docker logs
docker logs -f -t --since="2017-05-31" --tail=10 container
- 说明:
--since : 指定输出日志开始日期。
-f : 查看实时日志
-t : 查看日志产生的时间戳
-tail=10 : 查看最后的10条日志。
container : 容器名
docker logs -f --until=2s
- 说明:
相对时间(relative):2013-01-02T13:23:37
绝对时间(timestamp):42m for 42 minutes
docker logs [OPTIONS] CONTAINER
Options
| Name, shorthand | Default | Description |
|---|---|---|
--details |
Show extra details provided to logs | |
--follow , -f |
Follow log output | |
--since |
Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) | |
--tail |
all |
Number of lines to show from the end of the logs |
--timestamps , -t |
Show timestamps | |
--until |
Show logs before a timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) |
docker history
docker history -q IMAGE
- 说明:
| Name, shorthand | Default | Description |
|---|---|---|
| --format | Pretty-print images using a Go template | |
| --human , -H | true | Print sizes and dates in human readable format |
| --no-trunc | Don’t truncate output | |
| --quiet , -q | Only show numeric IDs |
truncate 缩短、删节
docker build
docker build [OPTIONS] PATH | URL | -
- 说明:
| Name, shorthand | Default | Description |
|---|---|---|
--add-host |
Add a custom host-to-IP mapping (host:ip) | |
--build-arg |
Set build-time variables | |
--cache-from |
Images to consider as cache sources | |
--cgroup-parent |
Optional parent cgroup for the container | |
--compress |
Compress the build context using gzip | |
--cpu-period |
Limit the CPU CFS (Completely Fair Scheduler) period | |
--cpu-quota |
Limit the CPU CFS (Completely Fair Scheduler) quota | |
--cpu-shares , -c |
CPU shares (relative weight) | |
--cpuset-cpus |
CPUs in which to allow execution (0-3, 0,1) | |
--cpuset-mems |
MEMs in which to allow execution (0-3, 0,1) | |
--disable-content-trust |
true |
Skip image verification |
--file , -f |
Name of the Dockerfile (Default is ‘PATH/Dockerfile’) | |
--force-rm |
Always remove intermediate containers | |
--iidfile |
Write the image ID to the file | |
--isolation |
Container isolation technology | |
--label |
Set metadata for an image | |
--memory , -m |
Memory limit | |
--memory-swap |
Swap limit equal to memory plus swap: ‘-1’ to enable unlimited swap | |
--network |
Set the networking mode for the RUN instructions during build | |
--no-cache |
Do not use cache when building the image | |
--platform |
Set platform if server is multi-platform capable | |
--progress |
auto |
Set type of progress output (auto, plain, tty). Use plain to show container output |
--pull |
Always attempt to pull a newer version of the image | |
--quiet , -q |
Suppress the build output and print image ID on success | |
--rm |
true |
Remove intermediate containers after a successful build |
--secret |
Secret file to expose to the build (only if BuildKit enabled): id=mysecret,src=/local/secret | |
--security-opt |
Security options | |
--shm-size |
Size of /dev/shm | |
--squash |
Squash newly built layers into a single new layer | |
--ssh |
SSH agent socket or keys to expose to the build (only if BuildKit enabled) (format: default|[=|[,]]) | |
--stream |
Stream attaches to server to negotiate build context | |
--tag , -t |
Name and optionally a tag in the ‘name:tag’ format | |
--target |
Set the target build stage to build. | |
--ulimit |
Ulimit options |
docker run
$ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
- 说明:
-a stdin: 指定标准输入输出内容类型,可选 STDIN/STDOUT/STDERR 三项;
-i: 以交互模式运行容器,通常与 -t 同时使用-it;
-t: 为容器重新分配一个伪输入终端,通常与 -i 同时使用-it;
-P: 随机端口映射,容器内部端口随机映射到主机的高端口;
-p: 指定端口映射,格式为:主机(宿主)端口:容器端口;
--name="nginx-lb": 为容器指定一个名称;
--dns 8.8.8.8: 指定容器使用的DNS服务器,默认和宿主一致;
--dns-search example.com: 指定容器DNS搜索域名,默认和宿主一致;
-h "mars": 指定容器的hostname;
-e username="ritchie": 设置环境变量;
--env-file=[]: 从指定文件读入环境变量;
--cpuset="0-2" or --cpuset="0,1,2": 绑定容器到指定CPU运行;
