基於Dockerfile構建鏡像

永遠十八歲 2021-08-15 20:52:08 阅读数:771

本文一共[544]字,预计阅读时长:1分钟~
dockerfile

基於Dockerfile構建鏡像

1. Dockerfile:source code for building Docker file

  • Docker可以通過從Dockerfile文件中讀取指令自動構建鏡像
  • Dockerfile是一個文本文檔,它包含用戶可以在命令行上調用的所有命令來組裝映像
  • 使用Docker build命令,用戶可以通過逐條執行幾條命令自動創建鏡像

2. Dockerfile語法格式:

  • 首行必須是以#開頭的行
  • 不區分大小寫,但約定俗成的慣例都是使用全部大寫。
  • Docker按順序在Dockerfile中運行指令
  • 第一個指令必須是“FROM”,以便指定要從其中構建的基本映像

3. 環境變量(使用ENV語句聲明)也可以在某些指令中使用,作為由Dockerfile解釋的變量。

  • 在Dockerfile中,環境變量可以是 v a r i a b l e n a m e variable_name或 {variable_name}
    • ${variable_name}語法還支持一些標准bash修飾符
    • ${variable:-word}錶示,如果設置了變量,那麼結果將是該值。如果變量未設置,則結果為word。
    • ${variable:+word}錶示如果設置了變量,那麼結果將是word,否則結果將是空字符串。

4. .dockerignore文件

  • 在工作目錄中若有子目錄,而子目錄中有些文件不想引用,就可以用.dockerignore來隱藏文件。
  • .dockerignore文件內指明不引用的文件。

4. FROM

  • 用來指定基礎鏡像,若指定的鏡像不存在,會先到Docker Hub中下載
  • 語法:
    • FROM [AS ] #[AS ]:別名
    • FROM [:] [AS ] #tag:標簽
    • FROM [@] [AS ] #digest:哈希碼

5. docker build命令

  • Build an image from a Dockerfile
  • Options
    • -t, --tag list Name and optionally a tag in the 'name:tag' format
    • -m, --memory bytes Memory limit
    • -c, --cpu-shares int CPU shares (relative weight)

6. LABEL

  • 添加鏡像文件的元數據,可出現多次,强烈建議只使用一條,因為一條指令會添加一個層,層數越多,運行效率越低。
  • 語法格式:
    • LABEL = = =... #可指定多個LABEL
    • LABEL #只可指定一個LABEL,第一個空格後的內容都會被當作value

示例 只修改一個鏡像的FROM、LABEL

  1. 創建工作目錄image
[[email protected] ~]# mkdir image
[[email protected] ~]# cd image
複制代碼
  1. 編輯Dockerfile文件,添加以下內容:
[[email protected] image]# vim Dockerfile
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
複制代碼
  1. 制作鏡像:
[[email protected] image]# docker build .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> 3fd9065eaf02
Step 2/2 : LABEL maintainer="lixinkuan <[email protected]>"
---> Running in e1ce9acfc453
Removing intermediate container e1ce9acfc453
---> 1deb17a1af32
Successfully built 1deb17a1af32
複制代碼
  1. 查看:REPOSITORY和TAG都為空的即為新創建的鏡像文件
[[email protected] image]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 1deb17a1af32 5 minutes ago 4.15MB
nginx latest cd5239a0906a 3 weeks ago 109MB
busybox latest 8c811b4aec35 5 weeks ago 1.15MB
httpd 2.4 fb2f3851a971 8 weeks ago 178MB
alpine latest 3fd9065eaf02 5 months ago 4.15MB
複制代碼
  • 創建docker鏡像時,可使用-t後跟 'name:tag' 指定TAG
  • 也可用如下命令添加標簽:
[[email protected] image]# docker image tag 1deb17a1af32 alpine:lxk
[[email protected] image]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine lxk 1deb17a1af32 5 minutes ago 4.41MB
複制代碼

7. COPY

  • 用於從Docker宿主機複制文件至創建的新映像文件
  • 語法:
    • COPY ...
    • COPY ["",... ""]
      • :要複制的源文件或目錄,支持使用通配符
      • :目標路徑,即正在創建的image的文件系統路徑;建議為使用絕對路徑,否則,COPY指定則以WORKDIR為其起始路徑
      • 注意:在路徑中有空白字符時,通常使用第二種格式
  • 文件複制准則:
    • 必須是build上下文中的路徑,不能是其父目錄中的文件
    • 如果是目錄,則其內部文件或子目錄會被遞歸複制,但目錄自身不會被複制
    • 如果指定了多個,或在中使用了通配符,則必須是一個目錄,且必須以/結尾
    • 如果事先不存在,它將會被自動創建,這包括其父目錄路徑

