base镜像
base 镜像有两层含义:
- 不依赖其他镜像,从 scratch 构建。
- 其他镜像可以之为基础进行扩展。
所以,能称作 base 镜像的通常都是各种 Linux 发行版的 Docker 镜像,比如 Ubuntu, Debian, CentOS 等
[root@docker ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latestbase镜像实际内核是使用的主机内核
[root@docker ~]# uname -r
3.10.0-1160.108.1.el7.x86_64
[root@docker ~]# docker run -it centos
[root@e60dedc9687b /]# uname -r
3.10.0-1160.108.1.el7.x86_64docker操作
docker pull 镜像名 下载容器镜像
docker images 查看本地镜像
-a显示所有镜像(默认不显示中间层镜像)
-q只显示本地所有镜像id号
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d2c94e258dcb 10 months ago 13.3kB
centos latest 5d0da3dc9764 2 years ago 231MB
[root@docker ~]# docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d2c94e258dcb 10 months ago 13.3kB
centos latest 5d0da3dc9764 2 years ago 231MB
[root@docker ~]# docker images -q
d2c94e258dcb
5d0da3dc9764docker history 镜像id 查看容器构建过程
[root@docker ~]# docker history centos:latest
IMAGE CREATED CREATED BY SIZE COMMENT
5d0da3dc9764 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB构建镜像
使用docker commit命令构建镜像
以centos8为例,因centos8的yum源停止维护,我们需要挂载一个镜像源文件
先下载镜像源文件
wget http://mirrors.aliyun.com/repo/Centos-8.repo启动一个centos容器,并挂载文件
[root@docker ~]# docker run \
-v ~/Centos-8.repo:/root/Centos-8.repo \
-it centos /bin/bash
#在容器中替换yum源文件
[root@c3f5ab7a1e69 ~]# cd /etc/yum.repos.d/
[root@c3f5ab7a1e69 yum.repos.d]# mkdir repo_bak
[root@c3f5ab7a1e69 yum.repos.d]# mv *.repo repo_bak/
[root@c3f5ab7a1e69 yum.repos.d]# cp /root/Centos-8.repo .清除系统yum缓存,并重新生成新的yum缓存
[root@c3f5ab7a1e69 yum.repos.d]# dnf -y install epel-release
[root@c3f5ab7a1e69 yum.repos.d]# dnf clean all
[root@c3f5ab7a1e69 yum.repos.d]# dnf makecache
[root@c3f5ab7a1e69 yum.repos.d]# dnf repolist生成新镜像
#退出容器
[root@c3f5ab7a1e69 yum.repos.d]# exit
exit
#使用命令在centos镜像基础上创建新的镜像,c3f5ab7a1e69为刚才操作的容器id(可以只填写前几位,确保与其他容器id不重复即可)
[root@docker ~]# docker commit c3f5ab7a1e69 centos-ali/vim
sha256:8b515f5024338f74ffab7915f14f4ce2b981a923d6be17788d45daa01ba36451
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos-ali/vim latest 8b515f502433 25 seconds ago 340MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
centos latest 5d0da3dc9764 2 years ago 231MB测试刚才的镜像
[root@docker ~]# docker run -it centos-ali/vim /bin/bash
[root@1fe0b7a07d84 /]# which vim
/usr/bin/vim使用Dockerfile构建镜像
创建Dockerfile文件
[root@docker ~]# touch Dockerfile
[root@docker ~]# ls
[root@docker ~]# vim Dockerfile填写以下命令
FROM centos-ali/vim
RUN yum -y install wget运行创建新镜像
[root@docker ~]# docker build -t centos/wget-dockerfile .
[+] Building 10.6s (6/6) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 82B 0.0s
=> [internal] load metadata for docker.io/centos-ali/vim:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/2] FROM docker.io/centos-ali/vim:latest 0.0s
=> [2/2] RUN yum -y install wget 10.2s
=> exporting to image 0.3s
=> => exporting layers 0.3s
=> => writing image sha256:54fd0b8b9d8bd58110c15648ebf84b986b969cf6732f0f436f59b 0.0s
=> => naming to docker.io/centos/wget-dockerfile 0.0s docker build -t centos/wget-dockerfile .
