物理机:

安装系统依赖环境运用程序多个物理机提高并发量

虚拟机:

把一个物理机虚拟机虚拟成多个机器把依赖环境打成一个别系的模板

容器化:

phpfreetdsKubernetes全栈架构师Docker基本进修笔记 Ruby

镜像根本(依赖环境的镜像;根据根本镜像放入自己的代码或者包;按层存储)启动韶光特殊快,秒级启动

容器:把自己的运用程序,根据某个依赖的根本镜像,天生一个运用程序镜像运用程序镜像,可以运行在任何支配了Docker环境的机器上。

Docker基本命令查看Docker版本Docker详细信息搜索镜像拉取镜像推送镜像启动镜像查看容器查看日志进入容器复制文件删除镜像修正记录保存状态查看Docker版本

[root@k8s-master01 ~]# docker versionClient: Docker Engine - Community Version: 20.10.7 API version: 1.40 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:58:10 2021 OS/Arch: linux/amd64 Context: default Experimental: trueServer: Docker Engine - Community Engine: Version: 19.03.15 API version: 1.40 (minimum version 1.12) Go version: go1.13.15 Git commit: 99e3ed8919 Built: Sat Jan 30 03:16:33 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.6 GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d runc: Version: 1.0.0-rc95 GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 docker-init: Version: 0.18.0 GitCommit: fec3683Docker详细信息

[root@k8s-master01 ~]# docker infoClient: Context: default Debug Mode: false # 可以按需修正 Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.5.1-docker) scan: Docker Scan (Docker Inc., v0.8.0)Server: Containers: 6 Running: 4 Paused: 0 Stopped: 2 Images: 9 Server Version: 19.03.15 Storage Driver: overlay2 # 官方推举的存储驱动,哀求文件系统是xfs,必须支持d_type(目录条款类型,内核上的一个数据,安装系统的时候必须把ftype设置为1,不然的话很影响docker的性能),目前盛行的Storage Driver有aufs(ubuntu支持)、overlay、brtfs Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file # docker日志的存储类型,json-file会存储在本地,目录在Docker Root Dir Cgroup Driver: systemd Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive # 容器编排工具,inactive未启动 Runtimes: runc Default Runtime: runc # docker运行的核心 Init Binary: docker-init containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.19.12-1.el7.elrepo.x86_64 # 内核版本低于3.18不能利用overlay2存储驱动,linux3.18才加入的 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.923GiB Name: k8s-master01 ID: PYSL:2OAV:4C7N:WAI3:7G3J:IBR5:6BXI:7OEG:YNCL:6RAR:3CTF:CTDD Docker Root Dir: /var/lib/docker # 这个目录可以修正,生产环境推举利用ssd硬盘存储,挂载在该目录,可以提高docker的性能,条件不敷的情形下,最好利用一个单独的磁盘进行挂载,不要和宿主机用同一个磁盘 Debug Mode: false Registry: https://index.docker.io/v1/ # 官方镜像仓库,访问较慢,可以修正为自己的镜像仓库 Labels: Experimental: false Insecure Registries: # 如果利用的非官方镜像仓库地址不是https,须要把链接加入到此非安全列表 127.0.0.0/8 Live Restore Enabled: false # 生产环境中须要打开,重启docker进程不会重启正在运行的容器,如果容器没有设置自动重启就会被关闭,不会重启

查看d_type信息(ftype=1解释系统支持d_type)

[root@k8s-master01 ~]# xfs_info /meta-data=/dev/mapper/centos-root isize=512 agcount=4, agsize=1113856 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0data = bsize=4096 blocks=4455424, imaxpct=25 = sunit=0 swidth=0 blksnaming =version 2 bsize=4096 ascii-ci=0 ftype=1log =internal bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1realtime =none extsz=4096 blocks=0, rtextents=0

进入Docker Root Dir,进入任何一个容器目录既可查看对应容器的日志,每次docker重启的时候日志就会被打消

[root@k8s-master01 ~]# cd /var/lib/docker/containers/[root@k8s-master01 containers]# lltotal 0drwx-----x 4 root root 165 Jul 12 10:54 10b58a593a5f417d466fbb2eba54c6ac0e8322a3712cbc6eb46f9cae5b48e4d8[root@k8s-master01 10b58a593a5f417d466fbb2eba54c6ac0e8322a3712cbc6eb46f9cae5b48e4d8]# lltotal 16-rw-r----- 1 root root 4042 Jul 12 10:53 10b58a593a5f417d466fbb2eba54c6ac0e8322a3712cbc6eb46f9cae5b48e4d8-json.log

