3. Docker 守護及客戶端

docker是以客戶端(client)和守護進程(server)來運行的
docker命令本身無法操作容器等操作，其會調用dockerd來完成命令的執行
調用支持的協議有:

1. 守護程序

安裝並啓動docker之後可以通過ps命令查找docker

> ps -ef|grep docker
root       1796      1  0 Aug20 ?        00:00:38 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

dockerd 即爲docker daemon

1.1. 守護進程架構

dockerd 底層運行容器需要依賴多個二級制組件：

• docker daemon
• containerd
• container-shim
• runC

containerd包含了container-shim代碼。同一份代碼，通過Makefile編譯控制，編譯成兩個二級制文件。

1.2. 守護程序命令參數

	選項	類型	說明
	--add-runtime	runtime	Register an additional OCI compatible runtime (default [])
	--allow-nondistributable-artifacts	list	Allow push of nondistributable artifacts to registry
	--api-cors-header	string	Set CORS headers in the Engine API
	--authorization-plugin	list	Authorization plugins to load
	--bip	string	Specify network bridge IP
-b	--bridge	string	Attach containers to a network bridge
	--cgroup-parent	string	Set parent cgroup for all containers
	--cluster-advertise	string	Address or interface name to advertise
	--cluster-store	string	URL of the distributed storage backend
	--cluster-store-opt	map	Set cluster store options (default map[])
	--config-file	string	Daemon configuration file (default “/etc/docker/daemon.json”)
	--containerd	string	containerd grpc address
	--cpu-rt-period	int	Limit the CPU real-time period in microseconds
	--cpu-rt-runtime	int	Limit the CPU real-time runtime in microseconds
	--cri-containerd		start containerd with cri
	--data-root	string	Root directory of persistent Docker state (default “/var/lib/docker”)
-D	--debug		Enable debug mode
	--default-address-pool	pool-options	Default address pools for node specific local networks
	--default-gateway	ip	Container default gateway IPv4 address
	--default-gateway-v6	ip	Container default gateway IPv6 address
	--default-ipc-mode	string	Default mode for containers ipc (“shareable”
	--default-runtime	string	Default OCI runtime for containers (default “runc”)
	--default-shm-size	bytes	Default shm size for containers (default 64MiB)
	--default-ulimit	ulimit	Default ulimits for containers (default [])
	--dns	list	DNS server to use
	--dns-opt	list	DNS options to use
	--dns-search	list	DNS search domains to use
	--exec-opt	list	Runtime execution options
	--exec-root	string	Root directory for execution state files (default “/var/run/docker”)
	--experimental		Enable experimental features
	--fixed-cidr	string	IPv4 subnet for fixed IPs
	--fixed-cidr-v6	string	IPv6 subnet for fixed IPs
-G	--group	string	Group for the unix socket (default “docker”)
	--help		Print usage
-H	--host	list	Daemon socket(s) to connect to
	--icc	Enable	inter-container communication (default true)
	--init		Run an init in the container to forward signals and reap processes
	--init-path	string	Path to the docker-init binary
	--insecure-registry	list	Enable insecure registry communication
	--ip	ip	Default IP when binding container ports (default 0.0.0.0)
	--ip-forward		Enable net.ipv4.ip_forward (default true)
	--ip-masq		Enable IP masquerading (default true)
	--iptables		Enable addition of iptables rules (default true)
	--ipv6		Enable IPv6 networking
	--label	list	Set key=value labels to the daemon
	--live-restore		Enable live restore of docker when containers are still running
	--log-driver	string	Default driver for container logs (default “json-file”)
-l	--log-level	string	Set the logging level (“debug”
	--log-opt	map	Default log driver options for containers (default map[])
	--max-concurrent-downloads	int	Set the max concurrent downloads for each pull (default 3)
	--max-concurrent-uploads	int	Set the max concurrent uploads for each push (default 5)
	--metrics-addr	string	Set default address and port to serve the metrics api on
	--mtu	int	Set the containers network MTU
	--network-control-plane-mtu	int	Network Control plane MTU (default 1500)
	--no-new-privileges		Set no-new-privileges by default for new containers
	--node-generic-resource	list	Advertise user-defined resource
	--oom-score-adjust	int	Set the oom_score_adj for the daemon (default -500)
-p	--pidfile	string	Path to use for daemon PID file (default “/var/run/docker.pid”)
	--raw-logs		Full timestamps without ANSI coloring
	--registry-mirror	list	Preferred Docker registry mirror
	--rootless		Enable rootless mode; typically used with RootlessKit (experimental)
	--seccomp-profile	string	Path to seccomp profile
	--selinux-enabled		Enable selinux support
	--shutdown-timeout	int	Set the default shutdown timeout (default 15)
-s	--storage-driver	string	Storage driver to use
	--storage-opt	list	Storage driver options
	--swarm-default-advertise-addr	string	Set default address or interface for swarm advertised address
	--tls		Use TLS; implied by --tlsverify
	--tlscacert	string	Trust certs signed only by this CA (default “/root/.docker/ca.pem”)
	--tlscert	string	Path to TLS certificate file (default “/root/.docker/cert.pem”)
	--tlskey	string	Path to TLS key file (default “/root/.docker/key.pem”)
	--tlsverify		Use TLS and verify the remote
	--userland-proxy		Use userland proxy for loopback traffic (default true)
	--userland-proxy-path	string	Path to the userland proxy binary
	--userns-remap	string	User/Group setting for user namespaces
-v	--version		Print version information and quit

2. 客戶端

	選項	類型	說明
	--config	string	Location of client config files (default “/root/.docker”)
-c	--context	string	Name of the context to use to connect to the daemon
-D	--debug		Enable debug mode
-H	--host	list	Daemon socket(s) to connect to
-l	--log-level	string	Set the logging level (“debug”
	--tls		Use TLS; implied by --tlsverify
	--tlscacert	string	Trust certs signed only by this CA (default “/root/.docker/ca.pem”)
	--tlscert	string	Path to TLS certificate file (default “/root/.docker/cert.pem”)
	--tlskey	string	Path to TLS key file (default “/root/.docker/key.pem”)
	--tlsverify		Use TLS and verify the remote
-v	--version		Print version information and quit