Docker镜像的三大构建方式

摘要
在构建容器化应用时，相当重要的步骤莫过于镜像制作，本文将介绍镜像制作方法以及镜像制作的建议。
采用docker commit生成的镜像实际上是容器内的文件系统进行修改在进行提交，而运行的容器实际上是在镜像的文件系统顶层添加了一层读写层，所都的修改都是基于这一层，当生成镜像时会将这一层数据保存，所以每次使用commit提交镜像时候都会比原来多一层，这样会使得镜像越来越大并且不易维护。同时，对于镜像使用者来说完全不透明，使用者不清楚该镜像怎么样构建的，是否安全等，这种方式及其不推荐。
而使用Dockerfile构建镜像，对于使用者来说完全透明，构建镜像的每一个步骤都在Dockerfile文件中描述的清清楚楚，同时当需要对镜像修改时候，只需修改Dockerfile文件中的指令，维护镜像只需要维护一个Dockerfile，这也是镜像构建的最佳方式。当然，要使用Dockerfile就必须明白Dockerfile的语法和各个指令，以下将作详细介绍。

一、Docker镜像的分层
①Dockerfile中的每个指令都会创建一个新的镜像层
②镜像层将被缓存和复用
③当Dockerfile的指令修改了，复制的文件变化了，或者构建镜像时指定的变量不同了，对应的镜像层缓存就会失效
④某一层的镜像缓存失效之后，它之后的镜像层都会失效
⑤镜像层时不可变的，如果在某一层中添加一个文件，然后再下一层中删除它，则镜像中依然会包含该文件

二、Docker镜像的创建
2.1、Docker镜像
2.1.1、应用发布的标准格式

2.1.2、支撑一个Docker容器的运行

2.2、Docker镜像的创建方法
2.2.1、基于已有镜像创建

2.2.2、基于本地模板创建

2.2.3、基于Dockerfile创建

2.3、基于已有镜像创建
2.3.1、将容器里面运行的程序及运行环境打包生成新的镜像

 docker commit [选项] 容器ID/名称 仓库名称:[标签]
 -m：说明信息
 -a：作者信息
 -p：生成过程中停止容器的运行

2.3.2、操作步骤

[aaa@qq.com ~]# docker create -it httpd /bin/bash
42357089c94717f3ce7519381793a4542d23835e0831f1a0ca1818302a38a8da
[aaa@qq.com ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
42357089c947        httpd               "/bin/bash"         5 minutes ago       Created                                 magical_volhard
[aaa@qq.com ~]# docker commit -m "new" -a "xxy" 42357089c947 xxy:httpd
sha256:798b229a000ae11ea8cc4c1e1c9c6af42f8f63b305d0ac57021a680fdd144cfc
[aaa@qq.com ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
xxy                 httpd               798b229a000a        About a minute ago   138MB
httpd               123                 67aff63fc0f2        3 hours ago          134MB
httpd               latest              0a30f4c29d25        8 days ago           138MB
centos              7                   8652b9f0cb4c        12 days ago          204MB

2.4、基于本地模板创建

导入本地镜像debian-7.0-x86-minimal.tar.gz
[aaa@qq.com ~]# cat debian-7.0-x86-minimal.tar.gz | docker import - docker:xxy
sha256:c21bd2b8ca4aa9212b39c99a9133696ac18bde0c86224d1700e35849f07bd823
[aaa@qq.com ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
docker              xxy                 c21bd2b8ca4a        8 seconds ago       215MB

2.5、基于Dockerfile创建
2.5.1、Dockerfile是由一组指令组成的文件

2.5.2、Dockerfile结构四部分

①基础镜像信息
②维护者信息
③镜像操作指令
④容器启动时执行指令
2.5.3、Dockerfile每行支持一条指令，每条指令可携带多个参数，支持使用以“#”号开头的注释

2.5.4、Dockerfile操作指令
2.5.5、Dockerfile创建

[aaa@qq.com ~]# mkdir http
[aaa@qq.com ~]# cd http/
[aaa@qq.com http]# vim Dockerfile
#基于centos:7的基础镜像
FROM centos:7
#维护镜像的用户信息
MAINTAINER this is project
#镜像操作指令安装apache软件
RUN yum -y update
RUN yum -y install httpd
#开启80端口
EXPOSE 80
#复制网址首页文件
ADD index.html /var/www/html/index.html
#将执行脚本复制到镜像中
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#启动容器时执行脚本
CMD ["/run.sh"]

2.5.6、制作脚本

1 [aaa@qq.com http]# vim run.sh
2 #!/bin/bash
3 rm -rf /run/httpd/*
4 exec /usr/sbin/apachectl -D FOREGROUND