Insecure Registries目录

[root@k8s-master01 ~]# vim /etc/docker/daemon.json{ "registry-mirrors": [ "https://registry.docker-cn.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn" ], "exec-opts": ["native.cgroupdriver=systemd"], "max-concurrent-downloads": 10, # 并发下载的线程数 "max-concurrent-uploads": 5, # 并发上传的线程数 "log-opts": { "max-size": "300m", # 限定日志文件最大容量,超过则分割 "max-file": "2" # 日志保存最大数量 }, "live-restore": true # 变动docker配置之后须要重启docker才能生效,这个参数可以使得重启docker不影响正在运行的容器进程}搜索镜像

[root@k8s-master01 ~]# docker search centosNAME DESCRIPTION STARS OFFICIAL AUTOMATEDcentos The official build of CentOS. 6631 [OK] ansible/centos7-ansible Ansible on Centos7 134 [OK]consol/centos-xfce-vnc Centos container with "headless" VNC session… 129 [OK]jdeathe/centos-ssh OpenSSH / Supervisor / EPEL/IUS/SCL Repos - … 118 [OK]centos/systemd systemd enabled base container. 100 [OK]centos/mysql-57-centos7 MySQL 5.7 SQL database server 88 imagine10255/centos6-lnmp-php56 centos6-lnmp-php56 58 [OK]tutum/centos Simple CentOS docker image with SSH access 48 centos/postgresql-96-centos7 PostgreSQL is an advanced Object-Relational … 45 jdeathe/centos-ssh-apache-php Apache PHP - CentOS. 31 [OK]kinogmt/centos-ssh CentOS with SSH 29 [OK]guyton/centos6 From official centos6 container with full up… 10 [OK]nathonfowlie/centos-jre Latest CentOS image with the JRE pre-install… 8 [OK]centos/tools Docker image that has systems administration… 7 [OK]drecom/centos-ruby centos ruby 6 [OK]mamohr/centos-java Oracle Java 8 Docker image based on Centos 7 3 [OK]darksheer/centos Base Centos Image -- Updated hourly 3 [OK]miko2u/centos6 CentOS6 日本語環境 2 [OK]amd64/centos The official build of CentOS. 2 dokken/centos-7 CentOS 7 image for kitchen-dokken 2 indigo/centos-maven Vanilla CentOS 7 with Oracle Java Developmen… 2 [OK]mcnaughton/centos-base centos base image 1 [OK]blacklabelops/centos CentOS Base Image! Built and Updates Daily! 1 [OK]starlabio/centos-native-build Our CentOS image for native builds 0 [OK]smartentry/centos centos with smartentry 0 [OK]

OFFICIAL的值是ok代表官方容器,一样平常都是利用官方的

拉取镜像

alpine可以作为根本镜像,拉取镜像的时候如果本地已经存在,则不会重复拉取

可以通过官网搜索镜像:https://hub.docker.com/

拉取镜像,如果本地已有该镜像,则不会重复拉取

[root@k8s-master01 ~]# docker pull alpine:latestlatest: Pulling from library/alpine5843afab3874: Pull complete Digest: sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0Status: Downloaded newer image for alpine:latestdocker.io/library/alpine:latest

默认拉取官方镜像,如果须要拉取指定镜像,须要添加地址,版本号

推送镜像

查看镜像

[root@k8s-master01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 4cdc5dd7eaad 7 days ago 133MBkubernetesui/dashboard v2.3.1 e1482a24335a 3 weeks ago 220MBalpine latest d4ff818577bc 4 weeks ago 5.6MBregistry.cn-beijing.aliyuncs.com/dotbalo/node v3.15.3 d45bf977dfbf 10 months ago 262MBregistry.cn-beijing.aliyuncs.com/dotbalo/pod2daemon-flexvol v3.15.3 963564fb95ed 10 months ago 22.8MBregistry.cn-beijing.aliyuncs.com/dotbalo/cni v3.15.3 ca5564c06ea0 10 months ago 110MBkubernetesui/dashboard v2.0.3 503bc4b7440b 12 months ago 225MBregistry.cn-beijing.aliyuncs.com/dotbalo/coredns 1.7.0 bfe3a36ebd25 13 months ago 45.2MBregistry.cn-beijing.aliyuncs.com/dotbalo/metrics-scraper v1.0.4 86262685d9ab 15 months ago 36.9MBregistry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64 3.2 80d28bedfe5d 17 months ago 683kB

镜像打标签到自己的镜像仓库

[root@k8s-master01 ~]# docker tag registry.cn-beijing.aliyuncs.com/dotbalo/pod2daemon-flexvol:v3.15.3 mingsonzheng/pod2daemon-flexvol:v3.15.3

登录远程镜像仓库

[root@k8s-master01 ~]# docker loginLogin with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.Username: mingsonzhengPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded

