Docker (four) image creation

First, the creation of Docker images

There are three ways to create an image, namely, based on an existing image, based on a local template, and based on a Dockerfile.

1. Create based on an existing image

(1) First create a container and log in

docker run -itd centos:7 bash
docker exec -it 82f1d79ff26c bash

(2) Create a recursive directory and write a file

mkdir aa/bb -p
echo 'this is test docker file' > test.txt

(3) Log out and create one based on the existing image

docker commit -m "new a image" -a "zz" 82f1d79ff26c centos:a

##-m:指定名称，-a:指定作者名称  后面跟旧镜像id名称 和标签（自定义）
docker run -itd centos:a bash
docker exec -it d68283712ed2 bash
cat aa/bb/test.txt

2. Create based on local template

The image can be generated by importing the operating system template file. The template can be downloaded from the OPENVZ open source project. The download address is

http://openvz.org/Download/template/precreated

wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz

import as mirror

cat debian-7.0-x86-minimal.tar.gz | docker import - debian:test

3. Create based on Dockerfile

Before creating a Dockerfile, first understand the principles of UnionFS and image loading

UnionFS

UnionFS (Union File System): Union File System (UnionFS) is a layered, lightweight and high-performance file system
. It supports changes to the file system as a commit to stack layer by layer, while different directories can be Mounted to the same virtual file system. AUFS, OverlayFS and Devicemapper are all a kind of UnionFS.
The Union filesystem is the foundation of Docker images. Images can be inherited through layers. Based on the base image (without parent image), various specific application images can be made. Features: Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose each layer of file systems, so that the final file system will contain all the underlying files and directories.

The layers we see when we download are the joint file system

Mirror loading principle

Docker's image is actually composed of a layer-by-layer file system, and this layer of file system is UnionFS.
The bootfs mainly includes the bootloader and the kernel. The bootloader mainly boots and loads the kernel. When Linux starts, the bootfs file system is loaded.

At the bottom of the Docker image is the bootfs, which is the same layer as our typical Linux/Unix system, including the boot loader and kernel. When the boot is loaded, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from the bootfs to the kernel, and the system will also unload the bootfs.

rootfs, on top of bootfs. It contains standard logs and files such as /dev, /proc, /bin, /etc in a typical Linux system. rootfs is the distribution of various operating systems, such as IUbuntu, Centos and so on.

We can understand that there is nothing in the kernel at the beginning, operating a command to download debian, then a base image will be added to the kernel; installing another apache will superimpose a layer of image on the base image; then install another apache, and another layer of images will be superimposed on images. In the end they look like a filesystem, the rootfs of the container. In the Docker system, these rootfs are called Docker images. However, each layer of rootfs at this time is read-only, and we cannot operate it at this time. When we create a container, that is, instantiate a Docker image, the system allocates an empty read-write rootfs on top of one or more layers of read-only rootfs.

Why is the size of centos in Docker only 200M?

Because for a streamlined os, the rootfs can be very small, and it only needs to include the most basic commands, tools, and program libraries. Because the underlying layer directly uses the kernel of the host, you only need to provide the rootfs. It can be seen that for different Linux distributions, the bootfs is basically the same, and the rootfs will be different, so different distributions can share the bootfs.

Dockerfile

Docker image is a special file system. In addition to providing programs, libraries, resources, configuration and other files required for container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc. ). The image does not contain any dynamic data and its contents will not be changed after construction.

The customization of the image is actually to customize the configuration and files added to each layer. If we can write each layer of modification, installation, construction, and operation commands into a script, and use this script to build and customize the image, then the problem of image construction transparency and volume will be solved. This script is the Dockerfile.

Dockerfile is a text file, which contains instructions (Instruction), each instruction builds a layer, so the content of each instruction is to describe how the layer should be constructed. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on the Dockerfile. Regenerate the image, saving the trouble of typing commands.

In addition to generating Docker images manually, images can be generated automatically using a Dockerfile. Dockerfile is a file composed of multiple instructions, each of which corresponds to a command in Linux, and the Docker program will read the instructions in the Dockerfile to generate the specified image.

The Dockerfile structure is roughly divided into four parts: basic image information , maintainer information , image operation instructions and execution instructions when the container starts . Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and supports the use of comments beginning with "#".

Layering of Docker image structure

An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image, and any file changes made in the running container will be written to this read-write layer. If the container is deleted, its top read-write layer is also deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of the image and the container layer of the readable and writable layer.

(1) Each instruction in the Dockerfile creates a new image layer;

(2) The mirror layer will be cached and reused;

(3) When the instructions of the Dockerfile are modified, the copied files are changed, or the variables specified when building the image are different, the corresponding image layer cache will be invalid;

(4) The mirror cache of a certain layer is invalid, and the mirror layer cache after it will be invalid;

(5) The image layer is immutable. If you add a file in one layer and delete it in the next layer, the file will still be included in the image, but the file will not be visible in the Docker container.

