{"id":15479,"date":"2024-11-18T18:22:06","date_gmt":"2024-11-18T10:22:06","guid":{"rendered":"https:\/\/fwq.ai\/blog\/?p=15479"},"modified":"2024-11-18T18:22:06","modified_gmt":"2024-11-18T10:22:06","slug":"docker-create-docker-run-%e7%9a%84%e9%80%89%e9%a1%b9%e8%af%a6%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/15479\/","title":{"rendered":"Docker create \/ Docker run \u7684\u9009\u9879\u8be6\u89e3"},"content":{"rendered":"<p>\u672c\u6587\u4e0d\u6b62\u9488\u5bf9docker create \u548c run \u7684\u9009\u9879\u89e3\u91ca\uff0c\u5176\u5b9e\u5bf9\u4ee5\u4e0b\u51e0\u4e2a\u6307\u4ee4\u7684\u9009\u9879\uff0c\u540c\u6837\u6709\u5e2e\u52a9\u548c\u7406\u89e3\u3002<\/p>\n<ul>\n<li class=\"p1\"><span class=\"s1\">dockerd \u542f\u52a8docker engine<\/span><\/li>\n<li class=\"p1\">docker create \/ run \/ update \u5bb9\u5668\u7684\u521b\u5efa\u548c\u4fee\u6539<\/li>\n<li class=\"p1\"><span class=\"s1\">daemon.json\u914d\u7f6e\u6587\u4ef6<\/span><\/li>\n<li class=\"p1\">docker service create \u96c6\u7fa4\u670d\u52a1\u7684\u521b\u5efa<\/li>\n<li class=\"p1\">docker service update \u96c6\u7fa4\u670d\u52a1\u7684\u66f4\u65b0<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<table cellspacing=\"5\" cellpadding=\"5\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"27%\"><strong>\u2013add-host list<\/strong><\/td>\n<td valign=\"top\">Add a custom host-to-IP mapping (host:ip)<br \/>\n\u6dfb\u52a0\u4e00\u6761hosts\u7684\u8bb0\u5f55\u5230\/etc\/hosts\u4e2d<br \/>\n\u4f8b\u5982\uff1adocker run -it \u2013net=br10 \u2013ip=192.168.10.10 \u2013add-host=host10:192.168.10.10 \u2013name=ins01 stress bash<br \/>\n\u8fdb\u5165\u5bb9\u5668\uff1a<br \/>\n[root@a1558ecb087b \/]# cat \/etc\/hosts<br \/>\n127.0.0.1\u00a0\u00a0 \u00a0localhost<br \/>\n::1\u00a0\u00a0 \u00a0localhost ip6-localhost ip6-loopback<br \/>\nfe00::0\u00a0\u00a0 \u00a0ip6-localnet<br \/>\nff00::0\u00a0\u00a0 \u00a0ip6-mcastprefix<br \/>\nff02::1\u00a0\u00a0 \u00a0ip6-allnodes<br \/>\nff02::2\u00a0\u00a0 \u00a0ip6-allrouters<br \/>\n<strong>192.168.10.10\u00a0\u00a0 \u00a0host10<\/strong><br \/>\n192.168.10.10\u00a0\u00a0 \u00a0a1558ecb087b<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">-a, \u2013attach list<\/td>\n<td valign=\"top\">Attach to STDIN, STDOUT or STDERR<br \/>\n\u5982\u679c\u5728\u6267\u884crun\u547d\u4ee4\u65f6\u6ca1\u6709\u6307\u5b9a-a\uff0c\u90a3\u4e48docker\u9ed8\u8ba4\u4f1a\u6302\u8f7d\u6240\u6709\u6807\u51c6\u6570\u636e\u6d41\uff0c\u5305\u62ec\u8f93\u5165\u8f93\u51fa\u548c\u9519\u8bef\u3002<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013blkio-weight uint16<\/strong><\/td>\n<td valign=\"top\">Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)<br \/>\n\u8bbe\u7f6e\u5bb9\u5668\u5757\u8bbe\u5907IO\u7684\u6743\u91cd\uff0c\u6709\u6548\u503c\u8303\u56f4\u4e3a10\u81f31000\u7684\u6574\u6570(\u5305\u542b10\u548c1000)\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6240\u6709\u5bb9\u5668\u90fd\u4f1a\u5f97\u5230\u76f8\u540c\u7684\u6743\u91cd\u503c(500)\u3002<br \/>\n\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013blkio-weight-device list<\/strong><\/td>\n<td valign=\"top\">Block IO weight (relative device weight) (default [])<br \/>\n\u6307\u5b9a\u7684\u5757\u8bbe\u5907\u7684IO\u76f8\u5bf9\u6743\u91cd<br \/>\n\u4f7f\u7528\u65b9\u5f0f\uff1ablkio-weight-device=\u201d\u8bbe\u5907\u540d\u79f0:\u6743\u91cd\u503c\u201d<br \/>\n\u4f7f\u7528\u65b9\u6cd5\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236\u5982\u679c\u2013blkio-weight-device\u63a5\u53e3\u548c\u2013blkio-weight\u63a5\u53e3\u4e00\u8d77\u4f7f\u7528\uff0c\u90a3\u4e48Docker\u4f1a\u4f7f\u7528\u2013blkio-weight\u503c\u4f5c\u4e3a\u9ed8\u8ba4\u7684\u6743\u91cd\u503c\uff0c\u7136\u540e\u4f7f\u7528\u2013blkio-weight-device\u503c\u6765\u8bbe\u5b9a\u6307\u5b9a\u8bbe\u5907\u7684\u6743\u91cd\u503c\uff0c\u800c\u65e9\u5148\u8bbe\u7f6e\u7684\u9ed8\u8ba4\u6743\u91cd\u503c\u5c06\u4e0d\u5728\u8fd9\u4e2a\u7279\u5b9a\u8bbe\u5907\u4e2d\u751f\u6548\u3002<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cap-add list<\/td>\n<td valign=\"top\">Add Linux capabilities<br \/>\n\u63a7\u5236docker\u7684\u5185\u6838\u6743\u9650<br \/>\nLinux\u7684Capability\u673a\u5236\u5141\u8bb8\u4f60\u5c06\u8d85\u7ea7\u7528\u6237\u76f8\u5173\u7684\u9ad8\u7ea7\u6743\u9650\u5212\u5206\u6210\u4e3a\u4e0d\u540c\u7684\u5c0f\u5355\u5143. \u76ee\u524dDocker\u5bb9\u5668\u9ed8\u8ba4\u53ea\u7528\u5230\u4e86\u4ee5\u4e0b\u7684Capability\uff1aCHOWN, DAC_OVERRIDE, FSETID, FOWNER, MKNOD,NET_RAW, SETGID, SETUID, SETFCAP,SETPCAP, NET_BIND_SERVICE, SYS_CHROOT, KILL, AUDIT_WRITE<br \/>\n\u6709\u4e9b\u60c5\u51b5\u4e0b\uff0c\u4f60\u4e5f\u8bb8\u9700\u8981\u8c03\u6574\u4e0a\u9762\u7f57\u5217\u7684\u7279\u6027\u3002\u6bd4\u5982\u4f60\u6b63\u5728\u6784\u5efa\u4e00\u4e2a\u5bb9\u5668\uff0c\u4f60\u7528\u5b83\u6765\u6267\u884cntpd\u6216\u662fcrony\uff0c\u4e3a\u6b64\u5b83\u4eec\u8981\u80fd\u591f\u4fee\u6539\u5bbf\u4e3b\u7684\u7cfb\u7edf\u65f6\u95f4\u3002\u7531\u4e8e\u4e0d\u5177\u5907 CAP_SYS_TIME \u7279\u6027\uff0c\u5bb9\u5668\u65e0\u6cd5\u5de5\u4f5c\u3002\u4e3a\u4e86\u5e94\u5bf9\u8fd9\u79cd\u60c5\u51b5\uff0c\u5728Docker\u4e4b\u524d\u7684\u7248\u672c\u4e2d\uff0c\u5bb9\u5668\u5fc5\u987b\u4ee5\u63d0\u6743\u6a21\u5f0f\u8fd0\u884c\uff08\u4f7f\u7528\u2013privileged \u9009\u9879\uff09\uff0c\u8fd9\u4f1a\u7981\u7528\u6240\u6709\u5b89\u5168\u673a\u5236\u3002<br \/>\n\u5728Docker\u76841.3\u7248\u4e2d\uff0c\u65b0\u6dfb\u4e86\u2013cap-add\u548c\u2013cap-drop\u9009\u9879\u3002\u8981\u8ba9\u4e00\u4e2antpd\u5bb9\u5668\u8dd1\u8d77\u6765\uff0c\u4f60\u73b0\u5728\u53ea\u8981\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff1a<br \/>\n#docker run -d \u2013cap-add SYS_TIME ntpd<br \/>\n\u5c31\u53ef\u4ee5\u5c06 SYS_TIME \u7279\u6027\u6dfb\u52a0\u5230\u4f60\u7684\u5bb9\u5668\u4e2d\u3002<br \/>\n\u518d\u4e3e\u4e2a\u4f8b\u5b50\uff0c\u5982\u679c\u4f60\u786e\u5b9a\u4f60\u7684\u5bb9\u5668\u4e0d\u4f1a\u6539\u53d8\u4efb\u4f55\u8fdb\u7a0b\u7684UID\u548cGID\uff0c\u90a3\u5b8c\u5168\u53ef\u4ee5\u5c06\u8fd9\u4e9b\u7279\u6027\u4ece\u4f60\u7684\u5bb9\u5668\u4e2d\u79fb\u9664\uff0c\u8fd9\u6837\u4f1a\u66f4\u5b89\u5168\uff1a<br \/>\n#docker run \u2013cap-drop SETUID \u2013cap-dropSETGID \u2013cap-drop FOWNER fedora \/bin\/sh<br \/>\n\u547d\u4ee4\u793a\u4f8b\uff0c\u7528\u4e8e\u67e5\u770b\u542f\u7528\u7684\u7279\u6027\uff1a<br \/>\n# pscap | grep 2912<br \/>\n\u8fd0\u884c\u7ed3\u679c\u793a\u4f8b\uff1a<br \/>\n5417 2912 root sh chown, dac_override,fsetid, kill, setpcap, net_bind_service, net_raw, sys_chroot, mknod,audit_write, setfcap<br \/>\n\u6216\u8005\u4f60\u53ef\u4ee5\u5148\u79fb\u9664\u6240\u6709\u7279\u6027\uff0c\u7136\u540e\u518d\u628a\u4e00\u4e2a\u6dfb\u52a0\u56de\u53bb\uff1a<br \/>\n#docker run \u2013cap-drop ALL \u2013cap-addSYS_TIME ntpd \/bin\/sh<br \/>\n\u67e5\u770b\u542f\u7528\u7684\u7279\u6027\uff1a<br \/>\n# pscap | grep 2382<br \/>\n5417 2382 root sh sys_time<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cap-drop list<\/td>\n<td valign=\"top\">Drop Linux capabilities<br \/>\n\u63a7\u5236docker\u7684\u5185\u6838\u6743\u9650<br \/>\n\u4f8b\u5982\uff1adocker\u00a0run\u00a0\u2013cap-add=ALL\u00a0\u2013cap-drop=MKNOD<br \/>\n\/\/\u5bb9\u5668\u62e5\u6709\u9664\u4e86MKNOD\u4e4b\u5916\u7684\u6240\u6709\u5185\u6838\u6743\u9650<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cgroup-parent string<\/td>\n<td valign=\"top\">Optional parent cgroup for the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013cidfile string<\/strong><\/td>\n<td valign=\"top\">Write the ccontainer ID to the file<br \/>\n\u5c06\u5bb9\u5668\u7684id\u5199\u5165\u4e3b\u673a\u4e2d\u7684\u6587\u4ef6<br \/>\n[root@110 ~]# docker run -it \u2013cidfile=\/root\/cid.file \u2013name=ins01 centos bash<br \/>\n[root@110 ~]# cat cid.file<br \/>\neec2d694dfb6ef53d24c1942866067269e026931e9c1851249f863ebcc47fc16<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013cpu-period int<\/strong><\/td>\n<td valign=\"top\">Limit CPU CFS (Completely Fair Scheduler) period<br \/>\n\u5185\u6838\u9ed8\u8ba4\u7684Linux \u8c03\u5ea6CFS\uff08\u5b8c\u5168\u516c\u5e73\u8c03\u5ea6\u5668\uff09\u5468\u671f\u4e3a100ms,\u6211\u4eec\u901a\u8fc7\u2013cpu-period\u6765\u8bbe\u7f6e\u5bb9\u5668\u5bf9CPU\u7684\u4f7f\u7528\u5468\u671f\uff0c\u540c\u65f6\u2013cpu-period\u63a5\u53e3\u9700\u8981\u548c\u2013cpu-quota\u63a5\u53e3\u4e00\u8d77\u6765\u4f7f\u7528\u3002\u2013cpu-quota\u63a5\u53e3\u8bbe\u7f6e\u4e86CPU\u7684\u4f7f\u7528\u503c\u3002CFS(\u5b8c\u5168\u516c\u5e73\u8c03\u5ea6\u5668) \u662f\u5185\u6838\u9ed8\u8ba4\u4f7f\u7528\u7684\u8c03\u5ea6\u65b9\u5f0f\uff0c\u4e3a\u8fd0\u884c\u7684\u8fdb\u7a0b\u5206\u914dCPU\u8d44\u6e90\u3002\u5bf9\u4e8e\u591a\u6838CPU\uff0c\u6839\u636e\u9700\u8981\u8c03\u6574\u2013cpu-quota\u7684\u503c\u3002\u5355\u4f4d\u4e3a\u5fae\u79d2\uff08\u03bcs\uff09\u3002cpu-period\u7684\u6700\u5c0f\u503c\u4e3a1000\u5fae\u79d2\uff0c\u6700\u5927\u503c\u4e3a1\u79d2\uff0810^6 \u03bcs\uff09\uff0c\u9ed8\u8ba4\u503c\u4e3a0.1\u79d2\uff08100000 \u03bcs\uff09<br \/>\n\u2013cpu-period\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013cpu-quota int<\/strong><\/td>\n<td valign=\"top\">Limit CPU CFS (Completely Fair Scheduler) quota<br \/>\n\u2013cpu-quota\u63a5\u53e3\u8bbe\u7f6e\u4e86CPU\u7684\u4f7f\u7528\u503c\uff0c\u901a\u5e38\u60c5\u51b5\u4e0b\u5b83\u9700\u8981\u548c\u2013cpu-period\u63a5\u53e3\u4e00\u8d77\u6765\u4f7f\u7528\u3002\u5177\u4f53\u4f7f\u7528\u65b9\u6cd5\u8bf7\u53c2\u8003\u2013cpu-period\u9009\u9879\u3002<br \/>\n\u662f\u7528\u6765\u6307\u5b9a\u5728cpu-period\u5468\u671f\u5185\uff0c\u6700\u591a\u53ef\u4ee5\u6709\u591a\u5c11\u65f6\u95f4\u7528\u6765\u8dd1\u8fd9\u4e2a\u5bb9\u5668\uff0c\u5355\u4f4d\u4e3a\u5fae\u79d2\uff08\u03bcs\uff09\uff0c\u503c\u9ed8\u8ba4\u4e3a-1\uff0c\u8868\u793a\u4e0d\u505a\u63a7\u5236\u3002<br \/>\n\u8ddf\u2013cpu-shares\u4e0d\u540c\u7684\u662f\u8fd9\u79cd\u914d\u7f6e\u662f\u6307\u5b9a\u4e00\u4e2a\u7edd\u5bf9\u503c\uff0c\u800c\u4e14\u6ca1\u6709\u5f39\u6027\u5728\u91cc\u9762\uff0c\u5bb9\u5668\u5bf9CPU\u8d44\u6e90\u7684\u4f7f\u7528\u7edd\u5bf9\u4e0d\u4f1a\u8d85\u8fc7\u914d\u7f6e\u7684\u503c\u3002<br \/>\n\u2013cpu-quota\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cpu-rt-period int<\/td>\n<td valign=\"top\">Limit CPU real-time period in microseconds<br \/>\n\u5b9e\u65f6\u8c03\u5ea6\u7b56\u7565\u7684\u65f6\u95f4\u5468\u671f\uff0c\u7c7b\u4f3c\u4e8e\u2013cpu-period<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cpu-rt-runtime int<\/td>\n<td valign=\"top\">Limit CPU real-time runtime in microseconds<br \/>\n\u5b9e\u65f6\u8c03\u5ea6\u7b56\u7565\u7684\u5468\u671f\u4e2d\u7684\u8fd0\u884c\u65f6\u95f4\uff0c\u7c7b\u4f3c\u4e8e\u2013cpu-quota<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-c, \u2013cpu-shares int<\/strong><\/td>\n<td valign=\"top\">CPU shares (relative weight)<br \/>\n\u662f\u76f8\u5bf9\u6743\u91cd\uff0c \u8bbe\u7f6e\u4e3a\u4e00\u4e2a\u6b63\u6574\u6570\uff0c\u4ee3\u8868\u6240\u5206\u914d\u7684\u76f8\u5bf9CPU\u8d44\u6e90\u6bd4\u3002\u9ed8\u8ba4\u662f\u5e73\u5747\u5206\u914d<br \/>\n\u6ce8\u610f\uff1a\u8be5\u503c\u7684\u8bbe\u7f6e\u4e0d\u80fd\u5c0f\u4e8e2<br \/>\n\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u6240\u6709\u5bb9\u5668\u7684share\uff08\u7b80\u5355\u7406\u89e3\u6210\u662f\u6743\u91cd\u5427\uff09\u662f\u76f8\u540c\u7684\uff0c\u4e5f\u5c31\u662f\u6240\u6709\u5bb9\u5668\u6709\u76f8\u540c\u7684\u6743\u91cd\uff0c\u5728\u6240\u6709\u5bb9\u5668\u4e00\u8d77\u7ade\u4e89\u8d44\u6e90\u65f6\uff0c\u6700\u7ec8\u5f97\u5230\u7684\u8d44\u6e90\u662f\u76f8\u540c\u7684\u3002\u8fd9\u4e2ashare\u662f\u4e00\u4e2a\u76f8\u5bf9\u7684\u503c\uff0c\u90a3\u4e48\u8fd9\u4e2a\u503c\u7684\u610f\u4e49\u5c31\u4e0d\u80fd\u5355\u7eaf\u7684\u901a\u8fc7\u4e00\u4e2a\u5bb9\u5668\u7684share\u503c\u6765\u770b\uff0c\u800c\u662f\u591a\u4e2a\u5728\u4e00\u8d77\u5bf9\u6bd4\uff0c\u6bd4\u5982A\u548cB\u4e24\u4e2a\u5bb9\u5668\uff0cA\u914d\u7f6e\u7684\u662f1024\uff0cB\u914d\u7f6e\u7684\u662f512\uff0c\u90a3\u4e48A\u6700\u5927\u53ef\u4ee5\u4f7f\u7528\u7684CPU\u8d44\u6e90\u662fB\u7684\u4e24\u500d\u3002\u8fd8\u6709\u4e00\u70b9\u8981\u6ce8\u610f\u7684\u662f\u8fd9\u79cd\u914d\u7f6e\u662f\u6709\u5f39\u6027\u7684\uff0c\u5982\u679cA\u5bb9\u5668\u4e00\u76f4\u95f2\u7740\uff0c\u90a3B\u5bb9\u5668\u662f\u53ef\u4ee5\u4f7f\u7528\u7a7a\u95f2\u8d44\u6e90\u7684\u3002<br \/>\n\u8bbe\u7f6e\u5bb9\u5668\u4f7f\u7528CPU\u7684\u6743\u91cd\uff0c\u8fd9\u4e2a\u6743\u91cd\u8bbe\u7f6e\u662f\u9488\u5bf9CPU\u5bc6\u96c6\u578b\u7684\u8fdb\u7a0b\u7684\u3002\u5982\u679c\u67d0\u4e2a\u5bb9\u5668\u4e2d\u7684\u8fdb\u7a0b\u662f\u7a7a\u95f2\u72b6\u6001\uff0c\u90a3\u4e48\u5176\u5b83\u5bb9\u5668\u5c31\u80fd\u591f\u4f7f\u7528\u672c\u8be5\u7531\u7a7a\u95f2\u5bb9\u5668\u5360\u7528\u7684CPU\u8d44\u6e90\u3002\u4e5f\u5c31\u662f\u8bf4\uff0c\u53ea\u6709\u5f53\u4e24\u4e2a\u6216\u591a\u4e2a\u5bb9\u5668\u90fd\u8bd5\u56fe\u5360\u7528\u6574\u4e2aCPU\u8d44\u6e90\u65f6\uff0c\u2013cpu-shares\u8bbe\u7f6e\u624d\u4f1a\u6709\u6548\u3002<br \/>\n\u2013cpu-shares\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013cpus decimal<\/td>\n<td valign=\"top\">Number of CPUs<br \/>\n\u5bb9\u5668CPU\u5360\u7528\u4e3b\u673a\u7684CPU\u7684\u6bd4\u4f8b\uff0c\u5360\u7528\u7684\u6bd4\u4f8b\u5173\u7cfb\u6682\u65f6\u672a\u627e\u5230\u76f8\u5173\u7684\u8d44\u6599<br \/>\n\u53c2\u8003\uff1aDocker \u8d44\u6e90(cpu\u3001memory)\u9650\u5236\u5b9e\u8df5\u7bc7<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013cpuset-cpus string<\/strong><\/td>\n<td valign=\"top\">CPUs in which to allow execution (0-3, 0,1)<br \/>\n\u6307\u5b9a\u5141\u8bb8\u5bb9\u5668\u4f7f\u7528\u7684CPU\u5e8f\u53f7,\u4ece0\u5f00\u59cb\uff0c\u9ed8\u8ba4\u4f7f\u7528\u4e3b\u673a\u7684\u6240\u6709CPU<br \/>\n\u4f8b\u5982\uff1a<br \/>\n\u2013cpuset-cpus=0-2 \/\/ \u5141\u8bb8\u4f7f\u75280,1,2\u53f7cpu<br \/>\n\u2013cpuset-cpus=0-1,3 \/\/ \u5141\u8bb8\u4f7f\u75280,1,3\u53f7cpu<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013cpuset-mems string<\/strong><\/td>\n<td valign=\"top\">MEMs in which to allow execution (0-3, 0,1)<br \/>\n\u9650\u5236\u5bb9\u5668\u8fdb\u7a0b\u4f7f\u7528\u7684\u54ea\u4e9b\u5185\u5b58\u8282\u70b9\uff0c\u7528\u6cd5\u4e0e\u2013cpuset-cpus\u76f8\u4f3c.