Dockerfile

docker安装(centos8)

yum install -y yum-utils device-mapper-persistent-data lvm2
curl -o /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce --nobest

vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://gqk8w9va.mirror.aliyuncs.com"],
  "graph":"/opt/mydocker"
}

docker工作目录

Dockerfile
dir/file
.dockerignore #排除文件

docker build (制作镜像)

dockerfile指令 FROM

FROM [:]
     @
     
FROM busybox:latest

MAINTAINER "wuxing"

LABEL 指定镜像元数据

LABEL = = = ...
LABEL maintainer="wuxing"

COPY 主机文件复制到docker镜像中

COPY  src ... dest
COPY  ["src",..."dest"]

src是目录,其内部文件和目录都复制,但src目录自身不会被复制
如果有多个src,则dest必须以/结尾

COPY index.html /data/web/html/

[root@k8s-master1 img1]# pwd
/root/img1
[root@k8s-master1 img1]# ls
Dockerfile  index.html
[root@k8s-master1 img1]# cat Dockerfile 
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
COPY index.html /data/web/html/

[root@k8s-master1 img1]# docker build -t tinyhttpd:v0.1-1 ./

测试
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-1 cat /data/web/html/index.html
Busybox httpd server

[root@k8s-master1 img1]# ll
total 12
-rw-r--r--  1 root root  160 Sep 22 18:18 Dockerfile
-rw-r--r--  1 root root   30 Sep 22 17:53 index.html
drwxr-xr-x. 3 root root 4096 Sep  4 10:07 yum.repos.d
[root@k8s-master1 img1]# cat Dockerfile 
# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
COPY index.html /data/web/html/
COPY yum.repos.d /etc/yum.repos.d/

[root@k8s-master1 img1]# docker build -t tinyhttpd:v0.1-2 ./

测试
[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-2 ls /etc/yum.repos.d/
CentOS-base.repo
CentOS-base.repo.off
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
docker-ce.repo
epel-testing.repo
epel.repo
epel.repo.off
test

ADD 类似COPY ADD支持tar文件和url路径

ADD  src ... dest
ADD  ["src",..."dest"]

src为url且dest不以/结尾, 则src指定的文件被下载并直接创建为dest
dest以/结尾,则下载文件并保存为dest/filename

src为本地tar文件,则自动解压为一个目录;但通过url获取到的tar文件不会自动解压

ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/

[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-3 ls /usr/local/src/
nginx-1.16.1.tar.gz

ADD nginx-1.16.1.tar.gz /usr/local/src/

[root@k8s-master1 img1]# docker run --name tinyweb1 --rm tinyhttpd:v0.1-4 ls /usr/local/src/nginx-1.16.1
CHANGES
CHANGES.ru
LICENSE
README
auto
conf
configure
contrib
html
man
src

WORKDIR

为Dockerfile中所有的RUN CMD ENTRYPOINT COPY ADD设定工作目录
WORKDIR dirpath (相当于在容器中执行cd命令)

VOLUME

在镜像中创建一个挂载点目录,用于挂载主机上的卷或其它容器上的卷

VOLUME mountpoint
VOLUME ["mountpoint"]

VOLUME /data/mysql/

测试

docker run --name tinyweb1 --rm tinyhttpd:v0.1-5 mount
docker inspect tinyweb1

EXPOSE

指定容器监听端口

EXPOSE port[/protocol] [port[/protocol]...]
EXPOSE 11211/udp 11211/tcp

EXPOSE 80/tcp

测试

docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-6 /bin/httpd -f -h /data/web/html

[root@k8s-master1 img1]# docker port tinyweb1 
80/tcp -> 0.0.0.0:32768

http://192.168.0.141:32768/

ENV

为镜像定义所需的环境变量,并可被Dockerfile文件中位于其后的其它指令(ENV ADD COPY等)调用

ENV key value
ENV key=value ...

cat Dockerfile

# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
ENV DOC_ROOT=/data/web/html/ 
    WEB_SERVER_PACKAGE="nginx-1.16.1"

COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
#ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/
ADD ${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/

VOLUME /data/mysql/

EXPOSE 80/tcp

测试

[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 ls /usr/local/src/
nginx-1.16.1
[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 ls /data/web/html
index.html

[root@k8s-master1 img1]# docker run --name tinyweb1 -P --rm tinyhttpd:v0.1-7 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=8dc9429db08b
DOC_ROOT=/data/web/html/
WEB_SERVER_PACKAGE=nginx-1.16.1
HOME=/root
[root@k8s-master1 img1]# docker run --name tinyweb1 -P -e WEB_SERVER_PACKAGE="nginx-1.15.1" --rm tinyhttpd:v0.1-7 printenv
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=0d004c6c23e1
WEB_SERVER_PACKAGE=nginx-1.15.1
DOC_ROOT=/data/web/html/
HOME=/root

