docker官方文檔學習-1-Docker for mac安裝配置

https://docs.docker.com/docker-for-mac/

Get started with Docker for Mac

首先像在本博客docker-1-環境安裝及例子實踐處將環境安裝好，或者你能夠查看 Install Docker for Mac

Check versions查看你安裝的docker的版本

Ensure your versions of docker, docker-compose, and docker-machine are up-to-date and compatible with Docker.app. Your output may differ if you are running different versions.

保證你docker, docker-compose和docker-machine的版本是最新的，而且與Docker.app(即該docker應用程序)兼容。若是你運行的是不一樣的版本，那麼你的輸出可能會有所不一樣。

userdeMBP:~ user$ docker --version
Docker version 18.03.1-ce, build 9ee9f40
userdeMBP:~ user$ docker-compose --version
docker-compose version 1.21.1, build 5a3f1a3
userdeMBP:~ user$ docker-machine --version
docker-machine version 0.14.0, build 89b8332

 

Explore the application開發應用程序

1.Open a command-line terminal and test that your installation works by running the simple Docker image,hello-world:

打開命令行終端並經過運行簡單的Docker鏡像-hello-world來測試你的安裝：

userdeMBP:~ user$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
d1725b59e92d: Pull complete 
Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

可見以前並無拉取該鏡像，因此在運行時，它會自動去拉取該鏡像，而後再運行，而後運行docker images就能夠看見該鏡像：

userdeMBP:~ user$ docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
hello-world                     latest              4ab4c602aa5e        3 months ago        1.84kB

 

2.Start a Dockerized web server. Like the hello-world image above, if the image is not found locally, Docker pulls it from Docker Hub.

開啓一個docker化的web服務器。就想上面的hello-world鏡像，若是鏡像在本地沒有找到，Docker就會從Docker hub中拉取它：

  -d, --detach          Run container in background and print container ID在後臺運行容器並打印容器ID
  -p, --publish list          Publish a container's port(s) to the host  發佈容器的端口給主機,例如:-p 80:80

userdeMBP:~ user$ docker run -d -p 80:80 --name webserver nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a5a6f2f73cd8: Pull complete 
1ba02017c4b2: Pull complete 
33b176c904de: Pull complete 
Digest: sha256:5d32f60db294b5deb55d078cd4feb410ad88e6fe77500c87d3970eca97f54dba
Status: Downloaded newer image for nginx:latest
134014354a4e29e0ae9382f7c3b067246a1c1d5a1a4c242b21449f9213ae2f46

 

3.In a web browser, go to http://localhost/ to view the nginx homepage. Because we specified the default HTTP port, it isn’t necessary to append :80 at the end of the URL.

在瀏覽器中，使用http://localhost/去瀏覽nginx首頁。由於你指定了默認的HTTP端口，因此就不須要添加:80在URL的終端

Early beta releases used docker as the hostname to build the URL. Now, ports are exposed on the private IP addresses of the VM and forwarded to localhost with no other host name set.

早先的beta版本使用docker做爲主機名去構建URL。如今，端口被暴露在虛擬機的私有IP地址，並指向沒有帶有任何設置的主機名的localhost

 

4.View the details on the container while your web server is running (with docker container ls or docker ps):

當你的web服務器運行時，查看容器的詳情（使用docker container ls或docker ps）

查看容器啓動狀況：

userdeMBP:~ user$ docker ps
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                     NAMES
134014354a4e        nginx                "nginx -g 'daemon of…"   55 seconds ago      Up 55 seconds       0.0.0.0:80->80/tcp        webserver

userdeMBP:~ user$ docker container ls
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                     NAMES
134014354a4e        nginx                "nginx -g 'daemon of…"   8 minutes ago       Up 8 minutes        0.0.0.0:80->80/tcp        webserver

 

 

5.Stop and remove containers and images with the following commands. Use the 「all」 flag (--all or -a) to view stopped containers.

使用下面餓命令中止並移除容器和鏡像。使用「all」標籤(--all or -a) 去查看中止的容器

$ docker container ls
$ docker container stop webserver
$ docker container ls -a
$ docker container rm webserver
$ docker image ls
$ docker image rm nginx

