接下来,我们以rhel7镜像 构建容器,并在容器中安装nginx的源码包。以此容器构建新的镜像并做优化
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# ls
nginx-1.15.9.tar.gz rhel7.tar
[root@server1 ~]# docker load -i rhel7.tar
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make
ADD nginx-1.15.9.tar.gz /mnt ##ADD比COPY更强大,如果文件时可识别的压缩文件,会帮忙解压
WORKDIR /mnt/nginx-1.15.9
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc ##关闭debug日志
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server1 docker]# docker build -t nginx:v1 .
[root@server1 docker]# docker run -d --name nginx nginx:v1
096c2d2020638963e877e07a850589ff30e5f5af45278e33f8a859fed35dc81d
[root@server1 docker]#
[root@server1 docker]# docker inspect nginx
"Source": "/var/lib/docker/volumes/7a9f496f3b9d16fa9725ca107c39fa8b9d782c18f0dd3f8d04ea17022b72905a/_data",
"IPAddress": "172.17.0.2",
[root@server1 docker]# cd /var/lib/docker/volumes/7a9f496f3b9d16fa9725ca107c39fa8b9d782c18f0dd3f8d04ea17022b72905a/_data
[root@server1 _data]# ls
50x.html index.html
[root@server1 _data]# echo "hello world" > index.html
[root@server1 _data]#
[root@server1 _data]# cat index.html
hello world
[root@server1 _data]#
[root@server1 _data]# curl 172.17.0.2
hello world
6.查看镜像大小,优化前大小为276M
[root@server1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v1 c3370bb3788a 6 minutes ago 276MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# vim Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx &> /dev/null ##将输出导入垃圾箱
RUN make &> /dev/null ##将输出导入垃圾箱
RUN make install &> /dev/null ##将输出导入垃圾箱
RUN rm -fr /mnt/nginx-1.15.9
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server1 docker]# pwd
/tmp/docker
[root@server1 docker]# docker build -t nginx:v2 .
3.再次查看镜像大小,与之前做比较,仅仅少了4M,效果不佳
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 e47941468af7 About a minute ago 252MB
nginx v1 c3370bb3788a 16 minutes ago 276MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.9
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server1 docker]# docker build -t nginx:v3 .
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v3 cbda333c4f7d 30 seconds ago 250MB
nginx v2 e47941468af7 14 minutes ago 252MB
nginx v1 c3370bb3788a 29 minutes ago 276MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
FROM rhel7 as build
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
RUN rpmdb --rebuilddb && yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && rm -fr /mnt/nginx-1.15.9
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
[root@server1 docker]# docker build -t nginx:v4 .
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 51d0075d7486 23 seconds ago 141MB
nginx v3 cbda333c4f7d 4 minutes ago 250MB
nginx v2 e47941468af7 18 minutes ago 252MB
nginx v1 c3370bb3788a 33 minutes ago 276MB
rhel7 latest 0a3eb3fde7fd 5 years ago 140MB
优化后效果明显镜像减小到150M
优化思路:从底层优化
1.首先我们需要导入一个distroless和nginx镜像
distroless" 镜像只包含应用程序及其运行时依赖项,不包含程序包管理器、shell以及标准Linux发行版中可以找到的任何其他程序。
用distroless去除容器中所有不必要的东西
[root@server1 docker]# docker load -i distroless.tar
668afdbd4462: Loading layer [==================================================>] 18.39MB/18.39MB
Loaded image: gcr.io/distroless/base:latest
[root@server1 docker]# docker load -i nginx.tar
014cf8bfcb2d: Loading layer [==================================================>] 58.46MB/58.46MB
832a3ae4ac84: Loading layer [==================================================>] 53.91MB/53.91MB
e89b70d28795: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: nginx:latest
2.Dockerfile如下
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARGS Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
显而易见,镜像大大减小为23.2M,效果明显
[root@server1 docker]# docker build -t nginx:v5 .
[root@server1 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v5 ea590f5d522f About a minute ago 23.2MB
nginx v4 51d0075d7486 20 minutes ago 141MB
nginx v3 cbda333c4f7d 25 minutes ago 250MB
nginx v2 e47941468af7 39 minutes ago 252MB
nginx v1 c3370bb3788a About an hour ago 276MB
[root@server1 docker]# docker run -d --name vm1 nginx:v5
50a7f5cf1617d57df98659a99424e327ee529dab1e8b16f2ba222014b64e457a
查看IP
[root@server1 docker]# docker inspect vm1
[root@server1 docker]# curl 172.17.0.3
能正常访问到Nginx默认发布页,证明容器镜像可以正常使用