示例:複制單個文件

  1. 在image目錄下為index.html添加內容:
[[email protected] image]# echo '<h1>hello,docker!</h1>' > index.html
複制代碼
  1. 編輯Dockerfile文件,添加語句:
[[email protected] image]# vim Dockerfile
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
COPY index.html /var/www/html/
複制代碼
  1. 用alpine啟動一個容器,查看是否有/var/www/html目錄
[[email protected] image]# docker run -it --name a1 alpine
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/sh
7 root 0:00 ps aux
/ # ls /var/www/html
ls: /var/www/html: No such file or directory
複制代碼
  1. 制作鏡像
[[email protected] image]# docker build -t cpindex:latest .
Sending build context to Docker daemon 3.072kB
Step 1/3 : FROM alpine
---> 3fd9065eaf02
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Running in 9d96e0655a82
Removing intermediate container 9d96e0655a82
---> 56049399eb78
Step 3/3 : COPY index.html /var/www/html/
---> bace8e55c97b
Successfully built bace8e55c97b
Successfully tagged cpindex:latest
複制代碼
  1. 查看制作的鏡像:
[[email protected] image]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
cpindex latest bace8e55c97b 52 seconds ago 4.15MB
複制代碼
  1. 以制作的鏡像啟動一個容器,並查看文件是否存在
[[email protected] image]# docker run --name copyfile -it --rm cpindex:latest
/ # ls /var/www/html
index.html
/ # cat /var/www/html/index.html
<h1>hello,docker!</h1>
複制代碼

示例:複制目錄下的多個文件至目錄

  1. 複制一個目錄至/root/image下
[[email protected] image]# cp -r /etc/default/ ./
[[email protected] image]# ls
default Dockerfile index.html
[[email protected] image]# ls default/
grub kibana nss useradd
複制代碼
  1. 修改Dockerfile文件為以下內容:
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
COPY default /tmp/
複制代碼
  1. 制作鏡像:
[[email protected] image]# docker build -t cpdir:latest ./
Sending build context to Docker daemon 9.216kB
Step 1/3 : FROM alpine
---> 3fd9065eaf02
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/3 : COPY default /tmp/
---> 18cacf50aef9
Successfully built 18cacf50aef9
Successfully tagged cpdir:latest
複制代碼
  1. 查看並驗證:
[[email protected] image]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
cpdir latest 18cacf50aef9 24 seconds ago 4.15MB
[[email protected] image]# docker run --name cpdir -it --rm cpdir:latest
WARNING: IPv4 forwarding is disabled. Networking will not work.
/ # ls /tmp
grub kibana nss useradd
複制代碼

示例:使用數組格式創建配置文件

  1. 修改配置文件如下:
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
COPY ["default","/tmp/default"]
複制代碼
  1. 創建鏡像並驗證
[[email protected] image]# docker build -t cp:latest ./
Sending build context to Docker daemon 9.216kB
Step 1/3 : FROM alpine
---> 3fd9065eaf02
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/3 : COPY ["default","/tmp/default"]
---> bf0799319943
Successfully built bf0799319943
Successfully tagged cp:latest
[[email protected] image]# docker run --name cp -it --rm cp:latest
/ # cd /tmp
/tmp # ls
default
/tmp # cd default/
/tmp/default # ls
grub kibana nss useradd
/tmp/default # exit
複制代碼

8. ADD

  • ADD類似於COPY指令,ADD支持tar文件和URL路徑
  • Syntax
    • ADD ...
    • ADD [""...""]
  • 操作准則:
    • 同COPY指令
    • 如果為URL且不以/結尾,則指定的文件將被下載並直接被創建為;如果以/結尾,則文件名URL指定的文件將被直接下載並保存為/
    • 如果是一個本地系統上的壓縮格式的tar文件,它將被展開為一個目錄,其行為類似於“tar -x”命令;然而,通過URL獲取到的tar文件將不會自動展開;
    • 如果有多個,或其間接或直接使用了通配符,則必須是一個以/結尾的目錄路徑;如果不以/結尾,則其被視作一個普通文件,的內容將被直接寫入到

示例:下載一個文件至鏡像文件

  1. 在工作目錄下編寫Dockerfile文件(使用URL時,用ftp協議失敗)
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
COPY ["default","/tmp/default"]
ADD https://mirrors.aliyun.com/centos/7.5.1804/os/x86_64/Packages/zsh-5.0.2-28.el7.x86_64.rpm /tmp/
複制代碼
  1. 創建鏡像文件
[[email protected] image]# docker build -t zsh:latest ./
Sending build context to Docker daemon 9.216kB
Step 1/4 : FROM alpine
---> 3fd9065eaf02
Step 2/4 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/4 : COPY ["default","/tmp/default"]
---> Using cache
---> bf0799319943
Step 4/4 : ADD https://mirrors.aliyun.com/centos/7.5.1804/os/x86_64/Packages/zsh-5.0.2-28.el7.x86_64.rpm /tmp/
Downloading [==================================================>] 2.494MB/2.494MB
---> 538ab9c6983e
Successfully built 538ab9c6983e
Successfully tagged zsh:latest
複制代碼
  1. 創建容器並查看
[[email protected] image]# docker run -it --name zsh --rm zsh:latest
/ # cd /tmp
/tmp # ls
default zsh-5.0.2-28.el7.x86_64.rpm
複制代碼

