Dockerfile is a set of rules for customizing images
dockerfie is composed of multiple instructions . Each instruction in the Dockerfile corresponds to each layer in the Docker image.

The principle of dockerfile is image layering.

Each instruction in the Dockerfile will create a new image layer (it is a temporary container that will no longer exist after execution and will be re-created and operated later).
Mirror layers will be cached and reused (subsequent mirror layers will be based on the previous layer, and each layer will have the cache of the following layers)
When the instructions of the dockerfile are modified, the copied files change, or the variables specified when building the image are different (subsequent operations will inevitably change the previous image layer), then the corresponding image layer cache will become invalid (automatically destroyed).
After the image cache of a certain layer becomes invalid, the image cache of the subsequent image layers will become invalid (if the first layer fails, then the second layer will also fail, which is equivalent to the foundation).
Modifications to the container will not affect the image. If you add a file in a certain layer and delete it in the next layer, the file will still be included in the image.

2. Creation of Docker image

There are three ways to create an image:

Create based on existing image
Create based on local template
Created based on Dockerfile (emphasis)

1. Create based on existing image

First start an image and make changes in the container

docker images
docker create -it centos:7 bash
docker ps -a
docker commit -m "new" -a "yyh" 1bbd3cfdb81d centos:7

2. Create based on local template

The image can be generated by importing the operating system template file. The template can be downloaded from the OPENVZ open source project.

The download address is: https://wiki.openvz.org/Download/template/precrated

#下载debian压缩包
wget http://download.openvz.org/template/precreated/debian-7.0-x86-minimal.tar.gz

3. Create based on dockerfile

A dockerfile is a file consisting of a set of instructions
The dockerfile supports one instruction per line, and each instruction can carry multiple parameters. One instruction can use the && method to write multiple instructions.
Dockerfile supports comments starting with "#"

3.1 dockerfile structure (four parts)

Basic image information (Linux distribution: centos ubantu suse debian alpine redhat)
Maintainer information (can be viewed by docker search)
Mirror operation instructions (tar yum make)
Execute instructions when the container starts ( cmd["/root/run.sh"] and entrypoint are the first programs/scripts/commands loaded when the system starts)

3.2 Build image command

PS: You can specify resource limits when building the image

When writing a Dockerfile, there is a strict format that needs to be followed:

The first line must use the FROM instruction to indicate the name of the image it is based on;
Then use the MAINTAINER instruction to describe the user information that maintains the image;
Then there are instructions related to mirror operations, such as the RUN instruction. Each time a command is run, a new layer is added to the base image.
Finally, use the CMD instruction to specify the command operation to be run when starting the container.

示例：
docker build -t nginx:test .  
 
#基于dockerfile文件构建镜像命令
完整的写法： docker build -f dockerfile -t nginx:new . 
docker build : 基于dockerfile 构建镜像
-f ：指定dockerfile 文件（默认不写的话指的是当前目录）
-t ：(tag) 打标签 ——》nginx:new 
.  ：专业说法：指的是构建镜像时的上下文环境，简单理解：指的当前目录环境中的文件

3. Principle of mirror layering

An image is not a single file, but consists of multiple layers. The container actually adds a read-write layer on top of the image. Any file changes made in the running container will be written to this read-write layer. If you delete a container, its top read-write layer is deleted, and file changes are lost. Docker uses storage drivers to manage the content of each layer of the image and the container layer of the read-write layer.

1. Docker image layering (built based on AUFS)

The docker image is located on bootfs
The next layer of each layer of mirror is the parent mirror.
The first layer of images is called base images (operating system environment images)
Container layer (readable and writable, for user operation), at the top level (writeable)
Everything below the container layer is readonly.

2. bootfs kernel space

Mainly includes bootloader (boot program) and kernel (kernel).

The bootloader mainly boots and loads the kernel. When Linux first starts, it loads the bootfs file system. The bottom layer of the Docker image is bootfs.
This layer is the same as our typical Linux/Unix system, including the boot loader and the kernel. After the boot loading is completed, the entire kernel is in the memory . At this time, the right to use the memory is handed over to the kernel by bootfs. The system will also uninstall bootfs.
In the Linux operating system, when Linux loads bootfs, it will set rootfs to read-only. After the system self-test, it will change read-only to read-write, so that we can operate in the operating system.

3. rootfs kernel space

On top of bootfs (base images, such as centos, ubuntu)
Contains standard directories and files such as /dev, /proc, /bin, /etc, etc. in a typical Linux system.
rootfs are various operating system distributions.