測試：

userdeMBP:~ user$ docker container ls //查看如今有的容器
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS              PORTS                     NAMES
134014354a4e        nginx                "nginx -g 'daemon of…"   8 minutes ago       Up 8 minutes        0.0.0.0:80->80/tcp        webserver

userdeMBP:~ user$ docker container stop webserver
webserver
userdeMBP:~ user$ docker container ls -a //能夠查看到中止的webserver
CONTAINER ID        IMAGE                COMMAND                  CREATED             STATUS                      PORTS                     NAMES
134014354a4e        nginx                "nginx -g 'daemon of…"   11 minutes ago      Exited (0) 18 seconds ago                             webserver

userdeMBP:~ user$ docker container rm webserver
webserver
userdeMBP:~ user$ docker container ls //而後這裏面就沒有webserver這個容器了

userdeMBP:~ user$ docker image ls //查看如今有的鏡像
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
nginx                           latest              568c4670fa80        2 weeks ago         109MB
hello-world                     latest              4ab4c602aa5e        3 months ago        1.84kB

userdeMBP:~ user$ docker image rm nginx //而後刪除nginx這個鏡像
Untagged: nginx:latest
Untagged: nginx@sha256:5d32f60db294b5deb55d078cd4feb410ad88e6fe77500c87d3970eca97f54dba
Deleted: sha256:568c4670fa800978e08e4a51132b995a54f8d5ae83ca133ef5546d092b864acf
Deleted: sha256:ac0442c0fafd48e24a96fa3099ea7ad20012c8759e1dd03dd387dbfbe382984c
Deleted: sha256:6b9d35d8d75115937cd78da275f527cccef672cbd71f34062dffe2e930fd7e13
Deleted: sha256:ef68f6734aa485edf13a8509fe60e4272428deaf63f446a441b79d47fc5d17d3

userdeMBP:~ user$ docker image ls //而後再查看就看不見nginx這個鏡像了
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
hello-world                     latest              4ab4c602aa5e        3 months ago        1.84kB

 

 

Preferences menu

Choose  → Preferences from the menu bar and configure the runtime options described below.

從菜單欄中選擇 → Preferences，像下面的描述同樣配置運行選項

 

1.General

General settings are:常規設置

• Start Docker when you log in: Uncheck this option if you don’t want Docker to start when you open your session. 登陸時開啓Docker：若是你不想要Docker在你打開這個會話的時候打開，就不要選擇這個選項

• Automatically check for updates notifies you when an update is available. Click OK to accept and install updates (or cancel to keep the current version). If you disable this option, you can still find out about updates manually by choosing  → Check for Updates. 當更新可用時，自動檢查更新並通知你：點擊OK接收並安裝更新（或者取消去保持當前的狀態）。若是你不用這個選項，你仍能夠經過選擇 → Check for Updates去手動查找有關更新信息
  

• Include VM in Time Machine backups backs up the Docker for Mac virtual machine. (Disabled by default.) 實時機器備份：爲mac虛擬機備份Docker（默認不可用）
  

• Securely store Docker logins in MacOS keychain stores your Docker login credentials. (Enabled by default.) 將Docker登陸安全地存儲在MacOS密鑰鏈中：存儲你的Docker登陸憑據（默承認用）

• Send usage statistics — Send diagnostics, crash reports, and usage data to Docker. This information helps Docker improve the application and get more context for troubleshooting problems. (Enabled by default.) 發送使用統計-向Docker發送診斷、崩潰報告和使用數據。這些信息有助於Docker改進應用程序，併爲故障排除得到更多上下文。

•  

2.File sharing文件共享

Choose which local directories to share with your containers. File sharing is required for volume mounting if the project lives outside of the /Users directory. In that case, share the drive where the Dockerfile and volume are located. Otherwise, you get file not found or cannot start service errors at runtime.

選擇要與容器共享的本地目錄。若是項目位於/Users目錄以外，卷掛載須要文件共享。在這種狀況下，共享Dockerfile和卷所在的驅動器。不然，將沒法在運行時找到文件或啓動服務錯誤。

File share settings are:文件共享設置

• Add a Directory: Click + and navigate to the directory you want to add. 添加目錄
  

• Apply & Restart makes the directory available to containers using Docker’s bind mount (-v) feature. 應用並重啓
  

  There are some limitations on the directories that can be shared:對於可以被共享的目錄有一些限制

  • They cannot be a subdirectory of an already shared directory.不能夠是已經被共享的目錄的子目錄
  • They cannot already exist inside of Docker. 不能是已經存在於Docker中的目錄

For more information, see:更多信息可見

• Namespaces in the topic on osxfs file system sharing.
• Volume mounting requires file sharing for any project directories outside of /Users.)

 

3.Advanced高級

On the Advanced tab, you can limit resources available to Docker.

在Advanced選項，你能夠限制對Docker有用的資源

 

Advanced settings are:Advanced設定

CPUs: By default, Docker for Mac is set to use half the number of processors available on the host machine. To increase processing power, set this to a higher number; to decrease, lower the number. 默認，mac的Docker設置使用主機中一半數量的有效進程。爲了增長處理能力，可將其設置到更高的數量；反之，爲了下降，能夠設置到更低的數量

Memory: By default, Docker for Mac is set to use 2 GB runtime memory, allocated from the total available memory on your Mac. To increase RAM, set this to a higher number; to decrease it, lower the number. 默認Mac的Docker設置使用2 GB運行內存，從你的mac的總可用內存中分配。爲了增長RAM，設置其到更高數量；爲了下降則設置到更低數量

Swap: Configure swap file size as needed. The default is 1 GB. 配置swap文件到須要大小。默認爲1 GB

 

4.Disk磁盤

Specify the Disk image location of the Linux volume, where containers and images are stored.指定Linux卷的磁盤映像位置，容器和映像存儲在其中。

You can also move the disk image location. If you attempt to move the disk image to a location that already has one, you get a prompt asking if you want to use the existing image or replace it.

