Docker can automatically build images by reading instructions in a Dockerfile. A Dockerfile is a text configuration file that contains commands and instructions for creating an image.
Because the configuration is too much, I did a few translation and summary, in order to learn to consult.
A, variables,
Variables are represented by $variable_name or ${variable_name}
${variable:-word}
Represents the value that will result if variable is set. If variable is not set, word will be the result.${variable:+word}
Indicates word result if variable is set, otherwise empty string.
A variable preceded by \ can be escaped to a plain string: \$fooor\${foo}, indicating conversion to $foo and ${foo} text.
Second, the FROM
Initialize a new build phase and set up the base image:
FROM [--platform=<platform>] <image> [AS <name>]
FROM [--platform=<platform>] <image>[:<tag>] [AS <name>]
FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]
Copy the code
-
A single dockfile can appear FROM multiple times to use the previous build phase as a dependency for another build phase
-
AS name indicates the name of the build phase, which can be used in subsequent FROM and COPY — FROM =
instructions to refer to the image built at this stage
-
A digest is an ID generated based on the content of the image. As long as the content of the image remains the same, the digest will not change
-
Tag or DIGEST values are optional. If you omit any of them, the builder defaults to using a Latest tag. If the tag value is not found, the builder returns an error.
-
The platform flag can be used to specify platforms in cases where FROM references multiple platform images. For example, Linux/AMD64, Linux/ARM64, or Windows/AMD64
Third, the RUN
Commands will be executed in a new layer on top of the current image, running at docker build time
RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'
Copy the code
There are two forms of RUN:
RUN <command>
(shellCommand to run in shell, default/bin/sh -c
In Linux, orcmd /S /C
On Windows)RUN ["executable", "param1", "param2"]
(performForm)
Description:
-
You can use \ (backslash) to continue a single RUN instruction to the next line
-
RUN does not automatically invalidate the instruction cache during the next build. You can invalidate the instruction cache with the –no-cache flag
-
Each execution of the Dockerfile instruction creates a new layer on top of the Docker. Therefore, too many meaningless layers will cause excessive image expansion. You can use the && symbol link command to create only one image after executing this command
Fourth, the CMD
Run the program at docker run time, but unlike run, run is run at docker build time
FROM ubuntu
CMD ["/usr/bin/wc"."--help"]
Copy the code
Three formats are supported
-
CMD [“executable”,”param1″,”param2″];
-
CMD command param1 param2 Is run in /bin/sh to provide information for applications that require interaction.
-
CMD [“param1″,”param2”] provides the default argument to ENTRYPOINT;
Specifies the command to execute when starting the container. There can be only one CMD command per Dockerfile. If multiple commands are specified, only the last command will be executed.
If the user specified a command to run when starting the container, CMD commands are overridden.
Five, the LABEL
Adding metadata
LABEL multi.label1="value1" \
multi.label2="value2" \
other="value3"
Copy the code
Six, EXPOSE
EXPOSE <port> [<port>/<protocol>...]
Copy the code
The Docker container listens on the specified network port at run time. You can specify whether the port listens for TCP or UDP. If no protocol is specified, TCP is used by default.
The EXPOSE directive doesn’t actually publish a port. To actually publish ports when the container is run, docker run -p publishes and maps one or more ports.
By default, EXPOSE assumes TCP. You can also specify UDP:
EXPOSE 80/udp
Seven, ENV
Setting environment Variables
ENV <key>=<value> ...
Copy the code
The environment variables you set persist, which you can see using Docker Inspect. Use docker run –env
=
to change the value of an environment variable.
If the environment variable is only needed during build, consider setting a value for a single command:
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y ...
Copy the code
Or use ARG, which does not remain in the final image:
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y ...
Copy the code
Eight, the ADD
Copy the new file, directory, or remote file URL < SRC > and add them to
.
< SRC > can specify multiple resources, but if they are files or directories, their paths are interpreted as the source relative to the build context, which is WORKDIR.
Each < SRC > may contain wildcards, and matches will use Go’s Filepath.Match rule. Such as:
Add all files starting with “hom” :
ADD hom* /mydir/
Copy the code
In the following example,? Is replaced with any single character, such as home.txt.
ADD hom? .txt /mydir/Copy the code
is an absolute path, or relative path to WORKDIR.