docker build执行dockerfile文件
-t指定新镜像名为centos/wget-dockerfile
.表示dockerfile文件在当前路径,也可使用 -f指定配置文件路径
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/wget-dockerfile latest 54fd0b8b9d8b 4 minutes ago 386MB
centos-ali/vim latest 8b515f502433 About an hour ago 340MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
centos latest 5d0da3dc9764 2 years ago 231MB使用docker history 查看镜像结构
[root@docker ~]# docker history centos
IMAGE CREATED CREATED BY SIZE COMMENT
5d0da3dc9764 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
[root@docker ~]# docker history centos-ali/vim:latest
IMAGE CREATED CREATED BY SIZE COMMENT
8b515f502433 About an hour ago /bin/bash 109MB
5d0da3dc9764 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
[root@docker ~]# docker history centos/wget-dockerfile:latest
IMAGE CREATED CREATED BY SIZE COMMENT
54fd0b8b9d8b 5 minutes ago RUN /bin/sh -c yum -y install wget # buildkit 46.4MB buildkit.dockerfile.v0
<missing> About an hour ago /bin/bash 109MB
<missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
[root@docker ~]# 发现这三个有共同的只读层,并且只读层是共享的
Docker Hub
docker search命令
[root@docker ~]# docker search centos
NAME DESCRIPTION STARS OFFICIAL
centos DEPRECATED; The official build of CentOS. 7713 [OK]
kasmweb/centos-7-desktop CentOS 7 desktop for Kasm Workspaces 43
bitnami/centos-base-buildpack Centos base compilation image 0
dokken/centos-7 CentOS 7 image for kitchen-dokken 6
dokken/centos-8 CentOS 8 image for kitchen-dokken 6
spack/centos7 CentOS 7 with Spack preinstalled 2
dokken/centos-6 EOL: CentOS 6 image for kitchen-dokken 0
atlas/centos7-atlasos ATLAS CentOS 7 Software Development OS 2
spack/centos6 CentOS 6 with Spack preinstalled 1
ustclug/centos Official CentOS Image with USTC Mirror 0
dokken/centos-stream-8 5
eclipse/centos_jdk8 CentOS, JDK8, Maven 3, git, curl, nmap, mc, … 5
dokken/centos-stream-9 9 列表说明:
NAME:镜像名(镜像仓库源的名称)
DESCRIPTION:对该镜像的描述
STARS:类似 Github 里面的 star,表示点赞、喜欢的意思
OFFICIAL:是否 docker 官方发布
AUTOMATED:是否自动构建。
docker search参数运用
OPTIONS说明:
--automated :只列出 automated build类型的镜像;
--no-trunc :显示完整的镜像DESCRIPTION(描述),不省略;
-f <过滤条件>:列出收藏数(点赞)不小于指定值的镜像。
--limit 5:列出前5个镜像
-s <指定值> :表示列出星标数不小于指定值的镜像
镜像推送
docker push 镜像 tag标签
[root@docker ~]# docker push centos-ali/vim
Using default tag: latest
The push refers to repository [docker.io/centos-ali/vim]
ade3b10d5c4e: Preparing
74ddd0ec08fa: Preparing
#这里显示报错,是需要添加tag标签
denied: requested access to the resource is denied
#打tag
[root@docker ~]# docker tag centos-ali/vim 用户名/centos-cn-vim:latest
#上传
[root@docker ~]# docker push 用户名/centos-cn-vim
Using default tag: latest
The push refers to repository [docker.io/用户名/centos-cn-vim]
ade3b10d5c4e: Pushed
74ddd0ec08fa: Mounted from library/centos
latest: digest: sha256:37d748c9d2def7b1354d62e464e3a254fc4ae0dfea5d0f9bebae0c2be42a5b55 size: 741在docker hub上登录可以查看到
尝试pull刚上传的image
#下载前先将旧的删除
[root@docker ~]# docker rmi 用户名/centos-cn-vim
#下载
[root@docker ~]# docker pull 用户名/centos-cn-vim
Using default tag: latest
latest: Pulling from 用户名/centos-cn-vim
Digest: sha256:37d748c9d2def7b1354d62e464e3a254fc4ae0dfea5d0f9bebae0c2be42a5b55
Status: Downloaded newer image for wanyulaowang/centos-cn-vim:latest
docker.io/用户名/centos-cn-vim:latest
#查看镜像
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/wget-dockerfile latest 54fd0b8b9d8b 54 minutes ago 386MB
centos-ali/vim latest 8b515f502433 2 hours ago 340MB
用户名/centos-cn-vim latest 8b515f502433 2 hours ago 340MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
