Docker Compose version 3 使用詳解
Define application stacks built using multiple containers, services, and swarm configurations.
GitHub: https://github.com/docker/compose
install
Docker CE for Windows 10 、Docker CE for Mac 自帶 docker-compose
,官方建議隨 Docker 版本升級。
Linux 請在 GitHub releases 處下載二進位制檔案,移入 PATH
並賦予可執行許可權。
或者執行以下命令進行下載安裝。
$ DOCKER_COMPOSE_VERSION=1.18.0 $ curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose $ chmod +x docker-compose $ sudo mv docker-compose /usr/local/bin $ docker-compose --version
或者通過 Python
包管理工具 pip
安裝。
Command-line completion
fish
~/.config/fish/completions
$ wget https://raw.githubusercontent.com/docker/compose/master/contrib/completion/fish/docker-compose.fish
bash
官方文件:https://docs.docker.com/compose/completion/
Compose file reference
build
version: '3' services: webapp: build: # Dockerfile 目錄或 git 倉庫網址 context: ./dir | . # Dockerfile 檔名稱 dockerfile: Dockerfile-alternate # 3.2 cache_from: - alpine:latest - corp/web_app:3.14 # 3.3 labels: com.example.description: "Accounting webapp" com.example.department: "Finance" com.example.label-with-empty-value: "" # 構建時變數,相當於 docker build --build-arg list args: buildno: 1 args: - buildno=1 # 3.5 shm_size: '2gb' image: webapp:tag
Dockerfile
中包含變數
ARG buildno
ARG password
RUN echo "Build number: $buildno"
RUN script-requiring-password.sh "$password"
cap_add, cap_drop
沒用過,不瞭解。
Add or drop container capabilities. See man 7 capabilities
for a full list.
cap_add:
- ALL
cap_drop:
- NET_ADMIN
- SYS_ADMIN
command
command: bundle exec thin -p 3000 command: ["bundle", "exec", "thin", "-p", "3000"] command: - bundle - exec - thin - -p - 3000
configs
3.3
version: "3.3"
services:
redis:
image: redis:latest
deploy:
replicas: 1
configs:
- my_config
- my_other_config
configs:
my_config:
file: ./my_config.txt
# 使用外部的 config,使用 docker config create 命令建立的 config
my_other_config:
external: true
version: "3.3"
services:
redis:
image: redis:latest
deploy:
replicas: 1
configs:
- source: my_config
target: /redis_config
uid: '103'
gid: '103'
mode: 0440
configs:
my_config:
file: ./my_config.txt
my_other_config:
external: true
cgroup_parent
Specify an optional parent cgroup for the container.
cgroup_parent: m-executor-abcd
container_name
不建議使用,此項配置的話,服務將不能擴充套件。
container_name: my-web-container
credential_spec
沒用過,不瞭解。
3.3
僅用於 Windows 容器。
deploy
僅用於 Swarm mode
version: '3'
services:
redis:
image: redis:alpine
deploy:
# 叢集中執行該服務的容器個數
mode: replicated
replicas: 6
update_config:
parallelism: 2
delay: 10s
restart_policy:
condition: on-failure
labels:
com.example.description: "This label will appear on the web service"
endpoint_mode
3.3
deploy:
endpoint_mode: vip
endpoint_mode: dnsrr
mode
https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/#replicated-and-global-services
deploy:
# 每個節點一個容器 exactly one container per swarm node
mode: global
# 指定數量的容器 a specified number of containers
mode: replicated
placement
deploy:
placement:
constraints:
# 執行在管理節點
- node.role == manager
- engine.labels.operatingsystem == ubuntu 14.04
preferences:
- spread: node.labels.zone
resources
資源限制
deploy:
resources:
limits:
cpus: '0.50'
memory: 50M
reservations:
cpus: '0.25'
memory: 20M
restart_policy
version: "3"
services:
redis:
image: redis:alpine
deploy:
restart_policy:
condition: none | on-failure | any (預設)
# 等待時間
delay: 5s
# 最大嘗試次數
max_attempts: 3
# How long to wait before deciding if a restart has succeeded, specified as a duration (default: decide immediately)
window: 120s
update_config
version: '3.4'
services:
vote:
image: dockersamples/examplevotingapp_vote:before
depends_on:
- redis
deploy:
replicas: 2
update_config:
# 同時升級 config 的容器個數
parallelism: 2
delay: 10s
failure_action: continue | rollback | pause (預設)
monitor:
max_failure_ration:
# 3.4
order: stop-first (預設) | start-first
docker stack deploy
不支援以下引數
build
cgroup_parent
container_name
devices
tmpfs
external_links
links
network_mode
security_opt
stop_signal
sysctls
userns_mode
devices
List of device mappings. Uses the same format as the –device docker client create option.
devices:
- "/dev/ttyUSB0:/dev/ttyUSB0"
depends_on
保證依賴的服務完全啟動之後才啟動 https://docs.docker.com/compose/startup-order/
依賴關係
version: '3'
services:
web:
build: .
