服务器版本 | docker软件版本 | CPU架构 |
---|---|---|
CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | x86_64 |
创建容器需要镜像,镜像可以从各种Docker镜像仓库中下载,但是有时候镜像仓库里下载的镜像并不能满足我们的要求,这时我们可以构建自定义镜像满足我们的要求。
构建镜像需要我们编写Dockerfile,Dockerfile是由一组指令组成的文件,其每条指令对应Linux中的一条命令,Docker程序通过读取Dockerfile中的指令最终生成镜像。
一般镜像构建步骤如下:
FROM 基础镜像
MAINTAINER 镜像是谁写的,一般是姓名加邮箱
RUN 镜像构建的时候需要运行的命令
ADD 往基础镜像里加入文件,会自动解压文件
COPY 类似ADD,将我们文件拷贝到镜像中
WORKDIR 镜像的工作目录
VOLUME 挂载的目录,在一些程序里,需要持久化一些数据,比如数据库中存储数据的文件夹就需要单独处理,可以通过数据卷来处理这些问题。
EXPOSE 指定向外暴露的端口
CMD 指定这个容器启动的时候要运行的命令,如果有多个CMD指令,则只有最后一个生效
ENTRYPOINT 指定这个容器启动的时候要运行的命令,可以追加命, 这个会与CMD弄混淆
ONBUILD 当构建一个被继承dockerfile 这个时候就会运行ONBUILD
ENV 构建的时候设置环境变量
RUN 会在现有的基础上新添一层layer,创建一个新的image。例如,它通常用于安装软件包。
CMD 设置默认命令或参数,可以在 docker 容器运行时从命令行覆盖。
ENTRYPOINT 配置将作为可执行文件运行的容器。
RUN有两种形式:
RUN <command> (shell form),比如:RUN apt-get update && apt-get install -y RUN ["executable", "param1", "param2"] (exec form),比如:RUN ["apt-get", "install", "python3"]
CMD有三种形式:
CMD ["executable","param1","param2"] (exec form, preferred) CMD ["param1","param2"] ,比如:CMD echo "Hello world" CMD command param1 param2 (shell form)
ENTRYPOINT有两种形式:
ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred),比如:ENTRYPOINT ["/bin/echo", "Hello"] ENTRYPOINT command param1 param2 (shell form)
查询ifconfig命令和ip a命令属于哪个安装包
[root@k8smaster ~]# rpm -qf `which ifconfig` net-tools-2.0-0.22.20131004git.el7.x86_64 [root@k8smaster ~]# rpm -qf `which ip a` /usr/bin/which: no a in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) iproute-3.10.0-87.el7.x86_64
创建Dockerfile文件
[root@k8smaster ~]# cat Dockerfile #FROM指定基础镜像为hub.c.163.com/library/centos:latest FROM hub.c.163.com/library/centos:latest #MAINTAINER指定作者为LZ MAINTAINER LZ #RUN命令安装net-tools,iproute RUN yum -y install net-tools RUN yum -y install iproute #CMD指定这个容器启动的时候要运行的命令为/bin/bash CMD ["/bin/bash"]
根据Dockerfile文件构建镜像
docker build构建镜像,-t centos:v1表示生成镜像的名字 .当前目录,会自动找到Dockerfile文件
[root@k8smaster ~]# docker build -t centos:v1 . Sending build context to Docker daemon 634.6MB Step 1/5 : FROM hub.c.163.com/library/centos:latest ---> 328edcd84f1b ...... Successfully tagged centos:v1
查看最新构建成功的镜像
[root@k8smaster ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos v1 95a27e59cc5b About a minute ago 486MB
查看镜像centos:v1的创建历史
[root@k8smaster ~]# docker history centos:v1 IMAGE CREATED CREATED BY SIZE COMMENT 95a27e59cc5b 2 minutes ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B c446bac1eae1 2 minutes ago /bin/sh -c yum -y install iproute 148MB 2f8fe7e8adfe 3 minutes ago /bin/sh -c yum -y install net-tools 145MB 1812802531f1 3 minutes ago /bin/sh -c #(nop) MAINTAINER LZ 0B 328edcd84f1b 4 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B <missing> 4 years ago /bin/sh -c #(nop) LABEL name=CentOS Base Im… 0B <missing> 4 years ago /bin/sh -c #(nop) ADD file:63492ba809361c51e… 193MB
--rm生成临时容器,在容器里ifconfig和ip a命令都可以使用了
