About the mirror

Usually in hub.docker.com search image, pay attention to the need to find the official image, unofficial image inside there may be a virus, for students who have a clean addiction, can not find the official image, it is recommended to download the official software installation package, according to the installation method to build their own image, so it is also safe to use some

Build the mirror

Docker image construction requires the first creation of a Dockerfile file, which is used to compile the script for construction. The common syntax of the script is as follows:

  • A FROM image is based on another image, which is created by executing some scripts on top of another image
  • RUN RUN command
  • WORKDIR specifies the working directory, which is equivalent to CD. Generally, at the end of Dockerfile, the working directory will be cut to a commonly used directory, so that when Docker Exec enters the container, it will enter this directory by default, saving the operation of the user to CD the directory
  • COPY Copies files in the current directory to an image. You can also COPY files from another image
  • ADD Adds the file of the current directory to the image if the file to be added is.tar.gzIs automatically decompressed to the specified directory of the image
  • ENV Sets environment variables in the image
  • CMD specifies the command to execute when the image starts the container. In the Dockerfile, CMD appears only once
  • ENTRYPOINT specifies the command or script to be executed by the image when the container is started. If you want to run multiple commands when the container is started, you can use ENTRYPOINT instead. You can add an. generallyRUN chmod u+x xxx.shAdd executable permissions. Here’s how to write a command["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/webapps/api.jar", "--spring.profiles.active=test"]
  • EXPOSE indicates ports that are exposed, whether or not you write them, but after you write them, you can see which ports are exposed when Docker Inspect the image

Here’s a simple example of the syntax in Dockerfile:

Start by creating a directory

mkdir gitlab-runner
cd gitlab-runner
vi Dockerfile
Copy the code

Dockerfile contains the following contents:

# based on a mirror image
FROM gitlab/gitlab-runner:v11.4.2

Run the shell command
RUN echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse' > /etc/apt/sources.list && \
    echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse' >> /etc/apt/sources.list && \
    echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse' >> /etc/apt/sources.list && \
    echo 'deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse' >> /etc/apt/sources.list && \
    echo 'deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial stable' >> /etc/apt/sources.list

RUN curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
RUN apt-get update -y

RUN apt-get -y install iptables
RUN apt-get -y install apt-transport-https ca-certificates curl software-properties-common docker-ce

RUN mkdir -p /usr/local/docker
WORKDIR /usr/local/docker
COPY daemon.json /etc/docker/daemon.json
RUN service docker start

COPY docker-compose /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-compose

RUN mkdir -p /usr/local/java
WORKDIR /usr/local/java
COPY jdk-8u221-linux-x64.tar.gz /usr/local/java
RUNtar -zxvf jdk-8u221-linux-x64.tar.gz && \ rm -fr jdk-8u221-linux-x64.tar.gz

RUN mkdir -p /usr/local/maven
WORKDIR /usr/local/maven
COPYApache maven - 3.6.3 - bin. Tar. Gz/usr /local/maven
RUNTar -zxvf apache-maven-3.6.3-bin.tar.gz && \ rm -fr apache-maven-3.6.3-bin.tar.gz

ENV JAVA_HOME /usr/local/java/jdk1.8.0_221
ENV MAVEN_HOME /usr/local/maven/apache-maven-3.6.3
ENV PATH $PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin

COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

WORKDIR /
Copy the code

As can be seen from the Dockerfile above, if software will be installed on the server, Dockerfile will be written. That is, the command written in the shell is written into a script, and the image will be constructed by the Docker itself, eliminating the need to operate again every time on a new server

Image management

Harbor is recommended for remote mirror warehouse. A separate article will be written to introduce the construction of Harbor later

Common commands for local mirror management are as follows:

Docker image prune // Delete docker image prune // Delete docker image prune // Delete docker image PRune // Delete docker image PRune // Delete docker rmI image name or ID // TAG docker image ID XXX: XXX Docker save the image ID > xxx.tar // Load the file to docker load < xxx.tarCopy the code

Container management

In container management in this section, mainly want to say the container take up disk space problem, the container to run for a long time, the amount of space will be more and more big, when a server to run on multiple containers, suddenly may hard disk is full, can timely find which container is required at this time takes up too much space, and how to clean up the space as soon as possible

Run the docker system df command to view the disk space occupied by the docker

“Images” is the size of the Images, “Containers” is the size of the Containers, and “Local Volumes” is the size of the mounted data Volumes

