关于docker容器的镜像分层和私有仓库!!
dockerfile分层
dockerfile分层原理
docker镜像分层(基于AUFS构建)
bootfs和rootfs
AUFS 与overlay/overlay2
接下来我们可以做一个关于证实overlay结构的小实验
[root@node1 ~]# mkdir lower
[root@node1 ~]# mkdir upper
[root@node1 ~]# mkdir work
[root@node1 ~]# echo “lower.aa” > lower/aa
[root@node1 ~]# echo “lower.bb” > lower/bb
[root@node1 ~]# echo “upper.bb” > upper/bb
[root@node1 ~]# echo “upper.cc” > upper/cc
[root@node1 ~]# mkdir merged
[root@node1 ~]# mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merged
[root@node1 merged]# ls
aa bb cc
[root@node1 merged]# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/sda3 71G 23G 49G 32% /
devtmpfs 2.9G 0 2.9G 0% /dev
tmpfs 2.9G 0 2.9G 0% /dev/shm
tmpfs 2.9G 13M 2.9G 1% /run
tmpfs 2.9G 0 2.9G 0% /sys/fs/cgroup
/dev/sda1 1014M 174M 841M 18% /boot
tmpfs 585M 44K 585M 1% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /run/media/root/CentOS 7 x86_64
overlay 71G 23G 49G 32% /root/merged
dockerfile操作指令
构建tomcat镜像
FROM centos:7
ADD apache-tomcat-9.0.16.tar.gz /usr/local
ADD jdk-8u91-linux-x64.tar.gz /usr/local
ENV JAVA_HOME /root/jdk1.8.0_91
ENV PATH $JAVE_HOME/bin:$PATH
ENV CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/lib
EXPOSE 8080
RUN ln -s /usr/local/apache-tomcat-9.0.16/bin/startup.sh /usr/local/bin/ && ln -s /usr/local/apache-tomcat-9.0.16/bin/shutdown.sh /usr/local/bin/
CMD startup.sh
[root@node1 nginx]# docker build -f docker -t tomcat:c1.
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat c1 4af7e041899e 18 hours ago 584MB
[root@node1 nginx]# docker run -itd -P tomcat:c1
[root@node1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a06ceddd7adb tomcat:c1 "/bin/bash" 48 minutes ago Up 13 minutes 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp nostalgic_darwin
[root@node1 nginx]# docker exec -it nostalgic_darwin /bin/bash
[root@a06ceddd7adb /]# cd /usr/local/apache-tomcat-9.0.16/bin/
[root@a06ceddd7adb bin]# ./startup.sh
Using CATALINA_BASE: /usr/local/apache-tomcat-9.0.16
Using CATALINA_HOME: /usr/local/apache-tomcat-9.0.16
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-9.0.16/temp
Using JRE_HOME: /usr/local/jdk1.8.0_91
Using CLASSPATH: /usr/local/apache-tomcat-9.0.16/bin/bootstrap.jar:/usr/local/apache-tomcat-9.0.16/bin/tomcat-juli.jar
Tomcat started.
[root@a06ceddd7adb bin]# ps axu
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 12012 2164 pts/0 Ss+ 16:06 0:00 /bin/bash
root 16 0.0 0.0 12012 1944 pts/1 Ss+ 16:07 0:00 /bin/bash
root 55 0.0 0.0 12012 756 ? S 16:07 0:00 /bin/sh /usr/local/apache-tomcat-9.0.16/bin/catalina.sh start
root 56 0.8 1.9 5071932 119432 ? Sl 16:07 0:06 /usr/local/jdk1.8.0_91/bin/java -Djava.util.logging.config.file=/usr/local/apache-tomcat-9.0.16/conf/logging.prop
root 105 0.1 0.0 12116 2216 pts/2 Ss 16:20 0:00 /bin/bash
root 152 0.0 0.0 44620 1788 pts/2 R+ 16:20 0:00 ps axu
关于CMD和ENTRYPOINT的区别
构建nginx镜像(未优化阶段
[root@node1 nginx]# vim nginx
FROM centos:7
ADD nginx-1.15.9.tar.gz /usr/local/src
RUN yum install -y gcc gcc-c++ pcre-devel devel zlib-devel make
RUN useradd -M -s /sbin/nologin nginx
WORKDIR /usr/local/src/nginx-1.15.9
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/loacl/nginx/sbin:$PATH
EXPOSE 80
RUN echo "deamon off;" >> /usr/local/nginx/conf/nginx.conf
CMD nginx
[root@node1 nginx]# docker build -f nginx -t nginx:v1 .
[root@node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v1 8997d003b2d4 About a minute ago 458MB
构建nginx镜像(第一次优化,将垃圾信息丢入垃圾桶)
[root@node1 nginx]# vim nginx1
FROM centos:7
ADD nginx-1.15.9.tar.gz /opt
WORKDIR /opt/nginx-1.15.9
RUN yum install -y gcc gcc-c++ pcre-devel devel zlib-devel make &> /dev/null && yum clean all
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc //表示关闭debug日志调试
RUN ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null
RUN rm -rf /opt/nginx-1.15.9
EXPOSE 80
VOLUME ["/usr/local/nginx/html"] //指定挂载目录
CMD ["/usr/local/nginx/sbin/nginx","-g","deamon off;"]
[root@node1 nginx]# docker build -f nginx1 -t nginx:v2 .