[root@k8smaster ~]# docker run -it --rm --name=test centos:v1 [root@2519d33cd64c /]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.4 netmask 255.255.0.0 broadcast 172.17.255.255 ether 02:42:ac:11:00:04 txqueuelen 0 (Ethernet) RX packets 7 bytes 578 (578.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@2519d33cd64c /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1 link/ipip 0.0.0.0 brd 0.0.0.0 123: eth0@if124: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@2519d33cd64c /]# exit exit
删除新构建的镜像
[root@k8smaster ~]# docker rmi centos:v1 Untagged: centos:v1 Deleted: sha256:95a27e59cc5b19c0c72d065e43e30627ee5ca46a71d3cf8cfed4ffa266809fae Deleted: sha256:c446bac1eae161480d0b823fcfc7a4c6e8d4c58a4502750539ac796931acd6b0 Deleted: sha256:77d5ccf992f3e869abfb19b47f832f6e106c6724aabfd034e50525ef11fe8603 Deleted: sha256:2f8fe7e8adfe10d2536238adfbadc75e8cc51e3b32fef3486ee5dfcf81b56a32 Deleted: sha256:d736137a9b93443939b0ed77024b28d6908e9352297c7e578fce4ba0c2f8c54c Deleted: sha256:1812802531f138dd688219ebc5777fc1bffd51e2db52e1e99fee0a84cce322f5
下载yum源
[root@k8smaster ~]# wget ftp://ftp.rhce.cc/k8s/* --2021-12-31 15:51:29-- ftp://ftp.rhce.cc/k8s/* => “.listing” 正在解析主机 ftp.rhce.cc (ftp.rhce.cc)... 101.37.152.41 ...... [root@k8smaster ~]# ls CentOS-Base.repo epel.repo k8s.repo docker-ce.repo
把4个repo文件打包压缩
#归档压缩文件,并删除原文件 [root@k8smaster ~]# tar zcf repo.tar.gz *.repo --remove-files [root@k8smaster ~]# ls repo.tar.gz
查看压缩包里的文件列表
[root@k8smaster ~]# tar tf repo.tar.gz CentOS-Base.repo docker-ce.repo epel.repo k8s.repo
编写Dockerfile文件
注意:多写一个RUN命令会多生成一层(layer),镜像会变大,有的docker版本不能写为RUN yum -y install net-tools iproute
#ADD repo.tar.gz /etc/yum.repos.d/ ADD命令可以把文件从物理机拷贝到容器里,COPY也可以,但是ADD可以自动解压文件,COPY不行 #ADD只能拷贝当前目录下的文件,不能写为ADD /opt/repo.tar.gz /etc/yum.repo.d/,这样会报错:找不到文件 [root@k8smaster ~]# cat Dockerfile1 FROM hub.c.163.com/library/centos:latest MAINTAINER LZ #删除基础镜像里自带的repo文件 Run rm -rf /etc/yum.repos.d/* #把宿主机里的repo.tar.gz文件拷贝到/etc/yum.repos.d/目录下,并自动解压缩 ADD repo.tar.gz /etc/yum.repos.d/ #安装net-tools和iproute,并清除yum安装缓存 RUN yum -y install net-tools && \ yum -y install iproute && \ yum clean all CMD ["/bin/bash"]
构建镜像
#-f 指定构建镜像的Dockerfile文件 [root@k8smaster ~]# docker build -t centos:v2 . -f Dockerfile1 Sending build context to Docker daemon 634.6MB Step 1/6 : FROM hub.c.163.com/library/centos:latest ...... Successfully tagged centos:v2
查看新构建的镜像,新镜像比5.1章节构建的镜像体积小
[root@k8smaster ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos v2 8077d58cb9b4 32 seconds ago 216MB
查看镜像创建历史
[root@k8smaster ~]# docker history centos:v2 IMAGE CREATED CREATED BY SIZE COMMENT 8077d58cb9b4 56 seconds ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B 3c33ca486f1f 56 seconds ago /bin/sh -c yum -y install net-tools && y… 23.6MB 2331e6a96f1f About a minute ago /bin/sh -c #(nop) ADD file:53e452249ee7bf44e… 6.04kB 227b560a5ae3 About a minute ago /bin/sh -c rm -rf /etc/yum.repos.d/* 0B 8309f6dd578f About a minute ago /bin/sh -c #(nop) MAINTAINER LZ 0B 328edcd84f1b 4 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B <missing> 4 years ago /bin/sh -c #(nop) LABEL name=CentOS Base Im… 0B <missing> 4 years ago /bin/sh -c #(nop) ADD file:63492ba809361c51e… 193MB