示例:ADD一個壓縮包至鏡像文件

  1. 複制壓縮包至工作目錄,並在工作目錄編輯Dockerfile文件
[[email protected] image]# cp /root/wordpress-4.8.1-zh_CN.tar.gz ./
[[email protected] image]# vim Dockerfile
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
ADD wordpress-4.8.1-zh_CN.tar.gz /tmp/
複制代碼
  1. 制作鏡像文件
[[email protected] image]# docker build -t wordpress:latest ./
Sending build context to Docker daemon 8.652MB
Step 1/3 : FROM alpine
---> 3fd9065eaf02
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/3 : ADD wordpress-4.8.1-zh_CN.tar.gz /tmp/
---> 58c32caba31e
Successfully built 58c32caba31e
Successfully tagged wordpress:latest
複制代碼
  1. 創建容器並查看
[[email protected] image]# docker run --name a1 -it --rm wordpress:latest
/ # ls /tmp/wordpress/
index.php wp-admin wp-content wp-load.php wp-signup.php
license.txt wp-blog-header.php wp-cron.php wp-login.php wp-trackback.php
readme.html wp-comments-post.php wp-includes wp-mail.php xmlrpc.php
wp-activate.php wp-config-sample.php wp-links-opml.php wp-settings.php
/ # exit
複制代碼

9. WORKDIR

  • 用於為Dockerfile中所有的RUN、CMD、ENTRYPOINT、COPY和ADD指定設定工作目錄
  • Syntax
    • WORKDIR
      • 在Dockerfile文件中,WORKDIR指令可出現多次,其路徑也可以為相對路徑,不過,其是相對此前一個WORKDIR指令指定的路徑
      • 另外,WORKDIR也可調用由ENV指定定義的變量
    • 例如:
      • WORKDIR /var/log
      • WORKDIR $STATEPATH

示例

  1. 在工作目錄下編輯Dockerfile文件:
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
WORKDIR /tmp
ADD wordpress-4.8.1-zh_CN.tar.gz src
複制代碼
  1. 創建鏡像:
[[email protected] image]# docker build -t wordpress:v0.1 ./
Sending build context to Docker daemon 8.652MB
Step 1/4 : FROM alpine
---> 3fd9065eaf02
Step 2/4 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/4 : WORKDIR /tmp
Removing intermediate container 08bef4630472
---> 54f97eda6b49
Step 4/4 : ADD wordpress-4.8.1-zh_CN.tar.gz src
---> 0811aff4fa7d
Successfully built 0811aff4fa7d
Successfully tagged wordpress:v0.1
複制代碼
  1. 創建容器後,默認工作路徑就是WORKDIR所指的目錄/tmp
[[email protected] image]# docker run --name a1 -it --rm wordpress:v0.1
/tmp # ls
src
/tmp # ls src/
wordpress
/tmp # ls src/wordpress/
index.php wp-admin wp-content wp-load.php wp-signup.php
license.txt wp-blog-header.php wp-cron.php wp-login.php wp-trackback.php
readme.html wp-comments-post.php wp-includes wp-mail.php xmlrpc.php
wp-activate.php wp-config-sample.php wp-links-opml.php wp-settings.php
/tmp # exit
複制代碼

10. VOLUME

  • 用於在image中創建一個掛載點目錄,以掛載Docker host上的卷或其它容器上的卷
  • Syntax
    • VOLUME
    • VOLUME [""]
  • 如果掛載點目錄路徑下此前有文件存在,docker run命令會把原文件隱藏.
  • 如果此前掛載點不存在,docker 會自動創建該目錄.
  • 掛載點下文件變化都可以在宿主機查看
    • 查看方法:
      • docker volume ls #查看宿主機所有掛載的目錄
      • docker inspect -f {{.Mounts}} a1 #通過查看指定容器信息查看掛載點路徑