還能夠移動磁盤映像位置。若是試圖將磁盤映像移動到已有映像的位置，則會收到一個提示，詢問是否要使用現有映像或替換它。

 

 

 

5.Proxies代理

Docker for Mac detects HTTP/HTTPS Proxy Settings from macOS and automatically propagates these to Docker and to your containers. For example, if you set your proxy settings to http://proxy.example.com, Docker uses this proxy when pulling containers.

 Mac的Docker檢測來自macOS的HTTP/HTTPS代理設置，並自動將這些設置傳播到Docker和容器。例如，若是你將代理設置設置爲http://proxyy.example.com, Docker在提取容器時將使用此代理。

 

 

 When you start a container, your proxy settings propagate into the containers. For example:

啓動容器時，代理設置將傳播到容器中。例如:

沒有設置代理時：

userdeMBP:~ user$ docker run -it alpine env
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
4fe2ade4980c: Pull complete 
Digest: sha256:621c2f39f8133acb8e64023a94dbdf0d5ca81896102b9e57c0dc184cadaf5528
Status: Downloaded newer image for alpine:latest
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b9606b2017da
TERM=xterm
HOME=/root

設置代理後：

 

 而後點擊應用，以後再運行docker run -it alpine env，應該變成：

$ docker run -it alpine env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b7edf988b2b5
TERM=xterm
HOME=/root
HTTP_PROXY=http://proxy.example.com:3128
http_proxy=http://proxy.example.com:3128
no_proxy=*.local, 169.254/16

我沒成功

 

You can see from the above output that the HTTP_PROXY, http_proxy, and no_proxy environment variables are set. When your proxy configuration changes, Docker restarts automatically to pick up the new settings. If you have containers that you wish to keep running across restarts, you should consider using restart policies.

你能夠從上面的輸出中看到設置了HTTP_PROXY、HTTP_PROXY和no_proxy環境變量。當你的代理配置發生更改時，Docker將自動重啓以獲取新的設置。 若是你但願跨重啓運行容器，則應該考慮使用重啓策略。

 

 

 

6.Daemon

You can configure options on the Docker daemon that determine how your containers run.你能夠在Docker守護進程上配置決定容器如何運行的選項。

Select Basic to configure the daemon with interactive settings, or select Advanced to edit the JSON directly.選擇Basic來配置具備交互設置的守護進程，或者選擇Advanced來直接編輯JSON。

 

 

 

 

1）EXPERIMENTAL FEATURES 實驗特性

Both Docker for Mac Stable and Edge releases have experimental features enabled on Docker Engine, as described Docker Experimental Features README. If you uncheck experimental mode, Docker for Mac uses the current generally available release of Docker Engine.

Mac穩定版和Edge版本的Docker都在Docker引擎上啓用了實驗特性，如描述的Docker實驗特性README所述。若是你不檢查實驗模式，Docker for Mac將使用Docker引擎當前一般可用的版本。

⚠️Don’t enable experimental features in production不要在生產中啓用實驗特性

Experimental features are not appropriate for production environments or workloads. They are meant to be sandbox experiments for new ideas. Some experimental features may become incorporated into upcoming stable releases, but others may be modified or pulled from subsequent Edge releases, and never released on Stable.

 實驗特性不適用於生產環境或工做負載。它們是新想法的沙箱實驗。一些實驗性的特性可能會被合併到即將發佈的穩定版本中，可是其餘特性可能會被修改或從後續的邊緣版本中提取，而且永遠不會在穩定版本中發佈。

 

You can see whether you are running experimental mode at the command line. If Experimental is true, then Docker is running in experimental mode, as shown here. (If false, Experimental mode is off.)你能夠查看是否在命令行上運行實驗模式。若是Experimental爲真，那麼Docker運行在Experimental mode下，如圖所示。(若爲假，實驗模式關閉。)

userdeMacBook-Pro:~ user$ docker version -f {{.Server.Experimental}}
true

 -f, --format string   Format the output using the given Go template 格式字符串  使用給定的Go模板格式化輸出

 

2）INSECURE REGISTRIES不安全登陸

You can set up a custom and insecure registry to store your public or private images (instead of using Docker Hub orDocker Trusted Registry). Add URLs for your insecure registries and registry mirrors on which to host your images.你能夠設置一個自定義且不安全的註冊表來存儲你的公共或私有映像(而不是使用Docker Hub或Docker受信任註冊表)。爲不安全的註冊中心添加url，註冊中心鏡像用於承載映像。

See also:

• How do I add custom CA certificates?
• How do I add client certificates

 

3）DAEMON CONFIGURATION FILE守護進程配置文件

Click the Advanced tab to configure the daemon from the JSON file. For a full list of options, see the Docker Engine dockerd commandline reference.

