Docker-Dockerfile方式镜像的构建
1. 创建一个Dockerfile
默认在构建的时候会把当前目录所有数据发送到docker引擎,如果构建在根目录,会把跟目录所有数据发送给docker引擎进行构建,所以,创建Dockerfile尽量不要在根目录。
mkdir docker
cd docker
vim Dockerfile
FROM busybox
RUN echo helloword > testfile• 构建镜像
[root@vm2 demo]# docker build -t busybox:v2 .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM busybox
---> beae173ccac6
Step 2/2 : RUN echo helloword > testfile
---> Running in 33889fdfb36c
Removing intermediate container 33889fdfb36c
---> af46689dc5b5
Successfully built af46689dc5b5
Successfully tagged busybox:v2• 查看镜像的分层结构
[root@vm2 demo]# docker history busybox:v2
IMAGE CREATED CREATED BY SIZE COMMENT
af46689dc5b5 11 minutes ago /bin/sh -c echo helloword > testfile 10B
beae173ccac6 5 months ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:6db446a57cbd2b7f4… 1.24MB• 镜像的缓存特性
构建镜像中有相同的镜像层时,会使用缓存来加速构建。
[root@vm2 demo]# vim Dockerfile
FROM busybox
RUN echo helloword > testfile
COPY file /
[root@vm2 demo]# vim file
FROM busybox
RUN echo helloword > testfile
[root@vm2 demo]# docker build -t busybox:v3 .
Sending build context to Docker daemon 3.072kB
Step 1/3 : FROM busybox
---> beae173ccac6
Step 2/3 : RUN echo helloword > testfile
---> Using cache
---> af46689dc5b5
Step 3/3 : COPY file /
---> 972a56410e72
Successfully built 972a56410e72
Successfully tagged busybox:v3通过Dockerfile来构建镜像,可以清除的看到每一层都干了什么,有安全审计的功能。而通过docker commit 构建新镜像的方式则无法知晓具体在镜像内做了什么操作,无法对镜像进行审计,存在安全隐患。
• dockerfile 最佳实践
| dockerfile常用指令 | |
| FROM | 指定base镜像,如果本地不存在会从远程仓库下载。 |
| MAINTAINER | 设置镜像的作者,比如用户邮箱等。 |
| COPY | 把文件从build context复制到镜像 支持两种形式:COPY src dest 和 COPY ["src", "dest"] src必须指定build context中的文件或目录 |
| ADD | 用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自动解压到 dest,也可以自动下载URL并拷贝到镜像: ADD html.tar /var/www ADD http://ip/html.tar /var/www |
| ENV | 设置环境变量,变量可以被后续的指令使用: ENV HOSTNAME sevrer1.example.com |
| EXPOSE | 如果容器中运行应用服务,可以把服务端口暴露出去: EXPOSE 80 |
| VOLUME | 申明数据卷,通常指定的是应用的数据挂在点: VOLUME ["/var/www/html"] |
| WORKDIR | 为RUN、CMD、ENTRYPOINT、ADD和COPY指令设置镜像中的当 前工作目录,如果目录不存在会自动创建。 |
| RUN | 在容器中运行命令并创建新的镜像层,常用于安装软件包: RUN yum install -y vim |
| CMD 与 ENTRYPOINT | 这两个指令都是用于设置容器启动后执行的命令,但CMD会被docker run后面的命令行覆盖,而ENTRYPOINT不会被忽略,一定会被执行。 docker run后面的参数可以传递给ENTRYPOINT指令当作参数。 Dockerfile中只能指定一个ENTRYPOINT,如果指定了很多,只有最 后一个有效。 |
2. 常用指令实践
2.1 COPY 把文件从build context复制到镜像
[root@vm2 ~]# cd docker/demo/
[root@vm2 demo]# ls
Dockerfile file
[root@vm2 demo]# vim Dockerfile
FROM busybox
COPY file /
[root@vm2 demo]# vim file
hello docker
root@vm2 demo]# docker build -t busybox:v3 .
Sending build context to Docker daemon 1.077MB
Step 1/2 : FROM busybox
---> beae173ccac6
Step 2/2 : COPY file /
---> 609f28019307
Successfully built 609f28019307
Successfully tagged busybox:v3
[root@vm2 demo]# docker run -it --rm busybox:v3
/ # ls
bin dev etc file home proc root sys tmp usr var
/ # cat file
hello docker
/ # 2.2 ADD 用法与COPY类似,不同的是src可以是归档压缩文件,文件会被自动解压到
dest,也可以自动下载URL并拷贝到镜像
[root@vm2 demo]# ls
Dockerfile file nginx-1.21.6.tar.gz
[root@vm2 demo]# vim Dockerfile
FROM busybox
ADD nginx-1.21.6.tar.gz /
[root@vm2 demo]# docker build -t busybox:v4 .
