一:导入镜像
1:安装docker服务
[root@foundation60 docker]# ls
container-selinux-2.21-1.el7.noarch.rpm
docker-ce-18.06.1.ce-3.el7.x86_64.rpm
libsemanage-2.5-8.el7.x86_64.rpm
libsemanage-python-2.5-8.el7.x86_64.rpm
pigz-2.3.4-1.el7.x86_64.rpm
policycoreutils-2.5-17.1.el7.x86_64.rpm
policycoreutils-python-2.5-17.1.el7.x86_64.rpm
[root@foundation60 docker]# yum install -y *2:开启服务
[root@foundation60 docker]# systemctl start docker.service
[root@foundation60 docker]# docker images ##查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE3:导入镜像
[root@foundation60 docker]# cd /home/kiosk/Desktop/
[root@foundation60 Desktop]# docker load -i game2048.tar
011b303988d2: Loading layer 5.05MB/5.05MB
36e9226e74f8: Loading layer 51.46MB/51.46MB
192e9fad2abc: Loading layer 3.584kB/3.584kB
6d7504772167: Loading layer 4.608kB/4.608kB
88fca8ae768a: Loading layer 629.8kB/629.8kB
Loaded image: game2048:latest
[root@foundation60 Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 2 years ago 55.5MB二:制作镜像
1:建立目录
[root@foundation60 docker]# cd /opt/
[root@foundation60 opt]# mkdir docker
[root@foundation60 opt]# ls
docker kingsoft rh2:导入rhel7镜像
[root@foundation60 docker]# cd /home/kiosk/Desktop/
[root@foundation60 Desktop]# docker load -i rhel7.tar
e1f5733f050b: Loading layer 147.1MB/147.1MB3:查看镜像
[root@foundation60 Desktop]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB4:在rhel7的基础上制作自的己先后要镜像
[root@foundation60 docker]# vim Dockerfile
[root@foundation36 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb
RUN yum install -y httpd
EXPOSE 80
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
搭建yum源:
[root@foundation36 docker]# cat dvd.repo
[dvd]
name=rhel7.3
baseurl=http://172.25.254.60/rhel7.3
gpgcheck=05:生成镜像
[root@foundation60 docker]# docker build -t rhel7:v1 .6:查看镜像层数
[root@foundation60 docker]# docker history rhel7:v1
IMAGE CREATED CREATED BY SIZE COMMENT
b05b17695e0b About a minute ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
ca2bf87770fd About a minute ago /bin/sh -c #(nop) EXPOSE 80 0B
402f17bb3c7f About a minute ago /bin/sh -c yum install -y httpd 52.8MB
08fc31df0302 About a minute ago /bin/sh -c rpmdb --rebuilddb 6.64MB
06d35616996b About a minute ago /bin/sh -c #(nop) COPY file:62d681705901b1bb… 68B
0a3eb3fde7fd 4 years ago 140MB Imported from -
[root@foundation60 docker]# docker history rhel7
IMAGE CREATED CREATED BY SIZE COMMENT
0a3eb3fde7fd 4 years ago 140MB Imported from -7:查看镜像(有v1)
[root@foundation60 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v1 b05b17695e0b About a minute ago 200MB
<none> <none> e0ae89c32a88 32 minutes ago 147MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB8:删除容器
[root@foundation60 docker]# docker rm vm2
vm29:删除镜像
[root@foundation60 docker]# docker rmi rhel7:v1
Untagged: rhel7:v1
Deleted: sha256:8caba25df6330d94c510e957ec89e022ad4a166b2d250a136b41a9207413aca1
Deleted: sha256:0e8d9e3e14e45f8cbf00cc42712158415fb2a03993f65b9e0550ad1ca1331561
Deleted: sha256:b63b6dd20676e35f3a54eb599f69aa61c200f33373ebdb9c9e4b4a9acc12d494
Deleted: sha256:5609b3e3350bc542e2bd40504dd5a6ee341e6db8c8c43836c896a31e3d16ceee
Deleted: sha256:f46d137d3897117adf7dc1cc38c6d6ebe1a90e5c8e91d248da56ae11469d4b0f
Deleted: sha256:ce0abe947f6d606a01d3f56cbe3c72f0906ed4021db415574212bc1d52235b6a
Deleted: sha256:edd87356459ecf5ef6defae956e557aa0c8d6ed599c59b96f29724264ecfa7fb
Deleted: sha256:3195366d50f173538ec8bbc2f68604ef4d2f10c06a8cb0d50a68e86d2144670510:生成容器(mv2)
[root@foundation60 docker]# docker run -d --name vm2 rhel7:v1
c01f1c5267c643506826e9bba8673d7feb705f923725201e93f3265cdbec5729
[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c01f1c5267c6 rhel7:v1 "/usr/sbin/httpd -D …" 8 seconds ago Up 6 seconds 80/tcp vm2
b88eb1275f30 rhel7 "bash" 4 minutes ago Up 4 minutes vm111:修改dockerfile,生成新的镜像
[root@foundation60 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb
RUN yum install -y httpd
EXPOSE 80
VOLUME ["/var/www/html"] ###新加入
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]12:生成新的镜像
[root@foundation60 docker]# docker build -t rhel7:v2 .