登录到指定仓库

docker login xxx.com

推送镜像

[root@k8s-master01 ~]# docker push mingsonzheng/pod2daemon-flexvol:v3.15.3The push refers to repository [docker.io/mingsonzheng/pod2daemon-flexvol]f0e55d2e215d: Pushed 7b2f85666007: Pushed 752045c6df15: Pushed ca07dc9dd06e: Pushed 1d0352c1c217: Pushed 540c65dd0455: Pushed 48855504bcc3: Pushed v3.15.3: digest: sha256:6bd1246d0ea1e573a6a050902995b1666ec0852339e5bda3051f583540361b55 size: 1788启动镜像前台启动后台启动

前台启动,如果本地没有镜像会先拉取

[root@k8s-master01 ~]# docker run -ti centos:8 bashUnable to find image 'centos:8' locally8: Pulling from library/centos7a0437f04f83: Pull complete Digest: sha256:5528e8b1b1719d34604c87e11dcd1c0a20bedf46e83b5632cdeac91b8c04efc1Status: Downloaded newer image for centos:8[root@a4cb8f5d6bd5 /]#

后台启动

[root@k8s-master01 ~]# docker run -d centos:8 bash617a1213ae5ce5c4bed0716fd5b3212b25ed7bcc2099ba329db54cccd3c0b8d5[root@k8s-master01 ~]# 查看容器

查看正在运行的容器

[root@k8s-master01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES617a1213ae5c centos:8 "bash" About a minute ago Exited (0) About a minute ago vigilant_boyd04b21dff00f5 centos:8 "bash" 2 minutes ago Exited (0) 2 minutes ago objective_satoshia4cb8f5d6bd5 centos:8 "bash" 5 minutes ago Exited (127) 2 minutes ago reverent_elgamal

查看所有状态的容器

[root@k8s-master01 ~]# docker ps -aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES1d906297395d centos:8 "bash" 2 minutes ago Exited (0) 2 minutes ago wonderful_hermann617a1213ae5c centos:8 "bash" 22 minutes ago Exited (0) 22 minutes ago vigilant_boyd04b21dff00f5 centos:8 "bash" 22 minutes ago Exited (0) 22 minutes ago objective_satoshia4cb8f5d6bd5 centos:8 "bash" 26 minutes ago Exited (127) 22 minutes ago reverent_elgamala3db403fd0be kubernetesui/dashboard "/dashboard --insecu…" 46 hours ago Up 46 hours k8s_kubernetes-dashboard_kubernetes-dashboard-67484c44f6-brz2z_kubernetes-dashboard_bb016e8e-a4b1-48e6-912c-022addfb72bf_08cd76e9123b3 registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2 "/pause" 46 hours ago Up 46 hours k8s_POD_kubernetes-dashboard-67484c44f6-brz2z_kubernetes-dashboard_bb016e8e-a4b1-48e6-912c-022addfb72bf_0dbec965d88da registry.cn-beijing.aliyuncs.com/dotbalo/node "start_runit" 2 days ago Up 2 days k8s_calico-node_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_0e9869813fc1b registry.cn-beijing.aliyuncs.com/dotbalo/pod2daemon-flexvol "/usr/local/bin/flex…" 2 days ago Exited (0) 2 days ago k8s_flexvol-driver_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_010b58a593a5f registry.cn-beijing.aliyuncs.com/dotbalo/cni "/install-cni.sh" 2 days ago Exited (0) 2 days ago k8s_install-cni_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_0610909969be1 registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2 "/pause" 2 days ago Up 2 days k8s_POD_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_0

查看正在运行的容器的id

[root@k8s-master01 ~]# docker ps -qa3db403fd0be8cd76e9123b3dbec965d88da610909969be1

查看所有的容器的id

[root@k8s-master01 ~]# docker ps -aq1d906297395d617a1213ae5c04b21dff00f5a4cb8f5d6bd5a3db403fd0be8cd76e9123b3dbec965d88dae9869813fc1b10b58a593a5f610909969be1查看日志

[root@k8s-master01 ~]# docker logs -f a3db403fd0be

对应日志路径

/var/lib/docker/containers/a3db403fd0be5eacb8aa1769cc8d215da93eb74da84262aa1aac11551c37a84d进入容器