示例

  1. 在需要掛載的目錄下提供文件
[[email protected] image]# echo "hello,test dockerfile" > /var/www/html/index.html
複制代碼
  1. 在工作目錄下編輯Dockerfile文件
#Test Image Build
FROM alpine
LABEL maintainer="lixinkuan <[email protected]>"
#WORKDIR /tmp
#ADD wordpress-4.8.1-zh_CN.tar.gz src/
VOLUME /var/www/html
複制代碼
  1. 創建鏡像文件
[[email protected] image]# docker build -t file:v0.1 ./
Sending build context to Docker daemon 8.651MB
Step 1/3 : FROM alpine
---> 3fd9065eaf02
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56049399eb78
Step 3/3 : VOLUME /var/www/html
---> [Warning] IPv4 forwarding is disabled. Networking will not work.
---> Running in da84d9f4ca1e
Removing intermediate container da84d9f4ca1e
---> b26c2d7ea64c
Successfully built b26c2d7ea64c
Successfully tagged file:v0.1
複制代碼
  1. 創建容器:
[[email protected] image]# docker run --name a1 -it --rm file
/ # cd /var/www/html/
/var/www/html # echo abc > index.html
/var/www/html # cat index.html
abc
複制代碼
  1. 查看宿主機上的文件:
[[email protected] ~]# docker volume ls #查看本機所有容器掛載的目錄
DRIVER VOLUME NAME
local 6368d0a0b462f5329a4b3bdcb7030e0d6f724bf9f801386f87fdac7660cd1735
[[email protected] ~]# docker inspect -f {{.Mounts}} a1 #查看a1容器的掛載文件路徑
[{volume 6368d0a0b462f5329a4b3bdcb7030e0d6f724bf9f801386f87fdac7660cd1735 /var/lib/docker/volumes/6368d0a0b462f5329a4b3bdcb7030e0d6f724bf9f801386f87fdac7660cd1735/_data /var/www/html local true }]
[[email protected] ~]# cd /var/lib/docker/volumes/6368d0a0b462f5329a4b3bdcb7030e0d6f724bf9f801386f87fdac7660cd1735/_data/
[[email protected] _data]# ls
index.html
[[email protected] _data]# cat index.html
abc #該內容與容器中index.html內容一樣
複制代碼

11. EXPOSE

  • 用於為容器打開指定要監聽的端口以實現與外部通信
  • 實質是通過iptables添加DNAT規則,把外網主機訪問宿主機的請求轉發至指定容器.
  • 需要宿主機開啟核心轉發功能.
  • 可通過iptables -t nat -nvL查看添加的規則.
  • 通過Dockerfile制作鏡像時若不用EXPOSE指定要暴露的端口,可用以下兩種方法暴露端口:
    • 容器運行後,自行添加DNAT規則實現端口暴露.
    • docker run時使用-p選項指定暴露的端口.
    • docker run時使用-P選項暴露所有容器內監聽的端口.
  • docker run時,使用-p選項指定的優先級要高於Dockerfile制作鏡像時指定要暴露的端口.
  • Syntax
    • EXPOSE [/] [[/] ...]
      • 用於指定傳輸層協議,可為tcp或udp二者之一,默認為TCP協議
  • EXPOSE指令可一次指定多個端口,例如
    • EXPOSE 11211/udp 11211/tcp

不用EXPOSE時,宿主機內容器若要被外網主機訪問的情况

  1. 下載redis:4-alpine
[[email protected] ~]# docker pull redis:4-alpine
4-alpine: Pulling from library/redis
ff3a5c916c92: Pull complete
5fbab8756652: Pull complete
ff7d4663b06c: Pull complete
0b5cf71258c2: Pull complete
54bbb9bad8ba: Pull complete
8fe9a341d124: Pull complete
Digest: sha256:686ab026fae07b3b99a8e74210c361714a80311ecc55f23b349ae930ed2f5a95
Status: Downloaded newer image for redis:4-alpine
[[email protected] ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redis 4-alpine caaeda72bf8f 12 days ago 27.8MB
複制代碼
  1. 運行redis鏡像
[[email protected] ~]# docker run --name db1 -d --rm -p 6379 redis:4-alpine
881d5648c7388449a39c67024206c5710b1538f4c941039fa3905bb601b09699
[[email protected] ~]# docker exec -it db1 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[[email protected] ~]# docker exec -it db1 /bin/sh
/data # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 :::6379 :::* LISTEN
/data #
複制代碼
  1. 查看映射的端口
[[email protected] ~]# docker container port db1
6379/tcp -> 0.0.0.0:32768
複制代碼
  1. 外網主機訪問本地宿主機容器
[[email protected] tmp]# redis-cli -h 192.168.1.106 -p 32768
192.168.1.106:32768> select 1
OK
192.168.1.106:32768[1]> set mykey hi
OK
192.168.1.106:32768[1]> keys *
1) "mykey"
192.168.1.106:32768[1]> exit
複制代碼
  1. 查看本地容器內是否有數據
[[email protected] ~]# docker exec -it db1 /bin/sh
/data # redis-cli
127.0.0.1:6379> select 1
OK
127.0.0.1:6379[1]> keys *
1) "mykey"
127.0.0.1:6379[1]> exit
/data # exit
複制代碼

