dockerfile

Dockerfile

Dockerfile 是包含一条条指令的文本文件,用于构建docker镜像
基本原则:

选择较小的基础镜像,debian:wheezy 或 debian:jessie
清理编译生成的临时文件、安装包等临时文件
安装软件指定版本号
dockerfile 书写在一个干净的目录下
我们公司的image tag标识一般为 git版本号的前8位_打包的时间戳

一步步构建自己的docker 镜像

  1. FORM 指令

    • 格式 FROM debian:jessie
    FROM debian:jessie

  2. MAINTAINER 指令

    • 格式 MAINTAINER 1209233066@qq.com
    FROM debian:jessie 
MAINTAINER wangendao(1209233066@qq.com)

  3. RUN 指令 run 将会在当前层的最顶层创建一个可执行层,执行所有指令并提交到image

    • 格式1 RUN echo 123
    • 格式2 RUN ["echo","123"]
    FROM debian:jessie 
MAINTAINER wangendao(1209233066@qq.com)
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install nginx -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

  4. COPY 指令

    src是相对于build 上下文的相对路径,desc 是绝对路径或相对于WORKDIR的相对路径。可以保留文件的属性

    • 格式1 COPY src desc
    • 格式2 COPY ["src","desc"]
    FROM debian:jessie 
MAINTAINER wangendao(1209233066@qq.com)
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install nginx -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html

  5. ADD 指令

    src 可以是 url,构建镜像是会自动下载并并执行 chmod 600

    src可以是本地的tar gzip bizp2,构建竟像时会自动解压

    • 格式1 ADD src desc
    • 格式2 ADD ["src","desc"]
    FROM debian:jessie 
MAINTAINER wangendao(1209233066@qq.com)
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install nginx -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

  6. CMD 指令

    指定容器运行时执行的命令,可以被docker run test cmd 中的cmd 覆盖掉

    • 格式1 CMD nginx -g "daemon off;"
    • 格式2 CMD ["-g","daemon off"] exec 格式 最终需要解析成json。因此需要使用"" 。而不是单引号 ''
    • 格式3 CMD["nginx","-g","daemon off;"] exec 格式 最终需要解析成json。因此需要使用"" 。而不是单引号 ''
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install nginx -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp
CMD ["nginx","-g","daemon off;"]

  7. ENTRYPOINT 指令

    功能和CMD 一致。可以再被docker run --entrypoint=cmd test 指令覆盖

    • 格式1 ENTRYPOINT nginx -g "daemon off ;"
    • 格式2 ENTRYPOINT ["nginx","-g","daemon off;"]
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& apt-get update \
&& apt-get install nginx -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  8. ARG和ENV

    ARG 作用域在dockerfile 中。docker build 中 --build-arg k=v 可以覆盖文件中的默认值,这里k 必须是dockerfile 中定义的变量

    ENV 定义的变量作用域在dockerfile、image、container 通过 $variable_name or ${variable_name} 引用

    变量支持 shell 格式的指令 例如:

    ${variable:+word} indicates that if variable is set then word will be the result, otherwise the result is the empty string.
    • 格式1 ARG k=v
    • 格式2 ARG k v
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  9. EXPOSE 指令

    声明端口,作用1 让使用者知道 作用2 让-P 参数实现自动映射端口

    • 格式 EXPOSE 80/tcp EXPOSE 80/udp
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

EXPOSE 80
EXPOSE 80/udp
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  10. VOLUME 指令

    定义匿名卷

    • 格式1 VOLUME /data
    • 格式2 VOLUME ["/data"]
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY index.html /var/www/html/index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

EXPOSE 80
EXPOSE 80/udp
VOLUME /data
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  11. WORKDIR 指令

    指定工作目录影响下面指令的运行目录

    • 格式 WORKDIR /tmp
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

WORKDIR /var/www/html/
COPY index.html index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

EXPOSE 80
EXPOSE 80/udp
VOLUME /data
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  12. USER 指令

    指定后面命令以哪个用户去执行,该用户必须存在

    • 格式 USER [user | user:group | uid | uid:gid | user:gid | uid:group ]

