Kubernetes系列(二)镜像构建
本文主要介绍 docker 镜像的构建过程,以及推送到远程仓库,本示例中,使用的远程仓库是本地搭建的 harbor 仓库,大家可以参考
https://goharbor.io/docs/2.5.0/install-config/
进行安装。
镜像构建
本示例,以 docker hub 中的
centos:7
为基础镜像,运行nginx
程序。
配置 Dockerfile
-
1. 下载 nginx 安装包 (
http://nginx.org/en/download.html
) -
2. 创建 Dockerfile ,内容如下:
# 表示镜像在centos:7的基础上搭建,本地没有会自动从hub仓库拉取
from centos:7
# 安装依赖
run yum install -y wget gcc zlib zlib-devel pcre-devel net-tools make openssl-devel
# 将nginx压缩包上传至构建镜像的/usr/local目录并解压
add ./nginx-1.22.0.tar.gz /usr/local
# 进入解压后的目录,配置安装路径,编译,安装,创建启动文件的软链接
run cd /usr/local/nginx-1.22.0 && ./configure --prefix=/usr/local/nginx && make && make install && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
# 追加重定向到nginx的配置文件,使nginx可以前台启动,容器中必须要有一个前台进程,否则无法启动
run echo "daemon off;">>/usr/local/nginx/conf/nginx.conf
# 操作用户为root
user root
# 暴露端口80
expose 80
# 启动nginx
cmd nginx
此时,工作目录下的文件如下图:
构建
- • 执行构建指令,创建镜像
PS D:\workspace\docker\demo1> docker build -t centos-nginx:1.22.0 .
[+] Building 250.3s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 902B 0.0s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos:7 95.1s
=> [1/5] FROM docker.io/library/centos:7@sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b40 41.3s
=> => resolve docker.io/library/centos:7@sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407 0.0s
=> => sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f 529B / 529B 0.0s
=> => sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9 2.75kB / 2.75kB 0.0s
=> => sha256:2d473b07cdd5f0912cd6f1a703352c82b512407db6b05b43f2553732b55df3bc 76.10MB / 76.10MB 34.7s
=> => sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407 1.20kB / 1.20kB 0.0s
=> => extracting sha256:2d473b07cdd5f0912cd6f1a703352c82b512407db6b05b43f2553732b55df3bc 6.2s
=> [internal] load build context 0.1s
=> => transferring context: 1.07MB 0.0s
=> [2/5] RUN yum install -y wget gcc zlib zlib-devel pcre-devel net-tools make openssl-devel 81.4s
=> [3/5] ADD ./nginx-1.22.0.tar.gz /usr/local 0.2s
=> [4/5] RUN cd /usr/local/nginx-1.22.0 && ./configure --prefix=/usr/local/nginx && make && make install && ln 29.9s
=> [5/5] RUN echo "daemon off;">>/usr/local/nginx/conf/nginx.conf 0.6s
=> exporting to image 1.4s
=> => exporting layers 1.4s
=> => writing image sha256:5447ad7fca9fe0096ff8c72afb637bfaf78e34abe9f4ac744b11440325463f37 0.0s
=> => naming to docker.io/library/centos-nginx:1.22.0
- • 检查镜像 可以看到 centos-nginx ,tag为 1.22.0 的镜像已构建完成目前还在本地仓库
PS D:\workspace\docker\demo1> docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-nginx 1.22.0 5447ad7fca9f 48 minutes ago 486MB
harbor.k8s.info.com/yueyong/centos-nginx 1.22.0 5447ad7fca9f 48 minutes ago 486MB
reg.kolla.org/brs-dev/cloud-webplus-server latest 5b5e808d6e8a 14 months ago 623MB
cloud-webplus-server latest c22d086fca20 14 months ago 623MB
reg.kolla.org/brs-dev/cloud-webplus-server <none> c22d086fca20 14 months ago 623MB
openjdk 8 48ff6191b369 15 months ago 514MB
镜像验证
- • 通过 docker run 运行确认镜像可用
# docker run 后台运行
PS D:\workspace\docker\demo1> docker run -itd -p 80:80 --name="nginx-test" centos-nginx:1.22.0
d1064c4b0469c76e1876d99eb07d393a4f218c1dd569293c94cdfb77415c26af
# docker ps 查看运行容器
PS D:\workspace\docker\demo1> docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
d1064c4b0469 centos-nginx:1.22.0 "/bin/sh -c nginx" 9 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp nginx-test
PS D:\workspace\docker\demo1>
-
• 上一步已运行构建的容器,同时映射 80 端口到 本地的 80 端口,浏览器访问 http://127.0.0.1:80 nginx 默认界面
镜像推送
将上一步构建的本地镜像,推送到远程仓库。
仓库登录
harbor.k8s.info.com 是我的仓库地址,大家根据自己实际值进行操作
PS D:\workspace\docker\demo1> docker login harbor.k8s.info.com
Username: admin
Password:
Error response from daemon: Get https://harbor.k8s.info.com/v2/: x509: certificate signed by unknown authority
若出现上方 x509 错误,说明仓库开启了 https 认证,请按照下图,配置 docker desktop:
然后继续执行 docker login 命令
PS D:\workspace\docker\demo1> docker login harbor.k8s.info.com
Username: admin
Password:
Login Succeeded
PS D:\workspace\docker\demo1>
登录成功
镜像推送
- • 镜像重新打 tag
# 新的镜像tag 命名规范:仓库地址/项目名称/镜像名称:tag
PS D:\workspace\docker\demo1> docker tag centos-nginx:1.22.0 harbor.k8s.info.com/yueyong/centos-nginx:1.22.0
PS D:\workspace\docker\demo1>
- • 按照一下命令推送镜像,需要提前在 harbor 中创建项目 (yueyong 就是我的项目)
PS D:\workspace\docker\demo1> docker push harbor.k8s.info.com/yueyong/centos-nginx:1.22.0
The push refers to repository [harbor.k8s.info.com/yueyong/centos-nginx]
b111a5507c22: Pushed
9f185317001b: Pushed
6d872fe297e4: Pushed
cd999ce9a74f: Pushed
174f56854903: Pushed
1.22.0: digest: sha256:28419d28979f10a388a752a659cd8323f2388c0f5e0f229042273e1cb7f20be7 size: 1371
-
• 登录 harbor 控制台,查看推送的镜像
欢迎关注我的公众号“云原生拓展”,原创技术文章第一时间推送。