docker inspect 详细信息
面试题
如何获取 Docker 容器和镜像的完整详细信息?
docker inspect返回了哪些关键数据?
标准答案
docker inspect 是 Docker 的”万能查看器”,返回容器、镜像、网络、卷等对象的完整 JSON 元数据。它返回的内容非常丰富,是排障和自动化运维的核心命令。
基本用法
# 查看容器详细信息
docker inspect my-container
# 查看镜像信息
docker inspect nginx:alpine
# 查看网络信息
docker inspect bridge
# 查看数据卷信息
docker inspect my-volume
# 不截断输出结果
docker inspect --no-trunc my-container
# 同时查看多个对象
docker inspect container1 container2 volume1
返回 JSON 结构
[
{
"Id": "a1b2c3d4...",
"Created": "2024-01-01T10:00:00Z",
"Path": "nginx",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 12345,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-01-01T10:00:01Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:abc...",
"ResolvConfPath": "/var/lib/docker/containers/.../resolv.conf",
"HostnamePath": "/var/lib/docker/containers/.../hostname",
"HostsPath": "/var/lib/docker/containers/.../hosts",
"LogPath": "/var/lib/docker/containers/.../json.log",
"Name": "/my-container",
"RestartCount": 0,
"Driver": "overlay2",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"80/tcp": [{"HostIp": "", "HostPort": "8080"}]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupParent": "",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"CgroupMode": "host",
"OomKillDisable": false,
"Memory": 536870912, // 512MB(单位:字节)
"MemorySwap": 1073741824, // 1GB
"MemoryReservation": 268435456,
"KernelMemory": 0,
"CpuShares": 1024,
"CpuPeriod": 100000,
"CpuQuota": 0,
"CpusetCpus": "",
"NanoCpus": 0,
"Runtime": "runc"
},
"Config": {
"Hostname": "a1b2c3d4",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {"80/tcp": {}},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": ["PATH=/usr/local/sbin:...", "NGINX_VERSION=1.24"],
"Cmd": ["nginx", "-g", "daemon off;"],
"Image": "nginx:alpine",
"Volumes": null,
"WorkingDir": "/",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"80/tcp": [{
"HostIp": "0.0.0.0",
"HostPort": "8080"
}]
},
"SandboxKey": "/var/run/docker/netns/...",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "abc...",
"EndpointID": "def...",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
常用提取技巧
# 配合 --format 获取特定字段(最常用)
# 获取容器 IP 地址
docker inspect --format='{{.NetworkSettings.IPAddress}}' my-container
# 获取容器状态
docker inspect --format='{{.State.Status}}' my-container
# 获取端口映射
docker inspect --format='{{json .NetworkSettings.Ports}}' my-container
# 获取挂载信息
docker inspect --format='{{json .Mounts}}' my-container
# 获取重启次数
docker inspect --format='{{.RestartCount}}' my-container
# 获取日志路径
docker inspect --format='{{.LogPath}}' my-container
# 获取容器 PID(宿主机视角)
docker inspect --format='{{.State.Pid}}' my-container
# 获取镜像名称和版本
docker inspect --format='{{.Config.Image}}' my-container
# 获取启动命令
docker inspect --format='{{.Config.Cmd}}' my-container
搭配 jq 使用(更灵活)
# 获取容器名称和状态(所有容器)
docker inspect $(docker ps -aq) | jq '.[] | {name: .Name, status: .State.Status}'
# 查找使用 specific network 的容器
docker inspect $(docker ps -q) | jq '.[] | select(.NetworkSettings.Networks.my_net != null) | .Name'
# 获取容器的资源限制
docker inspect myapp | jq '.[0].HostConfig | {Memory, MemorySwap, CpuShares}'
针对镜像的 inspect
# 查看镜像详细信息
docker inspect nginx:alpine
# 关键字段
# - RepoTags: 镜像标签列表
# - RepoDigests: 镜像摘要(hash)
# - Created: 创建时间
# - DockerVersion: 构建时的 Docker 版本
# - Os/Architecture: 系统架构
# - RootFS.Layers: 各层的 hash 值
# - Config.Env: 默认环境变量
# - Config.ExposedPorts: 暴露的端口
# - Size: 镜像大小
# 获取镜像层数
docker inspect --format='{{len .RootFS.Layers}}' nginx:alpine
# 获取镜像大小(字节)
docker inspect --format='{{.Size}}' nginx:alpine
高级用法
1. 获取容器网络配置快照
NET_INFO=$(docker inspect --format='{{json .NetworkSettings.Networks}}' myapp)
echo $NET_INFO | jq '.'
2. 批量检查健康状态
for container in $(docker ps -q); do
status=$(docker inspect --format='{{.State.Health.Status}}' $container 2>/dev/null)
name=$(docker inspect --format='{{.Name}}' $container)
echo "$name: $status"
done
3. 获取所有绑定端口
docker inspect --format='{{json .NetworkSettings.Ports}}' nginx | jq 'keys'
常见面试追问
问:–format 和 jq 哪个更好?
--format 简单快捷,适合获取单个值;jq 适合复杂的 JSON 处理(条件过滤、聚合、格式化输出)。建议都掌握。
问:如何通过 inspect 判断容器是否设置了健康检查?
docker inspect --format='{{.Config.Healthcheck}}' myapp
# 如果返回 ,表示没有配置健康检查
问:如何从 inspect 输出中快速定位配置问题?
查看 HostConfig 与期望配置是否一致。例如端口映射是否正确、挂载路径是否正确、重启策略是否符合预期。
总结
docker inspect 是排查问题的终极工具——几乎所有容器、镜像、网络、卷的配置信息都能从中获取。重点掌握 --format 参数和与 jq 的组合使用,让 JSON 输出变得可读和可编程。
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容