  13. HEALTHCHECK 指令

    检查容器健康状态,在docker ps 中可以查看

    HEALTHCHECK 选项 cmd。其中cmd 按照返回值进行判断 0 表示成功 1表示失败

    • 格式 HEALTHCHECK --interval=10s --timeout=10 --retries=3 curl -fs 127.0.0.1 || exit 1
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

WORKDIR /var/www/html/
COPY index.html index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

HEALTHCHECK --interval=10s --timeout=10 --retries=3  curl -fs 127.0.0.1 || exit 1
EXPOSE 80
EXPOSE 80/udp
VOLUME /data
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  14. ONBUILD 指令

    当镜像作为其他镜像的基础镜像时会执行该指令的内容

    • 格式 ONBUILD COPY index.html /var/www/html/index.html
    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG app=nginx
ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install curl $app -y \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

WORKDIR /var/www/html/
COPY index.html index.html
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /tmp

ONBUILD HEALTHCHECK --interval=10s --timeout=10 --retries=3  curl -fs 127.0.0.1 || exit 1
EXPOSE 80
EXPOSE 80/udp
VOLUME /data
CMD ["-g","daemon off;"]
ENTRYPOINT ["nginx"]

  15. Label

  16. 多阶段构建

    FROM golang:alpine3.18 as build
ENV GOPROXY=https://goproxy.cn
ENV GO111MODULE=on
COPY ./code /code
WORKDIR /code

RUN GOOS=linux GOARCH=386 go build .


#
FROM alpine:3.13

COPY --from=build /code/webhook /webhook
EXPOSE 5001
CMD /webhook

build

[info]

  1. docker build 是在docker服务端进行而不是客户端(The build is run by the Docker daemon, not by the CLI. )

  2. docker客户端发送Dockerfile 的上下文到docker服务端(The first thing a build process does is send the entire context (recursively) to the daemon.)

  3. Dockerfile 最好放在一个空目录下( In most cases, it’s best to start with an empty directory as context and keep your Dockerfile in that directory. )

  4. 不要使用root 或 / 作为上下文目录。因为docker客户端会把上下文发送给docker 服务端(Do not use your root directory, /, as the PATH as it causes the build to transfer the entire contents of your hard drive to the Docker daemon.)

  5. docker build -t 可以通知打多个tags $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest .

    docker build -f 指定文件系统中的 dockerfile 文件$ docker build -f /path/to/a/Dockerfile .

  6. 每一条指令独立运行,并会创建新的镜像。所以 run cd /tmp 并不会对下一条执行造成影响

    [root@esc test]# cat Dockerfile 
FROM alpine
RUN cd /tmp
CMD ["pwd"]

  • 添加sshd 服务

    FROM debian:jessie
MAINTAINER wangendao(1209233066@qq.com)
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& apt-get update \
&& apt-get install -qy openssh-server \
&& mkdir /var/run/sshd \
&& apt-get clean \
&& rm -fr /var/lib/apt/list/*

COPY authorized_keys /root/.ssh/authorized_keys

EXPOSE 22
CMD ["/usr/sbin/sshd","-D"]

    # 让root用户支持密码登录
docker run -d -v /etc/ssh/sshd_config:/etc/ssh/sshd_config 1209233066/debian:sshd

  • apache

    FROM 1209233066/debian:sshd
 
ENV APACHE_LOCK_DIR=/var/lock/apache2
ENV APACHE_RUN_DIR=/var/run/apahe2
ENV APACHE_PID_FILE=/var/run/apache2.pid
ENV APACHE_RUN_USER=www
ENV APACHE_RUN_GROUP=root
ENV APACHE_LOG_DIR=/var/log/apache2
ENV APACHE_RUN_DIR=/tmp

RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" >/etc/timezone \
&& apt-get install -qy apache2 \
&& apt-get clean \
&& rm -f /var/lib/apt/list/* \
&& useradd www -g root -s /sbin/nologin -M

COPY run.sh /

EXPOSE 80
CMD ["/run.sh"]