启动容器

[root@k8s-master01 ~]# docker run -ti nginx:1.14.2 sh#

Xshell 7新建一个链接到做事器

查看运行中的容器

[root@k8s-master01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES2ef850f11136 nginx:1.14.2 "sh" 29 seconds ago Up 28 seconds 80/tcp funny_leavitta3db403fd0be kubernetesui/dashboard "/dashboard --insecu…" 2 days ago Up 2 days k8s_kubernetes-dashboard_kubernetes-dashboard-67484c44f6-brz2z_kubernetes-dashboard_bb016e8e-a4b1-48e6-912c-022addfb72bf_08cd76e9123b3 registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2 "/pause" 2 days ago Up 2 days k8s_POD_kubernetes-dashboard-67484c44f6-brz2z_kubernetes-dashboard_bb016e8e-a4b1-48e6-912c-022addfb72bf_0dbec965d88da registry.cn-beijing.aliyuncs.com/dotbalo/node "start_runit" 3 days ago Up 3 days k8s_calico-node_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_0610909969be1 registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2 "/pause" 3 days ago Up 3 days k8s_POD_calico-node-gn8ws_kube-system_16eeb29c-3383-4e62-b84c-40bf3dae7d07_0

进入容器

[root@k8s-master01 ~]# docker exec -ti 2ef850f11136 sh# lsbin boot devetc home liblib64 media mnt optproc root run sbin srv sys tmp usr var# exit[root@k8s-master01 ~]# 复制文件

后台启动nginx

[root@k8s-master01 ~]# docker run -tid -p 12345:80 nginx:latestb75ad319e61326e05905d41d67616112be51af4d1234f51bef5d21807e9bc42d[root@k8s-master01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESb75ad319e613 nginx:latest "/docker-entrypoint.…" 8 seconds ago Up 6 seconds 0.0.0.0:12345->80/tcp upbeat_brahmagupta

访问地址:http://192.168.232.128:12345/

进入容器

[root@k8s-master01 ~]# docker exec -ti b75ad319e613 bashroot@b75ad319e613:/# cd /usr/share/nginx/html/root@b75ad319e613:/usr/share/nginx/html# ls50x.html index.htmlroot@b75ad319e613:/usr/share/nginx/html# exitexit

复制文件到容器中

[root@k8s-master01 ~]# echo "test cp" > index.html[root@k8s-master01 ~]# docker cp index.html b75ad319e613:/usr/share/nginx/html/

访问地址:http://192.168.232.128:12345/

复制容器中的文件到本地

[root@k8s-master01 ~]# docker cp b75ad319e613:/usr/share/nginx/html/index.html .删除镜像

[root@k8s-master01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx latest 4cdc5dd7eaad 8 days ago 133MB[root@k8s-master01 ~]# docker rmi 4cdc5dd7eaadError response from daemon: conflict: unable to delete 4cdc5dd7eaad (cannot be forced) - image is being used by running container b75ad319e613# 删除容器[root@k8s-master01 ~]# docker rm b75ad319e613Error response from daemon: You cannot remove a running container b75ad319e61326e05905d41d67616112be51af4d1234f51bef5d21807e9bc42d. Stop the container before attempting removal or force remove# 停滞容器运行[root@k8s-master01 ~]# docker stop b75ad319e613b75ad319e613[root@k8s-master01 ~]# docker rm b75ad319e613b75ad319e613[root@k8s-master01 ~]# docker rmi 4cdc5dd7eaadError response from daemon: conflict: unable to delete 4cdc5dd7eaad (must be forced) - image is being used by stopped container cd2a20f47459[root@k8s-master01 ~]# docker rm cd2a20f47459cd2a20f47459[root@k8s-master01 ~]# docker rmi 4cdc5dd7eaadUntagged: nginx:latestUntagged: nginx@sha256:353c20f74d9b6aee359f30e8e4f69c3d7eaea2f610681c4a95849a2fd7c497f9Deleted: sha256:4cdc5dd7eaadff5080649e8d0014f2f8d36d4ddf2eff2fdf577dd13da85c5d2fDeleted: sha256:63d268dd303e176ba45c810247966ff8d1cb9a5bce4a404584087ec01c63de15Deleted: sha256:b27eb5bbca70862681631b492735bac31d3c1c558c774aca9c0e36f1b50ba915Deleted: sha256:435c6dad68b58885ad437e5f35f53e071213134eb9e4932b445eac7b39170700Deleted: sha256:bdf28aff423adfe7c6cb938eced2f19a32efa9fa3922a3c5ddce584b139dc864Deleted: sha256:2c78bcd3187437a7a5d9d8dbf555b3574ba7d143c1852860f9df0a46d5df056aDeleted: sha256:764055ebc9a7a290b64d17cf9ea550f1099c202d83795aa967428ebdf335c9f7修正记录

[root@k8s-master01 ~]# docker imagesregistry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64 3.2 80d28bedfe5d 17 months ago 683kB[root@k8s-master01 ~]# docker history registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2IMAGE CREATED CREATED BY SIZE COMMENT80d28bedfe5d 17 months ago ENTRYPOINT ["/pause"] 0B buildkit.dockerfile.v0<missing> 17 months ago ADD bin/pause-amd64 /pause # buildkit 683kB buildkit.dockerfile.v0<missing> 17 months ago ARG ARCH 0B buildkit.dockerfile.v0保存状态