RUN

构建镜像时运行的命令

RUN command
RUN ["executable","param1","param2"]

RUN ["/bin/bash","-c","executable","param1"] #命令依赖shell特性使用

cat Dockerfile

# Description: test image
FROM busybox:latest
MAINTAINER "wuxing"
#LABEL maintainer="wuxing"
ENV DOC_ROOT=/data/web/html/ 
    WEB_SERVER_PACKAGE="nginx-1.16.1"

COPY index.html ${DOC_ROOT:-/data/web/html/}
COPY yum.repos.d /etc/yum.repos.d/
ADD http://nginx.org/download/${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/
#ADD ${WEB_SERVER_PACKAGE}.tar.gz /usr/local/src/

VOLUME /data/mysql/

EXPOSE 80/tcp

RUN cd /usr/local/src/ && 
    tar xf ${WEB_SERVER_PACKAGE}.tar.gz && 
    mv ${WEB_SERVER_PACKAGE} webserver

[root@k8s-master1 img1]# docker run --name tinyweb1 -P  --rm tinyhttpd:v0.1-8 ls /usr/local/src/
nginx-1.16.1.tar.gz
webserver

CMD

镜像启动容器时默认运行的命令
当其运行结束后,容器也将终止
CMD指定的命令可以被docker run的命令行选项覆盖
Dockerfile中可以存在多个CMD指令,但只有最后一个会生效

CMD command  #默认以shell(默认shell为 /bin/sh -c)子进程方式执行
CMD ["executable","param1","param2"]   #不以shell子进程方式执行
CMD ["param1","param2"]  #为ENTRYPOINT指令提供默认参数

[root@k8s-master1 img2]# cat Dockerfile 
FROM busybox
LABEL maintainer="wuxing" app="httpd"

ENV WEB_DOC_ROOT="/data/web/html/"

RUN mkdir -p ${WEB_DOC_ROOT} && 
    echo 'Busybox httpd server.' > ${WEB_DOC_ROOT}/index.html

CMD /bin/httpd -f -h ${WEB_DOC_ROOT}

docker build -t tinyhttpd:v0.2-1 ./

docker run --name tinyweb2 -it --rm -P tinyhttpd:v0.2-1

[root@k8s-master1 img1]# docker exec -it tinyweb2 /bin/sh
/ # ps
PID   USER     TIME  COMMAND
    1 root      0:00 /bin/httpd -f -h /data/web/html/
   12 root      0:00 /bin/sh
   18 root      0:00 ps

cat Dockerfile

FROM busybox
LABEL maintainer="wuxing" app="httpd"

ENV WEB_DOC_ROOT="/data/web/html/"

RUN mkdir -p ${WEB_DOC_ROOT} && 
    echo 'Busybox httpd server.' > ${WEB_DOC_ROOT}/index.html

#CMD /bin/httpd -f -h ${WEB_DOC_ROOT}
CMD ["/bin/sh","-c","/bin/httpd","-f","-h ${WEB_DOC_ROOT}"] 

ENTRYPOINT

1.类似CMD,为容器指定默认运行程序,使容器像一个单独的可执行程序
2.ENTRYPOINT启动的程序不会被docker run命令行指定的参数覆盖,这些命令行参数会被当作参数传递给ENTRYPOINT指定的程序

3.docker run命令的–entrypoint选项的参数可覆盖ENTRYPOINT指令指定的程序

docker run --name tinyweb2 -it  --rm -P --entrypoint "ls /data/web/html" tinyhttpd:v0.2-5

4.docker run命令传入的命令参数会覆盖CMD指令的内容并且附加到ENTRYPOINT命令最后做为其参数使用
5.Dockerfile文件中可以有多个ENTRYPOINT指令,但只有最后一个生效

ENTRYPOINT command
ENTRYPOINT ["executable","param1","param2"]

cat Dockerfile

FROM busybox
LABEL maintainer="wuxing" app="httpd"

ENV WEB_DOC_ROOT="/data/web/html/"

RUN mkdir -p ${WEB_DOC_ROOT} && 
    echo 'Busybox httpd server.' > ${WEB_DOC_ROOT}/index.html

ENTRYPOINT /bin/httpd -f -h ${WEB_DOC_ROOT}

cat Dockerfile

FROM busybox
LABEL maintainer="wuxing" app="httpd"

ENV WEB_DOC_ROOT="/data/web/html/"

RUN mkdir -p ${WEB_DOC_ROOT} && 
    echo 'Busybox httpd server.' > ${WEB_DOC_ROOT}/index.html

CMD ["/bin/httpd","-f","-h ${WEB_DOC_ROOT}"]
ENTRYPOINT ["/bin/sh","-c"]