2.5.7、制作网页

1 [aaa@qq.com http]# echo '<h1>this is xxy</h1>' > index.html 
2 [aaa@qq.com http]# ll      #文件要放同一个目录
3 总用量 12
4 -rw-r--r--. 1 root root 402 11月 26 15:13 Dockerfile
5 -rw-r--r--. 1 root root  21 11月 26 15:16 index.html
6 -rw-r--r--. 1 root root  71 11月 26 15:15 run.sh

2.5.8、生成镜像

[aaa@qq.com http]# docker build -t httpd:centos .
Sending build context to Docker daemon  4.096kB
Step 1/9 : FROM centos:7
 ---> 8652b9f0cb4c
Step 2/9 : MAINTAINER this is project
 ---> Running in b8e91a6eb4a7
Removing intermediate container b8e91a6eb4a7
 ---> d4bb43995938
Step 3/9 : RUN yum -y update
 ---> Running in d37d3d583d44
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors

2.5.9、新镜像运行容器

[aaa@qq.com http]# docker run -d -p 9999:80 httpd:centos 
44444960d59d3cde9b922cb188c9e8cac44a6119aa7ab8f677488b66085f5a27
[aaa@qq.com http]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                  NAMES
44444960d59d        httpd:centos        "/run.sh"           7 seconds ago       Up 6 seconds        0.0.0.0:9999->80/tcp   trusting_chaplygin
42357089c947        httpd               "/bin/bash"         31 minutes ago      Created                                    magical_volhard

2.5.10、测试

三、私有仓库建立
3.1、拉取镜像及修改配置文件（端口号：5000）

[aaa@qq.com http]# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
cbdbe7a5bc2a: Pull complete 
47112e65547d: Pull complete 
46bcb632e506: Pull complete 
c1cc712bcecd: Pull complete 
3db6272dcbfa: Pull complete 
Digest: sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

[aaa@qq.com http]# vim /etc/docker/daemon.json 
{
"insecure-registries": ["20.0.0.10:5000"],       #添加
"registry-mirrors": ["https://lyoy0ey2.mirror.aliyuncs.com"]
}
[aaa@qq.com http]# systemctl restart docker

3.2、创建镜像并查看

[aaa@qq.com http]# docker create -it registry /bin/bash
7a68394d08ff8ac75530ddefa6d963d40f4f146d098dae3baf5fc43146642e38
[aaa@qq.com http]# docker ps -a 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                            PORTS               NAMES
7a68394d08ff        registry            "/entrypoint.sh /bin…"   8 seconds ago       Created                                               tender_jennings
44444960d59d        httpd:centos        "/run.sh"                5 minutes ago       Exited (137) About a minute ago                       trusting_chaplygin
42357089c947        httpd               "/bin/bash"              36 minutes ago      Created                                               magical_volhard
[aaa@qq.com http]# docker start 7a68394d08ff
7a68394d08ff

3.3、宿主机的/data/registry自动创建挂载容器中的/tmp/registry

[aaa@qq.com http]# docker run -d -p 5000:5000 -v /data/registry:/tmp/registry registry
7e3f512d231956e99378b8ebed8501a486c72faea50bacdc1c04423b92fec018
[aaa@qq.com http]# docker tag httpd:centos 20.0.0.10:5000/httpd

3.4、上传并获取

[aaa@qq.com http]# docker push 20.0.0.10:5000/httpd
The push refers to repository [20.0.0.10:5000/httpd]
3da5b071c4f2: Pushed 
057bd52e8a9d: Pushed 
9dcf928dee97: Pushed 
46aa04549d1d: Pushed 
a8cb29dd04d5: Pushed 
174f56854903: Pushed 
latest: digest: sha256:5be48bc3714a095f9d8ae7b5684de3c70d6e1bbb95fa227fcf2005117aae9a87 size: 1574
#获取私有仓库列表
[aaa@qq.com http]# curl -XGET http://20.0.0.10:5000/v2/_catalog
{"repositories":["httpd"]}  #显示上传成功
#删除centos镜像
[aaa@qq.com http]#  docker rmi 20.0.0.10:5000/httpd:latest 
Untagged: 20.0.0.10:5000/httpd:latest
Untagged: 20.0.0.10:5000/aaa@qq.com:5be48bc3714a095f9d8ae7b5684de3c70d6e1bbb95fa227fcf2005117aae9a87
[aaa@qq.com http]# docker pull 20.0.0.10:5000/httpd   #测试私有仓库下载
Using default tag: latest
latest: Pulling from httpd
2d473b07cdd5: Already exists 
c36cd56632d3: Pull complete 
3a8ec7461da9: Pull complete 
020effa52e30: Pull complete 
b717300357b6: Pull complete 
3e68d6e6a411: Pull complete 
Digest: sha256:5be48bc3714a095f9d8ae7b5684de3c70d6e1bbb95fa227fcf2005117aae9a87
Status: Downloaded newer image for 20.0.0.10:5000/httpd:latest
20.0.0.10:5000/httpd:latest