4. AUFS and overlay/overlay2

AUFS is a joint file system that uses multiple directories on the same Linux host and stacks them one by one to present a unified file system to the outside world. AUFS uses this feature to implement layering of Docker images.

Docker uses the overlay/overlay2 storage driver to support hierarchical structures.
overlayFS merges two directories on a single Linux host into a single directory . These directories are called layers, and the unification process is called a federated mount.

4.1 overlay structure

Overlayfs has only two layers on the Linux host. One directory is on the lower layer, used to save images, and the other directory is on the upper layer, used to store container information.

rootfs    #基础镜像
lower     #下层信息（为镜像层，只读）
upper     #上层目录（容器信息，可写）
worker    #运行的工作目录（copy-on-write写时复制-->准备容器环境）
mergod    #视图层（容器视图）

#docker 镜像层次结构总结
1、base images :基础镜像
2、image :固化了一个标准运行环境，镜像本身的功能-封装一组功能性的文件，通过统一的方式，文件格式提供出来（只读）
3、container :容器层（读写）
4、docker-server 端
5、呈现给docker-client（视图）

5. Union File System (UnionFS)

UnionFS (Union File System): Union File System (UnionFS) is a hierarchical, lightweight and high-performance file system. It supports modifications to the file system to be superimposed layer by layer as a commit, and can also combine different Directories are mounted to the same virtual file system. AUFS, OberlayFS and Devicemapper are all a type of UnionFS.

The Union file system is the basis of Docker images. Images can be inherited through layering. Based on the base image (without a parent image), various specific application images can be produced.

Features:
Load multiple file systems at the same time, but from the outside, only one file system can be seen. Joint loading will superimpose each layer of file systems, so that the final file system will contain all underlying files and directories.

When downloading from the warehouse, the layers we see below are the joint file systems.

6. Image loading principle

The bottom layer of the Docker image is bootfs. This layer is the same as our typical Linux/Unix system, including the boot loader and kernel. After the boot is loaded, the entire kernel is in the memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also uninstall bootfs.
rootfs is above bootfs. Contains standard directories and files such as /dev, /proc, /bin, /etc, etc. in a typical Linux system. Rootfs refers to various operating system distributions, such as Ubuntu, Centos, etc.
We can understand that there is nothing in the kernel at the beginning. ① Run a command to download debian, which will add a base image to the kernel; ② Install another emacs, and a layer of image will be superimposed on the base image; then install it again An apache will superimpose a layer of image on top of images. In the end they look like a file system i.e. the rootfs of the container. In the Docker system, these rootfs are called Docker images. ③ However, each layer of rootfs at this time is read-only, and we cannot operate it at this time. When we create a container, that is, instantiate a Docker image, the system will allocate an empty layer of read-write rootfs on top of one or more layers of read-only rootfs.

4. Dockerfile operation instructions

instruction	meaning
FROM [mirror]	Specify the image on which the new image is based. The first instruction must be a FROM instruction. Each time a mirror is created, a FROM instruction is required, such as centos:7. from has two meanings: ① start a new image ② a line of instructions that must be written
MAINTAINER [name]	Describe the maintainer information of the new image (can be written or not)
RUN command	Each RUN is followed by a command, which is executed on the image it is based on and submitted to the new image. RUN must be capitalized.
CMD ["Program to run", "Parameter 1", "Parameter 2"]	Specify the command or script that needs to be run when starting the container. Dockerfile can only have one CMD command. If multiple are specified, only the last one can be executed. "bin/bash" is also a CMD and will overwrite the cmd in the image image.
EXPOSE [port number]	Specify the port to be opened when the new image is loaded into Docker . The exposed port is the port number exposed by the container.
ENV [environment variable] [variable value]	Set the value of an environment variable , which will be used by subsequent RUN. Containers can pass in environment variables when creating according to their own needs, but images cannot.
ADD [source file/directory] [destination file/directory]	① Copy the source file to the target file. The source file must be in the same directory as the Dockerfile. ② Or it can be a URL. ③ If the source file is a compressed package, it will be decompressed.
COPY [source file/directory] [destination file/directory]	Copy the files/directories on the local host to the target location. The source files/directories must be in the same directory as the Dockerfile. Copy can only be used for copying. At the same time as add copies, if the copied object is a compressed package, ADD can also decompress it. , copy saves resources than add
VOLUME ["directory"]	Create a mount point in the container, which is simply -v, and specify the directory of the image to mount on the host.
USER [username/UID]	Specify the user when running the container
WORKDIR [path]	Specify the working directory for subsequent RUN, CMD, and ENTRYPOINT, which is equivalent to a temporary "CD". Otherwise, you need to use an absolute path, such as workdir /opt. Move to the opt directory, and the instructions below are executed under opt.
ONBUILD [command]	Specify the command to be run when the generated image is used as a base image* (an optimization)**
HEALTHCHECK	health examination

1. ENTRYPOINT instruction

ENTRYPOINT [“要运行的程序”，“参数1”，“参数2”]

To set the first command to be run when the container starts and its parameters, you can use the command docker run --entrypoint to overwrite the contents of the ENTRYPOINT instruction in the image.