Sending build context to Docker daemon 1.077MB
Step 1/2 : FROM busybox
---> beae173ccac6
Step 2/2 : ADD nginx-1.21.6.tar.gz /
---> Using cache
---> 0ec99bc72f19
Successfully built 0ec99bc72f19
Successfully tagged busybox:v4
[root@vm2 demo]# docker run -it --rm busybox:v4
/ # ls
bin etc nginx-1.21.6 root tmp var
dev home proc sys usr
/ # cd nginx-1.21.6/
/nginx-1.21.6 # ls
CHANGES LICENSE auto configure html src
CHANGES.ru README conf contrib man2.3 ENV 设置环境变量,变量可以被后续的指令使用
[root@vm2 demo]# ls
Dockerfile file nginx-1.21.6.tar.gz
[root@vm2 demo]# vim Dockerfile
FROM busybox
ENV hostname vm2
ADD nginx-1.21.6.tar.gz /
[root@vm2 demo]# docker build -t busybox:v5 .
Sending build context to Docker daemon 1.077MB
Step 1/3 : FROM busybox
---> beae173ccac6
Step 2/3 : ENV hostname vm2
---> Running in 5c5ba3805525
Removing intermediate container 5c5ba3805525
---> cebb03891923
Step 3/3 : ADD nginx-1.21.6.tar.gz /
---> e9aa8cc15264
Successfully built e9aa8cc15264
Successfully tagged busybox:v5
[root@vm2 demo]# docker run -it --rm busybox:v5
/ # env
HOSTNAME=57164b2b12e9
SHLVL=1
HOME=/root
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hostname=vm2
PWD=/
/ #
2.4 VOLUME:申明数据卷,通常指定的是应用的数据挂载点
2.4.1 编辑Dockerkile文件,构建镜像
[root@vm2 demo]# ls
Dockerfile file nginx-1.21.6.tar.gz
[root@vm2 demo]# vim Dockerfile
FROM busybox
ENV hostname vm2
ADD nginx-1.21.6.tar.gz /
VOLUME ["/data"]
[root@vm2 demo]# docker build -t busybox:v6 .
Sending build context to Docker daemon 1.077MB
Step 1/4 : FROM busybox
---> beae173ccac6
Step 2/4 : ENV hostname vm2
---> Using cache
---> cebb03891923
Step 3/4 : ADD nginx-1.21.6.tar.gz /
---> Using cache
---> e9aa8cc15264
Step 4/4 : VOLUME ["/data"]
---> Running in d5212c93a723
Removing intermediate container d5212c93a723
---> aaa7d50b9466
Successfully built aaa7d50b9466
Successfully tagged busybox:v6
2.4.2 查看镜像的创建历史,进入容器,创建文件
[root@vm2 demo]# docker history busybox:v6
IMAGE CREATED CREATED BY SIZE COMMENT
aaa7d50b9466 About a minute ago /bin/sh -c #(nop) VOLUME [/data] 0B
e9aa8cc15264 5 minutes ago /bin/sh -c #(nop) ADD file:8e86f7dae7bf3e74b… 6.46MB
cebb03891923 5 minutes ago /bin/sh -c #(nop) ENV hostname=vm2 0B
beae173ccac6 5 months ago /bin/sh -c #(nop) CMD ["sh"] 0B
<missing> 5 months ago /bin/sh -c #(nop) ADD file:6db446a57cbd2b7f4… 1.24MB
[root@vm2 demo]# docker run -it --rm busybox:v6
/ # cd data/
/data # ls
/data # touch file
##ctrl+p+q退出2.4.3 查看挂载信息,找到并进入挂载目录,编辑之前在镜像内创建的文件file(挂载的目录和镜像内的目录是同步的,编辑挂载目录的文件,镜像内的文件同样会被更改)
[root@vm2 demo]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f4abc5a3f53 busybox:v6 "sh" 39 seconds ago Up 38 seconds frosty_burnell
[root@vm2 demo]# docker inspect 5f4abc5a3f53
......