depends_on:
- db
- redis
redis:
image: redis
db:
image: postgres
dns
dns: 8.8.8.8
dns:
- 8.8.8.8
- 9.9.9.9
dns_search
dns_search: example.com
dns_search:
- dc1.example.com
- dc2.example.com
tmpfs
tmpfs: /run
tmpfs:
- /run
- /tmp
entrypoint
入口檔案
entrypoint: /code/entrypoint.sh
entrypoint:
- php
- -d
- zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20100525/xdebug.so
- -d
- memory_limit=-1
- vendor/bin/phpunit
env_file
從檔案讀取變數寫入映象 環境變數
env_file: .env
env_file:
- ./common.env
- ./apps/web.env
- /opt/secrets.env
若變數重複,後邊檔案的變數會覆蓋後邊的。
env
檔案內容舉例
# 支援 # 號註釋
RACK_ENV=development
environment
設定環境變數
environment:
RACK_ENV: development
SHOW: 'true'
SESSION_SECRET:
environment:
- RACK_ENV=development
- SHOW=true
- SESSION_SECRET
expose
內部暴露埠
expose:
- "3000"
- "8000"
external_links
連結外部容器。不建議使用,建議通過網路進行連線!
CONTAINER:ALIAS
external_links:
- redis_1
- project_db_1:mysql
- project_db_1:postgresql
extra_hosts
extra_hosts:
- "somehost:162.242.195.82"
- "otherhost:50.31.209.229"
在容器內 /etc/hosts
寫入下面的內容
162.242.195.82 somehost
50.31.209.229 otherhost
healthcheck
健康檢查
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
# 間隔
interval: 1m30s
# 超時時間
timeout: 10s
# 重試次數
retries: 3
# Hit the local web app
test: ["CMD", "curl", "-f", "http://localhost"]
# As above, but wrapped in /bin/sh. Both forms below are equivalent.
test: ["CMD-SHELL", "curl -f http://localhost && echo 'cool, it works'"]
test: curl -f https://localhost && echo 'cool, it works'
image
image: redis
image: ubuntu:14.04
image: tutum/influxdb
image: example-registry.com:4000/postgresql
image: a4bc65fd
isolation
Specify a container’s isolation technology. On Linux, the only supported value is default
. On Windows, acceptable values are default
, process
and hyperv
.
labels
labels:
com.example.description: "Accounting webapp"
com.example.department: "Finance"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Accounting webapp"
- "com.example.department=Finance"
- "com.example.label-with-empty-value"
links
不建議使用!
web:
links:
- db
- db:database
- redis
logging
日誌配置
logging:
driver: syslog
options:
syslog-address: "tcp://192.168.0.42:123"
driver: "json-file"
driver: "syslog"
driver: "none"
options:
max-size: "200k"
max-file: "10"
services:
some-service:
image: some-service
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
network_mode
network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"
networks
services:
some-service:
networks:
- some-network
- other-network
aliases
services:
some-service:
networks:
some-network:
aliases:
- alias1
- alias3
other-network:
aliases:
- alias2
version: '2'
services:
web:
build: ./web
networks:
- new
worker:
build: ./worker
networks:
- legacy
db:
image: mysql
networks:
new:
aliases:
- database
legacy:
aliases:
- mysql
networks:
new:
legacy:
ipv4_address ipv6_address
version: '2.1'
services:
app:
image: busybox
command: ifconfig
networks:
app_net:
ipv4_address: 172.16.238.10
ipv6_address: 2001:3984:3989::10
networks:
app_net:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
-
subnet: 172.16.238.0/24
-
subnet: 2001:3984:3989::/64
pid
pid: "host"
ports
ports:
- "3000"
- "3000-3005"
- "8000:8000"
- "9090-9091:8080-8081"
- "49100:22"
- "127.0.0.1:8001:8001"
- "127.0.0.1:5000-5010:5000-5010"
- "6060:6060/udp"
3.2 開始支援長格式
ports:
- target: 80
published: 8080
protocol: tcp
mode: host
secrets
version: "3.1"
services:
redis:
image: redis:latest
deploy:
replicas: 1
secrets:
- my_secret
- my_other_secret
secrets:
my_secret:
file: ./my_secret.txt
my_other_secret:
# 使用外部 secret
external: true
長格式
version: "3.1"
services:
redis:
image: redis:latest
deploy:
replicas: 1
secrets:
- source: my_secret
target: redis_secret
uid: '103'
gid: '103'
mode: 0440
secrets:
my_secret:
file: ./my_secret.txt
my_other_secret:
external: true
security_opt
security_opt:
- label:user:USER
- label:role:ROLE
stop_grace_period
stop_grace_period: 1s
stop_grace_period: 1m30s
stop_signal
stop_signal: SIGUSR1
sysctls
Kernel parameters to set in the container. You can use either an array or a dictionary.
sysctls:
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0
sysctls:
- net.core.somaxconn=1024
- net.ipv4.tcp_syncookies=0
ulimits
Override the default ulimits for a container. You can either specify a single limit as an integer or soft/hard limits as a mapping.