两种格式：

exec格式（数值格式）：ENTRYPOINT [“命令”，“选项”，“参数”]

shell格式：ENTRYPOINT 命令 选项 参数

2. CMD and entrypoint

They are all commands to be loaded when the container starts.

exec mode and shell mode
exec: the first task process started when the container is loaded
shell: the first bash used when the container is loaded (/bin/bash /bin/sh /bin/init)

自检完成后，加载第一个pid = 1 进程 
 
shell 翻译官/解释器，解析
 
echo $PATH

Example

mkdir test
cd test/
vim Dockerfile
FROM centos:7
CMD ["top"]

docker build -t centos:7 .
docker run -it --name test centos:7
docker logs test
docker ps -a
docker start 6c198084c38b
docker exec test ps aux
docker ps -a
docker run -itd --name test01 centos:7 /bin/bash
docker exec test01 ps aux

2.1 Environment variables cannot be output when using exec mode

Example: exec mode (command plus options + parameters)

vim Dockerfile 
FROM centos:7
CMD ["echo","$HOME"]

echo $HOME
docker build -t "centos:zb" .

2.2 Shell mode (requires an interpreter)

vim Dockerfile
FROM centos:7
CMD ["sh","-c","echo $HOME"]
docker build -t "centos:yyh" .
docker run -itd --name yyh1 centos:yyh
docker logs yyh1

2.3 Summary

例：区别shell 模式和exec 模式
/bin/sh -c nginx         #shell 模式
nginx                    # exec模式
 
exec 和shell 之间的区别  
exec 不可用输出环境变量
shell 模式可以输出环境变量
 
 
cmd 是容器环境启动时默认加载的命令
entrypoint 是容器环境启动时第一个加载的命令程序/脚本程序 init 
 
如果 ENTRYPOINT 使用了 shell 模式，CMD 指令会被忽略。
 
如果 ENTRYPOINT 使用了 exec 模式，CMD 指定的内容被追加为 ENTRYPOINT 指定命令的参数。
 
如果 ENTRYPOINT 使用了 exec 模式，CMD 也应该使用 exec 模式。

3. The difference between ADD and copy

Both the COPY instruction and the ADD instruction in the Dockerfile can copy or add resources on the host to the container image, both of which are completed during the process of building the image.

copy can only be used for copying (saving resources)
While ADD is copying, if the copied object is a compressed package, ADD can also decompress it (consuming resources)
The only difference between the COPY instruction and the ADD instruction is whether it supports obtaining resources from a remote URL. The COPY instruction can only read resources from the host where docker build is executed and copy them to the image. The ADD instruction also supports reading resources from the remote server through the URL and copying them to the mirror.

5. Dockerfile case—Building tomcat image

The relationship between tomcat startup scripts startup.sh
in the bin directory
—call—>catalina.sh—reference—>setclasspath.sh

Note:
1. Tomcat’s startup.sh script is mainly used to determine the environment,
find the catalina.sh script source path, and pass the startup command parameters to catalina.sh for execution;

2. setclasspath.sh checks whether various variables are assigned values,
verifies the files involved in starting and stopping tomcat, and ensures that tomcat starts and stops smoothly;

3. The catalina.sh script uses a lot of judgment,
using if as the input judgment of parameters. The core startup command is actually the java command.

6. Summary

1. Create a working directory before building the image in dockerfile

Dockerfile needs to create a working directory before building the image. Docker build will scan all files in the current directory. There are four
optimization methods - "Based on the principle of docker image layering
① Each RUN instruction will generate a new image layer
② Each The image cache of one layer will be inherited to the next layer - directly affecting the size of the image

2. What are the methods to create an image?

Update the content directly in the current container, and then use docker commit [-m] [-a] [-p] Container ID New image name: tag
Download the image compression package template file or use docker export to export the container file, and then use docker import file name – new image name: label
dockerfile build image

Docker container——dockerfile

1. Dockerfile concept