docker
## 删除容器
## Removing a Running Container
```
docker container rm nginx
```
## 删除容器和其数据卷
## Removing a Container and its Volume
```
docker container rm -v nginx
```
## 删除所有退出(Exited)容器
## Removing all Exited Containers
```
docker container rm $(docker container ls -a -f status=exited -q)
```
## 删除所有退出(Stopped)容器
## Removing All Stopped Containers
```
docker container rm `docker container ls -a -q`
```
## 删除镜像
## Removing a Docker Image
```
docker image rm nginx
```
## 删除悬空(Dangling)镜像
## Removing Dangling Images
```
docker image rm $(docker image ls -f dangling=true -q)
```
## 删除所有镜像
## Removing all Images
```
docker image rm $(docker image ls -a -q)
```
## 删除所有无标签镜像
## Removing all untagged images
```
docker image rm -f $(docker image ls | grep "^<none>" | awk "{print $3}")
```
## 停止 & 删除所有镜像
## Stopping & Removing all Containers
```
docker container stop $(docker container ls -a -q) && docker container rm $(docker container ls -a -q)
```
## 删除悬空(Dangling)数据卷
## Removing Dangling Volumes
```
docker volume rm $(docker volume ls -f dangling=true -q)
```
## 删除所有 (容器、镜像、网络和数据卷)
## Removing all unused (containers, images, networks and volumes)
```
docker system prune -f
```
## 清理所有
## Clean all
```
docker system prune -a
@ -537,28 +537,28 @@ docker system prune -a
# Docker Swarm
## 安装 Docker Swarm
## Installing Docker Swarm
```
curl -ssl https://get.docker.com | bash
```
## 初始化 Swarm
## Initializing the Swarm
```
docker swarm init --advertise-addr 192.168.10.1
```
## 将工作节点加入 Swarm
## Getting a Worker to Join the Swarm
```
docker swarm join-token worker
```
## 将管理节点加入 Swarm
## Getting a Manager to Join the Swarm
```
docker swarm join-token manager
@ -566,42 +566,43 @@ docker swarm join-token manager
## 列示服务
## Listing Services
```
docker service ls
```
## 列示节点
## Listing nodes
```
docker node ls
```
## 新建服务
## Creating a Service
```
docker service create --name vote -p 8080:80 instavote/vote
```
## 列示 Swarm 任务
## Listing Swarm Tasks
```
docker service ps
```
## 伸缩服务
## Scaling a Service
```
docker service scale vote=3
```
## 更新服务
## Updating a Service
```
docker service update --image instavote/vote:movies vote
@ -623,6 +624,7 @@ docker service update --limit-cpu 2 nginx
docker service update --replicas=5 nginx
```
# 附录
# Notes
This work was first published in [Painless Docker Course](http://painlessdocker.com)
该文章首发于 [Painless Docker Course](http://painlessdocker.com)

628
README.zh.md Normal file
View File

@ -0,0 +1,628 @@
> 如你如见,最近这个仓库在 GIthub 上变的流行。不久的将来,我们会进一步完善它。
> 感谢你的支持。
点击 [网址](http://dockercheatsheet.painlessdocker.com).
*查看其他语言版本: [英语](README.md), [俄语](README.ru.md), [波斯语](README.fa.md)*
# 目录
* [安装](#安装)
* [Docker 仓管中心和仓库](#Docker-仓管中心和仓库)
* [运行容器](#运行容器)
* [启动 &amp; 停止容器](#启动--停止容器)
* [获取容器相关详细](#获取容器相关详细)
* [网络](#网络)
* [镜像安全性](#镜像安全性)
* [清理 Docker](#清理-Docker)
* [Docker Swarm](#docker-swarm)
* [附录](#附录)
# 安装
## Linux
查看 [这里](https://docs.docker.com/install/#server) 获取更多信息。
```
curl -sSL https://get.docker.com/ | sh
```
## Mac
查看 [这里](https://docs.docker.com/docker-for-mac/install/) 获取更多信息
使用下面连接下载 dmg 文件.