單擊Advanced選項卡從JSON文件配置守護進程。有關選項的完整列表，請參見Docker引擎dockerd命令行引用。

Click Apply & Restart to save your settings and reboot Docker. Or, to cancel changes, click another preference tab, then choose to discard or not apply changes when asked.單擊Apply & Restart保存設置並從新啓動Docker。或者，若要取消更改，請單擊另外一個首選項選項卡，而後在詢問時選擇放棄或不該用更改。

 

7.Kubernetes

額外知識，參考http://www.dockone.io/article/932：

什麼是Kubernetes？

Kubernetes（k8s）是自動化容器操做的開源平臺，這些操做包括部署，調度和節點集羣間擴展。若是你曾經用過Docker容器技術部署容器，那麼能夠將Docker當作Kubernetes內部使用的低級別組件。Kubernetes不只僅支持Docker，還支持Rocket，這是另外一種容器技術。
使用Kubernetes能夠：

• 自動化容器的部署和複製 
• 隨時擴展或收縮容器規模 
• 將容器組織成組，而且提供容器間的負載均衡 
• 很容易地升級應用程序容器的新版本 
• 提供容器彈性，若是容器失效就替換它，等等...

實際上，使用Kubernetes只需一個部署文件，使用一條命令就能夠部署多層容器（前端，後臺等）的完整集羣：

$ kubectl create -f single-config-file.yaml

kubectl是和Kubernetes API交互的命令行程序。

 

⚠️忽然發現本身以前的版本太舊，沒有Kubernetes項，因此進行了版本的更新，如今的版本爲：

userdeMacBook-Pro:~ user$ docker --version
Docker version 18.09.0, build 4d60db4
userdeMacBook-Pro:~ user$ docker-compose --version
docker-compose version 1.23.2, build 1110ad01
userdeMacBook-Pro:~ user$ docker-machine --version
docker-machine version 0.16.0, build 702c267f

In Docker for Mac 17.12 Edge (mac45) and higher, and 18.06 Stable (mac70) and higher, a standalone Kubernetes server is included that runs on your Mac, so that you can test deploying your Docker workloads on Kubernetes.

在Mac 17.12 Edge (mac45)及以上版本、18.06 Stable (mac70)及以上版本的Docker中，包含了一個在Mac上運行的獨立Kubernetes服務器，這樣你就能夠測試在Kubernetes上部署Docker工做負載的狀況。

The Kubernetes client command, kubectl, is included and configured to connect to the local Kubernetes server. If you have kubectl already installed and pointing to some other environment, such as minikube or a GKE cluster, be sure to change context so that kubectl is pointing to docker-for-desktop:

包括Kubernetes客戶機命令kubectl，並將其配置爲鏈接到本地Kubernetes服務器。若是你已經安裝了kubectl並指向其餘環境，例如minikube或GKE集羣，請確保更改上下文，以便kubectl指向docker-for-desktop:

userdeMacBook-Pro:~ user$ kubectl
kubectl controls the Kubernetes cluster manager. 

Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/

Basic Commands (Beginner):
  create         Create a res

可見已經安裝了kubectl，Kubectl 是向 Kubernetes API 服務器發送請求的客戶端。

 

If you installed kubectl with Homebrew, or by some other method, and experience conflicts, remove /usr/local/bin/kubectl.121/5000
 
若是你使用Homebrew安裝了kubectl，或者使用其餘方法安裝了kubectl，可是遇到了衝突，請刪除/usr/local/bin/kubectl

• To enable Kubernetes support and install a standalone instance of Kubernetes running as a Docker container, select Enable Kubernetes, choose the default orchestrator and click the Apply button.要啓用Kubernetes支持並安裝做爲Docker容器運行的獨立Kubernetes實例，請選擇enable Kubernetes，選擇默認的協調器並單擊Apply按鈕。

 

kubernetes安裝特別慢，由於要爬過一道道牆，加速方法就是使用國內鏡像地址：https://registry.docker-cn.com

而且調整內存，最少分配4G：

 

