1.docker image分层存储
镜像是一个特殊的文件系统,除了提供容器运行时所需的程序、库、资源、配置等文件外,还包含了一些为运行时准备的一些配置参数(如匿名卷、环境变量、用户等)。镜像不包含任何动态数据,其内容在构建之后也不会被改变。
2,docker容器 存储层(状态变化)
以镜像为基础层,在其上创建一个当前容器的存储层,容器存储层的生存周期和容器一样,容器消亡时,容器存储层也随之消亡。因此,任何保存于容器存储层的信息都会随容器删除而丢失。按照 Docker 最佳实践的要求,容器不应该向其存储层内写入任何数据,容器存储层要保持无状态化。所有的文件写入操作,都应该使用 数据卷(Volume)、或者绑定宿主目录,在这些位置的读写会跳过容器存储层,直接对宿主(或网络存储)发生读写,其性能和稳定性更高。
3,将目录挂载为匿名卷
4,
1.让镜像变成像命令一样使用
分别使用 cmd
ENTRYPOINT 证明run的时候传参数
参考:https://yeasy.gitbooks.io/docker_practice/content/image/dockerfile/entrypoint.html
入口文件
2,
3.
4.
5,
docker inspect imagexxx 在metadata里可以看到label
镜像是一个特殊的文件系统,除了提供容器运行时所需的程序、库、资源、配置等文件外,还包含了一些为运行时准备的一些配置参数(如匿名卷、环境变量、用户等)。镜像不包含任何动态数据,其内容在构建之后也不会被改变。
2,docker容器 存储层(状态变化)
以镜像为基础层,在其上创建一个当前容器的存储层,容器存储层的生存周期和容器一样,容器消亡时,容器存储层也随之消亡。因此,任何保存于容器存储层的信息都会随容器删除而丢失。按照 Docker 最佳实践的要求,容器不应该向其存储层内写入任何数据,容器存储层要保持无状态化。所有的文件写入操作,都应该使用 数据卷(Volume)、或者绑定宿主目录,在这些位置的读写会跳过容器存储层,直接对宿主(或网络存储)发生读写,其性能和稳定性更高。
3,将目录挂载为匿名卷
dockerfile里可以写
VOLUME /data #默认挂载到了宿主机/var/lib/docker/xxx/_data
docker run的时候加参数覆盖:
docker run -d -v mydata:/data xxxx
参考:mysql的dockerfile
https://github.com/docker-library/mysql/tree/dc60c4b80f3eb5b7ef8b9ae09f16f6fab7a2fbf5/8.0/config
4,
1.让镜像变成像命令一样使用
栗子:构建获取ip image.
FROM ubuntu:16.04
RUN apt-get update \
&& apt-get install -y curl \
&& rm -rf /var/lib/apt/lists/*
CMD [ "curl", "-s", "http://ip.cn" ]
[root@lanny dockerfile]# docker run -it --rm myip
当前 IP:47.52.103.37 来自:香港特别行政区 阿里云
另一个案例
分别使用 cmd
ENTRYPOINT 证明run的时候传参数
参考:https://yeasy.gitbooks.io/docker_practice/content/image/dockerfile/entrypoint.html
2,ENTRYPOINT传参(将cmd当作参数)
应用运行前准备工作传参-如mysql初始化
mysql的dockerfile
https://github.com/docker-library/mysql/tree/dc60c4b80f3eb5b7ef8b9ae09f16f6fab7a2fbf5/8.0/config
FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql
# add gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true \
&& apt-get purge -y --auto-remove ca-certificates wget
RUN mkdir /docker-entrypoint-initdb.d
RUN apt-get update && apt-get install -y --no-install-recommends \
# for MYSQL_RANDOM_ROOT_PASSWORD
pwgen \
# for mysql_ssl_rsa_setup
openssl \
# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db:
# File::Basename
# File::Copy
# Sys::Hostname
# Data::Dumper
perl \
&& rm -rf /var/lib/apt/lists/*
RUN set -ex; \
# gpg: key 5072E1F5: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
key='A4A9406876FCBD3C456770C88C718D3B5072E1F5'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
gpg --export "$key" > /etc/apt/trusted.gpg.d/mysql.gpg; \
rm -r "$GNUPGHOME"; \
apt-key list > /dev/null
ENV MYSQL_MAJOR 8.0
ENV MYSQL_VERSION 8.0.1-dmr-1debian8
RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN { \
echo mysql-community-server mysql-community-server/data-dir select ''; \
echo mysql-community-server mysql-community-server/root-pass password ''; \
echo mysql-community-server mysql-community-server/re-root-pass password ''; \
echo mysql-community-server mysql-community-server/remove-test-db select false; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y mysql-community-client-core="${MYSQL_VERSION}" mysql-community-server-core="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* \
&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql /var/run/mysqld \
&& chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
# ensure that /var/run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime
&& chmod 777 /var/run/mysqld
VOLUME /var/lib/mysql
# Config files
COPY config/ /etc/mysql/
COPY docker-entrypoint.sh /usr/local/bin/
RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 3306
CMD ["mysqld"]
入口文件
下面是其他的一些dockerfile:
1.
#Base images
FROM busybox
ENV sex=gender
EXPOSE 22
2,
ENV abc=hello
ENV abc=bye def=$abc
ENV ghi=$abc
将导致def值为hello,不再bye。然而,ghi的值为bye,因为它不是设置abc为bye的相同命令的一部分。
ghi=bye
abc=bye
def=hello
3.
FROM busybox
RUN mkdir /bar
RUN mkdir /quux
ENV foo=/bar
WORKDIR $foo #进去后家目录在哪
ADD . $foo
4.
FROM busybox
ENV foo /bar
WORKDIR ${foo} # WORKDIR /bar
ADD . $foo # ADD . /bar
COPY \$foo /quux # COPY $foo /quux
5,
FROM nginx
RUN echo '<h1>Hello, Docker!</h1>' > /usr/share/nginx/html/index.html
首先docker run加的参数会覆盖CMD里的参数. 并作为新的参数传递给docker-entrypoint.sh脚本
7,最简单的run命令
[root@lanny dockerfile]# cat Dockerfile
FROM centos
RUN mkdir /app
WORKDIR /app
8,打标签
[root@lanny dockerfile]# cat Dockerfile
FROM centos
LABEL "com.example.vendor"="ACME Incorporated"
LABEL com.example.label-with-value="foo"
LABEL version="1.0"
LABEL description="This text illustrates \
that label-values can span multiple lines."
RUN mkdir /app
WORKDIR /app
docker inspect imagexxx 在metadata里可以看到label