docker安装
yum install -y yum-utils device-mapper-persistent-data lvm2
curl -o /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce --nobest
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://gqk8w9va.mirror.aliyuncs.com"],
"graph":"/opt/mydocker"
}
docker工作目录
Dockerfile
dir/file
.dockerignore #排除文件
docker build (制作镜像)
dockerfile指令
FROM
FROM <repository>[:<tag>]
<repository>@<digest>
FROM busybox:latest
MAINTAINER "wuxing"
LABEL 指定镜像元数据
LABEL <key>=<value> <key>=<value> <key>=<value> ...
LABEL maintainer="wuxing"
COPY 主机文件复制到docker镜像中
COPY src ... dest
COPY ["src",..."dest"]
src是目录,其内部文件和目录都复制,但src目录自身不会被复制
如果有多个src,则dest必须以/结尾
COPY index.html /data/web/html/
[root@k8s-master1 img1]# pwd
/root/img1
[root@k8s-master1 img1]# ls
Dockerfile index.html
[root@k8s-master1 img1]# cat Dockerfile
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
COPY index.html /data/web/html/
[root@k8s-master1 img1]# docker build -t tinyhttpd:v0.1-1 ./
测试
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-1 cat /data/web/html/index.html
<h1>Busybox httpd server</h1>
[root@k8s-master1 img1]# ll
total 12
-rw-r--r-- 1 root root 160 Sep 22 18:18 Dockerfile
-rw-r--r-- 1 root root 30 Sep 22 17:53 index.html
drwxr-xr-x. 3 root root 4096 Sep 4 10:07 yum.repos.d
[root@k8s-master1 img1]# cat Dockerfile
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/
[root@k8s-master1 img1]# docker build -t tinyhttpd:v0.1-2 ./
测试
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-2 ls /etc/yum.repos.d/
CentOS-Base.repo
CentOS-Base.repo.off
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
docker-ce.repo
epel-testing.repo
epel.repo
epel.repo.off
test
ADD 类似COPY ADD支持tar文件和url路径
ADD src ... dest
ADD ["src",..."dest"]
src为url且dest不以/结尾, 则src指定的文件被下载并直接创建为dest
dest以/结尾,则下载文件并保存为dest/filename
src为本地tar文件,则自动解压为一个目录;但通过url获取到的tar文件不会自动解压
ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-3 ls /usr/local/src/
nginx-1.16.1.tar.gz
ADD nginx-1.16.1.tar.gz /usr/local/src/
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-4 ls /usr/local/src/nginx-1.16.1
CHANGES
CHANGES.ru
LICENSE
README
auto
conf
configure
contrib
html
man
src
白手起家构建镜像
wget https://mirrors.tuna.tsinghua.edu.cn/lxc-images/images/centos/7/amd64/cloud/20220702_07%3A08/rootfs.tar.xz
vim Dockerfile
FROM scratch
ADD rootfs.tar.xz /
CMD ["/bin/bash"]
WORKDIR
为Dockerfile中所有的RUN CMD ENTRYPOINT COPY ADD设定工作目录
WORKDIR dirpath (相当于在容器中执行cd命令)
VOLUME
在镜像中创建一个挂载点目录,用于挂载主机上的卷或其它容器上的卷
VOLUME mountpoint
VOLUME ["mountpoint"]
VOLUME /data/mysql/
测试
docker run --name tinyweb1 --rm tinyhttpd:v0.1-5 mount
docker inspect tinyweb1
EXPOSE
指定容器监听端口
EXPOSE port[/protocol] [port[/protocol]...]
EXPOSE 11211/udp 11211/tcp
EXPOSE 80/tcp
测试
docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-6 /bin/httpd -f -h /data/web/html
[root@k8s-master1 img1]# docker port tinyweb1
80/tcp -> 0.0.0.0:32768
http://192.168.0.141:32768/
ENV
为镜像定义所需的环境变量,并可被Dockerfile文件中位于其后的其它指令(ENV ADD COPY等)调用
ENV key value
ENV key=value ...