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
userns_mode
Disables the user namespace for this service, if Docker daemon is configured with user namespaces. See dockerd for more information.
userns_mode: "host"
volumes
version: "3.2"
services:
web:
image: nginx:alpine
volumes:
- type: volume
source: mydata
target: /data
volume:
nocopy: true
- type: bind
source: ./static
target: /opt/app/static
db:
image: postgres:latest
volumes:
- "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
- "dbdata:/var/lib/postgresql/data"
volumes:
mydata:
dbdata:
volumes:
# Just specify a path and let the Engine create a volume
- /var/lib/mysql
# Specify an absolute path mapping
- /opt/data:/var/lib/mysql
# Path on the host, relative to the Compose file
- ./cache:/tmp/cache
# User-relative path
- ~/configs:/etc/configs/:ro
# Named volume
- datavolume:/var/lib/mysql
#
- source:/target:constraints (預設) | cached (宿主機優先)| delegated (容器優先)
version: "3.2"
services:
web:
image: nginx:alpine
ports:
- "80:80"
networks:
webnet:
volumes:
- type: volume
source: mydata
target: /data
volume:
nocopy: true
- type: bind
source: ./static
target: /opt/app/static
restart
restart: "no"
restart: always
restart: on-failure
restart: unless-stopped
domainname, hostname, ipc, mac_address, privileged, read_only, shm_size, stdin_open, tty, user, working_dir
user: postgresql
working_dir: /code
domainname: foo.com
hostname: foo
ipc: host
mac_address: 02:42:ac:11:65:43
privileged: true
read_only: true
shm_size: 64M
stdin_open: true
tty: true
Specifying durations
2.5s
10s
1m30s
2h32m
5h34m56s
Volume configuration reference
version: "3"
services:
db:
image: db
volumes:
- data-volume:/var/lib/db
backup:
image: backup-service
volumes:
- data-volume:/var/lib/backup/data
volumes:
data-volume:
driver: foobar
driver_opts:
foo: "bar"
baz: 1
volumes:
data:
external: true
labels:
com.example.description: "Database volume"
com.example.department: "IT/Ops"
com.example.label-with-empty-value: ""
labels:
- "com.example.description=Database volume"
- "com.example.department=IT/Ops"
- "com.example.label-with-empty-value"
volumes:
data:
external:
name: actual-name-of-volume
name
version: '3.4'
volumes:
data:
name: my-app-data
version: '3.4'
volumes:
data:
external: true
name: my-app-data
Network configuration reference
driver: overlay
host OR none
用於 docker stack
,如果使用 docker-compose
請使用 network_mode
。
類似於 docker run --net=host
services:
web:
...
networks:
hostnet: {}
networks:
hostnet:
external:
name: host
類似於 docker run --net=none
services:
web:
...
networks:
nonet: {}
networks:
nonet:
external:
name: none
driver_opts
driver_opts:
foo: "bar"
baz: 1
attachable
networks:
mynet1:
driver: overlay
attachable: true
ipam
ipam:
driver: default
config:
- subnet: 172.28.0.0/16
name
3.5
version: '3.5'
networks:
network1:
name: my-app-net
version: '3.5'
networks:
network1:
external: true
name: my-app-net
configs configuration reference
configs:
my_first_config:
file: ./config_data
my_second_config:
external: true
3.5
configs:
my_first_config:
file: ./config_data
my_second_config:
external:
name: redis_config
secrets configuration reference
secrets:
my_first_secret:
file: ./secret_data
my_second_secret:
external: true
3.5
secrets:
my_first_secret:
file: ./secret_data
my_second_secret:
external:
name: redis_secret
Variable substitution
db:
image: "postgres:${POSTGRES_VERSION}"
從 .env
檔案或系統變數中讀取變數,來替換 compose 檔案中的變數。
docker stack deploy
不支援變數讀取。
$VAR
${VAR}
這兩種格式都支援。
${VARIABLE:-default}
如果 VARIABLE
被 unset
或為空 (empty
) 時設定為 default
。
${VARIABLE-default}
如果 VARIABLE
被 unset
時設定為 default
。
使用 $$
避免解析變數
web:
build: .
command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
Extension fields
version: '2.1'
x-custom:
items:
- a
- b
options:
max-size: '12m'
name: "custom"
logging:
options:
max-size: '12m'
max-file: '5'
driver: json-fi
version: '2.1'
x-logging:
&default-logging
options:
max-size: '12m'
max-file: '5'
driver: json-file
services:
web:
image: myapp/web:latest
logging: *default-logging
db:
image: mysql:latest
logging: *default-logging
version: '2.1'
x-volumes:
&default-volume
driver: foobar-storage
services:
web:
image: myapp/web:latest
volumes: ["vol1", "vol2", "vol3"]
volumes:
vol1: *default-volume
vol2:
<< : *default-volume
name: volume02
vol3:
<< : *default-volume
driver: default
name: volume-local