"Mounts": [
{
"Type": "volume",
"Name": "ab9ce083e6c488a9d0758ca147381bed63ff56e46469ce365b9e1975c9e85a32",
"Source": "/var/lib/docker/volumes/ab9ce083e6c488a9d0758ca147381bed63ff56e46469ce365b9e1975c9e85a32/_data",
"Destination": "/data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
......
[root@vm2 demo]# cd /var/lib/docker/volumes/ab9ce083e6c488a9d0758ca147381bed63ff56e46469ce365b9e1975c9e85a32/_data
[root@vm2 _data]# ls
file
[root@vm2 _data]# echo hello > file
[root@vm2 _data]# cat file
hello
2.4.4 用id重新启动镜像,查看镜像内的文件变化,之后删除镜像内的文件
[root@vm2 _data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f4abc5a3f53 busybox:v6 "sh" 3 minutes ago Up 3 minutes frosty_burnell
[root@vm2 _data]# docker attach 5f4abc5a3f53
/data # ls
file
/data # cat file
hello
/data # rm -rf file
/data #
##ctrl+p+q退出2.4.5 释放数据卷
[root@vm2 demo]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f4abc5a3f53 busybox:v6 "sh" 39 seconds ago Up 38 seconds frosty_burnell
[root@vm2 demo]# docker rm -f 5f4abc5a3f53
5f4abc5a3f53
[root@vm2 ~]# docker volume ls
DRIVER VOLUME NAME
local 4e845a124d5f7f442b48c0af033bcb0c0d47cadf7e810693b6c5faef02ca5a6f
local 4e94218a40e8e7e7032d46875f3d017812beded488a583bb0f7c79962721f07f
local 09df272ed7af46dd81c4b73d02065002a4ec5b26df93e6872d062436b0e855d2
local 71fead7e8d08a2517d51fca07b65550c78d9c2eb458217d6e161ec533fe98964
local a70ac57ff1d5cdd3c0e386c75783fdea4f2ab8847b4553c5d7163b71452c950f
local c213a62a6f11a530e55d1625055debb756935155ed0049c744ac0d9b0db6a19b
local cb3f2b87f9c47c02a413ed0b89c5190bd63b691a0515f89488e447903781ff8f
local e2eab2b9fd7f5245f93c8912e64ab03048060441ad826c1f3301a9db19fe02ba
local e68f0462ac4c0f488fa369965a88a71ab8d09624cf68ef7fdf920f9cf7a5dcd5
[root@vm2 ~]# docker volume prune
WARNING! This will remove all local volumes not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Volumes:
4e94218a40e8e7e7032d46875f3d017812beded488a583bb0f7c79962721f07f
c213a62a6f11a530e55d1625055debb756935155ed0049c744ac0d9b0db6a19b
e2eab2b9fd7f5245f93c8912e64ab03048060441ad826c1f3301a9db19fe02ba
Total reclaimed space: 40B2.5 WORKDIR 为RUN、CMD、ENTRYPOINT、ADD和COPY指令设置镜像中的当前工作目录,如果目录不存在会自动创建。
[root@vm2 demo]# vim Dockerfile
FROM busybox
ENV hostname vm2
WORKDIR /nginx
ADD nginx-1.21.6.tar.gz /nginx
VOLUME ["/data"]
[root@vm2 demo]# docker build -t busybox:v7 .
Sending build context to Docker daemon 1.077MB
Step 1/5 : FROM busybox
---> beae173ccac6
Step 2/5 : ENV hostname vm2
---> Using cache
---> cebb03891923
Step 3/5 : WORKDIR /nginx
---> Running in 13d5345cb0fb
Removing intermediate container 13d5345cb0fb
---> 46333adf45d3
Step 4/5 : ADD nginx-1.21.6.tar.gz /nginx
---> bbe7bb3a02d6
Step 5/5 : VOLUME ["/data"]
---> Running in a5db4a665710
Removing intermediate container a5db4a665710
---> 6972165107ed
Successfully built 6972165107ed
Successfully tagged busybox:v7
[root@vm2 demo]# docker run -it --rm busybox:v7
/nginx # ls
nginx-1.21.6
/nginx #
进入容器镜像时就默认在/nginx这个目录下,而将nginx的包解压在了这个目录中,这个目录之前并不存在,是WORKDIR自动创建的2.6 这两个指令都是用于设置容器启动后执行的命令,但CMD会被dockerrun后面的命令行覆盖,而ENTRYPOINT不会被忽略,一定会被执行。docker run后面的参数可以传递给ENTRYPOINT指令当作参数。Dockerfile中只能指定一个ENTRYPOINT,如果指定了很多,只有最后一个有效
2.6.1 CMD编辑方式,docker run后面的命令行会覆盖文件中echo所要输出的内容
[root@vm2 demo]# vim Dockerfile
ENV hostname vm2
WORKDIR /nginx
ADD nginx-1.21.6.tar.gz /nginx
VOLUME ["/data"]
CMD echo hello docker
[root@vm2 demo]# docker build -t busybox:v8 .
