Docker Dockerfile use detailed notes-Xiaobai notes

1 What is a Dockerfile?

Dockerfile is a text file used to build a mirror. The text contains instructions and instructions for building a mirror.

2 Use Dockerfile to customize the image

Here only explains how to run the Dockerfile file to customize a mirror, the construction process is as follows:

2.1 Add Dockerfile

Let's customize an nginx image (the built image will have a /usr/share/nginx/html/index.html file)

In an empty directory, create a new file named Dockerfile, and add the following content to the file:

FROM nginx
RUN echo '这是一个本地构建的nginx镜像' > /usr/share/nginx/html/index.html

2.2 The role of FROM and RUN instructions

FROM : The customized images are all based on FROM, where nginx is the basic image required for customization. The subsequent operations are based on nginx.

RUN : used to execute the command line commands that follow. There are two formats:

shell format:

RUN <命令行命令>
# <命令行命令> 等同于，在终端操作的 shell 命令。

exec format:

RUN ["可执行文件", "参数1", "参数2"]
# 例如：
# RUN ["./test.php", "dev", "offline"] 等价于 RUN ./test.php dev offline

Note : Every time the instructions of the Dockerfile are executed, a new layer will be created on the docker. So too many meaningless layers will cause the image to expand too much. E.g:

FROM centos
RUN yum install wget
RUN wget -O redis.tar.gz "http://download.redis.io/releases/redis-5.0.3.tar.gz"
RUN tar -xvf redis.tar.gz
以上执行会创建 3 层镜像。可简化为以下格式：
FROM centos
RUN yum install wget \
    && wget -O redis.tar.gz "http://download.redis.io/releases/redis-5.0.3.tar.gz" \
    && tar -xvf redis.tar.gz

As above, connect the commands with the && symbol, so that after execution, only 1 layer mirror will be created.

2.3 Start to build the image

In the storage directory of the Dockerfile file, execute the build action.

The following example builds a nginx:test (image name: image label) from the Dockerfile in the directory.

Note : The last. Represents the context path of this execution.

docker build -t nginx:test --rm=true .

-t means to choose to specify the user name, warehouse name and tag to generate the image

--rm=true means to delete the temporary container generated in the middle of the image generation process

The above display indicates that the construction has been successful.

2.4 Context path

$ docker build -t nginx:test .

The context path refers to when docker is building an image, sometimes it wants to use the local files (such as copying). After the docker build command knows this path, it will package all the content under the path.

Analysis : Because the operating mode of docker is C/S. Our native machine is C, and the docker engine is S. The actual build process is done under the docker engine, so our local files cannot be used at this time. This requires that the files in the specified directory of our local machine are packaged together for use by the docker engine.

If the last parameter is not specified, the default context path is the location of the Dockerfile.

Note : Do not put useless files in the context path, because they will be packaged and sent to the docker engine. If there are too many files, the process will be slow.

3 Detailed instructions

3.1 COPY

Copy instructions, copy files or directories from the context directory to the specified path in the container.

format:

COPY [--chown=<user>:<group>] <源路径1>...  <目标路径>
COPY [--chown=<user>:<group>] ["<源路径1>",...  "<目标路径>"]

[--chown=<user>:<group>] : Optional parameter, the user changes the owner and group of files copied to the container.

<source path> : source file or source directory. This can be a wildcard expression, and its wildcard rule must satisfy Go's filepath.Match rule. E.g:

COPY hom* /mydir/
COPY hom?.txt /mydir/

<Target path> : The specified path in the container. The path does not need to be built in advance. If the path does not exist, it will be created automatically.

3.2 ADD

The ADD instruction and COPY use the same format (under the same requirements, the official recommendation is to use COPY). The functions are also similar, the differences are as follows:

The advantage of ADD: If the execution of <source file> is a tar compressed file, and the compression format is gzip, bzip2 and xz, it will be automatically copied and decompressed to the <target path>.
Disadvantages of ADD: tar compressed files cannot be copied without decompression. It will invalidate the image build cache, which may make the image build slower. Whether it is used or not can be determined according to whether it needs to be automatically decompressed.

3.3 CMD

Similar to the RUN command, it is used to run the program, but the time point of the two running is different:

CMD runs during docker run.
RUN is in docker build.

Function : Specify the program to run by default for the started container, and the container will end when the program runs. The program specified by the CMD instruction can be overwritten by the program to be run specified in the docker run command line parameter.