-m :设置容器使用内存最大值;
--net="bridge": 指定容器的网络连接类型,支持 bridge/host/none/container: 四种类型;
--link=[]: 添加链接到另一个容器;
--expose=[]: 开放一个端口或一组端口;
$ docker run -d -p 80:80 my_image service nginx start
- 说明:
后台创建容器,返回容器ID,并在容器内启动nginx
$ docker run -a stdin -a stdout -it ubuntu /bin/bash
- 说明:
-a stdin: 指定标准输入输出内容类型,可选 STDIN/STDOUT/STDERR 三项;
$ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date
- 说明:
Image[@digest]
PID settings (--pid)
--pid="" : Set the PID (Process) Namespace mode for the container,
'container:<name|id>': joins another container's PID namespace
'host': use the host's PID namespace inside the container
- 说明:
-- 默认情况下,所有容器都启用了PID名称空间。
-- PID命名空间提供进程分离。PID命名空间删除了系统进程的视图,并允许包括PID 1在内的进程id被重用。
-- 在某些情况下,您希望容器共享主机的进程名称空间,基本上允许容器内的进程查看系统上的所有进程。
Example: run htop inside a container
创建Dockerfile:
FROM alpine:latest
RUN apk add --update htop && rm -rf /var/cache/apk/*
CMD ["htop"]
依据dockerfile创建镜像myhtop:
$ docker build -t myhtop .
Use the following command to run htop inside a container:
$ docker run -it --rm --pid=host myhtop
加入另一个容器的pid名称空间可用于调试该容器。
docker run Usage
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
Options
| Name, shorthand | Default | Description |
|---|---|---|
--add-host |
Add a custom host-to-IP mapping (host:ip) | |
--attach , -a |
Attach to STDIN, STDOUT or STDERR | |
--blkio-weight |
Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) | |
--blkio-weight-device |
Block IO weight (relative device weight) | |
--cap-add |
Add Linux capabilities | |
--cap-drop |
Drop Linux capabilities | |
--cgroup-parent |
Optional parent cgroup for the container | |
--cidfile |
Write the container ID to the file | |
--cpu-count |
CPU count (Windows only) | |
--cpu-percent |
CPU percent (Windows only) | |
--cpu-period |
Limit CPU CFS (Completely Fair Scheduler) period | |
--cpu-quota |
Limit CPU CFS (Completely Fair Scheduler) quota | |
--cpu-rt-period |
Limit CPU real-time period in microseconds | |
--cpu-rt-runtime |
Limit CPU real-time runtime in microseconds | |
--cpu-shares , -c |
CPU shares (relative weight) | |
--cpus |
Number of CPUs | |
--cpuset-cpus |
CPUs in which to allow execution (0-3, 0,1) | |
--cpuset-mems |
MEMs in which to allow execution (0-3, 0,1) | |
--detach , -d |
Run container in background and print container ID | |
--detach-keys |
Override the key sequence for detaching a container | |
--device |
Add a host device to the container | |
--device-cgroup-rule |
Add a rule to the cgroup allowed devices list | |
--device-read-bps |
Limit read rate (bytes per second) from a device | |
--device-read-iops |
Limit read rate (IO per second) from a device | |
--device-write-bps |
Limit write rate (bytes per second) to a device | |
--device-write-iops |
Limit write rate (IO per second) to a device | |
--disable-content-trust |
true |
Skip image verification |
--dns |
Set custom DNS servers | |
--dns-opt |
Set DNS options | |
--dns-option |
Set DNS options | |
--dns-search |
Set custom DNS search domains | |
--entrypoint |
Overwrite the default ENTRYPOINT of the image | |
--env , -e |
Set environment variables | |
--env-file |
Read in a file of environment variables | |
--expose |
Expose a port or a range of ports | |
--group-add |
Add additional groups to join | |
--health-cmd |
Command to run to check health | |
--health-interval |
Time between running the check (ms|s|m|h) (default 0s) | |
--health-retries |
Consecutive failures needed to report unhealthy | |
--health-start-period |
Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s) | |
--health-timeout |
Maximum time to allow one check to run (ms|s|m|h) (default 0s) | |
--help |
Print usage | |
--hostname , -h |
Container host name | |
--init |
Run an init inside the container that forwards signals and reaps processes | |