Sending build context to Docker daemon 3.072kB
Step 1/7 : FROM rhel7
---> 0a3eb3fde7fd
Step 2/7 : COPY dvd.repo /etc/yum.repos.d
---> Using cache
---> 06d35616996b
Step 3/7 : RUN rpmdb --rebuilddb
---> Using cache
---> 08fc31df0302
Step 4/7 : RUN yum install -y httpd
---> Using cache
---> 402f17bb3c7f
Step 5/7 : EXPOSE 80
---> Using cache ##上面的都是走之前的缓存,速度会很快
---> ca2bf87770fd
Step 6/7 : VOLUME ["/var/www/html"]
---> Running in ed19a97f9623
Removing intermediate container ed19a97f9623
---> edb65724f94c
Step 7/7 : CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
---> Running in 71069b749203
Removing intermediate container 71069b749203
---> f5f0fdb3df67
Successfully built f5f0fdb3df67
Successfully tagged rhel7:v213:查看镜像(vm2)
[root@foundation60 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 f5f0fdb3df67 21 minutes ago 200MB
rhel7 v1 b05b17695e0b 27 minutes ago 200MB
<none> <none> e0ae89c32a88 About an hour ago 147MB
game2048 latest 19299002fdbe 2 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB14:查看层数
[root@foundation60 docker]# docker history rhel7:v2
IMAGE CREATED CREATED BY SIZE COMMENT
f5f0fdb3df67 22 minutes ago /bin/sh -c #(nop) CMD ["/usr/sbin/httpd" "-… 0B
edb65724f94c 22 minutes ago /bin/sh -c #(nop) VOLUME [/var/www/html] 0B ##多了一层
ca2bf87770fd 29 minutes ago /bin/sh -c #(nop) EXPOSE 80 0B
402f17bb3c7f 29 minutes ago /bin/sh -c yum install -y httpd 52.8MB
08fc31df0302 29 minutes ago /bin/sh -c rpmdb --rebuilddb 6.64MB
06d35616996b 29 minutes ago /bin/sh -c #(nop) COPY file:62d681705901b1bb… 68B
0a3eb3fde7fd 4 years ago 140MB Imported from -15:利用vm2,访问apache服务
[root@foundation60 docker]# ls
Dockerfile dvd.repo
[root@foundation60 docker]# mkdir webdata
[root@foundation60 docker]# ls
Dockerfile dvd.repo webdata
[root@foundation60 docker]# cd webdata/
[root@foundation60 webdata]# touch index.html
[root@foundation60 webdata]# ls
index.html
[root@foundation60 webdata]# echo www.westos.org > index.html
[root@foundation60 docker]# docker rm -f vm1
vm1
[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@foundation60 docker]# docker run -d --name vm1 -v /opt/docker/webdata/:/var/www/html rhel7:v2
8147bf86049bfa8a222c6993d4f7bbc8a81812ed8a1b2d7e66f139c2d7289acb
[root@foundation60 docker]# docker inspect vm1 ##查看ip地址
"IPAddress": "172.17.0.2",
访问:
[root@foundation60 docker]# curl 172.17.0.2
www.westos.org三:数据卷
1:重新生成容器vm1
[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8147bf86049b rhel7:v2 "/usr/sbin/httpd -D …" 4 minutes ago Up 4 minutes 80/tcp vm1
[root@foundation60 docker]# docker rm -f vm1 ##删除原来的
vm1
[root@foundation60 docker]# docker run -d --name vm1 rhel7:v2 ##生成新的[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ffd14290b03 rhel7:v2 "/usr/sbin/httpd -D …" 5 seconds ago Up 3 seconds 80/tcp vm12:查看数据卷
[root@foundation60 docker]# docker volume ls
DRIVER VOLUME NAME
local e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda43:修改数据卷中的内容,对应着访问的数据也会改变
[root@foundation60 docker]# docker volume ls
DRIVER VOLUME NAME
local e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda4