開啟自動端口暴露

  1. 在工作目錄下編寫Dockerfile文件
#Test Image Build
FROM redis:4-alpine
LABEL maintainer="lixinkuan <[email protected]>"
EXPOSE 6379/tcp 26379/tcp
複制代碼
  1. 制作鏡像文件
[[email protected] images]# docker build -t expose_db:latest ./
Sending build context to Docker daemon 8.645MB
Step 1/3 : FROM redis:4-alpine
---> caaeda72bf8f
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Running in f43f9e43b27a
Removing intermediate container f43f9e43b27a
---> e98bb940a8a2
Step 3/3 : EXPOSE 6379/tcp 26379/tcp
---> Running in f53a9be4f661
Removing intermediate container f53a9be4f661
---> ea40417716a0
Successfully built ea40417716a0
Successfully tagged expose_db:latest
複制代碼
  1. 運行並查看效果
[[email protected] images]# docker run --name a1 -d --rm -P redis_expose:latest
ad1225390f8f246cc5bde693ea99b120ee3a2f474416603b0797cda94787cc03
[[email protected] images]# docker container port a1
6379/tcp -> 0.0.0.0:32772
複制代碼
  1. 換一臺主機連接數據庫查看
[[email protected] ~]# redis-cli -h 192.168.200.45 -p 32772
192.168.200.45:32772> select 1
OK
192.168.200.45:32772[1]> keys *
(empty list or set)
192.168.200.45:32772[1]> set test dockerfile
OK
192.168.200.45:32772[1]> keys *
1) "test"
192.168.200.45:32772[1]> get test
"dockerfile"
複制代碼
  1. 在a1容器上查看:
[[email protected] images]# docker exec -it a1 /bin/sh
/data # redis-cli
127.0.0.1:6379> select 1
OK
127.0.0.1:6379[1]> get test
"dockerfile"
複制代碼

示例:驗證Dockerfile與docker run時使用-p的優先級

  1. 編輯Dockerfile
[[email protected] images]# cat Dockerfile
#Test Image Build
FROM redis:4-alpine
LABEL maintainer="lixinkuan <[email protected]>"
EXPOSE 6379/tcp 80/tcp
複制代碼
  1. 制作鏡像:
[[email protected] images]# docker build -t expose_port .
Sending build context to Docker daemon 8.645MB
Step 1/3 : FROM redis:4-alpine
---> caaeda72bf8f
Step 2/3 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 188775dd2e3e
Step 3/3 : EXPOSE 6379/tcp 80/tcp
---> Running in b0f5bfbaafae
Removing intermediate container b0f5bfbaafae
---> 165e707c2b23
Successfully built 165e707c2b23
Successfully tagged expose_port:latest
複制代碼
  1. 運行容器時指定要暴露的端口:
[[email protected] images]# docker run --name db1 -d --rm -p 25 expose_port
e00f3e304103954c00651d44b00ae9961608900e0d5688eee4c08f140340f480
[[email protected] images]# docker container port db1
25/tcp -> 0.0.0.0:32779
複制代碼
  1. 查看防火牆規則,只有暴露25端口的DNAT規則
[[email protected] images]# iptables -t nat -nvL
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32779 to:172.17.0.2:25
複制代碼

12. ENV

  • 用於為鏡像定義所需的環境變量,並可被Dockerfile文件中比特於其後的其它指令(如ENV、ADD、COPY等)所調用
  • 調用格式為 v a r i a b l e n a m e variable_name或 {variable_name}
  • Syntax
    • ENV
    • ENV = ...
  • 第一種格式中,之後的所有內容均會被視作其的組成部分,因此,一次只能設置一個變量
  • 第二種格式可用一次設置多個變量,每個變量為一個"="的鍵值對,如果中包含空格,可以以反斜線()進行轉義,也可通過對加引號進行標識;另外,反斜線也可用於續行
  • 定義多個變量時,建議使用第二種方式,以便在同一層中完成所有功能

示例

  1. 編輯Dockerfile文件
FROM busybox
LABEL maintainer="lixinkuan <[email protected]>"
ENV DOCROOT="/data/web/html/"
COPY index.html ${DOCROOT}
VOLUME ${DOCROOT}
複制代碼
  1. 提供index及所需掛載目錄:
[[email protected] bbox]# mkdir -pv /data/web/html
mkdir: created directory ‘/data’
mkdir: created directory ‘/data/web’
mkdir: created directory ‘/data/web/html’
[[email protected] bbox]# echo hello Docker > index.html
[[email protected] bbox]# cat index.html
hello Docker
複制代碼
  1. 制作鏡像:
[[email protected] bbox]# docker build -t bbox_file:latest ./
Sending build context to Docker daemon 3.072kB
Step 1/5 : FROM busybox
latest: Pulling from library/busybox
07a152489297: Pull complete
Digest: sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47
Status: Downloaded newer image for busybox:latest
---> 8c811b4aec35
Step 2/5 : LABEL maintainer="lixinkuan <[email protected]>"
---> Running in 87a1f2c22ad6
Removing intermediate container 87a1f2c22ad6
---> 56f723d6220c
Step 3/5 : ENV DOCROOT="/data/web/html/"
---> Running in 21fd1fcb0474
Removing intermediate container 21fd1fcb0474
---> c095f8dd8418
Step 4/5 : COPY index.html ${DOCROOT}
---> ee77cd16629a
Step 5/5 : VOLUME ${DOCROOT}
---> Running in 00474fde8b85
Removing intermediate container 00474fde8b85
---> d51ea735fdd3
Successfully built d51ea735fdd3
Successfully tagged bbox_file:latest
複制代碼
  1. 運行容器並查看
[[email protected] bbox]# docker run --name a1 -it --rm bbox_file:latest
/ # ls /data/web/html
index.html
/ # cat /data/web/html/index.html
hello Docker
複制代碼
  1. 另啟終端查看掛載的卷:
[[email protected] ~]# docker volume ls
DRIVER VOLUME NAME
local 1dcd37d2c4f2e6a71e0b96a385714ff01cad5d578e396c9b012922e9993aecbf
local b2df5fcd0e1aa58c403d2e8f0ec880feb7dcb1a80a688697e76122adec55e789
[[email protected] ~]# docker inspect -f {{.Mounts}} a1
[{volume 1dcd37d2c4f2e6a71e0b96a385714ff01cad5d578e396c9b012922e9993aecbf /var/lib/docker/volumes/1dcd37d2c4f2e6a71e0b96a385714ff01cad5d578e396c9b012922e9993aecbf/_data /data/web/html local true }]
複制代碼