假设我们复制了文件到容器中,想要保存容器状态须要利用 docker commit

# 拉取镜像[root@k8s-master01 ~]# docker pull nginx:latestlatest: Pulling from library/nginxb4d181a07f80: Pull complete 66b1c490df3f: Pull complete d0f91ae9b44c: Pull complete baf987068537: Pull complete 6bbc76cbebeb: Pull complete 32b766478bc2: Pull complete Digest: sha256:353c20f74d9b6aee359f30e8e4f69c3d7eaea2f610681c4a95849a2fd7c497f9Status: Downloaded newer image for nginx:latestdocker.io/library/nginx:latest# 后台启动容器[root@k8s-master01 ~]# docker run -tid -p 12345:80 nginx:latest8ddcc9d728450c9398579155e793aca873713632d72a8402e5684ebb6f613437# 获取容器ID[root@k8s-master01 ~]# docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES8ddcc9d72845 nginx:latest "/docker-entrypoint.…" 28 seconds ago Up 27 seconds 0.0.0.0:12345->80/tcp confident_leavitt# 复制文件到容器中[root@k8s-master01 ~]# docker cp index.html 8ddcc9d72845:/usr/share/nginx/html/# 提交修正记录[root@k8s-master01 ~]# docker commit -a "mingsonzheng" -m "update index.html" 8ddcc9d72845 nginx:commitsha256:f62c69e4853e45951b1b83eec2432e48e436d65a14a62b087e5fe6c7c9398771# 查看镜像[root@k8s-master01 ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEnginx commit f62c69e4853e 40 seconds ago 133MB# 启动容器,加上--rm,则关闭之后会删除,不会产生大量状态为Exited的容器[root@k8s-master01 ~]# docker run -ti --rm nginx:commit bashroot@c657e57078c1:/# cd /usr/share/nginx/html/root@c657e57078c1:/usr/share/nginx/html# ls50x.html index.htmlroot@c657e57078c1:/usr/share/nginx/html# exitexit# 查看容器,该容器不会涌如今列表中[root@k8s-master01 ~]# docker psDockerfile用法Dockerfile指令Dockerfile用法Dockerfile指令FROM:继续根本镜像MAINTAINER:镜像制作作者信息RUN:用来实行shell命令EXPOSE:暴露端口号CMD:启动容器默认实行的命令ENTRYPOINT:启动容器真正实行的命令VOLUME:创建挂载点ENV:配置环境变量ADD:添加文件到容器COPY:复制文件到容器WORKDIR:设置容器的事情目录USER:容器利用的用户

nginx官方Dockerfile:https://github.com/nginxinc/docker-nginx/blob/master/Dockerfile-alpine.template

继续alpine根本镜像

FROM alpine:%%ALPINE_VERSION%%

MAINTAINER:镜像制作作者信息,新版本推举利用LABEL

LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"

实行shell命令

RUN set -x

apk是alpine安装包的工具

apk add --no-cache --virtual .cert-deps

暴露端口号

EXPOSE 80

启动容器默认实行的命令

CMD ["nginx", "-g", "daemon off;"]

CMD命令可以被覆盖,比如bash

[root@k8s-master01 ~]# docker run -ti --rm nginx:commit bash

CMD 和 ENTRYPOINT 必须有一个,如果两者都有的话,ENTRYPOINT 便是启动命令,而 CMD 便是它的参数

ENTRYPOINT 对应 k8s 的 COMMAND

CMD 对应 k8s 的 arg

VOLUME 是一个匿名的挂载点,Docker 不建议保留容器产生的文件,但是有一些文件是必须保留的,比如数据库,我们可以为其创建一个挂载点,将宿主机的目录挂载到容器里面,这样就可以保留它的数据

配置环境变量

ENV NGINX_VERSION %%NGINX_VERSION%%ENV NJS_VERSION %%NJS_VERSION%%ENV PKG_RELEASE %%PKG_RELEASE%%

但是不建议写在 Dockerfile 中,建议通过命令行 -e 传入参数,独立到镜像之外,可以动态修正

[root@k8s-master01 ~]# docker run -ti -e a=b -e c=d

ADD:复制文件到容器,如果复制压缩文件会自动解压

COPY:复制文件到容器,不会解压,直接复制

WORKDIR:设置容器的事情目录,如果有设置则进入容器时会进入到该目录下

USER:容器利用的用户,系统默认用户是root,但是在业务容器容器化的时候不建议利用root,由于不屈安,可能会造成对宿主机有危险的操作

[root@k8s-master01 ~]# whoamirootDockerfile用法

新增Dockerfile

[root@k8s-master01 ~]# mkdir dockerfiles[root@k8s-master01 ~]# cd dockerfiles/[root@k8s-master01 dockerfiles]# vim Dockerfile# 添加以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileRUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng

在当前目录下构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:user .Sending build context to Docker daemon 2.048kBStep 1/5 : FROM centos:8 ---> 300e315adb2fStep 2/5 : LABEL maintainer="test dockerfile" ---> Running in cccd20f9b0f5Removing intermediate container cccd20f9b0f5 ---> f6dc016add09Step 3/5 : LABEL test=dockerfile ---> Running in e4d1962c630bRemoving intermediate container e4d1962c630b ---> 3977dc88a2f2Step 4/5 : RUN useradd mingsonzheng ---> Running in d3905f2c7dc4Removing intermediate container d3905f2c7dc4 ---> 30968f5c2285Step 5/5 : RUN mkdir /opt/mingsonzheng ---> Running in 811c4ceb3e70Removing intermediate container 811c4ceb3e70 ---> 0cd811c2fadfSuccessfully built 0cd811c2fadfSuccessfully tagged centos:user

启动镜像

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:user bash[root@828f29ae30bf /]#

调试的时候一定要加上 --rm,不然会有很多Exited记录

查看用户

[root@828f29ae30bf /]# cat /etc/passwdmingsonzheng:x:1000:1000::/home/mingsonzheng:/bin/bash

制作完镜像之后,如果调试没有问题,记得推送到镜像仓库

如果测试通过之后,须要优化一下RUN语句,没有必要分开写,由于docker有缓存机制,假设有20个RUN语句,实行第18个的时候失落败了,前面17个实行成功的没有必要再实行一次,修正之后直接从第18个RUN语句连续实行

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfile#RUN useradd mingsonzheng#RUN mkdir /opt/mingsonzhengRUN useradd mingsonzheng && /opt/mingsonzheng

这样docker的层级会少一层,存储大小会小一点

CMD:启动容器默认实行的命令

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileRUN useradd mingsonzhengRUN mkdir /opt/mingsonzhengCMD [ "sh", "-c", "echo 1"]#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:cmd .

如果文件不在当前目录,可以利用-f

[root@k8s-master01 dockerfiles]# mkdir t[root@k8s-master01 dockerfiles]# cp Dockerfile t[root@k8s-master01 dockerfiles]# docker build -t centos:cmd -f t/Dockerfile

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEcentos cmd a008df4670f8 2 minutes ago 210MB

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:cmd1

可以看到打印了一个1就退出了

利用bash覆盖CMD命令

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:cmd bash[root@924006c7dc0e /]# exitexit

可以看到它就不打印了,覆盖了CMD命令

在k8s中不建议将CMD命令打到镜像中,由于我们遵照的构建策略是一次构建到处运行,启动的命令可能不是统一的,可以指定配置文件让启动命令根据配置文件变成不同环境的命令,这样可以利用k8s的arg或者cmd去覆盖掉它的启动参数,以是CMD可以不打到镜像中,当然也可以利用变量的注入办法

利用ENTRYPIOINT,CMD可以被覆盖,如果有ENTRYPIOINT的话,CMD便是ENTRYPIOINT的参数

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileRUN useradd mingsonzhengRUN mkdir /opt/mingsonzhengENTRYPOINT ["echo"]CMD [ "3"]#RUN useradd mingsonzheng && /opt/mingsonzheng

打包镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:ep .

运行容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:ep 1010[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:ep mingsonzhengmingsonzheng

可以看到CMD便是ENTRYPIOINT的参数,CMD可以被覆盖,我们可以把命令相同的部分打入到ENTRYPIOINT,不同的部分通过CMD覆盖

ENV:配置环境变量

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]CMD echo "test_env1 test_env2"#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:env .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:envtest_env1 test_env2

环境变量也可以这么写

ENV env1=test1 env2=test2

正式运用的ENV变量不要写在Dockerfile里面,该当利用k8s资源文件,或者docker的-e参数注入进去,这样也能减少构建镜像的层数

ADD:添加文件到容器

# 新增文件[root@k8s-master01 dockerfiles]# echo 123 > index.html# 压缩文件[root@k8s-master01 dockerfiles]# tar zcf index.tar.gz index.html t/# 编辑Dockerfile[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/CMD echo "test_env1 test_env2"#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:add .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:add bash[root@b2dacca0f34f /]# cd /opt/[root@b2dacca0f34f opt]# lsindex.html mingsonzheng t

可以看到文件被复制到容器的指定目录下,并且自动解压了

COPY:复制文件到容器

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/COPY ./t /opt/mingsonzheng/CMD echo "test_env1 test_env2"#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:add .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:add bash[root@3ca8cddbf8b3 /]# cd /opt/mingsonzheng/[root@3ca8cddbf8b3 mingsonzheng]# lsDockerfile