[root@node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 c235e84f0e22 9 seconds ago 335MB
nginx v1 8997d003b2d4 25 minutes ago 458MB
构建nginx镜像(第二次优化,减少RUN使用)
[root@node1 nginx]# vim nginx2
FROM centos:7
ADD nginx-1.15.9.tar.gz /opt
WORKDIR /opt/nginx-1.15.9
RUN yum install -y gcc gcc-c++ pcre-devel devel zlib-devel make &> /dev/null && yum clean all && \
sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && \
./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && \
rm -rf /opt/nginx-1.15.9
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","deamon off;"]
[root@node1 nginx]# docker build -f nginx2 -t nginx:v3 .
[root@node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v3 f65b91badc26 51 seconds ago 333MB
nginx v2 c235e84f0e22 20 minutes ago 335MB
nginx v1 8997d003b2d4 45 minutes ago 458MB
构建nginx镜像(第三次优化,多阶段构建)
使用FROM生成多个镜像,将指定镜像作为基础镜像来构建
[root@node1 nginx]# vim nginx3
FROM centos:7 as build
ADD nginx-1.15.9.tar.gz /opt
WORKDIR /opt/nginx-1.15.9
RUN yum install -y gcc gcc-c++ pcre-devel devel zlib-devel make &> /dev/null && yum clean all && \
sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && \
./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && \
rm -rf /opt/nginx-1.15.9
FROM centos:7
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
COPY --from=build /usr/local/nginx /usr/local/nginx
CMD ["/usr/local/nginx/sbin/nginx","-g","deamon off;"]
[root@node1 nginx]# docker build -f nginx3 -t nginx:v4 .
[root@node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 64868a58d31b 9 seconds ago 205MB
nginx v3 f65b91badc26 23 minutes ago 333MB
nginx v2 c235e84f0e22 42 minutes ago 335MB
nginx v1 8997d003b2d4 About an hour ago 458MB
关于私有仓库的建立
[root@node1 nginx]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
6a428f9f83b0: Pull complete
90cad49de35d: Pull complete
b215d0b40846: Pull complete
429305b6c15c: Pull complete
6f7e10a4e907: Pull complete
Digest: sha256:265d4a5ed8bf0df27d1107edb00b70e658ee9aa5acb3f37336c5a17db634481e
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest
[root@node1 nginx]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest b2cb11db9d3d 6 days ago 26.2MB
[root@node1 nginx]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.1.101:5000"],
"registry-mirrors": ["https://cn90fxk6.mirror.aliyuncs.com"]
}
[root@node1 nginx]# systemctl restart docker
[root@node1 nginx]# docker create -it registry /bin/bash
9e4c5a98dbcf9a9d6b64877b9b6b79f9ca218f6deada6e634bd3a5a6eb88dd2f
[root@node1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9e4c5a98dbcf registry "/entrypoint.sh /bin…" 3 seconds ago Created goofy_shaw
[root@node1 nginx]# docker run -d -p 5000:5000 -v /data/registry:/tmp/registry registry
2972e4688748a46819382f6b1ab0b1efd8dfaec5c0a4d895b32a38029daa7cb1
[root@node1 nginx]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2972e4688748 registry "/entrypoint.sh /etc…" 27 seconds ago Up 26 seconds 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp cranky_heyrovsky
[root@node1 registry]# docker push nginx:v4
The push refers to repository [docker.io/library/nginx]
04f0c5f56b6b: Preparing
174f56854903: Preparing
denied: requested access to the resource is denied
[root@node1 registry]# docker tag nginx:v4 192.168.1.101:5000/nginx
[root@node1 registry]# docker push 192.168.1.101:5000/nginx
Using default tag: latest
The push refers to repository [192.168.1.101:5000/nginx]
04f0c5f56b6b: Pushed
174f56854903: Pushed
latest: digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065 size: 739
[root@node1 registry]# curl -XGET http://192.168.1.101:5000/v2/_catalog
{"repositories":["nginx","tomcat"]}
[root@node1 registry]# docker rmi 192.168.1.101:5000/nginx:latest
Untagged: 192.168.1.101:5000/nginx:latest
Untagged: 192.168.1.101:5000/nginx@sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
[root@node1 registry]# docker pull 192.168.1.101:5000/nginx
Using default tag: latest
latest: Pulling from nginx
Digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
Status: Downloaded newer image for 192.168.1.101:5000/nginx:latest
192.168.1.101:5000/nginx:latest
[root@node1 registry]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.101:5000/nginx latest 64868a58d31b 35 minutes ago 205MB
nginx v4 64868a58d31b 35 minutes ago 205MB
nginx v3 f65b91badc26 58 minutes ago 333MB
nginx v2 c235e84f0e22 About an hour ago 335MB
nginx v1 8997d003b2d4 2 hours ago 458MB