When we use docker will find some mirror image of running, then will be very large, system resources, then we can actually solve this problem by optimizing the
Optimization criterion mirror:
- Select the most streamlined base image
- Reducing the number of layers of the mirror
- Cleaning intermediate image built
- Note optimizing network requests
- Try to use to build the cache
- Using multi-stage construction of mirrors
So then we thought rhel7 mirror nginx source installation, for example to do the optimization
1. First, get a nginx source package
[root@server1 docker]# ls
Dockerfile nginx-1.15.8.tar.gz web yum.repo
[root@server1 docker]#
2. Write Dockerfile file
[root@server1 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
3. Build a mirror
[root @ server1 Docker] # Docker ImagesRF Royalty Free nginx
the REPOSITORY ID TAG the IMAGE CREATED SIZE
nginx v1 af236e3138f9 the About A minute ago Member 276MB
nginx Latest 53f3fd8007f7 3 weeks ago Member 109MB
We can easily see the size I have 276MB of built mirror , much larger than the official nginx, then we will begin to optimize
before the first try to see if we optimize our success nginx
[root@server1 docker]# docker run -d --name nginx nginx:v1
b098b2a4bf0f3478e7156663a6e97d19424331e094ce06922b26a902de53bc34
The above default directory for nginx container in the physical machine catalog publishing interface
4. Start optimization;
the first optimization: will not want to see the output is imported into the trash
[root@server1 docker]# vim Dockerfile
[root@server1 docker]# cat Dockerfile
FROM rhel7
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel && yum clean all
RUN sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc
RUN ./configure --prefix=/usr/local/nginx
RUN make &> /dev/null
RUN make install &> /dev/null
RUN rm -fr /mnt/nginx-1.15.8
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
Then we compare, find the size of the change.
Second Optimization: to run entirely on one line, thus reducing the number of layers, but the effect is not very good, relatively small reduction, do not specify where the
third Optimization: using a multi-stage build
[root@server1 docker]# vim Dockerfile
[root@server1 docker]# cat Dockerfile
FROM rhel7 as build
COPY yum.repo /etc/yum.repos.d/yum.repo
ADD nginx-1.15.8.tar.gz /mnt
WORKDIR /mnt/nginx-1.15.8
RUN rpmdb --rebuilddb && yum install -y gcc make zlib-devel pcre-devel && yum clean all &&sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install && rm -rf /mnt/nginx-1.15.8
FROM rhel7
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
In fact, so similar before and we installed on a host nginx, but we just need to nginx on these hosts copied to another host, so that only the second host nginx, but not so many things
Reconstruction of the mirror
[root@server1 docker]# docker build -t nginx:v3 .
We can reduce by nearly half found
us to test whether available
[root@server1 docker]# docker run -d --name nginx -p 80:80 nginx:v3
595ab7b2d3db839ba43f595030df0e7f5373ef5c7c478dbe3e3333b5becfa57c
We see that is fully accessible
Fourth optimization: most streamlined image
because nginx service, not to use all the data. So we chose to use the most streamlined image to reconstruct the image
[root@server1 ~]# docker load -i distroless.tar
668afdbd4462: Loading layer 18.39MB/18.39MB
Loaded image: gcr.io/distroless/base:latest
[root@server1 ~]# docker images gcr.io/distroless/base
REPOSITORY TAG IMAGE ID CREATED SIZE
gcr.io/distroless/base latest 9a255d5fe262 49 years ago 16.8MB
We can see the same image size rhel7 little too much, but the image is small, it represents the needs of our operations will be more, because a lot of things not yet constructed, using the mirror on distroless we can own Baidu, here do not do much to explain the
Let's rewrite Dockerfile
[root@server1 ~]# cd /tmp/docker/
[root@server1 docker]# vim Dockerfile
[root@server1 docker]# cat Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base
COPY --from=base /opt /
EXPOSE 80
ENTRYPOINT ["nginx", "-g", "daemon off;"]
In fact, it's like we write what we needed on a piece of paper.
Reconstruction of the mirror
[root@server1 docker]# docker rm -f nginx
nginx
[root@server1 docker]# docker build -t nginx:v4 .
We can find it only just over 20 MB
test is normal nginx
[root@server1 docker]# docker run -d --name nginx -p 80:80 nginx:v4
ce0702ce569c8c5bfe4199dfae880a865f1bb8f146f8bbc70962c5a8b2443748