Commonly used instructions for Dockerfile operations:

（1）FROM镜像
指定新镜像所基于的基础镜像，第一条指令必须为FROM指令，每创建一个镜像就需要一条FROM指令

(2)MAINTAINER名字
说明新镜像的维护人信息

(3) RUN命令
在所基于的镜像上执行命令，并提交到新的镜像中

(4）ENTRYPOINT["要运行的程序"，"参数1"，"参数2"]设定容器启动时第一个运行的命令及其参数。
可以通过使用命令docker run --entrypoint来覆盖镜像中的ENTRYPOINT指令的内容。

(5) CMD["要运行的程序"，"参数1"，"参数2""]
上面的是exec形式，shell形式:CMD命令参数1参数2
启动容器时默认执行的命令或者脚本，Dockerfile只能有一条CMD命令。如果指定多条命令，只执行最后一条命令。如果在docker run时指定了命令或者镜像中有ENTRYPOINT，那么CDM就会被覆盖。
CMD可以为ENTRYPOINT指令提供默认参数。

(6)EXPOSE端口号
指定新镜像加载到Docker时要开启的端口

(7)ENV环境变量变量值
设置一个环境变量的值，会被后面的RUN使用

(8）ADD 源文件/目录 目标文件/目录
将源文件复制到镜像中，源文件要与 Dockerfile位于相同目录中，或者是一个URL
有如下注意事项:
1、如果源路径是个文件，且目标路径是以/结尾，则docker会把目标路径当作一个目录，会把源文件拷贝到该目录下。如果目标路径不存在，则会自动创建目标路径。
2、如果源路径是个文件，且目标路径是不以/结尾，则docker会把目标路径当作一个文件。如果目标路径不存在，会以目标路径为名创建一个文件，内容同源文件;
   如果目标文件是个存在的文件，会用源文件覆盖它，当然只是内容覆盖，文件名还是目标文件名。
    如果目标文件实际是个存在的目录，则会源文件拷贝到该目录下。注意，这种情况下，最好显示的以/结尾，以避免混淆。
3、如果源路径是个目录，且目标路径不存在，则docker会自动以目标路径创建一个目录，把源路径目录下的文件拷贝进来。如果目标路径是个已经存在的目录，则docker会把源路径目录下的文件拷贝到该目录下。
4、如果源文件是个归档文件（压缩文件），则docker会自动帮解压。
URL下载和解压特性不能一起使用。任何压缩文件通过URL拷贝，都不会自动解压。

(9) COPY 源文件/目录目标文件/目录
只复制本地主机上的文件/目录复制到目标地点，源文件/目录要与Dockerfile在相同的目录中

(10) vOLUME["目录"]
在容器中创建一个挂载点

(11) USER用户名/UID指定运行容器时的用户

(12)WORKDIR路径
为后续的RUN、CMD、ENTRYPOINT指定工作目录

(13)ONBUILD命令
指定所生成的镜像作为一个基础镜像时所要运行的命令。
当在一个Dockerfile文件中加上ONBUILD指令，该指令对利用该Dockerfile构建镜像（比如为A镜像）不会产生实质性影响。
但是当编写一个新的Dockerfile文件来基于A镜像构建一个镜像（比如为B镜像〉时，这时构造A镜像的Dockerfile文件中的ONBUILD指令就生效了，在构建B镜像的过程中，首先会执行ONBUILD指令指定的指令，然后才会执行其它指令

(14)HEALTHCHECK
健康检查

When writing a Dockerfile, there are strict formats to follow:

The first line must use the FROM directive to indicate the name of the image to be based on;

Then use the MAINTAINER command to describe the user information for maintaining the image;

Then there are mirror operation related instructions, such as the RUN instruction. Each time an instruction is run, a new layer is added to the base image

Finally use the CMD directive to specify the command action to run when the container is started.

Dockerfile example demo:

(1) Switch to the opt directory, create the apache directory to prepare the web page files

 cd /opt/
 mkdir apache
 cd apache/
 vim index.html
 <h1>this is my first dockerfile</h1>
 cat index.html
 <h1>this is my first dockerfile</h1>

(2) Write a dockerfile script

vim Dockerfile 

(3) Create a new image and execute the Dockerfile script

docker build -t apache:centos7 .

docker run -itd -p 1314:80 apache:centos7 bash

(4) Open web page verification

4. Build a local private warehouse

(1) First download the registry image

docker pull registry

(2) Add the private mirror warehouse address in the daemon.json file

vim /etc/docker/daemon.json

(3) Restart the docker service

systemctl restart docker

(4) Run the registry container

docker run -itd -v /data/registry:/var/lib/registry -p 5000:5000 --restart=always --name registry registry:latest

####
-itd:在容器中打开一个伪终端进行交互操作，并在后台运行

-v把宿主机的/data/registry目录绑定到容器/var/lib/registry目录(这个目录是registry容器中存放镜像文件的目录)，来实现数据的持久化;

-p:映射端口;访问宿主机的5000端口就访问到registry容器的服务了--restart=always:这是重启的策略，在容器退出时总是重启容器

--name registry:创建容器命名为registry

registry : latest:这个是刚才pull下来的镜像

##########
Docker容器的重启策略如下:
no:默认策略，在容器退出时不重启容器
on-failure:在容器非正常退出时（退出状态非0），才会重启容器
on-failure:3 :在容器非正常退出时重启容器，最多重启3次
always:在容器退出时总是重启容器
unless-stopped:在容器退出时总是重启容器，但是不考虑在Docker守护进程启动时就已经停止了的容器

(5) Tag the image and push it to the local warehouse

docker tag centos:7 192.168.100.140:5000/centos:v1
docker push 192.168.100.140:5000/centos:v1 
docker tag nginx:1.14 192.168.100.140:5000/nginx:v1
docker push 192.168.100.140:5000/nginx:v1

(6) Check which images and tags are in your library

curl http://192.168.100.140:5000/v2/_catalog
curl http://192.168.100.140:5000/v2/centos/tags/list

(7) Delete the nginx image

docker rmi 295c7be07902 -f

(8) Pull the image from the local library

 docker pull 192.168.100.140:5000/nginx:v1