[root@foundation60 docker]# cd /var/lib/docker/volumes/e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda4
[root@foundation60 e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda4]# ls
_data
[root@foundation60 e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda4]# cd _data/
[root@foundation60 _data]# ls
[root@foundation60 _data]# pwd
/var/lib/docker/volumes/e866464a0b4cca3002870696da116a4f7726201c4dd2dd5290065ea21047fda4/_data
[root@foundation60 _data]# cp /opt/docker/webdata/index.html .
[root@foundation60 _data]# ls
index.html
[root@foundation60 _data]# curl 172.17.0.2
www.westos.org
[root@foundation60 _data]# vim index.html
[root@foundation60 _data]# curl 172.17.0.2
www.westos.org
www.westos.org4:设置权限为只读,ro,删除不了,会显示为read-only
[root@foundation60 _data]# docker rm -f vm1
vm1
[root@foundation60 _data]# cd
[root@foundation60 ~]# docker run -d --name vm1 -v /opt/docker/webdata/:/data:ro rhel7:v2
49d295f8575a6c2dff1aae6d4b4709b3e2dc4c41fe546574129208824e2d20fa
[root@foundation60 local]# docker exec -it vm1 bash
bash-4.2# cd data/
bash-4.2# ls
index.html
bash-4.2# rm -rf index.html
rm: cannot remove 'index.html': Read-only file system
bash-4.2# cat index.html
www.westos.org
bash-4.2# 四:制作nginx镜像以及镜像的优化
[root@foundation60 docker]# ls ##目录下nginx压缩包
Dockerfile dvd.repo nginx-1.15.8.tar.gz webdata1:编辑Dockerfile
[root@foundation60 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb
RUN yum install -y gcc pcre-devel zlib-devel make
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]2:生成镜像
[root@foundation60 docker]# docker build -t rhel7:v3 .3:删除之前的vm1
[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49d295f8575a rhel7:v2 "/usr/sbin/httpd -D …" 28 minutes ago Up 28 minutes 80/tcp vm1
[root@foundation60 docker]# docker rm -f vm1
vm14:生成nginx镜像
[root@foundation60 docker]# docker run -d --name nginx rhel7:v3
45a4ae4b7ee691b23fe3d77fce8fd4ef48a472c8239d422306ec01228c6091aa
[root@foundation60 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45a4ae4b7ee6 rhel7:v3 "/usr/local/nginx/sb…" 6 seconds ago Up 5 seconds 80/tcp nginx5:查看ip地址
[root@foundation60 docker]# docker inspect nginx6:浏览器访问http://172.17.0.2/
发现nginx服务搭建完成(welcome to nginx)7:修改数据卷中的发布文件
[root@foundation60 docker]# cd /var/lib/docker/volumes/183d505970c1deea7625cb21f3973277bb5251406a5a2af2ccff6a793a7ac364/_data
[root@foundation60 _data]# ls
50x.html index.html
[root@foundation60 _data]# vim index.html
[root@foundation60 _data]# vim index.html
[root@foundation60 _data]# rm index.html
rm: remove regular file ‘index.html’? ^C
[root@foundation60 _data]# ls
50x.html index.html8:
[root@foundation60 _data]# rm index.html
rm: remove regular file ‘index.html’? y
[root@foundation60 _data]# ls
50x.html
[root@foundation60 _data]# vim index.html
<h1>www.westos.org</h1>
浏览器再次访问,显示的是www.westos.org8查看镜像大小 ###142MB,除去rhel7的140MB
[root@foundation60 _data]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 f9133e15edef About an hour ago 282MB
rhel7 v2 f5f0fdb3df67 2 hours ago 200MB
