The mac environment packs the go project into a docker image and pushes it to the Alibaba Cloud image warehouse

foreword

Recently, the project needs to be deployed through k8s, so I need to package my go back-end project into a docker image and run it in a specified environment, so I record the first time I packaged a go project into a docker image on a mac

1. Goland creates a new Dockerfile

Create a new Dockerfile in the project

Two, Dockerfile file content

Create a new Dockerfile file with the following content (this is the most important)

#源镜像
FROM golang:1.19-alpine3.16 as builder
#作者
MAINTAINER ic_xcc

RUN set -ex \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk --update add tzdata \
    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && apk --no-cache add ca-certificates

WORKDIR /build
# 创建了一个app-runner的用户, -D表示无密码
#RUN adduser -u 10001 -D app-runner
# 安装依赖包
ENV GOPROXY https://goproxy.cn
COPY go.mod .
COPY go.sum .
RUN go mod download
# 把当前目录的文件拷过去，编译代码
COPY . .
RUN CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -a  -ldflags '-w -s' -o blockchain-middleware .

# 暴露服务端口
EXPOSE 8088
FROM alpine:3.16 AS final
# 把构建结果、配置文件（有的话）和用户的相关文件拷过去
WORKDIR /app
COPY --from=builder /build/blockchain-middleware /app
COPY --from=builder /build/conf /app/conf
COPY --from=builder /build/config.toml /app
# 下载时区包
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
# 设置当前时区
COPY --from=builder /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# https ssl证书
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

# 使用app-runner启动
#USER app-runner
ENTRYPOINT ["/app/blockchain-middleware"]

There are annotations in the text, and the mirror image is effective for personal testing

3. Start docker and prepare to compile the image

Because I am a mac computer, I have installed the docker environment on the computer before, and now I need to open and run my docker

Halfway problem – when mac logs in to the warehouse, it prompts an error http: server gave HTTP response to HTTPS client

Because the project requires that the mirror warehouses are all uploaded to the same dependent address, and this address is different from the Internet, which is only an ip address that can be linked to the office network, so this error is prompted (this is because our docker client uses https, The Harbor private library we built uses http, so there will be such an error report, resulting in inability to access), at this time, we need to modify the docker configuration on the mac.

solution

Because there is a graphically operated docker on the mac, enter Preferences -> Docker Engine from the interface in turn, and fill in the following statement, which is the address of the docker private library we use

"insecure-registries":["仓库ip:port"]

As shown in the figure:

After the configuration is complete, click the lower right corner to apply and restart.
We can use the docker system info command to check whether the configuration information insecure-registries contains the information we just configured.

Now we can connect to the remote docker library normally.

Fourth, build a docker image

View the Dockerfile we wrote on the mac command line

to build the project program image

• -f: Specify which file to compile
• -t: Specify the mirrored warehouse, label, etc. after the build
• [There is a dot at the end, one thing to pay attention to] The last . indicates that the Dockerfile is in the current directory

docker build -f Dockerfile -t blockchain-middleware-docker-10:v1.3 .

The demonstration example after running is as follows.

After the build is successful, the following display will appear.

View the built image

docker images

The image repository and version just specified for compilation, image id, creation time, size and other information will appear.

• REPOSITORY mirrored warehouse name
• TAG The tag of the image
• IMAGE ID Image ID
• CREATED mirror creation time
• SIZE size of the image
  

Interlude in the middle of the problem – generate a docker virtual image

You can see that after viewing the image, there are several images with warehouse names and labels, commonly known as: dangling image

solution

Cause: There are some writing errors when compiling the image file, so these dangling images can be deleted

docker rmi $(docker images | grep "none" | awk '{print $3}')

or use docker image prune

5. Run the image to generate the container

Run the image using the docker run command

• The parameter -d sets the container operation mode to run in the background.

• The parameter -p 8088:80 maps the network port used inside the container to the host, where 8088 is the host port and 80 is the port used inside the container.