13. CMD與RUN

  1. CMD
  • 用於定義鏡像啟動為容器時默認運行的應用程序。
  • 類似於RUN指令,CMD指令也可用於運行任何命令或應用程序,不過,二者的運行時間點不同
    • RUN指令運行於映像文件構建過程中,而CMD指令運行於基於Dockerfile構建出的新映像文件啟動一個容器時
    • CMD指令的首要目的在於為啟動的容器指定默認要運行的程序,且其運行結束後,容器也將終止;不過,CMD指定的命令其可以被docker run的命令行選項所覆蓋
    • 在Dockerfile中可以存在多個CMD指令,但僅最後一個會生效
  • Syntax
    • CMD
    • CMD [“”, “”, “”]
    • CMD ["",""]
  • 前兩種語法格式的意義同RUN
  • 第三種則用於為ENTRYPOINT指令提供默認參數
  1. RUN
  • 指定docker build過程中運行的程序。必須是鏡像中存在的命令。
  • Syntax
    • RUN
    • RUN ["", "", ""]
  • 第一種格式中,通常是一個shell命令,且以“/bin/sh -c”來運行它,這意味著此進程在容器中的PID不為1,不能接收Unix信號,因此,當使用docker stop 命令停止容器時,此進程接收不到SIGTERM信號;
  • 第二種語法格式中的參數是一個JSON格式的數組,其中為要運行的命令,後面的為傳遞給命令的選項或參數;然而,此種格式指定的命令不會以“/bin/sh -c”來發起,因此常見的shell操作如變量替換以及通配符(?,*等)替換將不會進行;不過,如果要運行的命令依賴於此shell特性的話,可以將其替換為類似下面的格式。
    • 示例:RUN ["/bin/bash", "-c", "", ""]

示例1:基於centos基礎鏡像創建一個運行nginx的鏡像

  1. 編輯Dockerfile文件:
FROM centos
LABEL maintainer="lixinkuan <[email protected]>"
COPY base.repo epel.repo /etc/yum.repos.d/
RUN yum -y install nginx \
&& yum clean all \
&& rm -rf /var/cache/yum
複制代碼
  1. 提供base.repo epel.repo文件:
[[email protected] nginx]# wget lixinkuan.top/base.repo
--2018-06-30 11:29:08-- http://lixinkuan.top/base.repo
Resolving lixinkuan.top (lixinkuan.top)... 47.94.102.99
Connecting to lixinkuan.top (lixinkuan.top)|47.94.102.99|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 630
Saving to: ‘base.repo’
100%[=================================================================================>] 630 --.-K/s in 0s
2018-06-30 11:29:08 (87.9 MB/s) - ‘base.repo’ saved [630/630]
[[email protected] nginx]# wget lixinkuan.top/epel.repo
--2018-06-30 11:29:16-- http://lixinkuan.top/epel.repo
Resolving lixinkuan.top (lixinkuan.top)... 47.94.102.99
Connecting to lixinkuan.top (lixinkuan.top)|47.94.102.99|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 214
Saving to: ‘epel.repo’
100%[=================================================================================>] 214 --.-K/s in 0s
2018-06-30 11:29:16 (44.2 MB/s) - ‘epel.repo’ saved [214/214]
[[email protected] nginx]# ls
base.repo Dockerfile epel.repo
複制代碼
  1. 創建鏡像:
[[email protected] nginx]# docker build -t nginx:v0.1 ./
Sending build context to Docker daemon 4.608kB
Step 1/4 : FROM centos
latest: Pulling from library/centos
7dc0dca2b151: Pull complete
Digest: sha256:b67d21dfe609ddacf404589e04631d90a342921e81c40aeaf3391f6717fa5322
Status: Downloaded newer image for centos:latest
---> 49f7960eb7e4
Step 2/4 : LABEL maintainer="lixinkuan <[email protected]>"
---> Running in 6b16128ed7ca
Removing intermediate container 6b16128ed7ca
---> b6ef19a3311f
Step 3/4 : COPY base.repo epel.repo /etc/yum.repos.d/
---> e571c2837442
Step 4/4 : RUN yum -y install nginx && yum clean all && rm -rf /var/cache/yum
---> Running in 445372de8e8d
Loaded plugins: fastestmirror, ovl
.....
執行安裝過程省略
...
Cleaning repos: base epel extras updates
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
Cleaning up list of fastest mirrors
Removing intermediate container 445372de8e8d
---> 5cf6e8e3517e
Successfully built 5cf6e8e3517e
Successfully tagged nginx:v0.1
複制代碼
  1. 創建容器並查看:
[[email protected] nginx]# docker run --name web -it nginx:v0.1
[[email protected] /]# rpm -q nginx
nginx-1.12.2-2.el7.x86_64 #nginx已安裝
[[email protected] /]#
複制代碼