centos latest 5d0da3dc9764 2 years ago 231MBDocker镜像优化
Docker 镜像采用的是层级结构,一个镜像最多拥有127层UnionFS。每条
Dockerfile命令都会创建一个镜像层,增加镜像大小。在生产环境中使用Docker
容器时,要尽可能地精简Docker镜像,减少UnionFS的层数。
精简镜像不仅能缩短新镜像的构建时间,还能减少磁盘用量。由于精简后的
镜像更小,用户在拉取镜像时能节省时间,部署服务的效率也能得到提升。精简镜像包含的文件更少,更加不容易被攻击,提高了镜像的安全性。
base镜像优化
base 镜像优化就是在满足环境要求的前提下使用最小的base镜像。常用的 Linux base镜像有CentOS、 Ubuntu、 Alpine等,其中一些比较小的 base镜像适合作为精简镜像的基础镜像,如 Alpine.BusyBox等。
下面分别拉取Alpine与BusyBox的镜像进行对比,示例代码如下:
[root@docker ~]# docker pull busybox
[root@docker ~]# docker pull alpine
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/wget-dockerfile latest 54fd0b8b9d8b About an hour ago 386MB
centos-ali/vim latest 8b515f502433 2 hours ago 340MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
busybox latest beae173ccac6 2 years ago 1.24MB
alpine latest c059bfaa849c 2 years ago 5.59MB
centos latest 5d0da3dc9764 2 years ago 231MBScratch是一个空镜像,只能用于构建其他镜像,常用于执行一些包含了所有依赖的二进制文
件。如果以Scratch为base镜像,意味着不以任何镜像为基础,下面的指令将作为镜像的第一层存在。
BusyBox相对于 Scratch多了一些常用的Linux命令,BusyBox的官方镜像大小只有1MB多一点,
非常适合构建小镜像。
Alpine是一款高度精简又包含了基本工具的轻量级 Linux发行版,官方 base镜像只有5MB多一
点,很适合当作base镜像使用。
Dockerfile优化
用户在定义Dockerfile文件时,使用太多的RUN命令,会导致镜像非常臃肿,甚至超出可构建
的最大层数。根据优化原则,应该将多条RUN命令合并为一条命令,精心设计每一个RUN命令,
减小镜像体积,并且精心编排,最大化地利用缓存。
下面创建一个Dockerfile文件,示例代码如下:
[root@docker ~]# vim Dockerfile
FROM centos-ali/vim
RUN yum -y install wget
RUN yum -y install net-tools
RUN yum -y install nano
RUN yum -y install httpd
EXPOSE 80
CMD systemctl start httpd接着,使用这个Dockerfile构建一个新的镜像,示例代码如下:
[root@docker ~]# docker build -t centos/vim-bulky .
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 197B 0.0s
=> [internal] load metadata for docker.io/centos-ali/vim:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/5] FROM docker.io/centos-ali/vim:latest 0.0s
=> CACHED [2/5] RUN yum -y install wget 0.0s
=> CACHED [3/5] RUN yum -y install net-tools 0.0s
=> CACHED [4/5] RUN yum -y install nano 0.0s
=> CACHED [5/5] RUN yum -y install httpd 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:a5cf6c1036f985d2462d1bc5fbac3f3de78f252e148ba532cdde31a72ebadc1e 0.0s
=> => naming to docker.io/centos/vim-bulky从以上示例中可以看到,整个镜像构建的过程是十分烦琐的。
查看新镜像的大小与 UnionFS的层数,示例代码如下:
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/vim-bulky latest a5cf6c1036f9 4 minutes ago 439MB
[root@docker ~]# docker history centos/vim-bulky:latest
IMAGE CREATED CREATED BY SIZE COMMENT
a5cf6c1036f9 5 minutes ago CMD ["/bin/sh" "-c" "systemctl start httpd"] 0B buildkit.dockerfile.v0
<missing> 5 minutes ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0
<missing> 5 minutes ago RUN /bin/sh -c yum -y install httpd # buildk… 22.8MB buildkit.dockerfile.v0
<missing> 5 minutes ago RUN /bin/sh -c yum -y install nano # buildkit 15.2MB buildkit.dockerfile.v0
<missing> 5 minutes ago RUN /bin/sh -c yum -y install net-tools # bu… 15MB buildkit.dockerfile.v0
<missing> About an hour ago RUN /bin/sh -c yum -y install wget # buildkit 46.4MB buildkit.dockerfile.v0
<missing> 2 hours ago /bin/bash 109MB
<missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
[root@docker ~]# 从以上示例中可以看到,新镜像 centos/vim- -bulky的大小是439MB,而镜像的 UnionFS层数是
10层。
这样编写Dockerfile导致新镜像非常庞大,既增加了构建部署的时间,也很容易出错。
下面对 Dockerfile进行优化,示例代码如下:
[root@docker ~] vim Dockerfile
FROM centos-ali/vim
RUN yum -y install wget && \
yum -y install net-tools && \
yum -y install nano && \
yum -y install httpd
EXPOSE 80
CMD systemctl start httpd在 Dockerfile中使用“&”与“\”将多条命令合成一条,“&&”表示命令还没有结束,“\”表示换行。
下面通过优化过的Dockerfile构建新镜像,示例代码如下:
[root@docker ~]# docker build -t centos/vim-portable .
