Direct the control group (see the third run)
test1
FROM centos
MAINTAINER **
RUN yum -y update
RUN yum -y install wget
RUN wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u121-b13/e9e7ea248e2c4826b92b3f075a80e441/jdk-8u121-linux-x64.tar.gz" -O /tmp/jdk8_x64.tar.gz && gunzip /tmp/jdk8_x64.tar.gz && tar -C /opt -xf /tmp/jdk8_x64.tar && ln -s /opt/jdk1.8.0_121 /opt/jdk && yum clean all && rm -fr /tmp/*
test2
FROM centos
MAINTAINER **
RUN yum -y update
RUN yum -y install wget
RUN wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u121-b13/e9e7ea248e2c4826b92b3f075a80e441/jdk-8u121-linux-x64.tar.gz" -O /tmp/jdk8_x64.tar.gz && gunzip /tmp/jdk8_x64.tar.gz && tar -C /opt -xf /tmp/jdk8_x64.tar && ln -s /opt/jdk1.8.0_121 /opt/jdk
RUN yum clean all
RUN rm -fr /tmp/*
As we separate the different commands have to write what difference does it make?
alex@ubuntu:~/workspace/docker_project$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
test2 latest a65c6cced43b 13 minutes ago 1.1 GB
test1 latest 67897397b053 14 minutes ago 729 MB
See the difference yet?
Taboo a (non-hierarchical or hierarchical blind):
同一业务或功能操作分在一个层(一个run就是一个层哦!)!
Contraindications two (remember superfluous):
绝对也千万别运行yum update,docker的目的就是用最小的资源运行程序。所以一律做减法,没用的不做,可用不可不用的不做,切记画蛇添足!
Taboo three (good image is not good, to see small is not small!):
别用docker commit制作镜像,这样的镜像都是没根的镜像,今天你知道咋回事。明天你可能就忘了,不好追溯其结构和顺序!而且这样的镜像通常都非常大!
Taboo four (memory containers shorter than goldfish):
不要在docker中写入数据,如果有数据产生,必须存储在volume中
Contraindications five (one container a process):
不多说了奥,容器不是虚拟机,一个容器干一个活就OK拉!
Taboo VI (only installed, do not delete):
用完的包要立即删除。
Recommendation and suggestions:
First, the use Alpine
Alpine是一个高度精简又包含了基本工具的轻量级Linux发行版,基础镜像只有4.41M,各开发语言和框架都有基于Alpine制作的基础镜像,所以推荐使用Alpine做基础镜像
yb@localhost ~/s> docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 74f8760a2a8b 8 days ago 82.4MB
alpine latest 11cd0b38bc3c 2 weeks ago 4.41MB
centos 7 49f7960eb7e4 7 weeks ago 200MB
debian latest 3bbb526d2608 8 days ago 101MB
yb@localhost ~/s>
They see how much difference yet?
Second, the use of scratch build other mirror image:
scratch是一个空镜像,只能用于构建其他镜像,比如你要运行一个包含所有依赖的二进制文件,如Golang程序,可以直接使用scratch作为基础镜像。还记得我们k8s里面的 pause镜像嘛?来看看它的Dockerfile:
FROM scratch
ARG ARCH
ADD bin/pause-${ARCH} /pause
ENTRYPOINT ["/pause"]
pause镜像使用了scratch作为基础镜像,这个镜像本身是不占空间的,使用它构建的镜像大小几乎和二进制文件本身一样大,所以镜像非常小。当然在我们的Golang程序中也会使用。对于一些Golang/C程序,可能会依赖一些动态库,你可以使用自动提取动态库工具,比如ldd、linuxdeployqt等提取所有动态库,然后将二进制文件和依赖动态库一起打包到镜像中。
Three, busybox mirror (Andrews core oh!)
scratch是个空镜像,如果希望镜像里可以包含一些常用的Linux工具,busybox镜像是个不错选择,镜像本身只有1.16M,非常便于构建小镜像。
Fourth, other optimization:
(1) increase option on apt-get install -y - no-install-recommends, you can not install advisory (non-essential) dependence can also add options --no-cache to achieve the same effect when performing apk add ;
(2) When performing yum install -y, can install a plurality of tools, such as yum install -y gcc gcc-c ++ make .... Yum install all tasks on a RUN command, thereby reducing the number of mirror layers;
(3) and the cleaning assembly is mounted to a series of instructions which, as apk --update add php7 && rm -rf / var / cache / apk / *, Dockerfile because each instruction will have a document layer, if the apk add ... command rm -rf ... and separate, clean-up can not reduce the size of apk file level commands generated. Ubuntu or Debian use rm -rf / var / lib / apt / lists / * clean up the image in the cache file; the CentOS yum clean all systems use clean-up command.
Welcome to my personal public concern number, more learning materials waiting for you to come and collect.