docker container - overlay, written by Dockerfile

catalogue

1, overlay

1. AUFS and overlay / overlay 2

2. overlay structure

3. Joint mount

2, Written by dockerfile

1. Dockerfile structure consists of four parts

2. CMD and entrypoint

3. Write dockerfile

4. dockerfile optimization

Optimization scheme

summary

Building nginx images

docker image hierarchy

Difference between CMD and ENTRYPOINT

1, overlay

1. AUFS and overlay / overlay 2

AUFS is a federated file system. It uses multiple directories on the same Linux host and stacks them one by one to present a unified file system. AUFS uses this feature to realize the layering of Docker image

docker uses overlay / overlay 2 storage driver to support hierarchical structure
overlayFs combines two directories on a single Linux host into one directory. These directories are called tiers, and the unified process is called federated mount

2. overlay structure

Overlay FS has only two layers on the linux host. One directory is on the lower layer to store the docker, and the other directory is on the upper layer to store the container information

Layer 1 rootfs basic image

lower layer information of the second layer (mirror layer, readable)

upper directory of the third layer (container information, writable)

The working directory where the fourth layer worker runs (copy on write copy - prepare container environment)

5th layer merged view

3. Joint mount

[root@localhost mnt]# echo "lower.aaa" > lower/aaa
[root@localhost mnt]# echo "lower.bbb" > lower/bbb
[root@localhost mnt]# echo "upper.bbb" > upper/bbb
[root@localhost mnt]# echo "upper.ccc" > upper/ccc
[root@localhost mnt]# mkdir work meged
[root@localhost mnt]# mount -t overlay overlay -o lowerdir=lower, upperdir=upper, workdir=work meged

 

Every time you push the docker hub, only the incremental part is pushed (the initial package is large, and the incremental push / update part is small). Therefore, in production, as long as you push the image again, the incremental part can be controlled to a relatively small range

2, Written by dockerfile

Dockerfile is a file composed of a set of instructions

1. Dockerfile structure consists of four parts

Basic image information (specify the image and version of the operating system image)

{maintainer information}

Mirror operation instruction

Execute instructions when the container is started (scripts / command parameters executed when the container is started, etc.)

Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and comments starting with "#w sign are supported&&
Build image command (ps: resource limit can be specified when building image)

docker build -t nginx:test .

-t : tag Label
-f :appoint dockerfile catalogue
.: Refers to the environment (current) directory used when building the image and the context environment used when building the image

2. CMD and entrypoint

CMD and entrypoint: both are commands to be loaded when the container is started

Same point

Similar usage, you can specify shell or exec function call to execute commands;
When there are multiple CMD instructions or ENTRYPOINT instructions, only the last one takes effect;

difference

When the container is started, the start command specified by CMD instruction can be overwritten by the command specified by docker run, while the start command specified by ENTRYPOINT instruction cannot be overwritten. Instead, the parameters specified by docker run are regarded as the parameters of the command specified by ENTRYPOINT;
The CMD instruction can be used as the default parameter of the ENTRYPOINT instruction.

exec mode and shell mode
exec: the first task process started when the container is loaded
shell: the first bash used when the container loads (/ bin / bash / bin / SH / bin / init)
After the self-test is completed, load the first process with pid = 1
shell translator / interpreter, parsing
echo $PATH

exec cannot output environment variables

cmd is the command loaded by default when the container environment starts
entrypoint is the first command program / script init loaded when the container environment starts
init pid 1

3. Write dockerfile

mkdir nginx
cd nginx
vim Dockerfile

#Based on basic image (centos needs lowercase)
FROM centos:7
#User information (optional)
MAINTAINER this is nginx image
#Add environment package
RUN yum -y update
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make
RUN useradd -M -s /sbin/nologin nginx
#Import and unzip nginx package
ADD nginx-1.12.0.tar.gz /usr/local/src
VOLUME ["/usr/local/nginx/html"]
WORKDIR /usr/local/src/nginx-1.12.0
#assign work directory
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/local/nginx/sbin:$PATH
 appoint http and https Rui
EXPOSE 80
RUN echo "daemon off; ">>/usr/local/nginx/conf/nginx.conf
CMD nginx
[root@localhost ngxin]# docker build -f Dockerfile -t "nginx:v1" .

During image construction

Each layer of mirroring temporarily generates a new layer of mirroring and runs as a temporary container

Each layer of temporary containers will run based on the cache layer (container) mirrored by the previous layer

If the temporary container of the image layer reports an error during operation, exited (non-0 value) will exit and will be saved in docker ps -a. meanwhile, the docker buid construction process will be aborted

When modifying based on the same dockerfile, the image image cache corresponding to the modified instruction will become invalid, but the cache of the image layer before the image layer will be retained

4. dockerfile optimization

Four ways to optimize

Principle of image layering based on docker

Each RUN instruction generates a new mirror layer
The image cache of each layer will be inherited to the next layer, which directly affects the size of the image

Optimization scheme

Reduce the use of RUN instructions (RUN yum -y update)     RUN yum install -y gcc gcc-c + + integrated into Yum install - y GCC GCC CE CT + & & Yum - y update)

Throw the cache / unused output after execution into the black hole (reduce cache)
yum install -y gcc gcc-c++ && yum -y update > /dev/null

Multistage construction

Use a smaller linux distribution

#Before optimization
FROM centos:7
RUN yum install -y gcc pcre pcre-devel devel zlib-devel make
ADD nginx-1.15.9.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.9
#Close the debug log
RUN sed -i 's/CFLAGS="$CELAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]


docker build -t "nginx:v1" .
#View image size docker images

summary

Building nginx images

Create a corresponding directory (mkdir nginx)

Write a Dockerfile file (the simplest way is to put the nginx deployment script into it, execute each command with RUN, use ENV as the environment variable, move it to the corresponding directory, use workdir, EXPOSE the port, and finally use CMD for startup settings)

Upload nginx-1.12.2.tar.gz package and other files in nginx directory

docker build creation

docker run container

test

docker image hierarchy

Base image: base image

Image: it solidifies a standard operating environment and the function of image itself - encapsulates a group of functional files, which are provided in a unified way and file format (read-only)

Container: container layer (read / write)

Docker server

Render to docker client (view)

Difference between CMD and ENTRYPOINT


If ENTRYPOINT uses shell mode, the CMD instruction is ignored.
If ENTRYPOINT uses exec mode, the content specified by CMD is appended as the parameter of the command specified by ENTRYPOINT.
If ENTRYPOINT uses exec mode, CMD should also use exec mode.

Tags: Database Docker Redis Cache

Posted on Sat, 04 Dec 2021 18:46:31 -0500 by keithschm