编写Dockerfile文件,在构建文件中指定运行用户,环境变量,数据卷
[root@k8smaster ~]# cat Dockerfile2 FROM centos:v2 MAINTAINER LZ #创建用户lz RUN useradd lz #以lz用户运行 USER lz #设定环境变量xx=147,yy=258 ENV xx=147 ENV yy=258 #定义数据卷 VOLUME ["/test","/test1"] CMD ["/bin/bash"]
构建镜像
[root@k8smaster ~]# docker build -t uevc:v1 . -f Dockerfile2 Sending build context to Docker daemon 634.6MB Step 1/8 : FROM centos:v2 ---> 8077d58cb9b4 ...... Step 8/8 : CMD ["/bin/bash"] ---> Running in 94d69df83e22 Removing intermediate container 94d69df83e22 ---> e8416a912217 Successfully built e8416a912217 Successfully tagged uevc:v1
查看新创建的镜像
[root@k8smaster ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE uevc v1 e8416a912217 6 seconds ago 216MB
创建临时容器
[root@k8smaster ~]# docker run -it --rm uevc:v1 #查看定义的环境变量 [lz@1f8b1eb2cabb /]$ echo $xx $yy 147 258 #可以看到容器默认是以lz用户登录的 [lz@1f8b1eb2cabb /]$ ls /test /test1/ /test: /test1/: [lz@1f8b1eb2cabb /]$ exit exit
创建临时容器,以root用户运行容器
#以指定用户运行 [root@k8smaster ~]# docker run -it --rm -u root uevc:v1 [root@60ca5ee61798 /]# id uid=0(root) gid=0(root) groups=0(root) [root@60ca5ee61798 /]# [root@60ca5ee61798 /]# exit exit
创建临时容器,-e xx=qwe -e yy=asd会覆盖镜像里定义的环境变量
#环境变量以 -e指定的为准 [root@k8smaster ~]# docker run -it --rm -u root -e xx=qwe -e yy=asd uevc:v1 [root@2f727b99e12f /]# echo $xx $yy qwe asd [root@2f727b99e12f /]# [root@2f727b99e12f /]# exit exit
查看ssh的运行进程
[root@k8smaster ~]# ps -ef | grep ssh root 943 1 0 10:53 ? 00:00:00 /usr/sbin/sshd -D root 1552 943 0 10:53 ? 00:00:00 sshd: root@pts/0 root 56191 1613 0 16:05 pts/0 00:00:00 grep --color=auto ssh
查看ssh的安装包
[root@k8smaster ~]# rpm -qf `which ssh ` openssh-clients-7.4p1-11.el7.x86_64 [root@k8smaster ~]# rpm -qf `which sshd` openssh-server-7.4p1-11.el7.x86_64 [root@k8smaster ~]# rpm -qa | grep ssh openssh-clients-7.4p1-11.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 openssh-server-7.4p1-11.el7.x86_64 openssh-7.4p1-11.el7.x86_64 sshpass-1.06-2.el7.x86_64
查看ssh-keygen的帮助
[root@k8smaster ~]# ssh-keygen --help unknown option -- - usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] ssh-keygen -i [-m key_format] [-f input_keyfile] ssh-keygen -e [-m key_format] [-f input_keyfile] ssh-keygen -y [-f input_keyfile] ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] ssh-keygen -B [-f input_keyfile] ssh-keygen -D pkcs11 ssh-keygen -F hostname [-f known_hosts_file] [-l] ssh-keygen -H [-f known_hosts_file] ssh-keygen -R hostname [-f known_hosts_file] ssh-keygen -r hostname [-f input_keyfile] [-g] ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines] [-j start_line] [-K checkpt] [-W generator] ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] [-O option] [-V validity_interval] [-z serial_number] file ... ssh-keygen -L [-f input_keyfile] ssh-keygen -A ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... ssh-keygen -Q -f krl_file file ...
