【4】Docker run 详解

一般形式

docker run [OPTIONS] IMAGE [:TAG|@DIGEST] [COMMAND] [ARG...]

Operator exclusive options

• Detached vs foreground
• Detached (-d)
• Foreground
• Container identification
• Name (--name)
• PID equivalent
• IPC settings (--ipc)
• Network settings
• Restart policies (--restart)
• Clean up (--rm)
• Runtime constraints on resource
• Runtime privileges, Linux capabilities, and LXC configuration

Detached vs foreground

Detached (-d)

• --rm 和 -d 不能同时存在
• 不能使用service x start

docker run -d 80:80 my_image service nginx start

• 正确的启动方式

docker run -d 80:80 my_image nginx -g 'daemon off;'

Foreground

• 进入交互模式 -it

Container identification

Name (--name)

• 区分容器的三种方式
• UUID 长标识符
• UUID 短标识符
• Name （若未指定，则随机生成）

PID

--cidfile="": Write the container ID to the file

Image[:tag]

docker run ubuntu:14.04

Image[@digest]

PID settings (--pid)

docker run --pid=host rhel7 strace -p 1234

UTS settings (--uts)

IPC settings (--ipc)

Network settings

Restart policies (--restart)

docker run --restart=always redis
docker run --restart=on-failure:10 redis

Clean up (--rm)

Automatically remove the container when it exists (incompatible with -d)

Security configuration

docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash

Specifying custom cgroups

Runtime constraints on resources

User memory constraints

docker run -ti ubuntu:14.04 /bin/bash
docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash
docker run -ti -m 300M ubuntu:14.04 /bin/bash
docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash
docker run -ti -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash
docker run -ti --memory-reservation 1G ubuntu:14.04 /bin/bash

Kernel memory constraints

Swappiness constraint

docker run -ti --memory-swappiness=0 ubuntu:14.04 /bin/bash

CPU share constraint

CPU period constraint

docker run -ti --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash

CPUset constraint

docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-mems="1,3" ubuntu:14.04 /bin/bash
docker run -ti --cpuset-mems="0-2" ubuntu:14.04 /bin/bash

CPU quota constraint

Block IO bandwidth (Blkio) constraint

docker run -ti --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash
docker run -ti --name c2 --blkio-weight 600 ubunut:14.04 /bin/bash

Additional groups

Runtime privileges, Linux capabilities, and LXC configuration

docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc
docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc

Logging drivers (--log-driver)

Overriding Dockerfile image defaults

CMD (default command or options)

ENTRYPOINT (default command to execute at runtime)

EXPOSE (incoming ports)

ENV (environment variables)

VOLUME (shared filesystems)

USER

WORKDIR