catalogue

1, dockerfile layering principle

1.docker image layering (based on aufs)

2. Technology involved

2, Written by dockerfile

1.dockerfile operation instruction

2. Prepare dockerfile file

2.1 example 1:

​

2.2 example 2:

III. dockerfile optimization

1. Optimization mode

2. Optimize nginx dockerfile

summary

1, dockerfile layering principle

1.docker image layering (based on aufs)

• The Docker image is located on the bootfs
• The next layer of each mirror becomes the parent mirror
• The first layer image is base image > container layer (readable and writable), which is at the top layer (writable)
• Below the container layer are readonly
• aufs of Linux file system
• aufs is a stackable file system. Its full name is advanced multi-layered unified file system. Its main function is to combine the contents of multiple folders and provide a unified view. It is mainly used in livecd s of various Linux distributions and in docker to organize image s

2. Technology involved

bootfs(boot file system)
It mainly includes bootloader and kernel
bootloader: it is mainly used to boot and load the kernel. bootfs file system will be loaded when Linux is just started. bootfs is at the bottom of Docker image

This layer is the same as our typical Linux/Unix system, including boot loader and kernel. After the boot is loaded, the whole kernel is in memory. At this time, the right to use the memory has been transferred from bootfs to the kernel. At this time, the system will also unload bootfs

In the linux operating system (different versions of linux distribution), when linux loads bootfs, rootfs will be set to read-only. After the system self-test, read-only will be changed to read-write, so that we can operate in the operating system

 rootfs (root file system)
Above bootfs (base images, such as centos and ubuntu)
It contains standard directories and files such as / dev, /proc, /bin, /etc in a typical Linux system
rootfs is a variety of operating system distributions, such as Ubuntu, Centos and so on

2, Written by dockerfile

• Dockerfile is a file composed of a set of instructions

• Dockerfile structure consists of four parts

① Basic image information: Specifies the image and version of the operating system image
② Maintainer information
③ Mirror operation instruction
④ Execute instructions when starting the container: scripts, command parameters, etc. executed when starting the container

• Dockerfile supports one instruction per line, each instruction can carry multiple parameters, and comments starting with "#" are supported

1.dockerfile operation instruction

instructions	meaning
FROM [mirror]	Specify the image on which the new image is based. The first instruction must be a FROM instruction. Each time you create an image, you need a FROM instruction
MAINTAINER [first name]	Describe the maintainer information of the new image
RUN [command]	Execute the command on the based image and commit to the new image
CMD ["program to run", "parameter 1", "parameter 2"]	The command or script to run when instructing to start the container. Dockerfile can only have one CMD command. If multiple commands are specified, only the last command can be executed
Export [port number]	Specify the port to open when the new image is loaded into Docker
ENV [environment variable] [variable value]	Setting the value of an environment variable will be used by the following RUN
ADD [source file / directory] [destination file / directory]	Copy the source file to the target file. The source file should be located in the same directory as the Dockerfile or a URL. If the source file is a compressed package, it will be decompressed
COPY [source file / directory] [destination file / directory]	Copy the file / directory on the local host to the destination. The source file / directory should be in the same directory as the Dockerfile
VOLUME [directory]	Create a mount point in the container
USER [USER name / UID]	Specifies the user who runs the container
WORKDIR [path]	Specifying the working directory for subsequent RUN, CMD and ENTRYPOINT is equivalent to a temporary "CD", otherwise the absolute path needs to be used
ONBUILD [command]	Specifies the command to run when the generated image is used as a base image
HEALTHCHECK	health examination

2. Prepare dockerfile file

• You can specify resource limits when building a mirror

#Example:
docker build -t nginx:test .

#Options:
-t:  tag Label
-f:  appoint dockerfile catalogue
. :  Refers to the environment (current) directory used when building the image and the context environment used when building the image

2.1 example 1:

• Write centos:7 dockerfile file and deploy it

mkdir daemo
cd daemo/
mkdir demo1
cd demo1/

vim Dockerfile
From centos:7
CMD ["top"]
>>>>wq

docker build -t "centos:v1" .

docker run -itd --name test centos:v1 /bin/bash		//Specify CMD
docker run -itd --name test02 centos:v1				//Not specified

