Docker -- introduction, installation configuration and image construction

1, Docker introduction

1. What is Docker

Docker is an engine for managing containers. It allows developers to package their applications and dependency packages into a lightweight and portable container, and then publish them to any popular Linux machine. It can also realize virtualization. Containers completely use sandbox mechanism, and there will be no interface between them. More importantly, the performance overhead of containers is very low.

2.Docker application scenario

Automated packaging and publishing of Web applications.
Automated testing and continuous integration and release.
Deploy and adjust databases or other background applications in a service-oriented environment.

2, Docker installation and operation

1. Configure software warehouse

Put the installation package directory under the default release directory in the host as the docker installation package warehouse. Write the software warehouse in the virtual machine and point to the real machine / var/www/html/docker directory

2. Installation and startup

yum install docker-ce
systemctl enable --now docker.service 
docker info
vim /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1:
sytctl --system
docker search yakexi007
docker pull yakexi007/mario   #Pull game image
docker ps
docker run -d --name demo -p 8080:8080 yakexi007/mario

Browser:, enter the game interface

docker stop demo
docker ps -a

Install ubuntu image

/> cd pub/images/
> get ubuntu.tar
> exit
docker load -i ubuntu.tar
docker images

# docker run -it --rm ubuntu
:/# uname -r
:/# cat /etc/resolv.conf 

3, Construction and optimization of image

1. Hierarchical structure of image

  • Shared host's kernel
  • The base image provides the smallest Linux distribution
  • The same docker host supports running multiple Linux distributions
  • The biggest advantage of adopting hierarchical structure is to share resources
  • Copy on write writable container layer
  • All mirror layers below the container layer are read-only
  • docker looks for files from top to bottom
  • The container layer holds the changed part of the image and does not make any changes to the image itself
  • A mirror can have up to 127 layers

2. Image construction

docker commit build a new image Trilogy

Run container
Modify container
Save the container as a new mirror


Low efficiency, weak repeatability and error prone
The user cannot audit the image, which is a potential security hazard

Common subcommands for mirroring:

Images displays a list of images
History displays the mirror construction history
commit creates an image from the container
Build build image from Dockerfile
tag label the image
Search search image
Pull pull image from warehouse
push upload image to warehouse
rmi delete mirror

(1) Directly pull the image:
docker pull busybox
docker images
docker run -it --name demo busybox
docker ps -a 
docker rm demo
docker run -it --name demo busybox   

The first method is to create an image. When the image is deleted and restarted, the history does not exist. Then we need to submit the image through the container. Check and compare busybox and demo:v1. We can see that demo:v1 adds a new layer on the basis of busybox image

docker run -it --name demo busybox   
/ # ls
bin   dev   etc   home  proc  root  sys   tmp   usr   var
/ # touch file1
/ # touch file2
/ # touch file3
/ # touch file4
/ # touch file4
/ # touch file5
/ # ls
bin    dev    etc    file1  file2  file3  file4  file5  home   proc   root   sys   
docker commit demo demo:v1  #Submit via container
docker images demo:v1
docker history busybox:latest
docker history demo:v1

After deleting the image, restart the image to find that the original content still exists
docker rmi demo:v1

(2) Building images with Dockerfile
  • dockerfile has an audit function. Every new layer of image will have an action audit description
  • The dockerfile cannot be placed under the root, otherwise all data under the root will be sent to the docker engine

dockerfile common instructions:

Specify the base image. If it does not exist locally, it will be downloaded from the remote warehouse.

Set the author of the image, such as user mailbox.

Copy the file from build context to the image
Two forms are supported: COPY src dest and COPY ["src", "dest"]
src must specify a file or directory in the build context

The usage is similar to that of COPY. The difference is that src can be an archive compressed file, which will be automatically decompressed to dest, or the URL can be automatically downloaded and copied to the image:
ADD html.tar /var/www
ADD http://ip/html.tar /var/www

Set environment variables, which can be used by subsequent instructions:

If the application service is running in the container, the service port can be exposed:

Declare the data volume, which usually specifies the application data hanging point:
VOLUME ["/var/www/html"]

Set the current working directory in the image for RUN, CMD, ENTRYPOINT, ADD and COPY instructions. If the directory does not exist, it will be created automatically.

Run the command in the container and create a new mirror layer, which is commonly used to install software packages:
RUN yum install -y vim

These two instructions are used to set the commands to be executed after the container is started, but CMD will be overwritten by the command line after docker run, and ENTRYPOINT will not be ignored and will be executed.
The parameters after docker run can be passed to the ENTRYPOINT instruction as parameters.
Only one entry point can be specified in Dockerfile. If many are specified, only the last one is valid.

Create a docker directory, and create and edit a dockerfile in the directory

mkdir docker
cd docker/
vim Dockerfile
FROM busybox
RUN touch file1
RUN echo "hello world"

docker build -t demo:v1 .    #Use the current Dockerfile to create an image labeled demo: v1

docker history demo:v1   #View the creation history of the specified scene and record the detailed image

For example, use the dockerfile file to install the nginx image:

cd pub/images/
> get rhel7.tar 
docker load -i rhel7.tar 
cd docker/
cp /etc/yum.repos.d/dvd.repo .
/> cd pub/docs/lamp/
> get nginx-1.21.1.tar.gz
> exit

vim Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.21.1.tar.gz /mnt
WORKDIR "/mnt/nginx-1.21.1"
RUN rpmdb --rebuilddb
RUN yum install -y gcc pcre-devel zlib-devel
RUN ./configure --prefix=/usr/local/nginx
RUN yum install -y make
RUN make
RUN make install
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]

Execute the command docker build -t nginx:v1

docker iamges #nginx 346mb

At this time, the size of the nginx image is 346mb. Let's take a look at the image directly pull ed down

The nginx image directly pulled is 133mb. In contrast, the installed dockerfile takes up more memory. Therefore, it is necessary to optimize the image and select the simplest basic image:

3. Image optimization

docker load -i base-debian10.tar   #Install the image compression library of the external network

mkdir new
cd new/

vim Dockerfile
FROM nginx as base

ARG Asia/Shanghai

RUN mkdir -p /opt/var/cache/nginx && \
	cp -a --parents /usr/lib/nginx /opt && \
	cp -a --parents /usr/share/nginx /opt && \
	cp -a --parents /var/log/nginx /opt && \
	cp -aL --parents /var/run /opt && \
	cp -a --parents /etc/nginx /opt && \
	cp -a --parents /etc/passwd /opt && \
	cp -a --parents /etc/group /opt && \
	cp -a --parents /usr/sbin/nginx /opt && \
	cp -a --parents /usr/sbin/nginx-debug /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
	cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
	cp -a --parents /usr/lib/x86_64-linux-gnu/* /opt && \
	cp -a --parents /usr/lib/x86_64-linux-gnu/* /opt && \
	cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime


COPY --from=base /opt /

EXPOSE 80 443

CMD ["nginx", "-g", "daemon off;"]
docker build -t webserver:v1 . 

Install the image to the webserver repository

View the image size docker images #32MB

Image optimization succeeded!

Posted on Sun, 10 Oct 2021 01:27:08 -0400 by Develop_Sake