--interactive , -i |
Keep STDIN open even if not attached | |
--io-maxbandwidth |
Maximum IO bandwidth limit for the system drive (Windows only) | |
--io-maxiops |
Maximum IOps limit for the system drive (Windows only) | |
--ip |
IPv4 address (e.g., 172.30.100.104) | |
--ip6 |
IPv6 address (e.g., 2001:db8::33) | |
--ipc |
IPC mode to use | |
--isolation |
Container isolation technology | |
--kernel-memory |
Kernel memory limit | |
--label , -l |
Set meta data on a container | |
--label-file |
Read in a line delimited file of labels | |
--link |
Add link to another container | |
--link-local-ip |
Container IPv4/IPv6 link-local addresses | |
--log-driver |
Logging driver for the container | |
--log-opt |
Log driver options | |
--mac-address |
Container MAC address (e.g., 92:d0:c6:0a:29:33) | |
--memory , -m |
Memory limit | |
--memory-reservation |
Memory soft limit | |
--memory-swap |
Swap limit equal to memory plus swap: ‘-1’ to enable unlimited swap | |
--memory-swappiness |
-1 |
Tune container memory swappiness (0 to 100) |
--mount |
Attach a filesystem mount to the container | |
--name |
Assign a name to the container | |
--net |
Connect a container to a network | |
--net-alias |
Add network-scoped alias for the container | |
--network |
Connect a container to a network | |
--network-alias |
Add network-scoped alias for the container | |
--no-healthcheck |
Disable any container-specified HEALTHCHECK | |
--oom-kill-disable |
Disable OOM Killer | |
--oom-score-adj |
Tune host’s OOM preferences (-1000 to 1000) | |
--pid |
PID namespace to use | |
--pids-limit |
Tune container pids limit (set -1 for unlimited) | |
--platform |
Set platform if server is multi-platform capable | |
--privileged |
Give extended privileges to this container | |
--publish , -p |
Publish a container’s port(s) to the host | |
--publish-all , -P |
Publish all exposed ports to random ports | |
--read-only |
Mount the container’s root filesystem as read only | |
--restart |
no |
Restart policy to apply when a container exits |
--rm |
Automatically remove the container when it exits | |
--runtime |
Runtime to use for this container | |
--security-opt |
Security Options | |
--shm-size |
Size of /dev/shm | |
--sig-proxy |
true |
Proxy received signals to the process |
--stop-signal |
SIGTERM |
Signal to stop a container |
--stop-timeout |
Timeout (in seconds) to stop a container | |
--storage-opt |
Storage driver options for the container | |
--sysctl |
Sysctl options | |
--tmpfs |
Mount a tmpfs directory | |
--tty , -t |
Allocate a pseudo-TTY | |
--ulimit |
Ulimit options | |
--user , -u |
Username or UID (format: <name|uid>[:<group|gid>]) | |
--userns |
User namespace to use | |
--uts |
UTS namespace to use | |
--volume , -v |
Bind mount a volume | |
--volume-driver |
Optional volume driver for the container | |
--volumes-from |
Mount volumes from the specified container(s) | |
--workdir , -w |
Working directory inside the container |
$ docker run -w /path/to/dir/ -i -t ubuntu pwd
- 说明
The -w lets the command being executed inside directory given, here /path/to/dir/. If the path does not exist it is created inside the container.
docker exec Usage
docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
- 说明:
| Name, shorthand | Default | Description |
|---|---|---|
--detach , -d |
Detached mode: run command in the background | |
--detach-keys |
Override the key sequence for detaching a container | |
--env , -e |
Set environment variables | |
--interactive , -i |
Keep STDIN open even if not attached | |
--privileged |
Give extended privileges to the command | |
--tty , -t |
Allocate a pseudo-TTY | |
--user , -u |
Username or UID (format: <name|uid>[:<group|gid>]) | |
--workdir , -w |
Working directory inside the container |