[root@c7-5 demo1]# docker exec test ps aux 		// bash is specified
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.1  0.0  11828  1660 pts/0    Ss+  15:56   0:00 /bin/bash
root         15  0.0  0.0  51732  1708 ?        Rs   15:58   0:00 ps aux
[root@c7-5 demo1]# docker exec test02 ps aux 	// If not specified, the default top is just written
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.3  0.0  56160  1952 pts/0    Ss+  15:57   0:00 top
root          7  0.0  0.0  51732  1704 ?        Rs   15:58   0:00 ps aux

2.2 example 2:

• Write nginx dockerfile and deploy

mkdir nginx
cd nginx/

vim dockerfile

FROM centos:7
RUN yum -y update
RUN yum -y install pcre-devel zlib-devel gcc gcc-c++ make
RUN useradd -M -s /sbin/nologin nginx
ADD nginx-1.12.2.tar.gz /usr/local/src
WORKDIR /usr/local/src/nginx-1.12.2
RUN ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_stub_status_module && make && make install
ENV PATH /usr/local/nginx/sbin:$PATH
VOLUME ["/usr/local/nginx/html"]
EXPOSE 80
RUN echo "daemon off;" >> /usr/local/nginx/conf/nginx.conf
CMD nginx

>>>>wq

docker build -t nginx:v1 .
docker images
docker run -itd -P nginx:v1 
docker ps -a   	//Look at the mapped port number
curl 192.168.3.15:Port number just seen

III. dockerfile optimization

1. Optimization mode

1. Reduce the use of RUN instructions
RUN yum -y update
RUN yum install -y gcc gcc-c++

2. Integrate into Yum install - y GCC gcc-c + + & & Yum - y update
Throw the cache / unused output after execution into the black hole (reduce cache)
yum install -y gcc gcc-c++ && yum -y update > /dev/null

3. Multistage construction

4. Use a smaller linux distribution
A more lightweight version of centos
 

2. Optimize nginx dockerfile

• Throw the instructions that do not need to be output into / dev / null (you need to make sure that the command is executed correctly)

FROM centos:7
RUN yum install -y gcc pcre pcre-devel devel zlib-devel make &> /dev/null && yum clean all
ADD nginx-1.12.2.tar.gz /mnt
WORKDIR /mnt/nginx-1.12.2
#Close the debug log
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx &> /dev/null
RUN make &> /dev/null
RUN make install &> /dev/null
RUN rm -rf /mnt/nginx-1.12.2
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx""-g","daemon off;"]

docker build -t nginx:v1 .

• Reduce RUN build

FROM centos:7
ADD nginx-1.12.2.tar.gz /mnt 
WORKDIR /mnt/nginx-1.12.2
RUN yum install -y gcc pcre pcre-devel devel zlib-devel make &> /dev/null && \
 yum clean all && \
 sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && \
 ./configure --prefix=/usr/local/nginx &> /dev/null && \
 make &> /dev/null && make install &> /dev/null &&\
 rm -rf /mnt/nginx-1.12.2
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]		##Mount; If the mount point is not specified, the default is / var/lib/docker/volumes / container id/_data
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]

docker build -f Dockerfile -t nginx:v1 .

• Multi phase construction (use the FROM command to generate multiple images, and build the specified image as the basic image environment of other images)

Other mirrors are built from the underlying mirror environment)
FROM centos:7 as build 
ADD nginx-1.12.2.tar.gz /mnt 
WORKDIR /mnt/nginx-1.12.2
RUN yum install -y gcc pcre pcre-devel devel zlib-devel make &> /dev/null && \
 yum clean all &&\
 sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && \
 ./configure --prefix=/usr/local/nginx &> /dev/null && \
 make &>/dev/null && \
 make install &>/dev/null && \
 rm -rf /mnt/nginx-1.12.2 

FROM centos:7 
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
COPY --from=build /usr/local/nginx /usr/local/nginx
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]

docker build -t nginx:v3 .

summary

Mirror hierarchy
① Base image: base image
② Image: it solidifies a standard operating environment and the function of image itself - encapsulates a group of functional files, which are provided in a unified way and file format
(read only)
③ Container: container layer (read / write)
④ Docker server
⑤ Render to docker client (view)

Written by Dockerfile
① : operating instructions
② : optimize four directions: reduce the use of RUN instructions, throw the executed cache / unused output into a black hole, multi-stage construction, and use a smaller linux distribution