而後從阿里雲Docker鏡像服務下載 Kubernetes 所須要的鏡像：

git clone https://github.com/maguowei/k8s-docker-for-mac.git

運行腳本將鏡像加載到本地：

cd k8s-docker-for-mac/
./load_images.sh

返回結果爲：

wanghuideMBP:k8s-docker-for-mac wanghui$ ./load_images.sh 
images found.
v1.10.3: Pulling from google_containers/kube-proxy-amd64
Digest: sha256:27648ef94bebda5414d2bcb3fb77261420f8a4dcc0a9a0b9c83a96fae6e6d367
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64@sha256:27648ef94bebda5414d2bcb3fb77261420f8a4dcc0a9a0b9c83a96fae6e6d367
v1.10.3: Pulling from google_containers/kube-controller-manager-amd64
Digest: sha256:7dd9bda76d35971701a879132247fd25b91fbb9df42eb9c69ff9509e9ea6b0c0
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64@sha256:7dd9bda76d35971701a879132247fd25b91fbb9df42eb9c69ff9509e9ea6b0c0
v1.10.3: Pulling from google_containers/kube-scheduler-amd64
Digest: sha256:9169d3ec1d8afad74bd9b75e6165094191fef52b47767e7879da5044972464d8
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64@sha256:9169d3ec1d8afad74bd9b75e6165094191fef52b47767e7879da5044972464d8
v1.10.3: Pulling from google_containers/kube-apiserver-amd64
032c9e83eacf: Already exists 
6957897068dc: Pull complete 
Digest: sha256:93d43868b5fdae9d5f6839b483562e8d4522293685636b309a25c0fbfad7e8cd
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.10.3
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64@sha256:93d43868b5fdae9d5f6839b483562e8d4522293685636b309a25c0fbfad7e8cd
1.14.8: Pulling from google_containers/k8s-dns-dnsmasq-nanny-amd64
935c89b81420: Pull complete 
a7b547e960f0: Pull complete 
643ab861079c: Pull complete 
954e9ec699a2: Pull complete 
0acbc5bb3ce1: Pull complete 
Digest: sha256:195d7a05078d84c9b796d0db268e8ef45401ac0ed8aa7c275dd0613d301d5ac0
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-dnsmasq-nanny-amd64@sha256:195d7a05078d84c9b796d0db268e8ef45401ac0ed8aa7c275dd0613d301d5ac0
1.14.8: Pulling from google_containers/k8s-dns-sidecar-amd64
fcff032aa481: Pull complete 
32f866d07026: Pull complete 
Digest: sha256:8b88b6489862d7fce6ec004b865ec4019e94e688ed7b4be50d7f2191587a4547
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-sidecar-amd64@sha256:8b88b6489862d7fce6ec004b865ec4019e94e688ed7b4be50d7f2191587a4547
1.14.8: Pulling from google_containers/k8s-dns-kube-dns-amd64
fcff032aa481: Already exists 
52289fe1eac2: Pull complete 
Digest: sha256:30a881d597e3f234e5f4264b7bf45ca3c7eb120a789c911f2c5ad9f86263322c
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64:1.14.8
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-dns-kube-dns-amd64@sha256:30a881d597e3f234e5f4264b7bf45ca3c7eb120a789c911f2c5ad9f86263322c
3.1: Pulling from google_containers/pause-amd64
Digest: sha256:759c3f0f6493093a9043cc813092290af69029699ade0e3dbe024e968fcb7cca
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64@sha256:759c3f0f6493093a9043cc813092290af69029699ade0e3dbe024e968fcb7cca
v1.10.1: Pulling from google_containers/kubernetes-dashboard-amd64
9518d8afb433: Pull complete 
Digest: sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64@sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747
3.1.12: Pulling from google_containers/etcd-amd64
17ab9c1ae71e: Pull complete 
234f38785762: Pull complete 
a12f76be3e63: Pull complete 
Digest: sha256:a873afd0244c0029295899e3ab7ab7f474d097c42679a6d80c37f4017bc65598
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.1.12
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.1.12
Untagged: registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64@sha256:a873afd0244c0029295899e3ab7ab7f474d097c42679a6d80c37f4017bc65598

View Code

可見安裝了不少鏡像，難怪一直下載不下來

userdeMBP:k8s-docker-for-mac user$ docker images
REPOSITORY                                 TAG                 IMAGE ID            CREATED             SIZE
k8s.gcr.io/kubernetes-dashboard-amd64      v1.10.1             f9aed6605b81        2 weeks ago         122MB
k8s.gcr.io/kube-proxy-amd64                v1.10.3             4261d315109d        7 months ago        97.1MB
k8s.gcr.io/kube-scheduler-amd64            v1.10.3             353b8f1d102e        7 months ago        50.4MB
k8s.gcr.io/kube-controller-manager-amd64   v1.10.3             40c8d10b2d11        7 months ago        148MB
k8s.gcr.io/kube-apiserver-amd64            v1.10.3             e03746fe22c3        7 months ago        225MB
k8s.gcr.io/etcd-amd64                      3.1.12              52920ad46f5b        10 months ago       193MB
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64     1.14.8              c2ce1ffb51ed        12 months ago       41MB
k8s.gcr.io/k8s-dns-sidecar-amd64           1.14.8              6f7f2dc7fab5        12 months ago       42.2MB
k8s.gcr.io/k8s-dns-kube-dns-amd64          1.14.8              80cc5ea4b547        12 months ago       50.5MB
k8s.gcr.io/pause-amd64                     3.1                 da86e6ba6ca1        12 months ago       742kB