Sending build context to Docker daemon 1.077MB
Step 1/6 : FROM busybox
---> beae173ccac6
Step 2/6 : ENV hostname vm2
---> Using cache
---> cebb03891923
Step 3/6 : WORKDIR /nginx
---> Using cache
---> 46333adf45d3
Step 4/6 : ADD nginx-1.21.6.tar.gz /nginx
---> Using cache
---> bbe7bb3a02d6
Step 5/6 : VOLUME ["/data"]
---> Using cache
---> 6972165107ed
Step 6/6 : CMD echo hello docker
---> Running in 31994c2b2989
Removing intermediate container 31994c2b2989
---> 6ee395d6f7b5
Successfully built 6ee395d6f7b5
Successfully tagged busybox:v8
[root@vm2 demo]# docker run --rm busybox:v8 ##执行了文件中CMD后的echo命令
hello docker
[root@vm2 demo]# docker run --rm busybox:v8 ls ##运行容器时ls覆盖了文件中CMD后echo命令, CMD后的命令不会输出
nginx-1.21.6
2.6.2 ENTRYPOINT编辑方式,docker run后面的命令行不会覆盖文件中echo所要输出的内容
[root@vm2 demo]# vim Dockerfile
FROM busybox
ENV hostname vm2
WORKDIR /nginx
ADD nginx-1.21.6.tar.gz /nginx
VOLUME ["/data"]
ENTRYPOINT echo hello docker
[root@vm2 demo]# docker build -t busybox:v9 .
Sending build context to Docker daemon 1.077MB
Step 1/6 : FROM busybox
---> beae173ccac6
Step 2/6 : ENV hostname vm2
---> Using cache
---> cebb03891923
Step 3/6 : WORKDIR /nginx
---> Using cache
---> 46333adf45d3
Step 4/6 : ADD nginx-1.21.6.tar.gz /nginx
---> Using cache
---> bbe7bb3a02d6
Step 5/6 : VOLUME ["/data"]
---> Using cache
---> 6972165107ed
Step 6/6 : ENTRYPOINT echo hello docker
---> Running in 715694ec8a58
Removing intermediate container 715694ec8a58
---> 87b3a373d13c
Successfully built 87b3a373d13c
Successfully tagged busybox:v9
[root@vm2 demo]# docker run -it --rm busybox:v9
hello docker
[root@vm2 demo]# docker run -it --rm busybox:v9 ls ##用ENTRYPOINT方式编辑后,echo后的输出内容不会被覆盖
hello docker
2.7 RUN 在容器中运行命令并创建新的镜像层,常用于安装软件包
[root@vm2 demo]# vim Dockerfile
FROM centos:7
RUN yum install -y pcre-devel
[root@vm2 demo]# docker build -t centos:v1 .
.....
Complete!
Removing intermediate container 1f8aa8292c49
---> 4f7c0b7f02c1
Successfully built 4f7c0b7f02c1
Successfully tagged centos:v1
[root@vm2 demo]# docker history centos:v1
IMAGE CREATED CREATED BY SIZE COMMENT
4f7c0b7f02c1 About a minute ago /bin/sh -c yum install -y pcre-devel 171MB
eeb6ee3f44bd 9 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 9 months ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 9 months ago /bin/sh -c #(nop) ADD file:b3ebbe8bd304723d4… 204MB 3. Shell和exec格式的区别
3.1 Shell格式底层会调用/bin/sh -c来执行命令,可以解析变量
[root@vm2 demo]# vim Dockerfile
FROM centos:7
RUN yum install -y pcre-devel
ENV HOSTNAME vm2
CMD echo "hello $HOSTNAME"
[root@vm2 demo]# docker build -t centos:v2 .