可以看到docker把t目录下的文件复制进来了,并不会复制目录,如果想要复制目录的话,只能多加一层目录

COPY复制压缩文件的话不会解压

docker build的时候会把当前目录下所有东西发送到内存中,以是文件必须要放在实行docker build命令的文件目录下

WORKDIR:设置容器的事情目录

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/COPY ./t /opt/mingsonzheng/CMD echo "test_env1 test_env2"WORKDIR /opt/mingsonzhengCMD pwd ; ls#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:workdir .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:workdir/opt/mingsonzhengDockerfileUSER:容器利用的用户

# 启动容器[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:workdir bash# 查看当前用户[root@87983e2581da mingsonzheng]# whoamiroot# 查看系统其他用户[root@87983e2581da mingsonzheng]# cat /etc/passwdmingsonzheng:x:1000:1000::/home/mingsonzheng:/bin/bash

切换用户

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/COPY ./t /opt/mingsonzheng/CMD echo "test_env1 test_env2"WORKDIR /opt/mingsonzhengUSER 1000CMD pwd ; ls#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:workdir .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:workdir bash[mingsonzheng@f6110f7e8e3a mingsonzheng]$ whoamimingsonzheng

利用镜像仓库地址(xxx.com)构建镜像

[root@k8s-master01 dockerfiles]# docker build -t xxx.com/centos:workdir .

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZExxx.com/centos workdir cf9572a3833e 3 minutes ago 210MBVOLUME:创建挂载点

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容FROM centos:8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN useradd mingsonzhengRUN mkdir /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/COPY ./t /opt/mingsonzheng/CMD echo "test_env1 test_env2"WORKDIR /opt/mingsonzheng#USER 1000VOLUME /dataCMD pwd ; ls#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:workdir .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm centos:workdir bash[root@6aecced2b780 mingsonzheng]# cd / [root@6aecced2b780 /]# lsbin data devetc home liblib64 lost+found media mnt opt proc rootrun sbin srvsys tmp usr var

可以看到data目录,它会与本地 /var/lib/docker/volumes/ 的目录下天生一个volume的目录,然后挂载到容器中的data下,退出容器则会打消本地目录下的data

通过-v将mysql_data目录挂载到容器中,利用-v则系统不会自动创建挂载目录

[root@k8s-master01 ~]# mkdir mysql_data[root@k8s-master01 ~]# docker run -ti -v /root/mysql_data/:/data xxx.com/centos:workdir bash制作小镜像

一定不要利用centos根本镜像,可以利用alpine,busybox,scratch,debian

修正根本镜像

[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容#FROM centos:8FROM alpine:3.8LABEL maintainer="test dockerfile"LABEL test=dockerfileENV test_env1 env1ENV test_env2 env2RUN adduser -D mingsonzhengRUN mkdir -p /opt/mingsonzheng#ENTRYPOINT ["echo"]ENV env1=test1 env2=test2ADD ./index.tar.gz /opt/COPY ./t /opt/mingsonzheng/WORKDIR /opt/mingsonzheng#USER 1000VOLUME /dataCMD pwd ; ls#RUN useradd mingsonzheng && /opt/mingsonzheng

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t centos:workdir .

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEalpine workdir 7fc05207414a 22 seconds ago 4.42MBcentos workdir b165153a0132 36 minutes ago 210MB

alpine与centos比较,SIZE非常小,适宜做为根本镜像,根本镜像可以在官方仓库查找,不须要自己制作

如果须要用到glibc,可以利用node:slim,python:slim,net作为根本镜像

多阶段制作小镜像

分开两个步骤:编译操作和天生终极镜像的操作

新建一个go文件

[root@k8s-master01 dockerfiles]# vim main.go# 修正为以下内容package mainimport "fmt"func main() { fmt.Println("Hello World")}

新建一个Dockerfile文件

[root@k8s-master01 dockerfiles]# mv Dockerfile t/123[root@k8s-master01 dockerfiles]# vim Dockerfile# 修正为以下内容FROM golang:1.14.4-alpineWORKDIR /optCOPY main.go /optRUN go build /opt/main.goCMD "./main"

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t hello:single_build .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm hello:single_buildHello World

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEhello single_build ca11178a0c13 44 seconds ago 372MB

查看包大小

[root@k8s-master01 dockerfiles]# docker run -ti --rm hello:single_build sh/opt # ls -lhtotal 2M -rwxr-xr-x 1 root root 2.0M Jul 16 08:30 main-rw-r--r-- 1 root root 77 Jul 16 08:24 main.go/opt #

2M的包天生的镜像有372M,我们该当利用分阶段构建

[root@k8s-master01 dockerfiles]# vim Dockerfile# 修正为以下内容# build stepFROM golang:1.14.4-alpineWORKDIR /optCOPY main.go /optRUN go build /opt/main.goCMD "./main"# create real app imageFROM alpine:3.8COPY --from=0 /opt/main /CMD "./opt/main"

--from=0便是第一步的操作(# create real app image上面的操作)

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t hello:alpine .