 而後就可以開始安裝它了

 

讓其在後臺運行(或者忽略)，而後等待一小會就成功了

An Internet connection is required. Images required to run the Kubernetes server are downloaded and instantiated as containers, and the/usr/local/bin/kubectl command is installed on your Mac.須要網絡鏈接。運行Kubernetes服務器所需的鏡像被下載並實例化爲容器，而且在Mac上安裝了/usr/local/bin/kubectl命令。

When Kubernetes is enabled and running, an additional status bar item displays at the bottom right of the Docker for Mac Preferences dialog.

當Kubernetes啓用並運行時，在Mac Preferences對話框的Docker的右下角會顯示一個額外的狀態欄項。

 

The status of Kubernetes shows in the Docker menu and the context points to docker-for-desktop.

Kubernetes的狀態顯示在Docker菜單中，上下文指向docker-for-desktop。

• By default, Kubernetes containers are hidden from commands like docker service ls, because managing them manually is not supported. To make them visible, select Show system containers (advanced) and click Apply and restart. Most users do not need this option.默認狀況下，Kubernetes容器對docker service ls之類的命令是隱藏的，由於不支持手動管理它們。要使它們可見，選擇Show system containers (advanced)並單擊Apply和restart。大多數用戶不須要這個選項。

• To disable Kubernetes support at any time, deselect Enable Kubernetes. The Kubernetes containers are stopped and removed, and the/usr/local/bin/kubectl command is removed.若要在任什麼時候候禁用Kubernetes支持，請取消選擇啓用Kubernetes。中止和刪除Kubernetes容器，並刪除/usr/local/bin/kubectl命令。

  For more about using the Kubernetes integration with Docker for Mac, see Deploy on Kubernetes.

 這時候查看是否安裝成功：

userdeMBP:k8s-docker-for-mac user$ kubectl
kubectl controls the Kubernetes cluster manager. 

Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/

Basic Commands (Beginner):
  create         Create a resource from a file or from stdin.
  expose         使用 replication controller, service, deployment 或者 pod 並暴露它做爲一個 新的
Kubernetes Service
  run            在集羣中運行一個指定的鏡像
  set            爲 objects 設置一個指定的特徵
  run-container  在集羣中運行一個指定的鏡像. This command is deprecated, use "run" instead

 

8.Reset

Select  -> Preferences from the menu bar, then click Reset to reset factory defaults, restart the Docker daemon, or uninstall.

從菜單欄中選擇 -> Preferences，而後點擊Reset去重置工廠默認值、重啓Docker守護進程或卸載。

Reset settings are:

• Restart - Select to restart the Docker daemon.重啓Docker守護進程

• Remove all data - This option removes/resets all Docker data without a reset to factory defaults (which would cause you to lose settings).此選項刪除/重置全部Docker數據而不重置爲出廠默認值(這會致使你丟失設置)。

• Reset to factory defaults - Choose this option to reset all options on Docker for Mac to its initial state, the same as when it was first installed.選擇此選項可將Mac Docker上的全部選項重置爲其初始狀態，與首次安裝時相同。

  • Uninstall - Choose this option to remove Docker for Mac from your system.選擇此選項可從系統中刪除Mac的Docker。

 

⚠️Uninstall Docker for Mac from the commandline 從命令行卸載mac上的Docker

To uninstall Docker from Mac from a terminal, run: <DockerforMacPath> --uninstall. If your instance is installed in the default location, this command provides a clean uninstall:

從終端卸載Mac的Docker，運行<DockerforMacPath> --uninstall。若是你的實例安裝在默認位置，這個命令提供了一個乾淨的卸載:

$ /Applications/Docker.app/Contents/MacOS/Docker --uninstall
Docker is running, exiting...
Docker uninstalled successfully. You can move the Docker application to the trash.

You might want to use the command-line uninstall if, for example, you find that the app is non-functional, and you cannot uninstall it from the menu.

例如，若是你發現應用程序是非功能性的，而且沒法從菜單中卸載，你可能但願使用命令行卸載。

 

 

9.Add TLS certificates添加TLS證書

You can add trusted Certificate Authorities (CAs) (used to verify registry server certificates) and client certificates (used to authenticate to registries) to your Docker daemon.你能夠向Docker守護進程添加受信任證書頒發機構(CAs)(用於驗證註冊中心服務器證書)和客戶端證書(用於對註冊中心進行身份驗證)。

1）Add custom CA certificates (server side)添加自定義CA證書(服務器端)

All trusted CAs (root or intermediate) are supported. Docker for Mac creates a certificate bundle of all user-trusted CAs based on the Mac Keychain, and appends it to Moby trusted certificates. So if an enterprise SSL certificate is trusted by the user on the host, it is trusted by Docker for Mac.