# 运行镜像生成容器
docker run -d -p 8088:8088 -it --privileged=true blockchain-***:v1.3
# 查看所有容器
docker ps -a

After running, by viewing the container command, you can see that the container STATUS status is up. Startup mode
Description of
options Options:

• -it is created interactive: -i is created interactive, -t is terminal
• -a # List currently running containers + historically run containers
• -n=?# Show recently created containers
• -q # only display the number of the container
• –privileged=true Open root privileges
  

6. Enter, exit and stop the container

After running the image to generate the container, you can enter the container to see what files are inside

# 容器进入（docker exec -it 容器id /bin/bash）-更改后的命令如下，原因见下详解
docker exec -it 54b0f2789ec5 /bin/sh 

# 容器退出
exit

After exiting the container, stop the container from running

docker stop 容器id

Small problem in the middle – error when entering the container: OCI runtime ​exec failed: exec failed: container_linux.go:349: starting container process caused "ex

docker exec -it container id /bin/bash I want to enter the warehouse to check the configuration, and found the following error: OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused “exec: “/bin/bash”: stat /bin/bash: no such file or directory”: unknown

Solution

使用 docker exec -it 容器 id /bin/sh 或者
docker exec -it 容器 id sh

Change to docker exec -it cf34762e01c0 /bin/sh to successfully enter the container

. After running the container, you can try to see if your image is available through some simple interface calls. As shown below, the image can be used normally.

After completing the above steps, it means that you have packaged a runnable image locally

7. Push and pull operations between the local mirror and the Alibaba Cloud mirror warehouse

1. Log in to Alibaba Cloud Mirror Warehouse

Prerequisite: By default, you have created the corresponding mirror warehouse in Alibaba Cloud (if you can’t create your own Alibaba Cloud mirror warehouse, you can refer to the blog post [Alibaba Cloud-Container ] Docker Image Management Quick Start )
I will use the Alibaba Cloud mirror warehouse as an example, of course The company uses our own mirror warehouse, so in the same way, according to your own needs, you can log in to the corresponding mirror warehouse (this login operation only needs to be performed once in the same environment, and your login information will be recorded in the relevant environment configuration file Yes, for example, after my computer has logged into my Alibaba Cloud mirror warehouse once, subsequent pulls or pushes can be operated without logging in again)

# docker login --username=你的阿里云账号 阿里云镜像仓库
docker login --username=****ic registry.cn-hangzhou.aliyuncs.com

Instructions: Please replace the user name in the following command with the full name of your Alibaba Cloud account, and enter the remote mirror warehouse password after pressing Enter. The password is the password set when opening the service in step 6

2. Mark the local mirror and put it in the remote warehouse

docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/你阿里云自定义的命名空间/你阿里云自定义的镜像仓库名字:[镜像版本号]
例如：docker tag demo:v1 registry.cn-hangzhou.aliyuncs.com/space_test/demo:v1

3. Push the local image to the remote warehouse

docker push registry.cn-hangzhou.aliyuncs.com/你阿里云自定义的命名空间/你阿里云自定义的镜像仓库名字:[镜像版本号]
例如：docker push registry.cn-hangzhou.aliyuncs.com/space_test/demo:v1

4. Pull the remote image of the specified version

If you want to pull the specified version from the remote mirror to the local, use the following command, and then the operation principle is the same as above

docker pull registry.cn-hangzhou.aliyuncs.com/你阿里云自定义的命名空间/你阿里云自定义的镜像仓库名字:[镜像版本号]
例如：docker pull registry.cn-hangzhou.aliyuncs.com/space_test/demo:v1

5. Some basic commands of docker

In addition to the above commonly used commands, there are some docker commands that may be used.
The related images are as follows:

# 更改仓库名称或重命名镜像,例如：将名称更改test为 my_docker/test
docker image tag test:latest my_docker/test:latest
或
docker image tag fb583c3ac45d  my_docker/test:latest

got the answer

REPOSITORY          TAG                 IMAGE ID            CREATED          VIRTUAL SIZE
test              latest              fb583c3ac45d        35 minutes ago      968.5 MB
my_docker/test    latest  			  fb583c3ac45d 		  28 minutes ago 	  968.5 MB

tag is just a readable alias for the full image name (fb583c3ac45d…). Therefore, they can be associated with the same image if desired. If you don't like the old name, you can remove it after renaming

# 删除旧命令镜像,记得得到重新命名后的镜像
docker rmi test

Containers are related as follows:

# 启动容器
docker start cotianername/containerid
# 停止容器
docker stop cotianername/containerid
# 删除容器
docker rm cotianername/containerid
# 进入容器
docker exec -it containername/containerid /bin/bash
# 退出容器
exit

Data reference

What is docker's dummy image?
How to delete none image
How to build Golang Dockerfiles Golang
Dockerfile best practice
Golang project general Dockerfile Write
Docker deployment GoLang program, nanny-level tutorial
Docker basic commands, image download delete, container display, open, close, kill Dead
docker image container start, stop, delete container
How to create a minimum docker image for go projects, fully reduce 99%
Build a basic image containing jdk and nginx, deploy front-end and back-end projects
on the docker warehouse on the Mac system prompt http: server gave HTTP response to Workaround for HTTPS client