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm hello:alpine sh/ # lsbin dev etc home lib main media mnt proc root run sbin srv sys tmp usr var/ # ./mainHello World

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEhello alpine 66fa14e35f3c About a minute ago 6.48MBhello single_build ca11178a0c13 11 minutes ago 372MB

可以看到单阶段和多阶段镜像大小的差异,以是一定要进行分阶段构建

利用builder命令复制包到根目录

[root@k8s-master01 dockerfiles]# vim Dockerfile# 修正为以下内容# build stepFROM golang:1.14.4-alpine as builderWORKDIR /optCOPY main.go /optRUN go build /opt/main.goCMD "./main"# create real app imageFROM alpine:3.8COPY --from=builder /opt/main /CMD "./opt/main"

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t hello:alpine .

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEhello alpine 66fa14e35f3c 9 minutes ago 6.48MB

镜像大小和前面的差别不大,我们只是将第一个步骤打包成镜像,然后把它里面的文件复制到现在的镜像里面

php Dockerfile

[root@k8s-master01 dockerfiles]# mv Dockerfile goDockerfile[root@k8s-master01 dockerfiles]# vim Dockerfile# 修正为以下内容FROM php:7.1.22-fpm-alpineRUN apk add --no-cache binutils freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev libc6-compat libxml2 libxml2-dev libmcrypt libmcrypt-dev libc-dev icu-dev gettext-dev openssl-dev bzip2-devRUN docker-php-ext-install pdo pdo_mysql mcrypt zip gd pcntl opcache bcmath#RUN docker-php-ext-install gettextRUN docker-php-ext-install mysqli#RUN apk add --no-cache php7-sysvsem php7-pdo_dblib php7-sockets php-soap php7-xmlrpc##RUN apk add --no-cache php7-sysvsem php7-pdo_dblib php7-sockets php-soap php7-xmlrpc##RUN apk add --no-cache freetds-dev##RUN docker-php-ext-install pdo_dblib#RUN docker-php-ext-install soap#RUN docker-php-ext-install sockets#RUN docker-php-ext-install sysvsem#RUN docker-php-ext-install xmlrpc#RUN apk add --no-cache freetds-dev#RUN docker-php-ext-install pdo_dblib#RUN docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/#RUN docker-php-ext-install -j$(nproc) gd#FROM php:7.1.22-fpm-alpine#COPY --from=0 /usr/local/lib/php/extensions/no-debug-non-zts-20160303 /usr/local/lib/php/extensions/no-debug-non-zts-20160303#RUN apk add --no-cache freetds-dev php7-sysvsem php7-pdo_dblib php7-sockets php-soap php7-xmlrpc binutils freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev libc6-compat libxml2 libxml2-dev libmcrypt libmcrypt-dev libc-dev icu-dev gettext-dev openssl-dev bzip2-dev && cd /usr/local/lib/php/extensions/no-debug-non-zts-20160303 && docker-php-ext-enable .so && rm -rf /var/cache/apk/第一步是选择根本镜像php:7.1.22-fpm-alpine第二步是根据根本镜像安装依赖环境,php的一堆扩展包

多阶段的便是编译在一个镜像里面完成,第二个镜像利用第一个镜像编译的产物,省去了编译产生的缓存

Scratch空镜像

Scratch空镜像不可拉取,但是可以直策应用

利用scratch

[root@k8s-master01 dockerfiles]# cp Dockerfile t/phpDockerfile[root@k8s-master01 dockerfiles]# cp goDockerfile Dockerfilecp: overwrite ‘Dockerfile’? y[root@k8s-master01 dockerfiles]# vim Dockerfile # 修正为以下内容# build stepFROM golang:1.14.4-alpine as builderWORKDIR /optCOPY main.go /optRUN go build /opt/main.goCMD "./main"# create real app imageFROM scratchCOPY --from=builder /opt/main /CMD "./main"

构建镜像

[root@k8s-master01 dockerfiles]# docker build -t hello:scratch .

查看镜像

[root@k8s-master01 dockerfiles]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEhello scratch 4d747be3b21b About a minute ago 2.07MB

启动容器

[root@k8s-master01 dockerfiles]# docker run -ti --rm hello:scratch /mainHello World

基于最根本的镜像,制作依赖环境的镜像可以利用,但是建议利用官方制作好的镜像

如果Dockerfile中引用的镜像发生了更新,须要利用pull参数

课程链接

http://www.kubeasy.com/