Shulou(Shulou.com)06/03 Report--

Preface

Template file is the core of using compose, which involves a lot of instruction keywords, but most of the parameters related to docker run have the same meaning.

The default template file name is docker-compose.yml, which is in yaml format, as follows:

Version: "3" services: webapp: image: examples/web ports:-"80:80" volumes:-"/ data"

Note that each service must use the image directive to specify the image or the build instruction (which requires Dockerfile) to automatically build and generate the image.

If you use the build directive, the options set in Dockerfile (such as CMD, EXPOSE, VOLUME, ENV, etc.) will be automatically obtained without having to repeat the settings in docker-compose.yml.

1 、 build

Specify the path to the folder where the Dockerfile is located (either absolute or relative to the docker-compose.yml file). Compose will use it to automatically build the image and then use the image.

As follows:

Version: '3'services: webapp: build:. / dir

You can also use context to specify the path to the folder where the dockerfile is located, the dockerfile directive to specify the dockerfile file name, and the arg directive to specify the variables when building the image. As follows:

Version: '3'services: webapp: build: context:. / dir dockerfile: Dockerfile-alternate args: buildno: 1

Use cache_from to specify the cache for building the image:

Build: context:. Cache_from:-alpine:latest-corp/web_app:3.142, cap_add,cap_drop

Specifies the kernel capability (capacity) allocation of the container.

For example, having a container with all the capabilities can be specified as:

Cap_add:-ALL

The ability to remove NET_ADMIN can be specified as:

Cap_drop:-NET_ADMIN3, command

Overrides the commands that are executed by default after the container starts.

Command: echo "hello world" 4, configs

For swarm mode only.

5 、 cgroup_parent

Specifying the parent cgroup group means that the resource limits of that group will be inherited.

For example, a cgroup group named cgroups_1 is created.

Cgroup_parent: cgroups_1

The so-called cgroup group is to create a directory in the following path, and the directory command is a group, as follows:

$pwd/sys/fs/cgroup/memory$ mkdir xx1 $ls | wc-l # when the above directory is created successfully, many files are automatically generated in the directory, all of which are restricted. 316 、 container_name

Specify the container name, and the format "project name _ service name _ sequence number" will be used by default.

Container_name: docker-web-container

Note: after you specify a container name, the service cannot be extended (scale) because Docker does not allow multiple containers to have the same name.

7 、 deploy

For docker swarm clusters only.

8 、 devices

Specifies the device mapping relationship.

Devices:-"/ dev/ttyUSB1:/dev/ttyUSB0" 9, depends_on

Solve the problem of container dependence and start-up sequence. Redis, db and then web will be started in the following file.

Version: '3'services: web: build: .depends_on:-db-redis redis: image: redis db: image: postgres

Note: the web service does not wait for redis, db, and full startup before starting.

10 、 dns

Customize the DNS server. It can be a value or a list.

Dns: 8.8.8.8 or: dns:-8.8.8.8-114.114.114.11411, dns_search

Configure the DNS search domain. It can be a value or a list.

Dns_search: example.com or: dns_search:-domain1.example.com-domain2.example.com12, tmpfs

Mount an tmpfs file system to the container.

Tmpfs: / runtmpfs:-/ run-/ tmp13, env_file

Get the environment variable from the file, which can be a separate file path or list.

If the Compose template file is specified by docker-compose-f FILE, the path of the variables in env_file is based on the template file path.

If a variable name conflicts with the environment directive, the latter shall prevail by convention.

Env_file: .envenv _ file: -. / common.env -. / apps/web.env-/ opt/secrets.env

Each line in the environment variable file must conform to the format, and comment lines starting with # are supported, as follows:

# common.env: Set development environmentPROG_ENV=development14 、 environment

Set the environment variable. You can use either an array or a dictionary.

Variables with only a given name automatically get the value of the corresponding variable on the host running Compose, which can be used to prevent unnecessary data disclosure. The format is as follows:

Environment: RACK_ENV: development SESSION_SECRET: or: environment:-RACK_ENV=development-SESSION_SECRET

If true | false,yes | no and other words to express Boolean meaning are used in variable names or values, it is best to put them in quotation marks to prevent YAML from automatically parsing some content as the corresponding Boolean semantics. These specific words include the following:

Y | Y | yes | Yes | YES | n | N | no | No | NO | true | True | TRUE | false | False | FALSE | on | On | ON | off | O15, expose

The port is exposed, but not mapped to the host, and is only accessed by the connected service.

Only internal ports can be specified as parameters

Expose:-"3000"-"8000" 16, external_links

This directive is not recommended.

Links to containers outside of docker-compose.yml, not even external containers managed by Compose.

External_links:-redis_1-project_db_1:mysql-project_db_1:postgresql17, extra_hosts

Similar to the-- add-host parameter in Docker, specify additional host name mapping information.

Extra_hosts:-"googledns:8.8.8.8"-"dockerhub:52.1.157.61"

The following two entries are added to the / etc/hosts file in the service container after startup.

8.8.8.8 googledns52.1.157.61 dockerhub18 、 healthcheck

Check whether the container is running healthily through the command.

Healthcheck: test: ["CMD", "curl", "- f", "http://localhost"] interval: 1m30s timeout: 10s retries: 3interval: specify the interval between each test; timeout: specify the timeout, after which the test is considered to have failed; retries: specify the number of retries. 19 、 image

Specify either the mirror name or the mirror ID. If the image does not exist locally, Compose will try to pull the image.

Image: ubuntuimage: orchardup/postgresqlimage: a4bc65fd20 、 labels

Add Docker metadata (metadata) information to the container. For example, you can add auxiliary description information to the container.

Labels: com.startupteam.description: "webapp for a startupteam" com.startupteam.department: "devops department" com.startupteam.release: "rc3 for v1.0" 21, loggin

Configure logging options.