    [root@esc 2]# cat run.sh 
#!/bin/sh
/usr/sbin/sshd
apache2
tail -f /dev/null

[root@esc 2]# cat run.sh 
#!/bin/sh
/usr/sbin/sshd
exec apache2 -D FOREGROUND
#tail -f /dev/null

  • jre

    FROM 1209233066/debian:11-alisource
MAINTAINER wangendao(1209233066@qq.com)

ENV JAVA_HOME /opt/jre
ENV PATH ${PATH}:${JAVA_HOME}/bin
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

#Server JRE (Java SE Runtime Environment) 8u281
ADD  jdk1.8.0_281/jre /opt/jre

CMD ["java","-version"]

  • tomcat

    FROM 1209233066/jre:1.8.0_281
 
ENV CATALINA_HOME=/opt/tomcat
ENV LANG=zh_cN.UTF-8
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    echo 'Asia/Shanghai' >/etc/timezone

COPY apache-tomcat-8.5.68/ /opt/tomcat
COPY config.yml /opt/prom/config.yml
COPY jmx_javaagent-0.3.1.jar /opt/prom/jmx_javaagent-0.3.1.jar
COPY entrypoint.sh /entrypoint.sh
WORKDIR /opt/tomcat

CMD ["/entrypoint.sh"]

    #promutheus 监控会使用到
vi config.yml
---
rules:
- pattern: '.*'

  • flask

    FROM python
ARG TZ=Asia/Shanghai

RUN pip install flask
RUN echo "from flask import Flask\napp=Flask('__name__')\n@app.route('/')\ndef index():\n  return 'hello world'" > app.py \
&& ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

ENTRYPOINT ["python"]
EXPOSE 5000
CMD ["-m","flask","run","--host=0.0.0.0"]

  • nginx_withstream
    nginx 1.9 开始支持4层代理

    worker_processes  1;
events {
  worker_connections  1024;
}

stream {

log_format main '$remote_addr [$time_local] '
             '$protocol $status $bytes_sent $bytes_received '
             '$session_time "$upstream_addr" '
             '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

    upstream https {
    server 10.4.7.50:31196;
  }
  server {
    listen 443;
    proxy_connect_timeout 2s;
    proxy_timeout 900s;
    proxy_pass https;
    access_log  /dev/stdout main;
  }
}


    FROM alpine:3.13
ARG TZ=Asia/Shanghai
ARG nginx_version=1.20.1

RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories \
&& apk update \
&& apk add build-base zlib-dev gcc  g++ make libffi-dev openssl-dev libtool pcre pcre-dev wget \
&& wget http://nginx.org/download/nginx-${nginx_version}.tar.gz -O /opt/nginx-${nginx_version}.tar.gz \
&& tar xf /opt/nginx-${nginx_version}.tar.gz -C /opt \
&& cd /opt/nginx-${nginx_version} && ./configure --prefix=/usr/local --with-stream_ssl_module --with-stream && make -j 4 && make install \
&& rm -f nginx-${nginx_version}.tar.gz
EXPOSE 80 443
CMD ["-v"]
ENTRYPOINT ["nginx"]

  • prometheus_client

    FROM 1209233066/debian:11-alisource
LABEL maitainer="wangendao(1209233066@qq.com)"

ENV PATH=$PATH:.
ARG TZ=Asia/Shanghai

RUN sed -i 's/deb.debian.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apt/sources.list &&\
    ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone &&\
    apt-get update &&\
    apt-get install lvm2 python3 pip -y  &&\
    pip download prometheus-client==0.15.0 -i https://pypi.tuna.tsinghua.edu.cn/simple/ && \
    pip install ./prometheus_client-0.15.0-py3-none-any.whl && \
    rm -f /prometheus_client-0.15.0-py3-none-any.whl

COPY ./get_message.py /
COPY ./pushgateway.py /
CMD ["./pushgateway.py"]