示例2:以busybox制作一個掛載本地/data/web/html目錄並自動運行httpd的鏡像

  1. 在工作目錄編輯Dockerfile文件
FROM busybox
LABEL maintainer="lixinkuan <[email protected]>"
ENV DOCROOT="/data/web/html/"
COPY index.html ${DOCROOT}
VOLUME ${DOCROOT}
CMD /bin/httpd -f -h ${DOCROOT}
複制代碼
  1. 提供index.html並創建要掛載的目錄
[[email protected] bbox]# echo hello Docker > index.html
[[email protected] bbox]# cat index.html
hello Docker
複制代碼
  1. 創建鏡像文件:
[[email protected] bbox]# docker build -t web:v0.1 ./
Sending build context to Docker daemon 3.072kB
Step 1/6 : FROM busybox
---> 8c811b4aec35
Step 2/6 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56f723d6220c
Step 3/6 : ENV DOCROOT="/data/web/html/"
---> Using cache
---> c095f8dd8418
Step 4/6 : COPY index.html ${DOCROOT}
---> Using cache
---> ee77cd16629a
Step 5/6 : VOLUME ${DOCROOT}
---> Using cache
---> d51ea735fdd3
Step 6/6 : CMD /bin/httpd -f -h ${DOCROOT}
---> Running in f2fa2b284306
Removing intermediate container f2fa2b284306
---> b8613217ad3c
Successfully built b8613217ad3c
Successfully tagged web:v0.1
複制代碼
  1. 以新創建的鏡像文件運行容器並查看
[[email protected] bbox]# docker run --name web -d --rm web:v0.1
7b71084ebd922728ebf21d22a4e5ff3462443761c82bc22c640764c6d4925b2a
[[email protected] bbox]# docker container inspect -f {{.Config.Cmd}} web
[/bin/sh -c /bin/httpd -f -h ${DOCROOT}]
[[email protected] bbox]# docker exec -it web /bin/sh
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/httpd -f -h /data/web/html/
7 root 0:00 /bin/sh
13 root 0:00 ps aux
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
複制代碼

示例3:docker run 時不運行鏡像默認進程,運行指定指令

  1. 查看當前鏡像文件:
[[email protected] bbox]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
web v0.1 b8613217ad3c 2 hours ago 1.15MB
複制代碼
  1. 以web:v0.1創建容器,不運行默認命令
[[email protected] bbox]# docker run --name web -it --rm web:v0.1 /bin/sh
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/sh
7 root 0:00 ps aux
複制代碼

14. ENTRYPOINT

  • 類似CMD指令的功能,用於為容器指定默認運行程序,從而使得容器像是一個單獨的可執行程序
  • 與CMD不同的是,由ENTRYPOINT啟動的程序不會被docker run命令行指定的參數所覆蓋,而且,這些命令行參數會被當作參數傳遞給ENTRYPOINT指定指定的程序
    • 不過,docker run命令的--entrypoint選項的參數可覆蓋ENTRYPOINT指令指定的程序
  • Syntax
    • ENTRYPOINT
    • ENTRYPOINT ["", "", ""]
  • docker run命令傳入的命令參數會覆蓋CMD指令的內容並且附加到ENTRYPOINT命令最後做為其參數使用
  • Dockerfile文件中也可以存在多個ENTRYPOINT指令,但僅有最後一個會生效

示例1:

  1. 編輯Dockerfile文件
FROM busybox
LABEL maintainer="lixinkuan <[email protected]>"
VOLUME /data/web/html/
COPY index.html /data/web/html/
EXPOSE 80/tcp
ENTRYPOINT ["/bin/httpd","-f","-h","/data/web/html"]
複制代碼
  1. 創建鏡像
[[email protected] bbox]# docker build -t web:v0.2 ./
Sending build context to Docker daemon 3.072kB
Step 1/6 : FROM busybox
---> 8c811b4aec35
Step 2/6 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56f723d6220c
Step 3/6 : VOLUME /data/web/html/
---> Running in 3095065d0ebb
Removing intermediate container 3095065d0ebb
---> 36dc68fabc6f
Step 4/6 : COPY index.html /data/web/html/
---> e47f81ec7728
Step 5/6 : EXPOSE 80/tcp
---> Running in f86f957ec882
Removing intermediate container f86f957ec882
---> 01a005644fe6
Step 6/6 : ENTRYPOINT ["/bin/httpd","-f","-h","/data/web/html"]
---> Running in 7a5f8b4f4acf
Removing intermediate container 7a5f8b4f4acf
---> 43d514096d34
Successfully built 43d514096d34
Successfully tagged web:v0.2
複制代碼
  1. 創建容器運行並查看:
[[email protected] bbox]# docker exec -it web /bin/sh
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/httpd -f -h /data/web/html
7 root 0:00 /bin/sh
13 root 0:00 ps aux
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
/ #
複制代碼
  1. 運行容器時指定執行/bin/sh
[[email protected] bbox]# docker run --name web -it --rm web:v0.2 /bin/sh
複制代碼
  1. 換另一tty查看
[[email protected] bbox]# docker exec -it web /bin/sh
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/httpd -f -h /data/web/html /bin/sh
7 root 0:00 /bin/sh
13 root 0:00 ps aux
複制代碼

