Table of contents
FORM
Semantics: Mirror of custom FROM-based mirrors.
Notice:
FROMThe command starts a new build phase, sets the base image that subsequent builds depend on, andDockerfilemustFROMstart with . mirror can be any valid mirror.FROMCan appear multiple times within oneDockerfileto create multiple images or to make the current build a dependency of another.DockerfileMustFROMstart with a directive (in addition toARGa directive), otherwise "Please provide a source image withfromprior to commit" will appear.
Format:
FROM [--platform=<platform>] <image> [AS <name>]
FROM [--platform=<platform>] <image>[:<tag>] [AS <name>]
FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]
parameter:
- AS name: Optionally specify a name for the new build stage. This name can be used in subsequent
FROMandCOPY --FROM=<name>directives to refer to images built during this phase. - --platform: It can be used to specify the platform of the image to process those images that support multiple platforms. For example: linux/amd64, linux/arm64 or windows/amd64. By default, the platform for production requests is used. Global build parameters are available for the value of this flag.
- The :tag or @
digestvalue is optional. If any of these are omitted, the builder useslatestas default by default. Iftagthe value is not found, the builder returns an error.
RUN
Used to execute the following command-line commands.
There are two formats:
shell format:
RUN <命令行命令>
# <命令行命令> 等同于,在终端操作的 shell 命令。exec format:
RUN ["可执行文件", "参数1", "参数2"]
# 例如:
# RUN ["./test.php", "dev", "offline"] 等价于 RUN ./test.php dev offlineNote : Every time the instructions of the Dockerfile are executed, a new layer will be created on the docker. Therefore, too many meaningless layers will cause the image to expand too much.
For example:
FROM centos
RUN yum -y install wget
RUN wget -O redis.tar.gz "http://download.redis.io/releases/redis-5.0.3.tar.gz"
RUN tar -xvf redis.tar.gzThe above execution will create a 3 layer mirror. can be simplified to the following format:
FROM centos
RUN yum -y install wget \
&& wget -O redis.tar.gz "http://download.redis.io/releases/redis-5.0.3.tar.gz" \
&& tar -xvf redis.tar.gzAs above, connect the commands with the && symbol, so that only one layer of mirroring will be created after execution.
COPY
Copy command, copy files or directories from the context directory to the specified path in the container.
Format:
COPY [--chown=<user>:<group>] <源路径1>... <目标路径>
COPY [--chown=<user>:<group>] ["<源路径1>",... "<目标路径>"][--chown=<user>:<group>] : optional parameter, the user changes the owner and group of the files copied to the container.
<source path> : source file or source directory, here can be a wildcard expression, and its wildcard rules must meet Go's filepath.Match rules. For example:
COPY hom* /mydir/
COPY hom?.txt /mydir/<target path> : the specified path in the container, the path does not need to be built in advance, if the path does not exist, it will be created automatically.
ADD
The ADD instruction is similar to COPY (under the same requirements, the official recommendation is to use COPY). The function is also similar, the difference is as follows:
- Advantages of ADD: If <source file> is a tar compressed file, and the compression format is gzip, bzip2 and xz, it will be automatically copied and decompressed to <target path>.
- Disadvantage of ADD: Tar archives cannot be copied without decompression. Will invalidate the image build cache, which may slow down image builds. Whether to use it or not can be decided according to whether automatic decompression is required.
CMD
Similar to the RUN instruction, it is used to run the program, but the timing of the two operations is different:
- CMD runs on docker run.
- RUN is in docker build.
Function : Specify the program to run by default for the started container. When the program finishes running, the container will end. The program specified by the CMD command can be overridden by the program specified in the docker run command line parameters to run.
Note : If there are multiple CMD instructions in the Dockerfile, only the last one will take effect.
Format:
CMD <shell 命令>
CMD ["<可执行文件或命令>","<param1>","<param2>",...]
CMD ["<param1>","<param2>",...] # 该写法是为 ENTRYPOINT 指令指定的程序提供默认参数It is recommended to use the second format, and the execution process is relatively clear. The first format will actually be automatically converted to the second format during operation, and the default executable file is sh.
ENTRYPOINT
Similar to the CMD command, but it will not be overridden by the commands specified by the command line parameters of docker run, and these command line parameters will be used as parameters to the program specified by the ENTRYPOINT command.
However, if docker run is run with the --entrypoint option, it will override the program specified by the ENTRYPOINT directive.
Advantages : When executing docker run, you can specify the parameters required for ENTRYPOINT to run.
Note : If there are multiple ENTRYPOINT directives in the Dockerfile, only the last one will take effect.
