1, Docker introduction
1. What is Docker
Docker is an engine for managing containers. It allows developers to package their applications and dependency packages into a lightweight and portable container, and then publish them to any popular Linux machine. It can also realize virtualization. Containers completely use sandbox mechanism, and there will be no interface between them. More importantly, the performance overhead of containers is very low.
2.Docker application scenario
Automated packaging and publishing of Web applications.
Automated testing and continuous integration and release.
Deploy and adjust databases or other background applications in a service-oriented environment.
2, Docker installation and operation
1. Configure software warehouse
Put the installation package directory under the default release directory in the host as the docker installation package warehouse. Write the software warehouse in the virtual machine and point to the real machine / var/www/html/docker directory
2. Installation and startup
yum install docker-ce systemctl enable --now docker.service docker info vim /etc/sysctl.d/docker.conf /// net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1: /// sytctl --system docker search yakexi007 docker pull yakexi007/mario #Pull game image docker ps docker run -d --name demo -p 8080:8080 yakexi007/mario
Browser: 172.25.101.14:8080, enter the game interface
docker stop demo docker ps -a
Install ubuntu image
lftp 172.25.254.250 /> cd pub/images/ > get ubuntu.tar > exit docker load -i ubuntu.tar docker images
# docker run -it --rm ubuntu :/# uname -r 3.10.0-957.el7.x86_64 :/# cat /etc/resolv.conf nameserver 114.114.114.114
3, Construction and optimization of image
1. Hierarchical structure of image
- Shared host's kernel
- The base image provides the smallest Linux distribution
- The same docker host supports running multiple Linux distributions
- The biggest advantage of adopting hierarchical structure is to share resources
- Copy on write writable container layer
- All mirror layers below the container layer are read-only
- docker looks for files from top to bottom
- The container layer holds the changed part of the image and does not make any changes to the image itself
- A mirror can have up to 127 layers
2. Image construction
docker commit build a new image Trilogy
Run container
Modify container
Save the container as a new mirror
Disadvantages:
Low efficiency, weak repeatability and error prone
The user cannot audit the image, which is a potential security hazard
Common subcommands for mirroring:
Images displays a list of images
History displays the mirror construction history
commit creates an image from the container
Build build image from Dockerfile
tag label the image
Search search image
Pull pull image from warehouse
push upload image to warehouse
rmi delete mirror
(1) Directly pull the image:
docker pull busybox docker images docker run -it --name demo busybox docker ps -a docker rm demo docker run -it --name demo busybox
The first method is to create an image. When the image is deleted and restarted, the history does not exist. Then we need to submit the image through the container. Check and compare busybox and demo:v1. We can see that demo:v1 adds a new layer on the basis of busybox image
docker run -it --name demo busybox / # ls bin dev etc home proc root sys tmp usr var / # touch file1 / # touch file2 / # touch file3 / # touch file4 / # touch file4 / # touch file5 / # ls bin dev etc file1 file2 file3 file4 file5 home proc root sys docker commit demo demo:v1 #Submit via container docker images demo:v1 docker history busybox:latest docker history demo:v1
After deleting the image, restart the image to find that the original content still exists
docker rmi demo:v1
(2) Building images with Dockerfile
- dockerfile has an audit function. Every new layer of image will have an action audit description
- The dockerfile cannot be placed under the root, otherwise all data under the root will be sent to the docker engine
dockerfile common instructions:
FROM
Specify the base image. If it does not exist locally, it will be downloaded from the remote warehouse.
MAINTAINER
Set the author of the image, such as user mailbox.
COPY
Copy the file from build context to the image
Two forms are supported: COPY src dest and COPY ["src", "dest"]
src must specify a file or directory in the build context
ADD
The usage is similar to that of COPY. The difference is that src can be an archive compressed file, which will be automatically decompressed to dest, or the URL can be automatically downloaded and copied to the image:
ADD html.tar /var/www
ADD http://ip/html.tar /var/www
ENV
Set environment variables, which can be used by subsequent instructions:
ENV HOSTNAME sevrer1.example.com
EXPOSE
If the application service is running in the container, the service port can be exposed:
EXPOSE 80
VOLUME
Declare the data volume, which usually specifies the application data hanging point:
VOLUME ["/var/www/html"]
WORKDIR
Set the current working directory in the image for RUN, CMD, ENTRYPOINT, ADD and COPY instructions. If the directory does not exist, it will be created automatically.
RUN
Run the command in the container and create a new mirror layer, which is commonly used to install software packages:
RUN yum install -y vim
CMD and ENTRYPOINT
These two instructions are used to set the commands to be executed after the container is started, but CMD will be overwritten by the command line after docker run, and ENTRYPOINT will not be ignored and will be executed.
The parameters after docker run can be passed to the ENTRYPOINT instruction as parameters.
Only one entry point can be specified in Dockerfile. If many are specified, only the last one is valid.
Create a docker directory, and create and edit a dockerfile in the directory
mkdir docker cd docker/ vim Dockerfile /// FROM busybox RUN touch file1 RUN echo "hello world" /// docker build -t demo:v1 . #Use the current Dockerfile to create an image labeled demo: v1 docker history demo:v1 #View the creation history of the specified scene and record the detailed image
For example, use the dockerfile file to install the nginx image:
lftp 172.25.254.250 cd pub/images/ > get rhel7.tar exit docker load -i rhel7.tar cd docker/ cp /etc/yum.repos.d/dvd.repo . lftp 172.25.254.250 /> cd pub/docs/lamp/ > get nginx-1.21.1.tar.gz > exit
vim Dockerfile /// FROM rhel7 COPY dvd.repo /etc/yum.repos.d/ ADD nginx-1.21.1.tar.gz /mnt WORKDIR "/mnt/nginx-1.21.1" RUN rpmdb --rebuilddb RUN yum install -y gcc pcre-devel zlib-devel RUN ./configure --prefix=/usr/local/nginx RUN yum install -y make RUN make RUN make install EXPOSE 80 VOLUME ["/usr/local/nginx/html"] CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"] ///
Execute the command docker build -t nginx:v1
docker iamges #nginx 346mb
At this time, the size of the nginx image is 346mb. Let's take a look at the image directly pull ed down
The nginx image directly pulled is 133mb. In contrast, the installed dockerfile takes up more memory. Therefore, it is necessary to optimize the image and select the simplest basic image:
3. Image optimization
docker load -i base-debian10.tar #Install the image compression library of the external network
mkdir new
cd new/
vim Dockerfile
///
FROM nginx as base
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
///
docker build -t webserver:v1 .
Install the image to the webserver repository
View the image size docker images #32MB
Image optimization succeeded!