cat Dockerfile
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.16.1"
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/
ADD ${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/
VOLUME /data/mysql/
EXPOSE 80/tcp
测试
[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 ls /usr/local/src/
nginx-1.16.1
[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 ls /data/web/html
index.html
[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=8dc9429db08b
DOC_ROOT=/data/web/html/
WEB_SERVER_PACKAGE=nginx-1.16.1
HOME=/root
[root@k8s-master1 img1]# docker run --name tinyweb1 -P -e WEB_SERVER_PACKAGE="nginx-1.15.1" --rm tinyhttpd:v0.1-7 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=0d004c6c23e1
WEB_SERVER_PACKAGE=nginx-1.15.1
DOC_ROOT=/data/web/html/
HOME=/root
Dockerfile
FROM harbor.uat.wuxingge.com.cn/uat/jenkins-slave-maven-centos7:v1
USER root
ADD Katalon_Studio_Linux_64-6.3.3.tar.gz /
ENV PATH /Katalon_Studio_Linux_64-6.3.3:$PATH
WORKDIR /Katalon_Studio_Linux_64-6.3.3
RUN
构建镜像时运行的命令
RUN command
RUN ["executable","param1","param2"]
RUN ["/bin/bash","-c","executable","param1"] #命令依赖shell特性使用
cat Dockerfile
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
ENV DOC_ROOT=/data/web/html/ \
WEB_SERVER_PACKAGE="nginx-1.16.1"
COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/
#ADD ${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/
VOLUME /data/mysql/
EXPOSE 80/tcp
RUN cd /usr/local/src/ && \
tar xf ${WEB_SERVER_PACKAGE}.tar.gz && \
mv ${WEB_SERVER_PACKAGE} webserver
[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-8 ls /usr/local/src/
nginx-1.16.1.tar.gz
webserver
CMD
镜像启动容器时默认运行的命令
当其运行结束后,容器也将终止
CMD指定的命令可以被docker run的命令行选项覆盖
Dockerfile中可以存在多个CMD指令,但只有最后一个会生效
CMD command #默认以shell(默认shell为 /bin/sh -c)子进程方式执行
CMD ["executable","param1","param2"] #不以shell子进程方式执行
CMD ["param1","param2"] #为ENTRYPOINT指令提供默认参数
[root@k8s-master1 img2]# cat Dockerfile
FROM busybox
LABEL maintainer="wuxing" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html/"
RUN mkdir -p ${WEB_DOC_ROOT} && \
echo '<h1>Busybox httpd server.</h1>' > ${WEB_DOC_ROOT}/index.html
CMD /bin/httpd -f -h ${WEB_DOC_ROOT}
docker build -t tinyhttpd:v0.2-1 ./
docker run --name tinyweb2 -it --rm -P tinyhttpd:v0.2-1
[root@k8s-master1 img1]# docker exec -it tinyweb2 /bin/sh
/ # ps
PID USER TIME COMMAND
1 root 0:00 /bin/httpd -f -h /data/web/html/
12 root 0:00 /bin/sh
18 root 0:00 ps
cat Dockerfile
FROM busybox
LABEL maintainer="wuxing" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html/"
RUN mkdir -p ${WEB_DOC_ROOT} && \
echo '<h1>Busybox httpd server.</h1>' > ${WEB_DOC_ROOT}/index.html
#CMD /bin/httpd -f -h ${WEB_DOC_ROOT}
CMD ["/bin/sh","-c","/bin/httpd","-f","-h ${WEB_DOC_ROOT}"]
ENTRYPOINT
1.类似CMD,为容器指定默认运行程序,使容器像一个单独的可执行程序
2.ENTRYPOINT启动的程序不会被docker run命令行指定的参数覆盖,这些命令行参数会被当作参数传递给ENTRYPOINT指定的程序
3.docker run命令的–entrypoint选项的参数可覆盖ENTRYPOINT指令指定的程序
docker run --name tinyweb2 -it --rm -P --entrypoint "ls /data/web/html" tinyhttpd:v0.2-5
4.docker run命令传入的命令参数会覆盖CMD指令的内容并且附加到ENTRYPOINT命令最后做为其参数使用
5.Dockerfile文件中可以有多个ENTRYPOINT指令,但只有最后一个生效
ENTRYPOINT command
ENTRYPOINT ["executable","param1","param2"]
cat Dockerfile
FROM busybox
LABEL maintainer="wuxing" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html/"
RUN mkdir -p ${WEB_DOC_ROOT} && \
echo '<h1>Busybox httpd server.</h1>' > ${WEB_DOC_ROOT}/index.html
ENTRYPOINT /bin/httpd -f -h ${WEB_DOC_ROOT}
cat Dockerfile
FROM busybox
LABEL maintainer="wuxing" app="httpd"
ENV WEB_DOC_ROOT="/data/web/html/"
RUN mkdir -p ${WEB_DOC_ROOT} && \
echo '<h1>Busybox httpd server.</h1>' > ${WEB_DOC_ROOT}/index.html
CMD ["/bin/httpd","-f","-h ${WEB_DOC_ROOT}"]
ENTRYPOINT ["/bin/sh","-c"]
测试
docker run --name tinyweb2 -it --rm -P tinyhttpd:v0.2-7 "ls /data"
[root@k8s-master1 img3]# ll
total 12
-rw-r--r-- 1 root root 260 Sep 24 00:14 Dockerfile
-rwxr-xr-x 1 root root 182 Sep 23 23:56 entrypoint.sh
-rw-r--r-- 1 root root 19 Sep 23 23:54 index.html
cat Dockerfile
FROM nginx:alpine
LABEL maintainer="wuxing"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
cat entrypoint.sh
#!/bin/sh
cat > /etc/nginx/conf.d/www.conf << EOF
server {
server_name $HOSTNAME;
listen ${PORT:-80};
root ${NGX_DOC_ROOT:-/usr/share/nginx/html};
}
EOF
exec "$@"
构建镜像
docker build . -t mynginx:v1
启动容器
docker run --rm -p :8080 -e "HOSTNAME=www.wuxing.com" -e "PORT=8080" mynginx:v1
进入容器测试
/etc/nginx/conf.d
server {
server_name www.wuxing.com;
listen 8080;
root /data/web/html/;
}
https://github.com/docker-library/mysql/tree/master/5.7
USER
用于指定运行镜像时或运行Dockerfile中任何 RUN CMD 或ENTRYPOINT指令指定的程序时的用户名或UID
USER UID|username
HEALTHCHECK
选项
--interval=... (default 30s)
--timeout=... (default 30s)
--start-period=... (default 0s) 等待多长时间开始检查
--retries=... (default 3)
检测返回结果
0 success
1 unhealthy
2 reserved (预留)
HEALTHCHECK --interval=5m --timeout=3s CMD curl -f http://localhost/ || exit 1
cat Dockerfile
FROM nginx:1.14-alpine
LABEL maintainer="wuxing"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
SHELL
指定默认shell
STOPSIGNAL
STOPSIGNAL signal
ARG
定义变量(只在build中使用), --build-arg varname=value
ARG name[=default value]
cat Dockerfile
FROM nginx:1.14-alpine
ARG author="wuxing"
LABEL maintainer="${author}"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
docker build --build-arg author="xiadongzhi" -t myweb:v0.3-10 .