<br \/>\n\u53ef\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013device list<\/strong><\/td>\n<td valign=\"top\">Add a host device to the container<br \/>\n\u6620\u5c04\u8bbe\u5907\u5230\u5bb9\u5668<br \/>\n\u4f8b\u5982\uff1a\u2013device \/dev\/sda:\/dev\/sda<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013device-cgroup-rule list<\/td>\n<td valign=\"top\">Add a rule to the cgroup allowed devices list<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013device-read-bps list<\/strong><\/td>\n<td valign=\"top\">Limit read rate (bytes per second) from a device (default [])<br \/>\n\u7528\u6765\u9650\u5236\u6307\u5b9a\u8bbe\u5907\u7684\u8bfb\u53d6\u901f\u7387\uff0c\u5355\u4f4d\u53ef\u4ee5\u662fkb\u3001mb\u6216\u8005gb<br \/>\n\u4f8b\u5982\uff1a\u2013device-read-bps \/dev\/sda:1mb<br \/>\n\u53ef\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013device-read-iops list<\/strong><\/td>\n<td valign=\"top\">Limit read rate (IO per second) from a device (default [])<br \/>\n\u8bbe\u7f6e\u4e86\u8bbe\u5907\u7684IO\u8bfb\u53d6\u901f\u7387<br \/>\n\u53ef\u4ee5\u901a\u8fc7\u201d\u2013device-read-iops \/dev\/sda:400\u2033\u6765\u9650\u5b9asda\u7684IO\u8bfb\u53d6\u901f\u7387(400\u6b21\/\u79d2)<br \/>\n\u53ef\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013device-write-bps list<\/strong><\/td>\n<td valign=\"top\">Limit write rate (bytes per second) to a device (default [])<br \/>\n\u7528\u6765\u9650\u5236\u6307\u5b9a\u8bbe\u5907\u7684\u5199\u901f\u7387\uff0c\u5355\u4f4d\u53ef\u4ee5\u662fkb\u3001mb\u6216\u8005gb<br \/>\n\u53ef\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013device-write-iops list<\/strong><\/td>\n<td valign=\"top\">Limit write rate (IO per second) to a device (default [])<br \/>\n\u8bbe\u7f6e\u4e86\u8bbe\u5907\u7684IO\u5199\u901f\u7387<br \/>\n\u53ef\u4ee5\u901a\u8fc7\u201d\u2013device-write-iops \/dev\/sda:400\u2033\u6765\u9650\u5b9asda\u7684IO\u5199\u901f\u7387(400\u6b21\/\u79d2)<br \/>\n\u53ef\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013disable-content-trust<\/td>\n<td valign=\"top\">Skip image verification (default true)<br \/>\n\u8df3\u8fc7\u955c\u50cf\u9a8c\u8bc1<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013dns list<\/strong><\/td>\n<td valign=\"top\">Set custom DNS servers<br \/>\n\u8bbe\u5b9a\u5bb9\u5668\u7684DNS\u5730\u5740\uff0c\u5728\u5bb9\u5668\u7684 \/etc\/resolv.conf \u6587\u4ef6\u4e2d\u53ef\u67e5\u770b\u3002\u6ce8\u610f\uff1a\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c Docker \u4f1a\u9ed8\u8ba4\u7528\u4e3b\u673a\u4e0a\u7684 \/etc\/resolv.conf \u6765\u914d\u7f6e\u5bb9\u5668\u3002<br \/>\n\u4f8b\u5982\uff1a<br \/>\n[root@110 ~]# docker run -it \u2013dns=114.114.114.114 \u2013dns=8.8.8.8 centos bash -c \u201ccat \/etc\/resolv.conf\u201d<br \/>\nsearch 100.com<br \/>\nnameserver 114.114.114.114<br \/>\nnameserver 8.8.8.8<br \/>\n\u4f8b\u5982\uff1a<br \/>\n[root@110 ~]# docker run -it centos bash -c \u201ccat \/etc\/resolv.conf\u201d<br \/>\nsearch 100.com<br \/>\nnameserver 192.168.80.1<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013dns-option list<\/strong><\/td>\n<td valign=\"top\">Set DNS options<br \/>\n\u5bb9\u5668 \/etc\/resolv.conf \u6587\u4ef6\uff0c\u5176\u4ed6\u8bbe\u7f6e<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013dns-search list<\/strong><\/td>\n<td valign=\"top\">Set custom DNS search domains<br \/>\n\u8bbe\u5b9a\u5bb9\u5668\u7684\u641c\u7d22\u57df\uff0c\u5f53\u8bbe\u5b9a\u641c\u7d22\u57df\u4e3a .example.com \u65f6\uff0c\u5728\u641c\u7d22\u4e00\u4e2a\u540d\u4e3a host \u7684 \u4e3b\u673a\u65f6\uff0cDNS \u4e0d\u4ec5\u641c\u7d22host\uff0c\u8fd8\u4f1a\u641c\u7d22 host.example.com \u3002 \u6ce8\u610f\uff1a\u5982\u679c\u4e0d\u8bbe\u7f6e\uff0c Docker \u4f1a\u9ed8\u8ba4\u7528\u4e3b\u673a\u4e0a\u7684 \/etc\/resolv.conf \u6765\u914d\u7f6e\u5bb9\u5668\u3002<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013entrypoint string<\/td>\n<td valign=\"top\">Overwrite the default ENTRYPOINT of the image<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-e, \u2013env list<\/strong><\/td>\n<td valign=\"top\">Set environment variables<br \/>\n\u8bbe\u7f6e\u5bb9\u5668\u5b9e\u4f8b\u7684\u73af\u5883\u53d8\u91cf<br \/>\n[root@110 ~]# docker run -it \u2013env=GOROOT=\/usr\/local\/go centos bash<br \/>\n[root@ef3f8a131d13 \/]# echo $GOROOT<br \/>\n\/usr\/local\/go<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013env-file list<\/strong><\/td>\n<td valign=\"top\">Read in a file of environment variables<br \/>\n\u8bfb\u5165\u914d\u7f6e\u6587\u4ef6<br \/>\n\u4f8b\u5982\uff1adocker service create \u2013name=redis \u2013replicas=5 \u2013env-file=\/root\/file.env\u00a0 rediscat \/root\/file.env<br \/>\nGOPATH=\/usr\/local\/go<br \/>\nPHPROOT=\/data\/www\/web<br \/>\nNGINX_CONF=\/usr\/local\/nginx\/conf\/nginx.conf<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">&#8211;<strong>-expose list<\/strong><\/td>\n<td valign=\"top\">Expose a port or a range of ports<br \/>\n\u5f00\u653e\u4e00\u4e2a\u7aef\u53e3\u6216\u4e00\u7ec4\u7aef\u53e3<br \/>\n\u4f8b\u5982\uff1a&nbsp;<\/p>\n<p class=\"p1\"><span class=\"s1\">docker create -it \u2013expose=\u201d80\u2033 \u2013expose=\u201d8080\u2033 \u2013expose=\u201d9001\u2033 \u2013name=ins01 centos<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013group-add list<\/td>\n<td valign=\"top\">Add additional groups to join<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013health-cmd string<\/td>\n<td valign=\"top\">Command to run to check health<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013health-interval duration<\/td>\n<td valign=\"top\">Time between running the check (ns|us|ms|s|m|h) (default 0s)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013health-retries int<\/td>\n<td valign=\"top\">Consecutive failures needed to report unhealthy<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013health-start-period duration<\/td>\n<td valign=\"top\">Start period for the container to initialize before starting health-retries countdown(ns|us|ms|s|m|h) (default 0s)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013health-timeout duration<\/td>\n<td valign=\"top\">Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013help<\/strong><\/td>\n<td valign=\"top\">Print usage<br \/>\n\u5e2e\u5fd9\u6587\u6863<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-h, \u2013hostname string<\/strong><\/td>\n<td valign=\"top\">Container host name<br \/>\n\u5bb9\u5668\u7684hostName\uff0c\u5728\u5bb9\u5668\u4e2d\u4f7f\u7528 cat \/etc\/hostname \u67e5\u770b<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013init<\/td>\n<td valign=\"top\">Run an init inside the container that forwards signals and reaps processes<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">-i, \u2013interactive<\/td>\n<td valign=\"top\">Keep STDIN open even if not attached<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013ip string<\/strong><\/td>\n<td valign=\"top\">IPv4 address (e.g., 172.30.100.104)<br \/>\n\u6307\u5b9a\u5bb9\u5668IPv4\u5730\u5740\uff0c\u4f8b\u5982\uff1a\u2013ip=192.168.10.10<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013ip6 string<\/strong><\/td>\n<td valign=\"top\">IPv6 address (e.g., 2001:db8::33)<br \/>\n\u6307\u5b9a\u5bb9\u5668IPv6\u5730\u5740<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013ipc string<\/td>\n<td valign=\"top\">IPC namespace to use<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013isolation string<\/td>\n<td valign=\"top\">Container isolation technology<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013kernel-memory bytes<\/strong><\/td>\n<td valign=\"top\">Kernel memory limit<br \/>\n\u5185\u6838\u5185\u5b58\u9650\u5236\uff0c\u5373\u5bb9\u5668\u7684\u7cfb\u7edf\u5185\u6838\u53ef\u4ee5\u4f7f\u7528\u591a\u5c11\u5185\u5b58\u3002\u6570\u5b57\u9700\u8981\u4f7f\u7528\u6b63\u6574\u6570\uff0c\u5bf9\u5e94\u7684\u5355\u4f4d\u662fb, k, m, g\u4e2d\u7684\u4e00\u4e2a\u3002\u6700\u5c0f\u53d6\u503c\u662f4M\u3002<br \/>\n\u4f7f\u7528\u65b9\u5f0f\uff1a\u2013kernel-memory=\u201d&lt;\u6570\u5b57&gt;[&lt;\u5355\u4f4d&gt;]\u201d<br \/>\n\u2013kernel-memory\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-l, \u2013label list<\/strong><\/td>\n<td valign=\"top\">Set meta data on a container<br \/>\n\u8bbe\u7f6e\u5bb9\u5668\u6807\u7b7e<br \/>\ndocker\u4e3b\u673a\u7684\u6807\u7b7e\uff0c\u5f88\u5b9e\u7528\u7684\u529f\u80fd<br \/>\n\u4f8b\u5982\uff1adocker create \u2013label nodeName=host-121 \u2013name ins01 centos bash<br \/>\nlabel \u4f7f\u7528\u65b9\u6cd5\u53c2\u8003\uff1aDocker\u7684\u547d\u4ee4\u4e4b\u96c6\u7fa4\u670d\u52a1\u7ba1\u7406 Service<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013label-file list<\/strong><\/td>\n<td valign=\"top\">Read in a line delimited file of labels<br \/>\n\u901a\u8fc7\u6587\u4ef6\u8bbe\u7f6e\u5bb9\u5668\u6807\u7b7e<br \/>\n[root@110 ~]# docker create \u2013label-file=\/root\/label.file \u2013name=ins-1 centos