Docker使用中需要注意的问题

  1. docker daemon启动时创建了docker0网桥,随后自动分配私有IP和port。
  2. docker daemon会修改iptables规则。会创建DOCKER的特殊过滤链,并插入FORWARD链的最上面。
  3. docker daemon也会修改iptables nat以便建立对外的连接。
  4. docker对每个container创建veth(virtual ethernet)网络设备。

  1. (dockerfile) CMD

    1. If CMD is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified with the JSON array format.
    2. 只有最后一条会生效。
    3. docker run YOUR_COMMAND会覆盖 CMD
    4. 用于给

  2. dockerfile RUN 执行多个script

  3. CMD是 docker run 时传递给container的命令。例如

    # DOCKERFILE
FROM alpine
ENTRYPOINT ["echo", "Hello,"]
CMD ["World"]

#build
docker build -t test .
# run with CMD entry
docker run --rm test
# => Hello, World

# run with command request
docker run --rm test "Alice!"
# => Hello, Alice

The contents of ENTRYPOINT are not changed as shown below, and the contents of CMD are overwritten as they are.

在run这个镜像时,后续无论输入什么,都会被认为是entrypoint命令的参数。
同时命令行新输入的参数会覆盖掉CMD。
例如:
# run with expected executables
docker run --rm test ls
# => Hello, ls

  4. docker run --privileged ${IMAGE_ID} grants a Docker container root capabilities to all devices on the host system. Running a container in privileged mode gives it the capabilities of its host machine. For example, it enables it to modify App Arm and SELinux configurations

    1. docker inspect --format='{{.HostConfig.Privileged}}' [container_id]

  5. docker 网络默认使用bridge模式;