  • If the mirror image is large, yesdocker imagesCheck whether some mirrors are unnecessary and can be deleted
  • If the data volume is large, the mounted directory may be written to many files, such as log files or data files generated by running software in the container

Use docker system df -v to view more detailed data, including space occupied by each image, space occupied by each container, etc

Use docker ps –size to view the space occupied by the running container

If the root directory of the docker does not have enough space, you can hang a new disk, service docker stop stop docker service, docker root directory files moved to the new disk (default docker root directory is /var/lib/docker). Modify /etc/docker/daemon.json add or modify data-root to new hard disk, then service docker start docker service, thus complete docker directory migration

Mirror shrinkage capacity

Build the image as small as possible, so that the application contained in the image is just right, so that the built image is minimized

This is the Linux overlay file system. If you add a file to the image in step 1 and then delete it in step 2, the file size will still be counted in the image size. If step 1 and Step 2 are combined into one step, The image size no longer contains the file size, as follows:

RUNAdd file to image \ && Delete file
Copy the code

The \ above is used to escape the newline character, and && is used to connect the two commands

Docker provides a command to view the build history steps of the image

Docker history IMAGE name or ID root @ today2: / usr/local/docker/gitlab - runner2 # docker history c0fa8ada5a84 IMAGE CREATED CREATED BY SIZE COMMENT c0fa8ada5a84 10 months ago /bin/sh -c #(nop) CMD [" /usr/local/openRest... 0B 62bbb0b2a328 10 months ago /bin/sh -c #(nop) EXPOSE 80 0B e228ad0a338b 10 months ago /bin/sh -c #(nop) WORKDIR / 0B b109c44fb8bb 10 months ago /bin/sh -c #(nop) ADD file: c26c0723c8896CCb9... 857B 4ed6730165C6 10 months ago /bin/sh -c make && make install 95.1MB De61b50377e0 10 months ago /bin/sh -c./configure --add-module=/usr/loc... 65.2MB ddbc24e63d21 10 months ago /bin/sh -c rm -rf. /Makefile 0B 49631835d627 10 months ago /bin/sh -c #(nop) WORKDIR /usr/local/src/ope Ago /bin/sh -c unzip nginx-module-vts.zip 2.58MB f393685b4b14 10 months ago /bin/sh -c #(nop) WORKDIR /usr/local/src 0B F6d9e27571d4 10 months ago /bin/sh -c #(nop) ADD file: 9bb161e63FE3864A4... 1.49MB 1548553d9fc8 10 months ago /bin/sh -c #(nop) ADD file: 3d10850fb8B3e933a... 27.1MB e8b57fcbd31d 10 months ago /bin/sh -c apt-get install unzip make GCC li Bc016c01c294 10 months ago /bin/sh -c apt-get update 26.2MB d820629463da 10 months ago /bin/sh -c echo 'deb http://mirrors.aliyun.c... 351B 5991db817e28 10 months ago /bin/sh -c echo 'deb http://mirrors.aliyun.c... 260B 1f911ec5d70c 10 months ago /bin/sh -c echo 'deb http://mirrors.aliyun.c... 171B 65e875ff00B0 10 months ago /bin/sh -c echo 'deb http://mirrors.aliyun.c... 81B 90088fba500c 10 months ago /bin/sh -c #(nop) WORKDIR /etc/apt 0B fab5e942C505 10 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B <missing> 10 months ago /bin/sh -c mkdir -p /run/systemd && echo 'do <missing> 10 months ago /bin/sh -c set-xe && echo '#!/bin/sh' > /... 745B <missing> 10 months ago /bin/sh -c rm -rf /var/lib/apt/lists/* 0B <missing> 10 months ago /bin/sh -c #(nop) ADD file: 513AE777bc4042f84... 126MBCopy the code

Using this command, you can view the size of each step of a given image during build

Multistage construction

Docker also provides multi-stage build capabilities. For example, when building a Java image, we need Maven to compile the source code into.jar. When the container is running, only the JRE is required

Build.jar from maven image first
FROM maven:3-jdk-8 AS builder
COPY ./src/ /usr/src/java/
WORKDIR /usr/src/java/
RUN mvn clean package

To run Java from the openJDK image, copy the compiled.jar file from the image above
FROM openjdk:8u102-jre
COPY --from=builder /usr/src/java/target/xxx.jar /usr/local/jar/xxx.jar
CMD ["java"."-jar"."/usr/local/jar/xxx.jar"]
Copy the code