  • redis-trib

    FROM centos:7
RUN curl -fsSL https://github.com/postmodern/ruby-install/archive/refs/tags/v0.8.5.tar.gz -o v0.8.5.tar.gz &&\
  tar xf v0.8.5.tar.gz &&\
  cd ruby-install-0.8.5/ &&\
  yum install gcc gcc-devel make -y &&\
  make install &&\
  ruby-install --system ruby 2.6.10 &&\
  yum install rubygems redis-trib -y &&\
  gem sources &&\
  gem sources --remove https://rubygems.org/ &&\
  gem sources -a https://mirrors.aliyun.com/rubygems/ &&\
  gem install redis

  • openresty

    FROM 1209233066/debian:11-alisource

# 更新软件包列表
RUN apt-get update
# 安装GCC和G++编译器
RUN apt-get wget gmake install gcc g++ -y
# 安装PCRE库
RUN apt-get install libpcre3 libpcre3-dev -y
# 安装zlib库
RUN apt-get install zlib1g zlib1g-dev -y
# 安装OpenSSL库
RUN apt-get install openssl libssl-dev -y
RUN wget https://openresty.org/download/openresty-1.21.4.3.tar.gz &&\
	tar xf openresty-1.21.4.3.tar.gz &&\
	cd openresty-1.21.4.3/ &&\
	./configure &&\
	gmake &&\
	gmake install

  • nodejs

    FROM  ubuntu:22.04
# https://github.com/nodesource/distributions?tab=readme-ov-file#deb-supported-versions

RUN apt-get update &&\
        apt-get install -y curl &&\
        curl -fsSL https://deb.nodesource.com/setup_16.x -o nodesource_setup.sh &&\
        bash nodesource_setup.sh &&\
        apt-get install -y nodejs &&\
        npm config set registry https://registry.npmmirror.com
CMD ["node","-v"]

  • 多阶段构建

    FROM golang:1.21
ADD . /usr/src/whereabouts
RUN mkdir -p $GOPATH/src/github.com/k8snetworkplumbingwg/whereabouts
WORKDIR $GOPATH/src/github.com/k8snetworkplumbingwg/whereabouts
COPY . .
RUN ./hack/build-go.sh

FROM alpine:latest
LABEL org.opencontainers.image.source https://github.com/k8snetworkplumbingwg/whereabouts
COPY --from=0 /go/src/github.com/k8snetworkplumbingwg/whereabouts/bin/whereabouts .
COPY --from=0 /go/src/github.com/k8snetworkplumbingwg/whereabouts/bin/ip-control-loop .
COPY script/install-cni.sh .
CMD ["/install-cni.sh"]

  • php

    FROM php:7.4-fpm
MAINTAINER jerry <jrzyq111@gmail.com>

ENV PHPREDIS_VERSION 5.3.7
ENV PHPREDIS_EXT_DIR /usr/src/php/redis

RUN mkdir -p $PHPREDIS_EXT_DIR \
        && curl -L https://github.com/phpredis/phpredis/archive/${PHPREDIS_VERSION}.tar.gz | tar xvz -C $PHPREDIS_EXT_DIR --strip 1 \
        && docker-php-ext-install $PHPREDIS_EXT_DIR

RUN apt-get update && apt-get install -y \
        build-essential \
        gcc \
        make \
        curl \
        libonig-dev \
        libfcgi-dev \
        libssl-dev \
        libxml2-dev \
        libbz2-dev \
        libcurl4-openssl-dev \
        libzip-dev \
    libjpeg62-turbo-dev \
        libpng-dev \
        libfreetype6-dev \
        libgmp-dev

RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
        && docker-php-ext-install -j4 gd bz2 zip mbstring iconv mysqli pdo_mysql opcache bcmath gmp sockets intl

COPY ./config/php.ini /usr/local/etc/php/conf.d/
COPY ./config/opcache-recommended.ini /usr/local/etc/php/conf.d/

# clean
RUN apt-get clean \
        && apt-get autoclean \
        && rm -rf /var/lib/apt/lists/*

RUN docker-php-source delete
posted @ 2022-01-12 20:36  mingtian是吧  阅读(14)  评论(0编辑  收藏  举报