编写Dockerfile文件
[root@k8smaster ~]# cat Dockerfile_ssh FROM centos:v2 MAINTAINER LZ #安装openssh,创建ssh公钥私钥,给root用户修改密码为qweasd,UseDNS no表示去掉远程ssh连接时的DNS域名解析 RUN yum -y install openssh-server openssh-clients && \ ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key && \ ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key && \ ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key && \ echo qweasd | passwd --stdin root && \ sed -i '/UseDNS/cUseDNS no' /etc/ssh/sshd_config #暴露22号端口 EXPOSE 22 #运行ssh CMD ["/usr/sbin/sshd","-D"]
构建镜像
[root@k8smaster ~]# docker build -t centos:ssh . -f Dockerfile_ssh Sending build context to Docker daemon 634.6MB Step 1/5 : FROM centos:v2 ---> 8077d58cb9b4 ...... Step 5/5 : CMD ["/usr/sbin/sshd","-D"] ---> Running in bdd4b00e3402 Removing intermediate container bdd4b00e3402 ---> 86e7b8ecb3ab Successfully built 86e7b8ecb3ab Successfully tagged centos:ssh
使用centos:ssh镜像运行容器
[root@k8smaster ~]# docker run -dit --restart=always --name=centos_ssh centos:ssh d12172a25af5726cfc209d0ff3af803fbc403b617df04a013f4cae85423d4d44
查看容器IP为172.17.0.5
[root@k8smaster ~]# docker exec centos_ssh ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 29: eth0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
直接ssh连接容器,root密码为qweasd
[root@k8smaster ~]# ssh 172.17.0.5 The authenticity of host '172.17.0.5 (172.17.0.5)' can't be established. ECDSA key fingerprint is SHA256:wbRiKPZgpVAg/plN+HixD2GHPx37fzbKBajpU8m5wpY. ECDSA key fingerprint is MD5:d0:33:07:03:f8:aa:fc:b5:41:d3:77:2b:75:c9:fe:2e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.17.0.5' (ECDSA) to the list of known hosts. root@172.17.0.5's password: #成功连接到容器 [root@d12172a25af5 ~]# grep DNS /etc/ssh/sshd_config UseDNS no [root@d12172a25af5 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 29: eth0@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.5/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever [root@d12172a25af5 ~]# exit logout Connection to 172.17.0.5 closed.
创建nginx的首页文件
[root@k8smaster ~]# cat index.html <p> hello gogogoogo<br> <p/>
编写nginx的Dockerfile文件
[root@k8smaster ~]# cat Dockerfile_nginx FROM centos:v2 MAINTAINER LZ #安装Nginx RUN yum -y install nginx #复制index.html文件到/usr/share/nginx/html/下 COPY index.html /usr/share/nginx/html/ #暴露80端口 EXPOSE 80 #运行Nginx CMD ["nginx","-g","daemon off;"]
构建nginx镜像
[root@k8smaster ~]# docker build -t nginx:v1 . -f Dockerfile_nginx Sending build context to Docker daemon 634.6MB Step 1/6 : FROM centos:v2 ---> 8077d58cb9b4 ...... Successfully built 5ea781a8ccd8 Successfully tagged nginx:v1
运行nginx容器,当修改容器里的配置文件,需要重启容器才能生效
[root@k8smaster ~]# docker run -dit --restart=always --name=nginx -p 8080:80 nginx:v1 57322f1ce0c62d7c906b875da60fada3e6381a1b988ed28a14f906ffb21db2f2
访问nginx
[root@k8smaster ~]# curl http://192.168.110.137:8080 <p> hello gogogoogo<br> <p/>
https://codewithyury.com/docker-run-vs-cmd-vs-entrypoint/#:~:text=In a nutshell&text=CMD sets default command and,will run as an executable