並未執行/bin/sh,而是執行默認程序,/bin/sh被當作參數傳遞給/bin/httpd

示例:在docker run時使用entrypoint的時候更換默認運行的程序

  • --entrypoint string Overwrite the default ENTRYPOINT of the image
  1. 使用鏡像web:v0.2創建容器運行時添加--entrypoint選項
[[email protected] bbox]# docker run --name web -it --rm --entrypoint /bin/sh web:v0.2
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 /bin/sh
7 root 0:00 ps aux
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
/ #
複制代碼

示例

  1. 編輯Dockerfile文件
FROM busybox
LABEL maintainer="lixinkuan <[email protected]>"
ENV DOCROOT="/data/web/html/" MYPORT="80"
COPY index.html ${DOCROOT}
COPY entrypoint.sh /bin/
COPY test.conf /etc/
VOLUME ${DOCROOT}
EXPOSE 80/tcp
#CMD /bin/httpd -f -h ${DOCROOT}
#CMD ["/bin/sh","-c","/bin/httpd","-f","-h","${DOCROOT}"]
ENTRYPOINT ["/bin/entrypoint.sh"]
CMD ["/bin/httpd","-f","-h","/data/web/html/"]
複制代碼
  1. 提供必須文件(脚本文件需加執行權限)
[[email protected] bbox]# cat entrypoint.sh
#!/bin/sh
sed -i "[email protected]^PORT=.*@PORT=${MYPORT}@g" /etc/test.conf
exec "[email protected]"
[[email protected] bbox]# cat test.conf
PORT=8080
複制代碼
  1. 制作鏡像:
[[email protected] bbox]# docker build -t web:v0.3 ./
Sending build context to Docker daemon 5.12kB
Step 1/10 : FROM busybox
---> 8c811b4aec35
Step 2/10 : LABEL maintainer="lixinkuan <[email protected]>"
---> Using cache
---> 56f723d6220c
Step 3/10 : ENV DOCROOT="/data/web/html/" MYPORT="80"
---> Running in f237100ec645
Removing intermediate container f237100ec645
---> f754b5dcea84
Step 4/10 : COPY index.html ${DOCROOT}
---> 3c31424c9b3d
Step 5/10 : COPY entrypoint.sh /bin/
---> 46ec2f5ede8c
Step 6/10 : COPY test.conf /etc/
---> 7db53e00338a
Step 7/10 : VOLUME ${DOCROOT}
---> Running in 5ae02469f585
Removing intermediate container 5ae02469f585
---> 0e1e3e966318
Step 8/10 : EXPOSE 80/tcp
---> Running in ae76bcf870ca
Removing intermediate container ae76bcf870ca
---> dea89896460d
Step 9/10 : ENTRYPOINT ["/bin/entrypoint.sh"]
---> Running in 6862bf4a336e
Removing intermediate container 6862bf4a336e
---> ca568e1ff983
Step 10/10 : CMD ["/bin/httpd","-f","-h","/data/web/html/"]
---> Running in 2aa5dea11848
Removing intermediate container 2aa5dea11848
---> 26bb44795880
Successfully built 26bb44795880
Successfully tagged web:v0.3
複制代碼
  1. 運行容器並查看配置文件是否被修改
[[email protected] bbox]# docker run --name web -d --rm web:v0.3
6ec1f5a008e6a08047e8666f6ed3ad4673360805148789faf780baf335ee5637
[[email protected] bbox]# docker exec -it web /bin/sh
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::80 :::* LISTEN
/ # cat /etc/test.conf
PORT=80
/ # exit
複制代碼

示例:通過傳遞變量更改配置文件的方法: [[email protected] bbox]# docker run --name web1 -d --rm -e MYPORT=10080 web:v0.3 7e3b353e423839d598ee9423e881673066cf99626940b6590e78f34b7622834d [[email protected] bbox]# docker exec -it web1 /bin/sh / # cat /etc/test.conf PORT=10080 / #


### 15.
-
複制代碼
版权声明:本文为[永遠十八歲]所创,转载请带上原文链接,感谢。 https://gsmany.com/2021/08/20210815205202522b.html