优化docker镜像(nginx)8
图片docker run -it --rm rhel7:v1 bashbash-4.2# cd /mnt/bash-4.2# lsnginx-1.18.0bash-4.2# cd nginx-1.18.0/bash-4.2# lsCHANGESCHANGES.ruLICENSEMakefileREADMEautoconfconfigurecontribhtmlmanobjssrcbash-4.2#
·
图片
tag 是给镜像打标签(就是改名字)
docker run -it --rm rhel7:v1 bash
bash-4.2# cd /mnt/
bash-4.2# ls
nginx-1.18.0
bash-4.2# cd nginx-1.18.0/
bash-4.2# ls
CHANGES CHANGES.ru LICENSE Makefile README auto conf configure contrib html man objs src
bash-4.2# cd auto/
bash-4.2# cd cc
bash-4.2# vi gcc
CFLAGS="$CFLAGS -g"
减少镜像层数,清理中间产物
写禁用debug sed指令,下面是测试
bash-4.2# cd nginx-1.18.0/
bash-4.2# sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
bash-4.2# vi /auto/cc/gcc
# debug
#CFLAGS="$CFLAGS -g"
测试可以
新RUN有缓存cache 快
cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.18.0.tar.gz /mnt
WORKDIR /mnt/nginx-1.18.0
RUN rpmdb --rebuilddb &&yum install -y gcc make pcre-devel zlib-devel && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install && rm -fr /mnt/nginx-1.18.0
COPY index.html /usr/local/nginx/html
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
[root@server9 docker]# cat Dockerfile
FROM rhel7
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.18.0.tar.gz /mnt
WORKDIR /mnt/nginx-1.18.0
RUN rpmdb --rebuilddb &&yum install -y gcc make pcre-devel zlib-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install && rm -fr /mnt/nginx-1.18.0 && yum clean all
COPY index.html /usr/local/nginx/html
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
所以两个RUN
clean all 清理yum的缓存
[root@server9 docker]# docker build -t rhel7:v2 .
Successfully built 9012f97bb099
Successfully tagged rhel7:v2
[root@server9 docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v2 9012f97bb099 17 seconds ago 282MB
rhel7 v1 387ba24407fa 25 minutes ago 296MB
优化了14M
nginx 其实只要/usr/local/nginx
所以继续优化
多阶段构建,把多个层压到一层 图片
FROM rhel7 as build
COPY dvd.repo /etc/yum.repos.d/
ADD nginx-1.18.0.tar.gz /mnt
WORKDIR /mnt/nginx-1.18.0
RUN rpmdb --rebuilddb &&yum install -y gcc make pcre-devel zlib-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install && rm -fr /mnt/nginx-1.18.0 && yum clean all
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
COPY index.html /usr/local/nginx/html
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
上面的容器负责编译,把编译要的东西COPY到新的容器
[root@server9 docker]# docker build -t rhel7:v3 .
Successfully built 35408524b122
Successfully tagged rhel7:v3
[root@server9 docker]# docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 35408524b122 35 seconds ago 141MB
rhel7 v2 9012f97bb099 9 minutes ago 282MB
rhel7 v1 387ba24407fa 34 minutes ago 296MB
rhel7 latest 0a3eb3fde7fd 6 years ago 140MB
[root@server9 docker]# docker run -d --name demo rhel7:v3
dc201c733f4e71a1fa2b1d45e37988025c648a7f88c441dbdcd6fcc63355222f
[root@server9 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dc201c733f4e rhel7:v3 "/usr/local/nginx/sb…" 7 seconds ago Up 6 seconds 80/tcp demo
[root@server9 docker]# curl 172.17.0.2
www.yan.org
[root@server9 docker]#
基础镜像140M,编译只占1M,所以,编译好的镜像占141M
所以,基础镜像也很重要
谷歌的容器工具
国内的快一点
scp base-debian10.tar server9:
root@server9's password:
base-debian10.tar 100% 20MB 31.9MB/s 00:00
[root@foundation38 images]#
[root@server9 ~]# docker load -i base-debian10.tar
de1602ca36c9: Loading layer [==================================================>] 3.041MB/3.041MB
1d3b68b6972f: Loading layer [==================================================>] 17.77MB/17.77MB
Loaded image: gcr.io/distroless/base-debian10:latest
[root@server9 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 19202321189a 8 minutes ago 141MB
rhel7 v2 9012f97bb099 21 minutes ago 282MB
rhel7 v1 387ba24407fa 46 minutes ago 296MB
<none> <none> 1aa0630a1d1f 6 hours ago 1.24MB
nginx latest d1a364dc548d 4 days ago 133MB
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 6 years ago 140MB
gcr.io/distroless/base-debian10 latest d48fcdd54946 51 years ago 19.2MB
19.2M 比141M小的多了
[root@server9 ~]# docker run -it --rm rhel7:v3 bash
bash-4.2# cd /usr/local/nginx/
bash-4.2# ls
conf html logs sbin
bash-4.2# du -sh
876K .