ONBUILD
在Dockerfile中定义一个触发器
Dockerfile中ONBUILD指令不会在构建镜像时执行,但基于此镜像再次构建镜像时会执行
ONBUILD不能自我嵌套,不会触发FROM和MAINTAINER指令
ONBUILD <INSTRUCTION>
Dockerfile(带ONBUILD)
FROM nginx:1.14-alpine
ARG author="wuxing"
LABEL maintainer="${author}"
ENV NGX_DOC_ROOT="/data/web/html/"
ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf
EXPOSE 80/tcp
HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/
ONBUILD ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/
CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]
构建镜像
docker build --build-arg author="xiadongzhi" -t myweb:v0.3-11 .
Dockerfile(基于上一个镜像)
FROM myweb:v0.3-11
RUN mkdir /tmp/test
继续构建镜像
docker build -t test:v0.1-1 .
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM myweb:v0.3-11
# Executing 1 build trigger
Downloading [==================================================>] 1.033MB/1.033MB
---> fd7f84e22f95
Step 2/2 : RUN mkdir /tmp/test
---> Running in 972d8b183b44
Removing intermediate container 972d8b183b44
---> ff6325e943bf
Successfully built ff6325e943bf
Successfully tagged test:v0.1-1
测试
docker run --name test1 --rm test:v0.1-1 ls /usr/local/src/
nginx底包镜像制作
nginx.conf
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 102400;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 0;
#gzip on;
include /etc/nginx/conf.d
default.conf
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$request_uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"referer": "$http_referer",'
'"ua": "$http_user_agent"'
'}';
server {
listen 80;
# 配置成实际的域名,每个虚拟主机的配置文件域名都相同
#server_name www.wuxingge.com;
access_log /var/log/nginx/access.log json;
error_log /var/log/nginx/error.log;
location / {
root /usr/share/nginx/html/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
Dockerfile
FROM nginx:alpine
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' >/etc/timezone
COPY default.conf /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
jdk镜像
vim Dockerfile
FROM ubuntu:latest
RUN /bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo 'Asia/Shanghai' >/etc/timezone
ADD jdk-8u221-linux-x64.tar.gz /jdk/
ENV JAVA_HOME=/jdk/jdk1.8.0_221
ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV PATH=$JAVA_HOME/bin:$PATH
CMD java -version
jar包镜像
vim Dockerfile
FROM ascdc/jdk8
COPY blog-admin.jar /
ENTRYPOINT ["java","-jar","/blog-admin.jar"]
centos镜像支持中文
vim Dockerfile
FROM centos:7
ENV LANG=zh_CN.UTF-8 \
LC_ALL=zh_CN.UTF-8
RUN sed -i '13'd /etc/yum.conf && \
yum install -y kde-l10n-Chinese glibc-common
jenkins-slave-nodejs镜像
vim Dockerfile
FROM registry.cn-hangzhou.aliyuncs.com/wuxingge/jenkins-slave-nodejs-centos7:v4
USER root
RUN echo "root@123" | passwd --stdin root && unset NPM_CONFIG_PREFIX && export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" && nvm install v14.19.1 && nvm use v14.19.1 && npm cache verify && npm config set registry https://registry.npm.taobao.org && npm install -g yarn
USER 1001
各种服务前台启动
nginx -g "daemon off;"
php-fpm -F --pid /run/php-fpm/php-fpm.pid -y /etc/php-fpm.conf
mysqld --basedir=/usr --user=mysql
catalina.sh run
/usr/sbin/sshd -D
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
