Docker 基础.
- 资源隔离
- CPU、内存、IO资源隔离。
- 环境隔离
- 代码不同,环境相同。
针对Blog服务设置资源隔离
已知blogsvr目前使用内存为27M左右,authsvr使用内存为5.6M左右,所以修改脚本限制服务最大使用内存和CPU,同时当内存超出限制时终止容器,最终决定限制如下:
- blogsvr
- memory:40M
- cpu(限定容器使用的CPU核心数):0.2
- authsvr
- memory:20M
- cpu:0.1
具体DockerFile文件信息以及build构建脚本
-
DockerFIle
FROM golang:1.20 LABEL authors="zhenxinma" # 1、设置工作环境. ENV GO111MODULE=on ENV GOPROXY="https://goproxy.cn" # 2、在容器内设置/data/app为当前工作目录. # WORKDIR 不存在则会创建. WORKDIR /data/app/bin # 3、将当前文件复制到工作目录以及配置文件 COPY . . # 拷贝配置文件 RUN mkdir /data/config # 4、打包go文件. RUN go build -o ./svrmain ./*.go # 5、暴露端口 # http 端口 # rpc 端口 EXPOSE 8849 18849 # 6、容器入口点 ENTRYPOINT ["/data/app/bin/svrmain"] -
Build构建脚本
# 停止容器 docker stop authsvr # 删除容器 docker rm authsvr # 删除镜像 docker rmi authsvr:latest # 构建新的镜像 go mod tidy docker build -t authsvr . # 限制内存为20M,CPU使用核数为0.1核 docker run -d -p 8849:8849 -p 18849:18849 --memory=20m --cpus=0.1 --oom-kill-disable=true --name authsvr -v /data/config:/data/config authsvr:latest
查看信息:
-
通过
docker stats container-id来查看容器信息CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 7c5a347cc2c0 authsvr 0.00% 5.34MiB / 20MiB 26.70% 656B / 0B 4.1kB / 0B 6 -
通过
docker inspect container-id来查看容器具体信息[ { "Id": "7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d", "Created": "2024-01-07T15:56:49.361137849Z", "Path": "/data/app/bin/svrmain", "Args": [], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 15484, "ExitCode": 0, "Error": "", "StartedAt": "2024-01-07T15:56:49.699335648Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:343977e657885b7f9159a7fdf9a33066304ff5ca06f47774e9bb700cad273993", "ResolvConfPath": "/var/lib/docker/containers/7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d/resolv.conf", "HostnamePath": "/var/lib/docker/containers/7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d/hostname", "HostsPath": "/var/lib/docker/containers/7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d/hosts", "LogPath": "/var/lib/docker/containers/7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d/7c5a347cc2c0dc921ad5b4f66dd2b20dde1c695c7fb1ef745f4d9b294d777c5d-json.log", "Name": "/authsvr", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": [ "/data/config:/data/config" ], "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "default", "PortBindings": { "18849/tcp": [ { "HostIp": "", "HostPort": "18849" } ], "8849/tcp": [ { "HostIp": "", "HostPort": "8849" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "ConsoleSize": [ 50, 211 ], "CapAdd": null, "CapDrop": null, "CgroupnsMode": "host", "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "private", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "Isolation": "", "CpuShares": 0, "Memory": 20971520, // 内存限制 20M "NanoCpus": 100000000, // CPU使用核心数 0.1个核心 "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": [], "BlkioDeviceWriteBps": [], "BlkioDeviceReadIOps": [], "BlkioDeviceWriteIOps": [], "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DeviceRequests": null, "MemoryReservation": 0, "MemorySwap": 41943040, "MemorySwappiness": null, "OomKillDisable": true, "PidsLimit": null, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "MaskedPaths": [ "/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware" ], "ReadonlyPaths": [ "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ] }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/db7870786aa12041ecfc68067466dbff40c2054445c90c22c14cb2c7c8b522f2-init/diff:/var/lib/docker/overlay2/yel624hjzh41lu3cgr9x5l4xc/diff:/var/lib/docker/overlay2/ys6u5e36m42lchn6jjrg6v0zm/diff:/var/lib/docker/overlay2/mh5hlxvvjyfs3ccye0bu6al76/diff:/var/lib/docker/overlay2/bbz1z9bhlivm9cserryxqsjgx/diff:/var/lib/docker/overlay2/fef4d34dd1f6c9832e5b81313825a1ac60335f6f093970185c38ae7b9e32d0c8/diff:/var/lib/docker/overlay2/a177c6867cca2d0d3409069989b970d8b938ed4bee42215939ee2b25b577ce47/diff:/var/lib/docker/overlay2/9c138a59c0ffb589ceb8186dacbcdcf51ad16d5251e85d70edd36b7527b948d0/diff:/var/lib/docker/overlay2/b337cf0dddcc6a512d193556e73d1d4e2862620744a3412a6ef667ebf4ad1028/diff:/var/lib/docker/overlay2/45c1e88c63f910c5784dd143575cc5c1183f499da39e85fd803b98e2d08520da/diff:/var/lib/docker/overlay2/0844ecd542dd35a9b8c6d4729f6b679f4ee0c7d3ab8a71b19fbc965cf7441548/diff", "MergedDir": "/var/lib/docker/overlay2/db7870786aa12041ecfc68067466dbff40c2054445c90c22c14cb2c7c8b522f2/merged", "UpperDir": "/var/lib/docker/overlay2/db7870786aa12041ecfc68067466dbff40c2054445c90c22c14cb2c7c8b522f2/diff", "WorkDir": "/var/lib/docker/overlay2/db7870786aa12041ecfc68067466dbff40c2054445c90c22c14cb2c7c8b522f2/work" }, "Name": "overlay2" }, "Mounts": [ { "Type": "bind", "Source": "/data/config", "Destination": "/data/config", "Mode": "", "RW": true, "Propagation": "rprivate" } ], "Config": { "Hostname": "7c5a347cc2c0", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "18849/tcp": {}, "8849/tcp": {} }, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GOLANG_VERSION=1.20.12", "GOPATH=/go", "GO111MODULE=on", "GOPROXY=https://goproxy.cn" ], "Cmd": null, "Image": "authsvr:latest", "Volumes": null, "WorkingDir": "/data/app/bin", "Entrypoint": [ "/data/app/bin/svrmain" ], "OnBuild": null, "Labels": { "authors": "zhenxinma" } }, "NetworkSettings": { "Bridge": "", "SandboxID": "62e074167ae0a448efb411b52ec46d2bca02dffa7092c2bf1b1404d5e579c252", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "18849/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "18849" }, { "HostIp": "::", "HostPort": "18849" } ], "8849/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "8849" }, { "HostIp": "::", "HostPort": "8849" } ] }, "SandboxKey": "/var/run/docker/netns/62e074167ae0", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "0290b2ac171c1e8821a9dc9e25faa72287a71a6d8840a01dfa51b39a485b1c1e", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.6", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "xxx", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "e6c36edf3e6ec1fcfe2b98cd0efef102d16977f8481a2334e95166208624fb66", "EndpointID": "0290b2ac171c1e8821a9dc9e25faa72287a71a6d8840a01dfa51b39a485b1c1e", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.6", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "xxx", "DriverOpts": null } } } } ]我的博客:openxm.cn 我的公众号:社恐的小马同学