bash-4.2# cd sbin/
bash-4.2# ls
nginx
bash-4.2# ldd /usr/local/nginx/sbin/nginx
linux-vdso.so.1 => (0x00007ffe51c86000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f8afb8e2000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f8afb6c6000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f8afb48f000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f8afb22e000)
libz.so.1 => /lib64/libz.so.1 (0x00007f8afb018000)
libc.so.6 => /lib64/libc.so.6 (0x00007f8afac57000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8afbae6000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007f8afa9d8000)
ldd查看运行时所需的系统库函数
编译时你把zlib pcre这些库函数都编译上去了,它会调用你的系统库函数,所以,你要让这些二进制程序运行的话,你这些系统库函数必须一块cp进去
所以,你需要把二进制程序cp,还有系统库函数
这些是官方为我们写好的官方写的Dockerfile
FROM nginx as base
ARF TIMEZ_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
VOLUME ["/usr/share/nginx/html"]
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
第二个调用了gcr.io/distroless/base-debian10
root@server9 new]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v3 19202321189a 21 minutes ago 141MB
rhel7 v2 9012f97bb099 33 minutes ago 282MB
rhel7 v1 387ba24407fa 59 minutes ago 296MB
<none> <none> 1aa0630a1d1f 6 hours ago 1.24MB
nginx latest d1a364dc548d 4 days ago 133MB
yakexi007/game2048 latest 19299002fdbe 4 years ago 55.5MB
rhel7 latest 0a3eb3fde7fd 6 years ago 140MB
gcr.io/distroless/base-debian10 latest d48fcdd54946 51 years ago 19.2MB
多阶段构建
[root@server9 new]# docker build -t rhel7:v4
Successfully built 791f7bfe1e6b
Successfully tagged rhel7:v4
docker images rhel7
REPOSITORY TAG IMAGE ID CREATED SIZE
rhel7 v4 791f7bfe1e6b About a minute ago 31.9MB
rhel7 v3 19202321189a 26 minutes ago 141MB
rhel7 v2 9012f97bb099 38 minutes ago 282MB
rhel7 v1 387ba24407fa About an hour ago 296MB
rhel7 latest 0a3eb3fde7fd 6 years ago 140MB
[root@server9 new]# docker images gcr.io/distroless/base-debian10
REPOSITORY TAG IMAGE ID CREATED SIZE
gcr.io/distroless/base-debian10 latest d48fcdd54946 51 years ago 19.2MB
31.9M ,19.2M是镜像的大小
剩下的都是二进制程序和库
测试新的镜像
[root@server9 new]# docker rm -f demo
demo
[root@server9 new]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b944c3d9b236 rhel7:v4 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 80/tcp, 443/tcp demo
[root@server9 new]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
删掉以v3的容器,新建以V4的容器,ip重新分配,拿到的是v3以前的ip
ip分配时单调递增
官方的默认发布目录在/usr/share/nginx/html/
可以copy更改发布的东西
也可以把网站的数据通过卷挂载出去
[root@server9 new]# cat Dockerfile
FROM nginx as base
ARG TIME_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian10
COPY --from=base /opt /
VOLUME ["/usr/share/nginx/html"]
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
[root@server9 new]# docker build -t rhel7:v5 .
Successfully built 791f7bfe1e6b
Successfully tagged rhel7:v5
[root@server9 new]# docker history rhel7:v5
IMAGE CREATED CREATED BY SIZE COMMENT
791f7bfe1e6b 15 minutes ago /bin/sh -c #(nop) ENTRYPOINT ["nginx" "-g" … 0B
6563227383c7 15 minutes ago /bin/sh -c #(nop) EXPOSE 443 80 0B
29994c769fdd 15 minutes ago /bin/sh -c #(nop) VOLUME [/usr/share/nginx/… 0B
dda5ee99abef 15 minutes ago /bin/sh -c #(nop) COPY dir:4b299d402b46c2983… 12.7MB
d48fcdd54946 51 years ago bazel build ... 17.4MB
<missing> 51 years ago bazel build ... 1.8MB
VOLUME [/usr/share/nginx/…
检测到VOLUME自动创建一个卷,我们也可以手工挂载上去一个卷
[root@server9 new]# docker rm -f demo
demo
[root@server9 new]# docker run -d --name demo -v /data:/usr/share/nginx rhel7:v5
-v 手工挂载,/data宿主机的路径:/usr/share/nginx容器内的路径
宿主机的/data会覆盖你容器内的路径的文件
[root@server9 new]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
871db99cbd70 rhel7:v5 "nginx -g 'daemon of…" 5 seconds ago Up 4 seconds 80/tcp, 443/tcp demo
[root@server9 new]# curl 172.17.0.2
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.0</center>
</body>
</html>
访问不了,因为被覆盖了,空的,没有首面
[root@server9 new]# cd /data/
[root@server9 data]# ls
[root@server9 data]# echo www.yan.org > index.html
[root@server9 data]# curl 172.17.0.2
www.yan.org
[root@server9 data]#
这个卷被挂载我们的容器内
[root@server9 data]# docker rm -f demo
demo
[root@server9 data]# ls
index.html
[root@server9 data]# cd /data
[root@server9 data]# ls
index.html
容器销毁,我们的数据仍然在
[root@server9 data]# docker run -d --name demo -v /data:/usr/share/nginx/html rhel7:v5
006ad375313d69c655b8dc299fdb03076eb33b054bf1a2a12e2708bb0fa56900
[root@server9 data]# curl 172.17.0.2
www.yan.org
容器随便被删掉,我们的数据依旧在
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)