测试

docker run --name tinyweb2 -it --rm  -P tinyhttpd:v0.2-7 "ls /data"

[root@k8s-master1 img3]# ll
total 12
-rw-r--r-- 1 root root 260 Sep 24 00:14 Dockerfile
-rwxr-xr-x 1 root root 182 Sep 23 23:56 entrypoint.sh
-rw-r--r-- 1 root root  19 Sep 23 23:54 index.html

cat Dockerfile

FROM nginx:1.14-alpine
LABEL maintainer="wuxing"

ENV NGX_DOC_ROOT="/data/web/html/"

ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf

CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]

cat entrypoint.sh

#!/bin/sh
cat > /etc/nginx/conf.d/www.conf << EOF
server {
	server_name $HOSTNAME;
	listen ${IP:-0.0.0.0}:${PORT:-80};
	root ${NGX_DOC_ROOT:-/usr/share/nginx/html};
}
EOF

exec "$@"

docker build -t myweb:v0.3-6 ./

docker run --name myweb1 --rm -P myweb:v0.3-6
docker run --name myweb1 --rm -p :8080 -e "PORT=8080" myweb:v0.3-6

测试

docker exec -it myweb1 /bin/sh
wget -O - -q c1a0acce1a2f

https://github.com/docker-library/mysql/tree/master/5.7

USER

用于指定运行镜像时或运行Dockerfile中任何 RUN CMD 或ENTRYPOINT指令指定的程序时的用户名或UID

USER UID|username

HEALTHCHECK

选项

--interval=...     (default 30s)
--timeout=...     (default  30s)
--start-period=...     (default  0s)  等待多长时间开始检查
--retries=...   (default  3)

检测返回结果
0 success
1 unhealthy
2 reserved (预留)

HEALTHCHECK --interval=5m  --timeout=3s CMD curl -f http://localhost/ || exit 1

cat Dockerfile

FROM nginx:1.14-alpine
LABEL maintainer="wuxing"

ENV NGX_DOC_ROOT="/data/web/html/"

ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf

EXPOSE 80/tcp

HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/

CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]

SHELL

指定默认shell

STOPSIGNAL

STOPSIGNAL signal

ARG

定义变量(只在build中使用), --build-arg varname=value

ARG name[=default value]

cat Dockerfile

FROM nginx:1.14-alpine

ARG author="wuxing"
LABEL maintainer="${author}"

ENV NGX_DOC_ROOT="/data/web/html/"

ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf

EXPOSE 80/tcp

HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/

CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]

docker build --build-arg author="xiadongzhi" -t myweb:v0.3-10 .

onBUILD

在Dockerfile中定义一个触发器
Dockerfile中ONBUILD指令不会在构建镜像时执行,但基于此镜像再次构建镜像时会执行

ONBUILD不能自我嵌套,不会触发FROM和MAINTAINER指令

onBUILD  

Dockerfile(带ONBUILD)

FROM nginx:1.14-alpine

ARG author="wuxing"
LABEL maintainer="${author}"

ENV NGX_DOC_ROOT="/data/web/html/"

ADD index.html ${NGX_DOC_ROOT}
ADD entrypoint.sh /bin/
RUN rm -f /etc/nginx/conf.d/default.conf

EXPOSE 80/tcp

HEALTHCHECK --start-period=3s CMD wget -O - -q http://${IP:-0.0.0.0}:${PORT:-80}/

onBUILD ADD http://nginx.org/download/nginx-1.16.1.tar.gz /usr/local/src/

CMD ["/usr/sbin/nginx","-g","daemon off;"]
ENTRYPOINT ["/bin/entrypoint.sh"]

构建镜像

docker build --build-arg author="xiadongzhi" -t myweb:v0.3-11 .

Dockerfile(基于上一个镜像)

FROM myweb:v0.3-11

RUN mkdir /tmp/test

继续构建镜像

docker build -t test:v0.1-1 .
Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM myweb:v0.3-11
# Executing 1 build trigger
Downloading [==================================================>]  1.033MB/1.033MB
 ---> fd7f84e22f95
Step 2/2 : RUN mkdir /tmp/test
 ---> Running in 972d8b183b44
Removing intermediate container 972d8b183b44
 ---> ff6325e943bf
Successfully built ff6325e943bf
Successfully tagged test:v0.1-1

测试

docker run --name test1 --rm test:v0.1-1 ls /usr/local/src/

各种服务前台启动

# nginx
nginx -g "daemon off;"

# php
php-fpm -F --pid /run/php-fpm/php-fpm.pid -y /etc/php-fpm.conf

# MySQL
mysqld --basedir=/usr --user=mysql

# tomcat
catalina.sh run

# sshd
/usr/sbin/sshd -D