bash<br \/>\n[root@110 ~]# cat \/root\/label.file<br \/>\ntag1=aaaaa<br \/>\ntag2=bbbbb<br \/>\ntag3=\u6807\u7b7e3<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013link list<\/td>\n<td valign=\"top\">Add link to another container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013link-local-ip list<\/td>\n<td valign=\"top\">Container IPv4\/IPv6 link-local addresses<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013log-driver string<\/td>\n<td valign=\"top\">Logging driver for the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013log-opt list<\/td>\n<td valign=\"top\">Log driver options<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013mac-address string<\/td>\n<td valign=\"top\">Container MAC address (e.g., 92:d0:c6:0a:29:33)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-m, \u2013memory bytes<\/strong><\/td>\n<td valign=\"top\">Memory limit<br \/>\n\u5185\u5b58\u4f7f\u7528\u9650\u5236\u3002 \u6570\u5b57\u9700\u8981\u4f7f\u7528\u6574\u6570\uff0c\u5bf9\u5e94\u7684\u5355\u4f4d\u662fb, k, m, g\u4e2d\u7684\u4e00\u4e2a\u3002\u6700\u5c0f\u53d6\u503c\u662f4M\u3002<br \/>\n\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5bb9\u5668\u53ef\u4ee5\u5360\u7528\u65e0\u9650\u91cf\u7684\u5185\u5b58\uff0c\u76f4\u81f3\u4e3b\u673a\u5185\u5b58\u8d44\u6e90\u8017\u5c3d\u3002<br \/>\n\u6ce8\u610f\uff0c\u5728\u5b9e\u9645\u5bb9\u5668\u4f7f\u7528\u573a\u666f\u4e2d\uff0c\u5982\u679c\u4e0d\u5bf9\u5bb9\u5668\u4f7f\u7528\u5185\u5b58\u91cf\u52a0\u4ee5\u9650\u5236\u7684\u8bdd\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e00\u4e2a\u5bb9\u5668\u4f1a\u8017\u5c3d\u6574\u4e2a\u4e3b\u673a\u5185\u5b58\uff0c\u4ece\u800c\u5bfc\u81f4\u7cfb\u7edf\u4e0d\u7a33\u5b9a\u3002\u6240\u4ee5\u5728\u4f7f\u7528\u5bb9\u5668\u65f6\u52a1\u5fc5\u5bf9\u5bb9\u5668\u5185\u5b58\u52a0\u4ee5\u9650\u5236\u3002<br \/>\n\u4f7f\u7528\u65b9\u5f0f\uff1a-m, \u2013memory=\u201d &lt;\u6570\u5b57&gt;[&lt;\u5355\u4f4d&gt;]\u201d\uff0c\u4f8b\u5982\uff1a\u2013memory=1G<br \/>\n\u2013memory\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013memory-reservation bytes<\/strong><\/td>\n<td valign=\"top\">Memory soft limit<br \/>\n\u5185\u5b58\u8f6f\u9650\u5236\u3002 \u6570\u5b57\u9700\u8981\u4f7f\u7528\u6b63\u6574\u6570\uff0c\u5bf9\u5e94\u7684\u5355\u4f4d\u662fb, k, m, g\u4e2d\u7684\u4e00\u4e2a\u3002<br \/>\n\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u5bb9\u5668\u80fd\u591f\u4f7f\u7528\u7684\u5185\u5b58\u91cf\u4ec5\u4ec5\u7531-m\/\u2013memory\u9009\u9879\u9650\u5b9a\u3002\u5982\u679c\u8bbe\u7f6e\u4e86\u2013memory-reservation\u9009\u9879\uff0c\u5f53\u5185\u5b58\u4f7f\u7528\u91cf\u8d85\u8fc7\u2013memory-reservation\u9009\u9879\u6240\u8bbe\u5b9a\u7684\u503c\u65f6\uff0c\u7cfb\u7edf\u4f1a\u5f3a\u5236\u5bb9\u5668\u6267\u884c\u56de\u6536\u5185\u5b58\u7684\u64cd\u4f5c\uff0c\u4f7f\u5f97\u5bb9\u5668\u5185\u5b58\u6d88\u8017\u4e0d\u4f1a\u957f\u65f6\u95f4\u8d85\u8fc7\u2013memory-reservation\u7684\u9650\u5b9a\u503c\u3002\u8fd9\u4e2a\u9650\u5236\u5e76\u4e0d\u4f1a\u963b\u6b62\u8fdb\u7a0b\u4f7f\u7528\u8d85\u8fc7\u9650\u989d\u7684\u5185\u5b58\uff0c\u53ea\u662f\u5728\u7cfb\u7edf\u5185\u5b58\u4e0d\u8db3\u65f6\uff0c\u4f1a\u56de\u6536\u90e8\u5206\u5185\u5b58\uff0c\u4f7f\u5185\u5b58\u4f7f\u7528\u91cf\u5411\u9650\u5b9a\u503c\u9760\u62e2\u3002<br \/>\n\u4f7f\u7528\u65b9\u5f0f\uff1a\u2013memory-reservation=\u201d&lt;\u6570\u5b57&gt;[&lt;\u5355\u4f4d&gt;]\u201d\uff0c\u4f8b\u5982\uff1a\u2013memory-reservation=2G<br \/>\n\u2013memory-reservation\u7684\u8be6\u7ec6\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013memory-swap bytes<\/strong><\/td>\n<td valign=\"top\">Swap limit equal to memory plus swap: \u2018-1\u2032 to enable unlimited swap<br \/>\n\u603b\u5185\u5b58\u4f7f\u7528\u9650\u5236 (\u7269\u7406\u5185\u5b58 + \u4ea4\u6362\u5206\u533a\uff0c\u6570\u5b57\u9700\u8981\u4f7f\u7528\u6574\u6570\uff0c\u5bf9\u5e94\u7684\u5355\u4f4d\u662fb, k, m, g\u4e2d\u7684\u4e00\u4e2a\u3002<br \/>\n<strong>\u6ce8\u610f\uff1a\u8fd9\u91cc\u662f\u7269\u7406\u5185\u5b58+\u4ea4\u6362\u5206\u533a\u7684\u603b\u548c\uff0c\u5e76\u975e\u4ec5\u662f\u4ea4\u6362\u5206\u533a\u3002<\/strong><br \/>\n\u4f7f\u7528\u65b9\u5f0f\uff1a\u2013memory-swap=\u201d&lt;\u6570\u5b57&gt;[&lt;\u5355\u4f4d&gt;]\u201d\uff0c\u4f8b\u5982\uff1a\u2013memory-swap=500M<br \/>\n\u2013memory-swap\u7684\u4f7f\u7528\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013memory-swappiness int<\/strong><\/td>\n<td valign=\"top\">Tune container memory swappiness (0 to 100) (default -1)<br \/>\n\u8c03\u8282\u5bb9\u5668\u5185\u5b58\u4f7f\u7528\u4ea4\u6362\u5206\u533a\u7684\u9009\u9879\uff0c\u53d6\u503c\u4e3a0\u548c100\u4e4b\u95f4\u7684\u6574\u6570(\u542b0\u548c100)\u30020\u8868\u793a\u5bb9\u5668\u4e0d\u4f7f\u7528\u4ea4\u6362\u5206\u533a\uff0c100\u8868\u793a\u5bb9\u5668\u5c3d\u53ef\u80fd\u591a\u7684\u4f7f\u7528\u4ea4\u6362\u5206\u533a\u3002<br \/>\n\u2013memory-swappiness\u7684\u4f7f\u7528\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013mount mount<\/td>\n<td valign=\"top\">Attach a filesystem mount to the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013name string<\/strong><\/td>\n<td valign=\"top\">Assign a name to the container<br \/>\n\u5bb9\u5668\u540d\u79f0<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013network string<\/strong><\/td>\n<td valign=\"top\">Connect a container to a network (default \u201cdefault\u201d)<br \/>\n\u8bbe\u7f6e\u5bb9\u5668\u7f51\u7edc\uff0c\u7f51\u7edc\u901a\u8fc7docker network create \u521b\u5efa<br \/>\n\u4f8b\u5982\uff1a<br \/>\n[root@110 ~]# docker network create \u2013subnet=192.168.10.0\/24 \u2013ip-range=192.168.10.0\/24 br10<br \/>\n[root@110 ~]# docker run -it \u2013network=br10 centos bash<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013network-alias list<\/td>\n<td valign=\"top\">Add network-scoped alias for the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013no-healthcheck<\/td>\n<td valign=\"top\">Disable any container-specified HEALTHCHECK<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013oom-kill-disable<\/strong><\/td>\n<td valign=\"top\">Disable OOM Killer<br \/>\n\u5185\u5b58\u8017\u5c3d\u65f6\u662f\u5426\u6740\u6389\u5bb9\u5668\uff0c\u9ed8\u8ba4\u6740\u6389\u5bb9\u5668\u8fdb\u7a0b<br \/>\n\u5f53out-of-memory (OOM)\u53d1\u751f\u65f6\uff0c\u7cfb\u7edf\u4f1a\u9ed8\u8ba4\u6740\u6389\u5bb9\u5668\u8fdb\u7a0b\uff0c\u5982\u679c\u4f60\u4e0d\u60f3\u8ba9\u5bb9\u5668\u8fdb\u7a0b\u88ab\u6740\u6389\uff0c\u53ef\u4ee5\u4f7f\u7528\u8be5\u63a5\u53e3\u3002<br \/>\n\u6ce8\u610f\uff1a\u5efa\u8bae\u91c7\u7528\u9ed8\u8ba4\u503c\uff0c\u4e00\u65e6OOM\uff0c\u6740\u6389\u5bb9\u5668\u8fdb\u7a0b\u3002\u5982\u679c\u6302\u8d77\uff0c\u5c06\u65e0\u6cd5\u91ca\u653e\u5bb9\u5668\u4e2d\u5df2\u4f7f\u7528\u7684\u5185\u5b58\uff0c\u800c\u5f71\u54cd\u5360\u7528\u4e3b\u673a\u7684\u5185\u5b58\u3002<br \/>\n\u2013oom-kill-disable\u7684\u4f7f\u7528\u8bf4\u660e\uff0c\u53c2\u8003\uff1aDocker\u8d44\u6e90\u7ba1\u7406\u63a2\u79d8\uff0dCgroups\u673a\u5236<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013oom-score-adj int<\/td>\n<td valign=\"top\">Tune host\u2019s OOM preferences (-1000 to 1000)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013pid string<\/td>\n<td valign=\"top\">PID namespace to use<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013pids-limit int<\/td>\n<td valign=\"top\">Tune container pids limit (set -1 for unlimited)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013privileged<\/td>\n<td valign=\"top\">Give extended privileges to this container<br \/>\n\u9ed8\u8ba4\u60c5\u51b5\u4e0bcontainer\u662f\u4e0d\u80fd\u8bbf\u95ee\u4efb\u4f55\u5176\u4ed6\u8bbe\u5907\u7684\u3002\u4f46\u662f\u901a\u8fc7\u201dprivileged\u201d\uff0ccontainer\u5c31\u62e5\u6709\u4e86\u8bbf\u95ee\u4efb\u4f55\u5176\u4ed6\u8bbe\u5907\u7684\u6743\u9650\u3002<br \/>\n\u5f53\u64cd\u4f5c\u8005\u6267\u884cdocker run \u2013privileged\u65f6\uff0cDocker\u5c06\u62e5\u6709\u8bbf\u95ee\u4e3b\u673a\u7684\u6240\u6709\u8bbe\u5907\u7684\u6743\u9650<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-p, \u2013publish list<\/strong><\/td>\n<td valign=\"top\">Publish a container\u2019s port(s) to the host<br \/>\n\u6307\u5b9a\u7aef\u53e3\u6620\u5c04<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-P, \u2013publish-all<\/strong><\/td>\n<td valign=\"top\">Publish all exposed ports to random ports<br \/>\n\u6620\u5c04\u6240\u6709\u5f00\u53d1\u7684\u7aef\u53e3<br \/>\n\u4f8b\u5982\uff1adocker create -it -P \u2013expose={\u201c80\u2033,\u201d8080\u2033,\u201d3306\u2033} \u2013name=ins01 centos<br \/>\n\/\/ \u5c06\u6620\u5c04\u4e3b\u673a\u7684\u968f\u673a\u7aef\u53e3\u5230\u5bb9\u5668\u768480,8080,3306\u7aef\u53e3<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013read-only<\/td>\n<td valign=\"top\">Mount the container\u2019s root filesystem as read only<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013restart string<\/td>\n<td valign=\"top\">Restart policy to apply when a container exits (default \u201cno\u201d)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013rm<\/strong><\/td>\n<td valign=\"top\">Automatically remove the container when it exits<br \/>\n\u6ce8\u610f\uff1a\u2013rm \u548c -d\u4e0d\u80fd\u5171\u7528<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013runtime