Format:
ENTRYPOINT ["<executeable>","<param1>","<param2>",...]It can be used with the CMD command: CMD is usually used only when the parameter is changed. The CMD here is equivalent to passing parameters to the ENTRYPOINT, which will be mentioned in the following examples.
Example:
Assuming the nginx:test image has been built via Dockerfile:
FROM nginx
ENTRYPOINT ["nginx", "-c"] # 定参
CMD ["/etc/nginx/nginx.conf"] # 变参 1. Run without passing parameters
$ docker run nginx:testThe following command will be run by default in the container to start the main process.
nginx -c /etc/nginx/nginx.conf2. Pass parameter operation
$ docker run nginx:test -c /etc/nginx/new.confThe following command will be run by default in the container to start the main process (/etc/nginx/new.conf: assuming this file already exists in the container)
nginx -c /etc/nginx/new.confENV
Set the environment variable, define the environment variable, then in the subsequent instructions, you can use this environment variable.
Format:
ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2>...The following example sets NODE_VERSION = 7.2.0, which can be referenced by $NODE_VERSION in subsequent commands:
ENV NODE_VERSION 7.2.0
RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
&& curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"ARG
Construction parameters, consistent with ENV. But the scope is different. The environment variable set by ARG is only valid in the Dockerfile, that is to say, it is only valid during the docker build process, and this environment variable does not exist in the built image. Variables defined FORMbefore by are supported .ARG
The build command docker build can be overridden with --build-arg <argument name>=<value>.
Format:
ARG <参数名>[=<默认值>]Example:
FROMBy ARGdefining the variable NG_VERSION before, refer FROMto the variable in .
ARG NG_VERSION=1.19.3
FROM nginx:${NG_VERSION}
CMD /bin/bash
FORMThe parameters declared before ARGare free from the build phase, so they cannot be FORMused in any subsequent instructions. If you want to use FORMa previously declared one with a default value , you need to declare a parameter with the same name without a value ARGduring the construction phase .ARG
ARG NG_VERSION=1.19.3
FROM nginx:${NG_VERSION}
ARG NG_VERSION
RUN echo "${NG_VERSION}"
CMD /bin/bash
VOLUME
Define anonymous data volumes. If you forget to mount the data volume when starting the container, it will be automatically mounted to the anonymous volume.
effect:
- Avoid losing important data due to container restart, which is very fatal.
- Avoid containers that keep getting bigger.
Format:
VOLUME ["<路径1>", "<路径2>"...]
VOLUME <路径>When starting the container docker run, we can modify the mount point through the -v parameter.
EXPOSE
Just declare the port.
effect:
- Help mirror users understand the guard port of this mirror service, so as to facilitate configuration mapping.
- When using random port mapping at runtime, that is, when docker run -P, the port of EXPOSE will be automatically mapped randomly.
Format:
EXPOSE <端口1> [<端口2>...]WORKDIR
Specifies the working directory. The working directory specified with WORKDIR will exist in every layer of the built image. Afterwards, the current directory of each layer will be changed to the specified directory. If the directory does not exist, WORKDIR will help you create the directory.
In the process of docker build mirroring, each RUN command is a new layer. Only directories created via WORKDIR persist.
Format:
WORKDIR <工作目录路径>USER
It is used to specify the user and user group for executing subsequent commands. This is just to switch the user for executing subsequent commands (users and user groups must already exist in advance).
Format:
USER <用户名>[:<用户组>]HEALTHCHECK
It is used to specify a program or command to monitor the running status of the docker container service.
Format:
HEALTHCHECK [选项] CMD <命令>:设置检查容器健康状况的命令
HEALTHCHECK NONE:如果基础镜像有健康检查指令,使用这行可以屏蔽掉其健康检查指令
HEALTHCHECK [选项] CMD <命令> : 这边 CMD 后面跟随的命令使用,可以参考 CMD 的用法。ONBUILD
Used to delay the execution of build commands. Simply put, the commands specified with ONBUILD in the Dockerfile will not be executed during the process of building the image (assuming the image is test-build). When a new Dockerfile uses the previously built image FROM test-build, when the Dockerfile of the new image is built, the command specified by ONBUILD in the Dockerfile of test-build will be executed.
Format:
ONBUILD <其它指令>LABEL
The LABEL command is used to add some metadata to the image, in the form of key-value pairs. The syntax is as follows:
LABEL <key>=<value> <key>=<value> <key>=<value> ...For example, we can add the author of the image:
LABEL org.opencontainers.image.authors="runoob"reference
(48 messages) Dockerfile FROM instruction syntax analysis_securityitit's blog-CSDN blog