```
https://download.docker.com/mac/stable/Docker.dmg
```
## Windows
查看 [这里](https://docs.docker.com/docker-for-windows/install/) 获取更多信息
通过 msi 文件安装:
```
https://download.docker.com/win/stable/InstallDocker.msi
```
# Docker 仓管中心和仓库
## 登录镜像仓库
```
docker login
```
```
docker login localhost:8080
```
## 从镜像仓库退出登录
```
docker logout
```
```
docker logout localhost:8080
```
## 搜索镜像
```
docker search nginx
```
```
docker search --filter stars=3 --no-trunc nginx
```
## 拉取镜像
```
docker image pull nginx
```
```
docker image pull eon01/nginx localhost:5000/myadmin/nginx
```
## 推送镜像
```
docker image push eon01/nginx
```
```
docker image push eon01/nginx localhost:5000/myadmin/nginx
```
# 运行容器
## 创建并运行一个简单的容器
> - 启动[ubuntu:latest](https://hub.docker.com/_/ubuntu/) 镜像
> - 绑定**容器**的 `80` 端口到**宿主机**的 `3000` 端口
> - 将主机 `/data` 目录挂载到容器中
> - 注意: 在 **windows** 系统中,你需将 `-v ${PWD}:/data` 改为`-v "C:\Data":/data`
```
docker container run --name infinite -it -p 3000:80 -v ${PWD}:/data ubuntu:latest
```
## 创建容器
```
docker container create -t -i eon01/infinite --name infinite
```
## 运行容器
```
docker container run -it --name infinite -d eon01/infinite
```
## 重命名容器
```
docker container rename infinite infinity
```
## 删除容器
```
docker container rm infinite
```
容器只有停止后才可被删除,通过 ```docker stop``` 命令停止容器。为避免这个可在容器启动时加上```--rm``` 选项。
## 更新容器配置
```
docker container update --cpu-shares 512 -m 300M infinite
```
## 在运行的容器中执行命令
```
docker exec -it infinite sh
```
上例中,如果报错可将 ```bash``` 可替换为 ```sh``` .
# 启动 & 停止容器
## 启动
```
docker container start nginx
```
## 停止
```
docker container stop nginx
```
## 重启
```
docker container restart nginx
```
## 暂停
```
docker container pause nginx
```
## 取消暂停
```
docker container unpause nginx
```
## 阻塞容器
```
docker container wait nginx
```
## 杀掉容器
```
docker container kill nginx
```
## 发送其他信号
```
docker container kill -s HUP nginx
```
## 连接现有容器
```
docker container attach nginx
```
# 获取容器相关详细
## 查看运行的容器
简写:
```
docker ps
```
或者:
```
docker container ls
```
## 查看所有容器
```
docker ps -a
```
```
docker container ls -a
```
## 查看容器日志
```
docker logs infinite
```
## 追踪容器日志
```
docker container logs infinite -f
```
## 检查容器
```
docker container inspect infinite
```
```
docker container inspect --format '{{ .NetworkSettings.IPAddress }}' $(docker ps -q)
```
## 查看容器事件
```
docker system events infinite
```
## 查看容器端口
```
docker container port infinite
```
## 运行进程
```
docker container top infinite
```
## 查看容器资源使用情况
```
docker container stats infinite
```
## 检查容器文件系统上文件或目录的更改情况
```
docker container diff infinite
```
## 操作镜像
## 列示镜像
```
docker image ls
```
## 构建镜像
```
docker build .
```
```
docker build github.com/creack/docker-firefox
```
```
docker build - < Dockerfile
```
```
docker build - < context.tar.gz
```
```
docker build -t eon/infinite .
```
```
docker build -f myOtherDockerfile .
```
```
curl example.com/remote/Dockerfile | docker build -f - .