rhel7 v1 b05b17695e0b 2 hours ago 200MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB9:使用多阶段构建镜像(使镜像变得很小)
修改dockerfile
FROM rhel7 as build
COPY dvd.repo /etc/yum.repos.d
RUN rpmdb --rebuilddb
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN yum install -y gcc pcre-devel zlib-devel make &> /dev/null && yum clean all && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc &&./configure --prefix=/usr/local/nginx &>/dev/null && make &>/dev/null && make install &> /dev/null && rm -rf /mnt/nginx-1.15.8
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]10:生成镜像
[root@foundation60 docker]# docker build -t rhel7:v4 .11:查看大小(只有141MB,镜像就1MB非常小)
[root@foundation60 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v4 fff55a5a2b48 29 seconds ago 141MB
rhel7 v3 f9133e15edef 2 hours ago 282MB
rhel7 v2 f5f0fdb3df67 3 hours ago 200MB
rhel7 v1 b05b17695e0b 3 hours ago 200MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB此时我们就会发现一个问题,我一个nginx镜像才1MB,但是我的rhel7却有140MB是不是显得太过于浪费
此时我们就需要一个更轻量级的,distroless
五:distroless
1:建立目录,创建Dockerfile文件
[root@foundation60 docker]# ls
Dockerfile dvd.repo nginx-1.15.8.tar.gz test webdata
[root@foundation60 docker]# cd test/
[root@foundation60 test]# vim Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]2:生成镜像v5
[root@foundation60 test]# docker build -t rhel7:v5 .Sending build context to Docker daemon 3.072kB
Step 1/7 : FROM nginx as base
latest: Pulling from library/nginx
f7e2b70d04ae: Pull complete
08dd01e3f3ac: Pull complete
d9ef3a1eb792: Pull complete
Digest: sha256:98efe605f61725fd817ea69521b0eeb32bef007af0e3d0aeb6258c6e6fe7fc1a
Status: Downloaded newer image for nginx:latest
---> 881bd08c0b08
Step 2/7 : ARG Asia/Shanghai
---> Running in 29dbf371b675
Removing intermediate container 29dbf371b675
---> ff5c4c76fb02
Step 3/7 : RUN mkdir -p /opt/var/cache/nginx && cp -a --parents /usr/lib/nginx /opt && cp -a --parents /usr/share/nginx /opt && cp -a --parents /var/log/nginx /opt && cp -aL --parents /var/run /opt && cp -a --parents /etc/nginx /opt && cp -a --parents /etc/passwd /opt && cp -a --parents /etc/group /opt && cp -a --parents /usr/sbin/nginx /opt && cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
---> Running in bbdfa61f705a
Removing intermediate container bbdfa61f705a
---> c6280f9cd373
Step 4/7 : FROM gcr.io/distroless/base
---> 9a255d5fe262
Step 5/7 : COPY --from=base /opt /
---> b9923c618166
Step 6/7 : EXPOSE 80
---> Running in e0a07f6c34bf
Removing intermediate container e0a07f6c34bf
---> 6ee83f783865
Step 7/7 : ENTRYPOINT ["nginx", "-g", "daemon off;"]
---> Running in 426d97723d06
Removing intermediate container 426d97723d06
---> 726a0d4f286a
Successfully built 726a0d4f286a
Successfully tagged rhel7:v5
3:查看镜像大小。发现小了很多,总共才只有23.6M
[root@foundation60 test]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v5 726a0d4f286a 8 seconds ago 23.6MB
rhel7 v4 fff55a5a2b48 17 hours ago 141MB
rhel7 v3 f9133e15edef 19 hours ago 282MB
rhel7 v2 f5f0fdb3df67 20 hours ago 200MB
rhel7 v1 b05b17695e0b 20 hours ago 200MB
rhel7 latest 0a3eb3fde7fd 4 years ago 140MB