[+] Building 22.5s (6/6) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 204B 0.0s
=> [internal] load metadata for docker.io/centos-ali/vim:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/2] FROM docker.io/centos-ali/vim:latest 0.0s
=> [2/2] RUN yum -y install wget && yum -y install net-tools && yum -y install nano && yum -y instal 22.1s
=> exporting to image 0.3s
=> => exporting layers 0.3s
=> => writing image sha256:b78faa3c5a9591de2657cf3370362e049c3a56a52558771fc80e366f29ae057c 0.0s
=> => naming to docker.io/centos/vim-portable 发现过程精简,再查看大小和结构
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos/vim-portable latest b78faa3c5a95 35 seconds ago 396MB
centos/vim-bulky latest a5cf6c1036f9 8 minutes ago 439MB
centos/wget-dockerfile latest 54fd0b8b9d8b About an hour ago 386MB
centos-ali/vim latest 8b515f502433 2 hours ago 340MB
wanyulaowang/centos-cn-vim latest 8b515f502433 2 hours ago 340MB
hello-world latest d2c94e258dcb 10 months ago 13.3kB
busybox latest beae173ccac6 2 years ago 1.24MB
alpine latest c059bfaa849c 2 years ago 5.59MB
centos latest 5d0da3dc9764 2 years ago 231MB
#查看旧镜像
[root@docker ~]# docker history centos/vim-bulky:latest
IMAGE CREATED CREATED BY SIZE COMMENT
a5cf6c1036f9 8 minutes ago CMD ["/bin/sh" "-c" "systemctl start httpd"] 0B buildkit.dockerfile.v0
<missing> 8 minutes ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0
<missing> 8 minutes ago RUN /bin/sh -c yum -y install httpd # buildk… 22.8MB buildkit.dockerfile.v0
<missing> 8 minutes ago RUN /bin/sh -c yum -y install nano # buildkit 15.2MB buildkit.dockerfile.v0
<missing> 8 minutes ago RUN /bin/sh -c yum -y install net-tools # bu… 15MB buildkit.dockerfile.v0
<missing> About an hour ago RUN /bin/sh -c yum -y install wget # buildkit 46.4MB buildkit.dockerfile.v0
<missing> 2 hours ago /bin/bash 109MB
<missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB
#查看优化后的新镜像
[root@docker ~]# docker history centos/vim-portable:latest
IMAGE CREATED CREATED BY SIZE COMMENT
b78faa3c5a95 2 minutes ago CMD ["/bin/sh" "-c" "systemctl start httpd"] 0B buildkit.dockerfile.v0
<missing> 2 minutes ago EXPOSE map[80/tcp:{}] 0B buildkit.dockerfile.v0
<missing> 2 minutes ago RUN /bin/sh -c yum -y install wget && yum -… 56.4MB buildkit.dockerfile.v0
<missing> 2 hours ago /bin/bash 109MB
<missing> 2 years ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 2 years ago /bin/sh -c #(nop) LABEL org.label-schema.sc… 0B
<missing> 2 years ago /bin/sh -c #(nop) ADD file:805cb5e15fb6e0bb0… 231MB centos/vim-portable的7层相比刚才的centos/vim-bulky的10层少了不少
Comments NOTHING