Docker容器中Dockerfile的编写
Dockerfile常用命令
dockerfile常用指令
FROM
指定base镜像,如果本地不存在会从远程仓库下载。
MAINTAINER
设置镜像的作者,比如用户邮箱等。
COPY
把文件从build context复制到镜像
支持两种形式:COPY src dest 和 COPY ["src", "dest"]
src必须指定build context中的文件或目录
ADD
用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自
动解压到dest,也可以自动下载URL并拷贝到镜像:
ADD html.tar /var/www
ADD http://ip/html.tar /var/www
ENV
设置环境变量,变量可以被后续的指令使用:
ENV HOSTNAME sevrer1.example.com
EXPOSE
如果容器中运行应用服务,可以把服务端口暴露出去:
EXPOSE 80
VOLUME
申明数据卷,通常指定的是应用的数据挂在点:
VOLUME ["/var/www/html"]
WORKDIR
为RUN、CMD、ENTRYPOINT、ADD和COPY指令设置镜像中的当前工
作目录,如果目录不存在会自动创建。
RUN
在容器中运行命令并创建新的镜像层,常用于安装软件包:
RUN yum install -y vim
CMD 与 ENTRYPOINT
这两个指令都是用于设置容器启动后执行的命令,但CMD会被
docker run后面的命令行覆盖,而ENTRYPOINT不会被忽略,一定会
被执行。
docker run后面的参数可以传递给ENTRYPOINT指令当作参数。
Dockerfile中只能指定一个ENTRYPOINT,如果指定了很多,只有最后
一个有效。
一.脚本下载httpd服务
1.导入镜像
[root@server1 ~]# cd /tmp/
[root@server1 tmp]# ls
[root@server1 tmp]# mkdir docker
[root@server1 tmp]# cd docker/
root@server1 docker]# ls
Dockerfile
[root@server1 ~]# docker load -i rhel7.tar
e1f5733f050b: Loading layer 147.1MB/147.1MB
2.编写Dockerfile
[root@server1 docker]# ls
Dockerfile dvd.repo
[root@server1 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo ##配置yum源,文件在该目录下已经写好
RUN rpmdb --rebuilddb && yum install -y httpd ##下载httpd
CMD ["/usr/sbin/httpd","-D","FOREGROUND"] ##启动方式
[root@server1 docker]# cat dvd.repo
[dvd]
name=rhel7.3
baseurl=http://172.25.61.250:/rhel7.3
gpgcheck=0
3.创建容器,执行脚本
[root@server1 docker]# docker build -t rhel7:v1 .
Sending build context to Docker daemon 3.072kB
Step 1/4 : FROM rhel7
---> 0a3eb3fde7fd
Step 2/4 : COPY dvd.repo /etc/yum.repos.d/dvd.repo
---> 41d72a1d5829
Step 3/4 : RUN rpmdb --rebuilddb && yum install -y httpd
---> Running in 1e18c7ca78c8
Complete!
Removing intermediate container 1e18c7ca78c8
---> 447f28df0d12
Step 4/4 : CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
---> Running in 93be06d3be9e
Removing intermediate container 93be06d3be9e
---> ded1c070ef2a
Successfully built ded1c070ef2a
Successfully tagged rhel7:v1
[root@server1 docker]# docker history rhel7:v1
IMAGE CREATED CREATED BY SIZE COMMENT
ded1c070ef2a About a minute ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
447f28df0d12 About a minute ago /bin/sh -c rpmdb --rebuilddb && yum install … 52.7MB
41d72a1d5829 About a minute ago /bin/sh -c #(nop) COPY file:74fdfc60e6f51f62… 70B
0a3eb3fde7fd 4 years ago 140MB Imported from
端口映射
[root@server1 docker]# docker run -d --name apache -p 80:80 rhel7:v1
148595e2441f500f9de3d5082846ba65f73027d100cea6feed8ace3deac736d2
映射到宿主机的80端口,便于访问
通过浏览器可以访问到httpd默认发布页
4.通过缓存机制重新下载httpd
[root@server1 docker]# ls
Dockerfile dvd.repo index.html
[root@server1 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
RUN rpmdb --rebuilddb && yum install -y httpd
COPY index.html /var/www/html/index.html ##复制文件到http的默认发布页中
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
[root@server1 docker]# cat index.html
www.test.org
[root@server1 docker]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 4.096kB
Step 1/5 : FROM rhel7
---> 0a3eb3fde7fd
Step 2/5 : COPY dvd.repo /etc/yum.repos.d/dvd.repo
---> Using cache
---> 41d72a1d5829
Step 3/5 : RUN rpmdb --rebuilddb && yum install -y httpd
---> Using cache
---> 447f28df0d12
Step 4/5 : COPY index.html /var/www/html/index.html
---> 9300f5f4f26d
Step 5/5 : CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
---> Running in a0966b162aad
Removing intermediate container a0966b162aad