string<\/td>\n<td valign=\"top\">Runtime to use for this container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013security-opt list<\/td>\n<td valign=\"top\">Security Options<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013shm-size bytes<\/td>\n<td valign=\"top\">Size of \/dev\/shm<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013stop-signal string<\/td>\n<td valign=\"top\">Signal to stop a container (default \u201cSIGTERM\u201d)<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013stop-timeout int<\/td>\n<td valign=\"top\">Timeout (in seconds) to stop a container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013storage-opt list<\/td>\n<td valign=\"top\">Storage driver options for the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013sysctl map<\/td>\n<td valign=\"top\">Sysctl options (default map[])<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013tmpfs list<\/td>\n<td valign=\"top\">Mount a tmpfs directory<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">-t, \u2013tty<\/td>\n<td valign=\"top\">Allocate a pseudo-TTY<br \/>\n\u901a\u5e38\u548c-i\u8054\u5408\u4f7f\u7528 \u2013it<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013ulimit ulimit<\/td>\n<td valign=\"top\">Ulimit options (default [])<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">-u, \u2013user string<\/td>\n<td valign=\"top\">Username or UID (format: &lt;name|uid&gt;[:&lt;group|gid&gt;])<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013userns string<\/td>\n<td valign=\"top\">User namespace to use<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013uts string<\/td>\n<td valign=\"top\">UTS namespace to use<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-v, \u2013volume list<\/strong><\/td>\n<td valign=\"top\">Bind mount a volume<br \/>\n\u6302\u8f7d\u6570\u636e\u5377<br \/>\n\u6570\u636e\u5377\u7684\u7528\u6cd5\u53c2\u8003\uff1a\u00a0Docker\u7684\u547d\u4ee4\u4e4b\u6570\u636e\u5377\u7ba1\u7406 Volume<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\">\u2013volume-driver string<\/td>\n<td valign=\"top\">Optional volume driver for the container<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>\u2013volumes-from list<\/strong><\/td>\n<td valign=\"top\">Mount volumes from the specified container(s)<br \/>\n# docker create -it \u2013name=ins01 -v=logs:\/data\/logs centos bash<br \/>\n# docker create -it \u2013name=ins02 \u2013volumes-from=ins01 centos bash<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\"><strong>-w, \u2013workdir string<\/strong><\/td>\n<td valign=\"top\">Working directory inside the container<br \/>\n\u8fdb\u5165\u5bb9\u5668\u540e\u7684\u9ed8\u8ba4\u76ee\u5f55\uff0c\u5982\u679c\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u5219\u521b\u5efa\u3002<br \/>\n[root@110 ~]# docker run -it -w=\/data\/logs \u2013name=ins01 centos bash<br \/>\n[root@aa358735869e logs]# pwd<br \/>\n\/data\/logs<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6587\u4e0d\u6b62\u9488\u5bf9docker create \u548c run \u7684\u9009\u9879\u89e3\u91ca\uff0c\u5176\u5b9e\u5bf9\u4ee5\u4e0b\u51e0\u4e2a\u6307\u4ee4\u7684\u9009\u9879\uff0c\u540c\u6837\u6709\u5e2e\u52a9\u548c\u7406\u89e3\u3002 dockerd \u542f\u52a8docker engine docker create \/ run \/ update \u5bb9\u5668\u7684\u521b\u5efa\u548c\u4fee\u6539 daemon.json\u914d\u7f6e\u6587\u4ef6 docker service create \u96c6\u7fa4\u670d\u52a1\u7684\u521b\u5efa docker service update \u96c6\u7fa4\u670d\u52a1\u7684\u66f4\u65b0 &nbsp; \u2013add-host list Add a custom host-to-IP mapping (host:ip) \u6dfb\u52a0\u4e00\u6761hosts\u7684\u8bb0\u5f55\u5230\/etc\/hosts\u4e2d \u4f8b\u5982\uff1adocker run -it \u2013net=br10 \u2013ip=192.168.10.10 \u2013add-host=host10:192.168.10.10 \u2013name=ins01 stress bash \u8fdb\u5165\u5bb9\u5668\uff1a [root@a1558ecb087b \/]# cat \/etc\/hosts 127.0.0.1\u00a0\u00a0 \u00a0localhost ::1\u00a0\u00a0 \u00a0localhost ip6-localhost ip6-loopback fe00::0\u00a0\u00a0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-15479","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/15479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=15479"}],"version-history":[{"count":1,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/15479\/revisions"}],"predecessor-version":[{"id":15480,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/15479\/revisions\/15480"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=15479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=15479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=15479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}