支持全部受信任CAs(根或中間)。Docker for Mac基於Mac密鑰鏈建立一個包含全部用戶信任CAs的證書包，並將其追加到Moby信任證書。所以，若是主機上的用戶信任某企業的SSL證書，那麼Docker就會信任它。

To manually add a custom, self-signed certificate, start by adding the certificate to the macOS keychain, which is picked up by Docker for Mac. Here is an example.

要手動添加自定義自簽名證書，首先要將證書ca.crt添加到macOS密鑰鏈，Docker爲Mac選擇了這個密鑰鏈。舉例說明：

userdeMBP:~ user$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
Password:
***Error reading file ca.crt
Error reading file ca.crt

由於我沒有這個證書ca.crt，因此報錯

 

Or, if you prefer to add the certificate to your own local keychain only (rather than for all users), run this command instead:

或者，若是你但願只將證書添加到你本身的本地密鑰鏈(而不是針對全部用戶)，則運行如下命令:

$ security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ca.crt

See also, Directory structures for certificates.

⚠️Note: You need to restart Docker for Mac after making any changes to the keychain or to the ~/.docker/certs.d directory in order for the changes to take effect.

注意:在對密鑰鏈或~/.docker/certs.d目錄作任何更改以後，須要從新啓動Mac的Docker，以便更改生效。

 

For a complete explanation of how to do this, see the blog post Adding Self-signed Registry Certs to Docker & Docker for Mac.

有關如何作到這一點的完整解釋，請參閱Adding Self-signed Registry Certs to Docker & Docker for Mac博客文章。

 

2）Add client certificates

You can put your client certificates in~/.docker/certs.d/<MyRegistry>:<Port>/client.cert and ~/.docker/certs.d/<MyRegistry>:<Port>/client.key.

你能夠把你的客戶端證書放在~/.docker/certs.d/<MyRegistry>:<Port>/client.cert和~/.docker/certs.d/<MyRegistry>:<Port>/client.key

When the Docker for Mac application starts up, it copies the ~/.docker/certs.d folder on your Mac to the /etc/docker/certs.d directory on Moby (the Docker for Mac xhyve virtual machine).

當Mac應用程序的Docker開啓了，它將複製你的Mac的~/.docker/certs.d文件夾到Moby（MacDocker的上xhyve虛擬機）的/etc/docker/certs.d目錄中。

⚠️

• You need to restart Docker for Mac after making any changes to the keychain or to the ~/.docker/certs.d directory in order for the changes to take effect.在對密鑰鏈或~/.docker/certs.d目錄作任何更改以後，須要從新啓動Mac的Docker，以便更改生效。

• The registry cannot be listed as an insecure registry (see Docker Daemon). Docker for Mac ignores certificates listed under insecure registries, and does not send client certificates. Commands like docker run that attempt to pull from the registry produce error messages on the command line, as well as on the registry.不能將註冊表列爲不安全註冊表(請參閱Docker守護進程)。Mac的Docker忽略不安全註冊中心下列出的證書，而且不發送客戶端證書。docker run之類的命令試圖從註冊表中提取數據，在命令行和註冊表上生成錯誤消息。

 

3)Directory structures for certificates證書的目錄結構

If you have this directory structure, you do not need to manually add the CA certificate to your Mac OS system login:

若是你有這個目錄結構，你不須要手動添加CA證書到你的Mac OS系統登陸（我也有，可是certs.d目錄中什麼都沒有）:

/Users/<user>/.docker/certs.d/
└── <MyRegistry>:<Port>
   ├── ca.crt
   ├── client.cert
   └── client.key

The following further illustrates and explains a configuration with custom certificates:

下面將進一步說明和解釋帶有自定義證書的配置:

/etc/docker/certs.d/        <-- Certificate directory 證書目錄
└── localhost:5000          <-- Hostname:port 主機名：端口
   ├── client.cert          <-- Client certificate 客戶端證書
   ├── client.key           <-- Client key 客戶端密鑰
   └── ca.crt               <-- Certificate authority that signed the registry certificate在註冊表上簽名的證書頒發機構

You can also have this directory structure, as long as the CA certificate is also in your keychain.

只要CA證書也在密鑰鏈中，就可使用這個目錄結構。

/Users/<user>/.docker/certs.d/
└── <MyRegistry>:<Port>
    ├── client.cert
    └── client.key

To learn more about how to install a CA root certificate for the registry and how to set the client TLS certificate for verification, see Verify repository client with certificates in the Docker Engine topics.