Note : If there are multiple CMD instructions in the Dockerfile, only the last one will take effect .

format:

CMD <shell 命令> 
CMD ["<可执行文件或命令>","<param1>","<param2>",...] 
CMD ["<param1>","<param2>",...]  # 该写法是为 ENTRYPOINT 指令指定的程序提供默认参数

The second format is recommended, and the execution process is relatively clear. The first format will actually be automatically converted to the second format during operation, and the default executable file is sh.

3.4 ENTRYPOINT

Similar to the CMD command, but it will not be overwritten by the command specified by the docker run command line parameter, and these command line parameters will be used as parameters to the program specified by the ENTRYPOINT command.

However, if the --entrypoint option is used when running docker run, the parameter of this option can be used as the program to be run to override the program specified by the ENTRYPOINT instruction.

Advantages : When executing docker run, you can specify the parameters required for ENTRYPOINT operation.

Note: If there are multiple ENTRYPOINT instructions in the Dockerfile, only the last one will take effect.

format:

ENTRYPOINT ["<executeable>","<param1>","<param2>",...]

It can be used with the CMD command: CMD is generally used when changing parameters. CMD here is equivalent to passing parameters to ENTRYPOINT, which will be mentioned in the following examples.

Example:

Assuming that the nginx:test image has been built through the Dockerfile:

FROM nginx

ENTRYPOINT ["nginx", "-c"] # 定参
CMD ["/etc/nginx/nginx.conf"] # 变参

1. Run without parameter transfer

$ docker run  nginx:test

The following command will be run in the container by default to start the main process.

nginx -c /etc/nginx/nginx.conf

2. Parameter transfer operation

$ docker run  nginx:test -c /etc/nginx/new.conf

The following command will be run in the container by default to start the main process (/etc/nginx/new.conf: assuming this file already exists in the container)

nginx -c /etc/nginx/new.conf

3.5 ENV

Set the environment variable, define the environment variable, then in the subsequent instructions, you can use this environment variable.

format:

ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2>...

The following example sets NODE_VERSION = 7.2.0, which can be referenced by $NODE_VERSION in subsequent instructions:

ENV NODE_VERSION 7.2.0

RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
  && curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"

3.6 ARG

Build parameters, and have the same effect with ENV. But the scope is different. The environment variable set by ARG is only valid in the Dockerfile, which means that it is only valid during the docker build process. This environment variable does not exist in the built image.

The build command docker build can be overwritten with --build-arg <parameter name>=<value>.

format:

ARG <参数名>[=<默认值>]

3.7 VOLUME

Define an anonymous data volume. If you forget to mount the data volume when starting the container, it will be automatically mounted to the anonymous volume.

effect:

Avoid losing important data due to container restart, which is very fatal.
Avoid containers that keep getting bigger.

format:

VOLUME ["<路径1>", "<路径2>"...]
VOLUME <路径>

When starting the container docker run, we can modify the mount point through the -v parameter.

3.8 EXPOSE

Just declare the port.

effect:

Help mirror users understand the guard port of this mirroring service to facilitate the configuration of mapping.
When using random port mapping at runtime, that is, when docker run -P, the EXPOSE port will be automatically mapped randomly.

format:

EXPOSE <端口1> [<端口2>...]

3.9 WORKDIR

Specify the working directory. The working directory specified by WORKDIR will exist in each layer of the image. (The working directory specified by WORKDIR must be created in advance).

In the process of docker build building the image, each RUN command is a new layer. Only directories created through WORKDIR will always exist.

format:

WORKDIR <工作目录路径>

3.10 USER

It is used to specify the user and user group that executes subsequent commands. This is just to switch the user who executes subsequent commands (the user and user group must already exist in advance).

format:

USER <用户名>[:<用户组>]

3.11 HEALTHCHECK

Used to specify a program or instruction to monitor the running status of the docker container service.

format:

HEALTHCHECK [选项] CMD <命令>：设置检查容器健康状况的命令
HEALTHCHECK NONE：如果基础镜像有健康检查指令，使用这行可以屏蔽掉其健康检查指令

HEALTHCHECK [选项] CMD <命令> : 这边 CMD 后面跟随的命令使用，可以参考 CMD 的用法。

3.12 ONBUILD

Used to delay the execution of build commands. Simply put, the commands specified with ONBUILD in the Dockerfile will not be executed during the process of building the image (assuming the image is test-build). When a new Dockerfile uses the previously built image FROM test-build, which is to execute the Dockerfile construction of the new image, the command specified by ONBUILD in the Dockerfile of test-build will be executed.

format:

ONBUILD <其它指令>