One, a brief introduction
There are two ways to build a docker image. The first is to enter the files, configurations, variables, etc. required for container installation after starting the basic container. After completion, use docker commit to submit a new image. The second is to write dockerfile file, make the image, and use the docker build command to build the image. The first method can see the image generation process, but it is not easy to automate; the second method is more intuitive, and can be combined with devops to realize automatic packaging and publishing. This article introduces how to use dockerfile to realize the production of docker images.
A Dockerfile describes the steps to assemble an image, where each instruction is executed individually. Except for the FROM instruction, every other instruction executes on the image generated by the previous instruction and generates a new image layer. The final image generated by the Dockerfile is formed layer by layer on top of the base image. At the same time, in order to improve the speed of image building, Docker caches intermediate images during the build process. When building a new image from a base image already in the cache, the next instruction in the dockerfile is compared with all subimages of the base image, and if a subimage is generated by the same instruction, the cache is hit , use the image directly. Here we need to pay attention to the fact that the cache hit check during the image creation process is the instruction in the dockerfile, and does not check whether the image is consistent; of course, the COPY and ADD instructions are exceptions, which not only detect the instruction character set, but also detect and compare Whether the files to be added are consistent (the verification does not consider the modification access time, but considers the metadata and content). As we used in the mirror
RUN apt-get -y upgrade
instruction, docker daemon will judge that the instruction set is the same when verifying, so the cache will not be updated. To solve this problem, the following methods can be used to artificially cause inconsistent instruction character sets
RUN apt-get update && apt-get install -y \ aufs-tools \ automake \ build-essential \ && rm -rf /var/lib/apt/lists/*
Another way is to add the parameter --no-cache=true to docker build
Second, the typical structure
#The first part specifies the base image FROM centos #Part II Maintainer Information MAINTAINER liyang [email protected] ###The third part is the operation instruction of the mirror RUN echo "Asia/Shanghai" > /etc/timezone # set environment variables ENV CATALINA_HOME /usr/local/tomcat ENV JAVA_HOME /usr/local/jdk1.8.0_161 ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin COPY jdk1.8.0_161 /usr/local/jdk1.8.0_161 COPY tomcat /usr/local/tomcat COPY run.sh /run.sh RUN chmod +x /run.sh Copy background items to container ADD my_project /tomcat/webapps/admin EXPOSE 8080 #The fourth part executes the command when the container starts CMD [ "/run.sh" ]
3. Description of common instructions
FROM
格式: FROM <image> 或者 FROM <image>:<tag>
The function of the FROM instruction is to provide the base image for the following instructions, so this instruction must be the first non-commented instruction of the Dockerfile. If no tag is specified in the FROM instruction, the default is latest
MAINTAINER
格式:MAINTAINER <information of maintaier>
MAINTAINER specifies the information of the image maintainer, usually the second non-comment instruction of the dockerfile
ENV
格式:ENV <key> <value> 或者 ENV <key>=<value> ...
The ENV instruction declares environment variables for the container created by the image, and can be used by specific instructions in the dockerfile (ADD, COPY, EXPOSE, WORKDIR, etc.)
It should be noted that when defining variables in the container, try not to use the /etc/profile file, and use ENV definitions directly. Because the configuration file will only be read when the shell is started interactively, and docker run uses /bin/bash -c, non-interactive mode, so the environment variables directly written to /etc/profile cannot take effect directly, it needs to be Source the configuration file once, it is recommended to use ENV to directly define curing.
RUN
Format: RUN <command> or RUN ["executable","param1","param2"]
The RUN command will create a container based on the image created by the previous command, run the command in the container, and submit the container as a new image after the command finishes running
The two operating modes of the RUN instruction can be understood as shell and exec formats. When using the shell format, the command is run by calling /bin/sh -c; when using the exec format, the command runs directly, and it is easy not to call the shell. Parameters will be parsed as JSON by docker, exec will not be executed in the shell, so the parameters of environment variables will not be replaced.
COPY/ADD
格式:ADD/COPY <src> <dest>
Both COPY and ADD commands can copy local files or directories to a new image. The ADD command also supports URLs and can automatically decompress tarballs. If the original path is a directory, only the contents of the directory will be copied, and the directory will not be created in the mirror; the source path is a relative path relative to the execution build; the target path will be created automatically if it does not exist;
CMD
Format: There are the following three
CMD <command>
CMD ["executable","Param1","param2"]
CMD ["Param1","param2"] pass parameters for ENTRYPOINT
The CMD instruction provides the default value that runs when the container starts, which can be a parameter or a command. When there are multiple CMD instructions in a dockerfile, only the last CMD takes effect. The CMD command does not run any command when the image is built, but the CMD command is used as the first command to execute by default when the container starts. If the user specifies command parameters in the docker run command, it will override the command in the CMD command.
ENTRYPOINT
Format:
ENTRYPOINT <command>
ENTRYPOINT ["executable","Param1","param2"]
The ENTRYPOINT instruction is similar to the CMD instruction, the difference is that the ENTRYPOINT will not be overwritten by the command parameters in docker run
EXPOSE
Format: EXPOSE [...]
Define the window exposed by the container to the outside, it is not recommended to define port mapping here
Fourth, mirror construction
命令:docker build -t <image>:<tag> .
There is a dot at the end of the above command, which indicates the directory where the dockerfile is located. It can also be directly written as an absolute path (not recommended). The command will automatically find the Dockerfile file in the directory and read its content. You can also use -f to specify the dockerfile file path.
Notice:
1. The fixed content should be written in the front of the dockerfile as much as possible to make full use of the cache
2. The command of the RUN command combined with the pipeline can reduce the number of mirror layers
3.CMD and ENTRYPOINT can be used in combination
4. If it is a local file, try to use COPY