Nine, COPY
Syntax is the same as ADD, copy copy files.
The only difference between COPY and ADD is that:
Whether obtaining resources from remote urls is supported. The COPY command can only read resources from the host where the Docker build is executed and COPY them to the image. The ADD directive also supports reading resources from a remote server through a URL and copying them to an image.
For the same requirements, the COPY command is recommended. The ADD directive is better at reading and decompressing local tar files.
Ten, the ENTRYPOINT
ENTRYPOINT, like CMD, specifies the container launcher and parameters, but it is not overridden by instructions specified by the docker Run command line arguments. If you want to override it, you need to specify it via Docker Run — entryPoint.
It comes in 2 formats:
ENTRYPOINT ["executable"."param1"."param2"]
ENTRYPOINT command param1 param2
Copy the code
After ENTRYPOINT is specified, the content of CMD is passed to the ENTRYPOINT command as a parameter.
<ENTRYPOINT> <CMD>
Copy the code
Eleven, VOLUME
Creates an attached data volume with the specified name
VOLUME ["/var/log/"]
VOLUME /var/log
Copy the code
Its main functions are:
- Avoid the loss of important data due to container restart
- Avoid growing containers
Twelve, ARG
Define variables, which have the same effect as ENV, except that ARG variables are not persisted to a built image like ENV variables.
ARG <name>[=<default value>]
Copy the code
Docker has a predefined set of ARG variables that you can use without corresponding directives in Dockerfile.
- HTTP_PROXY
- http_proxy
- HTTPS_PROXY
- https_proxy
- FTP_PROXY
- ftp_proxy
- NO_PROXY
- no_proxy
To use these, pass them on the command line with the –build-arg flag, for example:
docker build --build-arg HTTPS_PROXY=https://my-proxy.example.com .
Copy the code
13, ONBUILD
Add a trigger instruction to the image to be executed later when the image is used as the basis for another build. That is, when another dockerfile FROM the image is executed.
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/src
Copy the code
14, STOPSIGNAL
Sets the system call signal that will be sent to the container to exit. The signal can be a valid unsigned number that matches a location in the kernel system call table, such as 9, or a signal name of the format SIGNAME, such as SIGKILL.
STOPSIGNAL signal
Copy the code
The default stop-signal is SIGTERM, which is sent to the docker process whose PID is 1 when the docker stops. After receiving the signal, the applications in the container can process some things first to achieve a smooth exit of the container. If no processing is done, the container will forcibly exit after a period of time, resulting in forced service interruption. The default interval is 10 seconds.
15 and HEALTHCHECK
Specifies a program or directive that monitors the running status of the Docker container service. The HEALTHCHECK directive has two forms:
HEALTHCHECK [OPTIONS] CMD command
(Check container health by running commands inside the container)HEALTHCHECK NONE
(Disable any health checks inherited from the underlying image)
16, SHELL
Overrides the default shell for the shell form of the command. On Linux the default shell is [“/bin/sh “, “-c”], Windows is [” CMD “, “/ S”, “/ c]”
SHELL ["executable"."parameters"]
Copy the code
This SHELL directive is particularly useful on Windows, where there are two commonly used and distinct native shells: CMD and Powershell, and alternate shells available, including sh. This SHELL instruction can occur more than once. Each SHELL instruction overrides all previous SHELL instructions and affects all subsequent ones.
In the 17th and WORKDIR
The working directory, if WORKDIR does not exist, will be created even if it is not used in subsequent Dockerfile directives.
Each RUN command creates a new layer during the docker build process. Only directories created by WORKDIR will always exist.
Multiple WORKDIR can be set, and if a relative path is provided, it will be relative to the path of the previous WORKDIR directive. Such as:
WORKDIR /a
WORKDIR b
WORKDIR c
RUN pwd
Copy the code
The final output of the PWD command is /a/b/c.
The WORKDIR directive can resolve previous uses of ENV, for example:
ENV DIRPATH=/path
WORKDIR $DIRPATH/$DIRNAME
RUN pwd
Copy the code
The final output of the PWD command is /path/$DIRNAME
18 and the USER
Set the user name (or UID) and optional user group (or GID)
USER <user>[:<group>]
USER <UID>[:<GID>]
Copy the code