Logging: driver: syslog options: syslog-address: "tcp://192.168.0.42:123"

Currently, three log driver types are supported. As follows:

Driver: "json-file" driver: "syslog" driver: "none" options configuration log driver parameters are as follows: options: max-size: "200k" max-file: "10" 22, network_mode

Sets the network mode. Use the same value as the-- network parameter of docker run.

Network_mode: "bridge" network_mode: "host" network_mode: "none" network_mode: "service: [service name]" network_mode: "container: [container name/id]" 23, networks

Configure the network to which the container is connected.

Version: "3" services: some-service: networks:-some-network-other-networknetworks: some-network: other-network:24, pid

Share the process namespace with the host system. Containers with this option turned on, and between containers and host systems, can access and operate with each other through the process ID.

Pid: "host" 25, ports

Expose port information.

Use the host port: container port (HOST:CONTAINER) format, or just specify the port of the container (the host will randomly select the port).

Ports:-"3000"-"8000VRV 8000"-"49100RV 22"-"127.0.0.1RV 8001VOL 8001"

Note: when using HOST:CONTAINER format to map ports, if you use a container port less than 60 and do not put it in quotation marks, you may get an error result, because YAML will automatically parse the xx:yy number format to 60. To avoid this problem, it is recommended that numeric strings should be in a string format enclosed in quotation marks.

26 、 secrets

Store sensitive data, such as mysql service passwords.

Version: "3.1" services:mysql: image: mysql environment: MYSQL_ROOT_PASSWORD_FILE: / run/secrets/db_root_password secrets:-db_root_password-my_other_secretsecrets: my_secret: file:. / my_secret.txt my_other_secret: external: true27, security_opt

Specifies the default attributes (user, role, type, level, and so on) of the container template tag (label) mechanism. For example, the user name and role name of the configuration label.

Security_opt:-label:user:USER-label:role:ROLE28, stop_signal

Set another signal to stop the container. The SIGTERM stop container is used by default.

Stop_signal: SIGUSR129 、 sysctls

Configure container kernel parameters.

Sysctls: net.core.somaxconn: 1024 net.ipv4.tcp_syncookies: 0 or: sysctls:-net.core.somaxconn=1024-net.ipv4.tcp_syncookies=030, ulimits

Specifies the ulimits limit value for the container.

For example, specify a maximum number of processes of 65535, specify a number of file handles of 20000 (soft limit, applications can be modified at any time, cannot exceed the hard limit) and 40000 (system hard limit, which can only be raised by root users).

Ulimits: nproc: 65535 nofile: soft: 20000 hard: 4000031 、 volumes

The path to which the data volume is mounted is set. It can be set to the host path (HOST:CONTAINER) or the data volume name (VOLUME:CONTAINER), and the access mode (HOST:CONTAINER:ro) can be set.

The path in this instruction supports relative paths.

Volumes:-/ var/lib/mysql-cache/:/tmp/cache-~ / configs:/etc/configs/:ro

If the path is a data volume name, you must configure the data volume in the file. As follows:

Version: "3" services: my_src: image: mysql:8.0 volumes:-mysql_data:/var/lib/mysqlvolumes: mysql_data:32, other instructions

In addition, there are domainname, entrypoint, hostname, ipc, mac_address, privileged, read_only, shm_size, restart, stdin_open, tty, user, working_dir and other instructions, which are basically consistent with the corresponding parameters in docker run.

Specifies the entry file to execute after the service container starts.

Entrypoint: / code/entrypoint.sh

Specifies the user name under which the application runs in the container.

User: nginx

Specifies the working directory in the container.

Working_dir: / code

Specify the search domain name, hostname, mac address, etc. in the container.

Domainname: your_website.comhostname: testmac_address: 08-00-27-00-0C-0A

Allow some privileged commands to be run in the container.

Privileged: true

Specify that the restart policy after the container exits is always restart. This command is very effective in keeping the service running all the time.

There are the following restart strategies:

No: the default policy is not to restart the container when it exits. On-failure: the container will be restarted only when the container exits abnormally (the exit status is not 0). This restart policy is recommended for production environment. On-failure:3: restart the container when it exits abnormally, up to 3 times. Always: always restart the container when it exits. Unless-stopped: always restart the container when it exits, but do not consider the container that was stopped when the Docker daemon started.

The exit status code of docker run is as follows:

0: indicates normal exit non-0: indicates abnormal exit (exit status code is chroot standard) error of the 125:Docker daemon itself: after the container starts, the default command to be executed cannot be called 127. after the container starts, the default command to be executed does not exist

Other command status codes. The command is executed normally after the container starts. When exiting the command, the return status code of the command is used as the exit status code of the container restart: on-failure:3.

Mounting the container's root file system in read-only mode means that the contents of the container cannot be modified.

Read_only: true

Open the standard input, you can accept external input.

Stdin_open: true

Simulate a pseudo terminal.

Tty: true reads variables

The Compose template file supports dynamic reading of the host's system environment variables and the variables in the .env file in the current directory.

For example, the following Compose file reads the value of the variable ${MONGO_VERSION} from the environment in which it is run and writes it to the executed instruction.

Version: "3" services:db: image: "mongo:$ {MONGO_VERSION}"

If you execute MONGO_VERSION=3.2 docker-compose up, you will start a container for mongo:3.2 images; if you execute MONGO_VERSION=2.8 docker-compose up, you will start a container for mongo:2.8 images.

If a .env file exists in the current directory, variables are read from the file when the docker-compose command is executed.

Create a new .env file in the current directory and write the following.

# support # Note MONGO_VERSION=3.6

Executing docker-compose up starts a container of mongo:3.6 images.

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.