```
## 删除镜像
```
docker image rm nginx
```
## 从压缩文件中导入镜像
```
docker image load < ubuntu.tar.gz
```
```
docker image load --input ubuntu.tar
```
## 将镜像保存为 Tar 包
```
docker image save busybox > ubuntu.tar
```
## 展示镜像历史
```
docker image history busybox
```
## 将容器保存为镜像
```
docker container commit nginx
```
## 给镜像打标签
```
docker image tag nginx eon01/nginx
```
## 推送镜像
```
docker image push eon01/nginx
```
# 网络
## 创建网络
```
docker network create -d overlay MyOverlayNetwork
```
```
docker network create -d bridge MyBridgeNetwork
```
```
docker network create -d overlay \
--subnet=192.168.0.0/16 \
--subnet=192.170.0.0/16 \
--gateway=192.168.0.100 \
--gateway=192.170.0.100 \
--ip-range=192.168.1.0/24 \
--aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
--aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
MyOverlayNetwork
```
## 删除某网络
```
docker network rm MyOverlayNetwork
```
## 列示现有网络
```
docker network ls
```
## 获取网络信息
```
docker network inspect MyOverlayNetwork
```
## 将运行中的容器接入某一网络
```
docker network connect MyOverlayNetwork nginx
```
## 启动容器时,将其接入某一网络
```
docker container run -it -d --network=MyOverlayNetwork nginx
```
## 将容器从某网络中断开连接
```
docker network disconnect MyOverlayNetwork nginx
```
## 暴露端口
使用 Dockerfile, 你可以暴露容器端口:
```
EXPOSE <port_number>
```
你还可以通过下面方式,将容器端口映射为宿主机端口:
docker run -p $HOST_PORT:$CONTAINER_PORT --name <container_name> -t <image>
例如
```
docker run -p $HOST_PORT:$CONTAINER_PORT --name infinite -t infinite
```
# 镜像安全性
## 构建安全镜像的一些指导建议
1. 选择最精简的基础镜像
2. 创建用户并分配使其用镜像基础权限
3. 署名并校验镜像以避免中间人攻击(MITM) 攻击
4. 寻找、修复和关注开源漏洞
5. 不要在镜像中泄露敏感信息
6. 使用明确固定的镜像标签
7. 使用 COPY 代替 ADD
8. 为元数据创建标签
9. 采用多阶段构建以获得小且安全的镜像
10. 使用 linter
详细内容参考 Snyk 的 [10 Docker Image Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/) blog
# 清理 Docker
## 删除容器
```
docker container rm nginx
```
## 删除容器和其数据卷
```
docker container rm -v nginx
```
## 删除所有退出(Exited)容器
```
docker container rm $(docker container ls -a -f status=exited -q)
```
## 删除所有退出(Stopped)容器
```
docker container rm `docker container ls -a -q`
```
## 删除镜像
```
docker image rm nginx
```
## 删除悬空(Dangling)镜像
```
docker image rm $(docker image ls -f dangling=true -q)
```
## 删除所有镜像
```
docker image rm $(docker image ls -a -q)
```
## 删除所有无标签镜像
```
docker image rm -f $(docker image ls | grep "^<none>" | awk "{print $3}")
```
## 停止 & 删除所有镜像
```
docker container stop $(docker container ls -a -q) && docker container rm $(docker container ls -a -q)
```
## 删除悬空(Dangling)数据卷
```
docker volume rm $(docker volume ls -f dangling=true -q)
```
## 删除所有 (容器、镜像、网络和数据卷)
```
docker system prune -f
```
## 清理所有
```
docker system prune -a
```
# Docker Swarm
## 安装 Docker Swarm
```
curl -ssl https://get.docker.com | bash
```
## 初始化 Swarm
```
docker swarm init --advertise-addr 192.168.10.1
```
## 将工作节点加入 Swarm
```
docker swarm join-token worker
```
## 将管理节点加入 Swarm
```
docker swarm join-token manager
```
## 列示服务
```
docker service ls
```
## 列示节点
```
docker node ls
```
## 新建服务
```
docker service create --name vote -p 8080:80 instavote/vote
```
## 列示 Swarm 任务
```
docker service ps
```
## 伸缩服务
```
docker service scale vote=3
```
## 更新服务
```
docker service update --image instavote/vote:movies vote
```
```
docker service update --force --update-parallelism 1 --update-delay 30s nginx
```
```
docker service update --update-parallelism 5--update-delay 2s --image instavote/vote:indent vote
```
```
docker service update --limit-cpu 2 nginx
```
```
docker service update --replicas=5 nginx
```
# 附录
该文章首发于 [Painless Docker Course](http://painlessdocker.com)