---> 2f31ad1ee91e
Successfully built 2f31ad1ee91e
Successfully tagged rhel7:v2
再次运行的时候和之前文件相同的地方会使用cache,不会重复运行,运行修改的地方,大大提高了效率
[root@server1 docker]# docker run -d --name apache -p 80:80 rhel7:v2
af5c3d5348132b56f81d2beb20bd5d9f2b4a024db9fb8a6f4d64f6f0600ad349
[root@server1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
af5c3d534813 rhel7:v2 "/usr/sbin/httpd -D …" 32 seconds ago Up 29 seconds 0.0.0.0:80->80/tcp apache
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 2f31ad1ee91e 3 minutes ago 193MB
rhel7 v1 ded1c070ef2a 30 minutes ago 193MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd
再次在浏览器上访问的时候默认发布页已经修改
5.更新
[root@server1 docker]# mkdir website/
[root@server1 docker]# mv index.html website/
[root@server1 docker]# ls
Dockerfile dvd.repo website
[root@server1 docker]# cat /tmp/docker/website/index.html
www.test.org
www.test.org
www.test.org
www.test.org
www.test.org
www.test.org
[root@server1 docker]# docker rm -f apache
apache
[root@server1 docker]# docker run -d --name apache -p 80:80 -v /tmp/docker/website:/var/www/html rhel7:v2
二.下载nginx
[root@server1 ~]# docker load -i nginx.tar
014cf8bfcb2d: Loading layer 58.46MB/58.46MB
832a3ae4ac84: Loading layer 53.91MB/53.91MB
e89b70d28795: Loading layer 3.584kB/3.584kB
Loaded image: nginx:latest
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# ls
Dockerfile dvd.repo nginx-1.15.8.tar.gz website
[root@server1 ~]# cd /tmp/docker/
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
##关闭debug日志,减小编译之后的大小
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
docker build -t nginx:v1 .
[root@server1 docker]# docker rm -f apache
apache
[root@server1 docker]# docker run -d --name nginx -p 80:80 nginx:v1
a7a266d52938b8f78c3646e75c7e7fae55463f9f62dfc741d560f46df40cf014
[root@server1 docker]# docker history nginx:v1
IMAGE CREATED CREATED BY SIZE COMMENT
d7893124e001 8 minutes ago /bin/sh -c #(nop) CMD ["/usr/local/nginx/sb… 0B
8971ae2a41b3 8 minutes ago /bin/sh -c make install 3.85MB
99bf30b9d379 8 minutes ago /bin/sh -c make 12.3MB
28593093ca88 8 minutes ago /bin/sh -c ./configure --prefix=/usr/local/… 71.6kB
4b0fadf473a5 8 minutes ago /bin/sh -c sed -i 's/CFLAGS="$CFLAGS -g"/CFL… 3.59kB
95e891867dbe 11 minutes ago /bin/sh -c rpmdb --rebuilddb && yum install … 126MB
39c3b8c8b081 12 minutes ago /bin/sh -c #(nop) WORKDIR /mnt/nginx-1.15.8 0B
867d7db69878 12 minutes ago /bin/sh -c #(nop) ADD file:08059423b65e676c2… 6.16MB
41d72a1d5829 2 hours ago /bin/sh -c #(nop) COPY file:74fdfc60e6f51f62… 70B
0a3eb3fde7fd 4 years ago 140MB Imported from -
添加应用数据挂载点
[root@server1 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/dvd.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server1 docker]# docker build -t nginx:v2 .
[root@server1 docker]# docker run -d --name nginx -p 80:80 nginx:v2
[root@server1 docker]# cd /var/lib/docker/volumes/1245e78f485a62b48410f26920e94a2542e71d09156dfb2f373d4334588344c0/_data/
[root@server1 _data]# ls
50x.html index.html
[root@server1 _data]# vim new.html
[root@server1 _data]# cat new.html
www.news.com
由于数据已经挂载,网页上刷新即可
三.镜像的优化
刚才的镜像制作好后发现镜像太大了,为了方便以后拉取,通常要对镜像进行优化
|选择最精简的基础镜像
l 减少镜像的层数
l 清理镜像构建的中间产物
l 注意优化网络请求
l 尽量去用构建缓存
l 使用多阶段构建镜像
[root@server1 ~]# docker images nginx:v2
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 5f16c1fd7a10 18 minutes ago 289MB
选择最精简的基础镜像
[root@server1 docker]# cat Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
查看重构后的镜像大小,只有23.5MB,所以在实际构建中尽量选
择最精简的base镜像