Sending build context to Docker daemon 1.077MB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : RUN yum install -y pcre-devel
---> Using cache
---> 4f7c0b7f02c1
Step 3/4 : ENV HOSTNAME vm2
---> Running in 27a73e988532
Removing intermediate container 27a73e988532
---> 3afd2ae3e8cd
Step 4/4 : CMD echo "hello $HOSTNAME"
---> Running in db45d44d800a
Removing intermediate container db45d44d800a
---> 95a0bfc8780e
Successfully built 95a0bfc8780e
Successfully tagged centos:v2
[root@vm2 demo]# docker run -it --rm centos:v2
hello vm2
3.2 exec格式则不会调用/bin/sh -c来执行命令,不会解析变量
[root@vm2 demo]# vim Dockerfile
FROM centos:7
RUN yum install -y pcre-devel
ENV HOSTNAME vm2
CMD ["/usr/bin/echo", "hello $HOSTNAME"]
[root@vm2 demo]# docker build -t centos:v3 .
Sending build context to Docker daemon 1.077MB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : RUN yum install -y pcre-devel
---> Using cache
---> 4f7c0b7f02c1
Step 3/4 : ENV HOSTNAME vm2
---> Using cache
---> 3afd2ae3e8cd
Step 4/4 : CMD ["/usr/bin/echo", "hello $HOSTNAME"]
---> Running in d779e71086d9
Removing intermediate container d779e71086d9
---> 2771036a6065
Successfully built 2771036a6065
Successfully tagged centos:v3
[root@vm2 demo]# docker run -it --rm centos:v3
hello $HOSTNAME ##直接输出了变量的字符,没有解析
3. 3 exec格式如果需要解析变量,则需要手动调用
[root@vm2 demo]# vim Dockerfile
[root@vm2 demo]# cat Dockerfile
FROM centos:7
RUN yum install -y pcre-devel
ENV HOSTNAME vm2
CMD ["/bin/sh", "-c","echo hello $HOSTNAME"] ##通过手动来调用
[root@vm2 demo]# docker build -t centos:v
v1 v2 v3
[root@vm2 demo]# docker build -t centos:v4 .
Sending build context to Docker daemon 1.077MB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : RUN yum install -y pcre-devel
---> Using cache
---> 4f7c0b7f02c1
Step 3/4 : ENV HOSTNAME vm2
---> Using cache
---> 3afd2ae3e8cd
Step 4/4 : CMD ["/bin/sh", "-c","echo hello $HOSTNAME"]
---> Running in 7497b4af118a
Removing intermediate container 7497b4af118a
---> 49c388eaa47e
Successfully built 49c388eaa47e
Successfully tagged centos:v4
[root@vm2 demo]# docker run -it --rm centos:v4
hello vm2 ##通过手动调用后,解析成功3.4 Exec格式时,ENTRYPOINT可以通过CMD提供额外参数,CMD的额外参数可以在容器启动时动态替换。在shell格式时ENTRYPOINT会忽略任何CMD或docker run提供的参数。
[root@vm2 demo]# vim Dockerfile
FROM centos:7
RUN yum install -y pcre-devel
ENV HOSTNAME vm2
ENTRYPOINT ["/bin/echo", "hello"]
CMD ["world"]
[root@vm2 demo]# docker build -t centos:v5 .
Sending build context to Docker daemon 1.077MB
Error response from daemon: dockerfile parse error line 4: unknown instruction: INT
[root@vm2 demo]# vim Dockerfile
[root@vm2 demo]# docker build -t centos:v5 .
Sending build context to Docker daemon 1.077MB
Step 1/5 : FROM centos:7
---> eeb6ee3f44bd
Step 2/5 : RUN yum install -y pcre-devel
---> Using cache
---> 4f7c0b7f02c1
Step 3/5 : ENV HOSTNAME vm2
---> Using cache
---> 3afd2ae3e8cd
Step 4/5 : ENTRYPOINT ["/bin/echo", "hello"]
---> Running in ea01406169bf
Removing intermediate container ea01406169bf
---> 7f9fe55cd861
Step 5/5 : CMD ["world"]
---> Running in 87c795be89e2
Removing intermediate container 87c795be89e2
---> 493b16943da0
Successfully built 493b16943da0
Successfully tagged centos:v5
[root@vm2 demo]# docker run -it --rm centos:v5
hello world
3.5 Exec格式时,ENTRYPOINT可以通过CMD提供额外参数,CMD的额外参数可以在容器启动时动态替换。在shell格式时ENTRYPOINT会忽略任何CMD或docker run提供的参数,更直观的感受到上面2.6中,CMD 与 ENTRYPOINT的区别
[root@vm2 demo]# docker run -it --rm centos:v5 westos
hello westos
[root@vm2 demo]# docker run -it --rm centos:v5 linux
hello linux
[root@vm2 demo]# docker run -it --rm centos:v5 redhat
hello redhat
[root@vm2 demo]# 