有關如何爲註冊中心安裝CA根證書以及如何設置用於驗證的客戶端TLS證書的更多信息，請參見Docker引擎主題中的Verify repository client with certificates。

 

10.Install shell completion安裝shell completion

Docker for Mac comes with scripts to enable completion for the docker, docker-machine, and docker-compose commands. The completion scripts may be found inside Docker.app, in the Contents/Resources/etc/ directory and can be installed both in Bash and Zsh.

Mac的Docker附帶了一些腳本，用於支持docker、docker-machine和docker-compose命令的完成。completion腳本能夠在Docker.app中找到，在Contents/Resources/etc/目錄，能夠安裝在Bash和Zsh

 

1）Bash

Bash has built-in support for completion To activate completion for Docker commands, these files need to be copied or symlinked to your bash_completion.d/directory. For example, if you installed bash via Homebrew:

Bash內置了對completion的支持，能夠激活Docker命令的完成，須要複製這些文件或將這些文件連接到bash_completion.d/目錄。例如，若是你經過Homebrew安裝bash:

etc=/Applications/Docker.app/Contents/Resources/etc
ln -s $etc/docker.bash-completion $(brew --prefix)/etc/bash_completion.d/docker
ln -s $etc/docker-machine.bash-completion $(brew --prefix)/etc/bash_completion.d/docker-machine
ln -s $etc/docker-compose.bash-completion $(brew --prefix)/etc/bash_completion.d/docker-compose

 用於自動補全命令

 

2)Zsh

In Zsh, the completion system takes care of things. To activate completion for Docker commands, these files need to be copied or symlinked to your Zsh site-functions/directory. For example, if you installed Zsh via Homebrew:

在Zsh中，completion系統負責處理事情。要激活Docker命令的完成，須要將這些文件複製或符號連接到Zsh的site-functions/目錄。例如，若是你經過Homebrew安裝Zsh:

etc=/Applications/Docker.app/Contents/Resources/etc
ln -s $etc/docker.zsh-completion /usr/local/share/zsh/site-functions/_docker
ln -s $etc/docker-machine.zsh-completion /usr/local/share/zsh/site-functions/_docker-machine
ln -s $etc/docker-compose.zsh-completion /usr/local/share/zsh/site-functions/_docker-compose

 

 

11.Give feedback and get help給予反饋並得到幫助

To get help from the community, review current user topics, join or start a discussion, log on to our Docker for Mac forum.要得到社區的幫助，查看當前的用戶主題，加入或開始討論，登陸到咱們的Docker for Mac論壇。

To report bugs or problems, log on to Docker for Mac issues on GitHub, where you can review community reported issues, and file new ones. See Logs and Troubleshooting for more details.要報告bug或問題，請登陸Docker查看GitHub上的Mac問題，在那裏你能夠查看社區報告的問題，並提交新的問題。有關詳細信息，請參見日誌和故障排除。

To give us feedback on the documentation or update it yourself, use the Feedback options at the bottom of each docs page.要對文檔進行反饋或本身進行更新，請使用文檔頁面底部的反饋選項。

 

12.Docker Store Docker存儲

Choose Docker Store from the Docker for Mac menu to get to the Docker app downloads site. Docker store is a component of the next-generation Docker Hub, and the best place to find compliant, trusted commercial and free software distributed as Docker Images.

從 Mac的Docker菜單中選擇Docker Store進入Docker app下載站點。Docker store是下一代Docker Hub的一個組件，是找到兼容、可信的商業和免費軟件的最佳場所，這些軟件以Docker鏡像的形式發佈。

 

 

13.Docker Cloud Docker雲

You can access your Docker Cloud account from within Docker for Mac.

你能夠從Mac中的Docker去訪問你的Docker雲賬戶。

From the Docker for Mac menu, sign in to Docker Cloud with your Docker ID, or create one.

從Docker for Mac菜單，用Docker ID登陸到Docker Cloud，或者建立一個。

登陸後爲：

Then use the Docker for Mac menu to create, view, or navigate directly to your Cloud resources, including organizations, repositories, and swarms.

而後使用Mac中的Docker菜單建立、查看或直接導航到雲資源，包括組織、存儲庫和集羣。

Check out these Docker Cloud topics to learn more:更多學習請看

• Organizations and Teams in Docker Cloud
• Builds and Images
• Swarms in Docker Cloud

Need a direct link to Cloud? Take me to Docker Cloud.

 

14.Where to go next接下來

• Try out the walkthrough at Get Started.

• Dig in deeper with Docker Labs example walkthroughs and source code.

• For a summary of Docker command line interface (CLI) commands, see Docker CLI Reference Guide.

• Check out the blog post, What’s New in Docker 17.06 Community Edition (CE).