四、Docker数据卷管理
4.1、Docker数据卷
-v 会自动进行创建目录进行挂载（宿主机与容器之间挂载）

4.1.1、宿主机目录/var/www挂载容器中的/data1

[aaa@qq.com http]# docker run -v /var/www:/data1 --name web1 -it centos:7 /bin/bash
[aaa@qq.com7be52105aa0f /]# cd /data1/
[aaa@qq.com7be52105aa0f data1]# echo 'xxy!!!' > test.txt
[aaa@qq.com7be52105aa0f data1]# exit
exit

4.1.2、宿主机查看

[aaa@qq.com http]# cat /var/www/test.txt 
xxy!!!

4.2、数据卷容器
数据卷容器，新容器挂载数据卷容器web100（容器内部挂载）

[aaa@qq.com http]# docker run --name web100 -v /data2 -v /data3 -it centos:7 /bin/bash 
[aaa@qq.com00c4b2f49e9d /]# ls
anaconda-post.log  data2  dev  home  lib64  mnt  proc  run   srv  tmp  var
bin                data3  etc  lib   media  opt  root  sbin  sys  usr

#再开一个主机
[aaa@qq.com ~]# docker run -it --volumes-from web100 --name db1 centos:7 /bin/bash
[aaa@qq.com4edd7c39e0a8 /]# ls
anaconda-post.log  data2  dev  home  lib64  mnt  proc  run   srv  tmp  var
bin                data3  etc  lib   media  opt  root  sbin  sys  usr
[aaa@qq.com4edd7c39e0a8 /]# cd data2
[aaa@qq.com4edd7c39e0a8 data2]# touch xx 
[aaa@qq.com4edd7c39e0a8 data2]# ls
xx
[aaa@qq.com4edd7c39e0a8 data2]# cd /data3
[aaa@qq.com4edd7c39e0a8 data3]# touch yy
[aaa@qq.com4edd7c39e0a8 data3]# ls
yy
[aaa@qq.com00c4b2f49e9d /]# cd /data3
[aaa@qq.com00c4b2f49e9d data3]# ls
yy
[aaa@qq.com00c4b2f49e9d data3]# cd /data2
[aaa@qq.com00c4b2f49e9d data2]# ls
xx

4.3、端口映射

[aaa@qq.com http]# docker run -dit -P nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
852e50cd189d: Already exists 
571d7e852307: Pull complete 
addb10abd9cb: Pull complete 
d20aa7ccdb77: Pull complete 
8b03f1e11359: Pull complete 
Digest: sha256:6b1daa9462046581ac15be20277a7c75476283f969cb3a61c8725ec38d3b01c3
Status: Downloaded newer image for nginx:latest
c4f1be4afb8132e7eec37705a77c45b642688e9bb0ad9e669463359d5b132de1

[aaa@qq.com http]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                        PORTS                    NAMES
c4f1be4afb81        nginx               "/docker-entrypoint.…"   30 seconds ago      Up 29 seconds                 0.0.0.0:32769->80/tcp    unruffled_maxwell

[aaa@qq.com http]# docker run -d -p 1111:80 httpd  #指定端口
3d5aaa7e383534bb76b26625aa830c4c7514e0cd484611636f4d41042d761f3c
[aaa@qq.com http]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                        PORTS                    NAMES
3d5aaa7e3835        httpd               "httpd-foreground"       5 seconds ago        Up 4 seconds                  0.0.0.0:1111->80/tcp     great_dewdney

4.4测试


4.4、容器互联

创建并运行容器取名web11，端口号自动映射
[aaa@qq.com httpd]# docker run -dit -P --name web11 centos:7 /bin/bash
5fa7635068c78b7c0fc331398ae5f4e393001c1f5c5f02072d11f3471f07e341

--name 指定容器名称

创建并运行容器取名web22
[aaa@qq.com httpd]# docker run -dit -P --name web22 --link web11:web11 centos:7 /bin/bash
b413c6cbf148cb7670084e8e31c24993e61f1cc83efb2eee4a1cd38ee1325ed7

--link 关联单向连接

进web22容器ping web11
[aaa@qq.com httpd]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                           PORTS                    NAMES
b413c6cbf148        centos:7            "/bin/bash"              3 minutes ago       Up 3 minutes                                              web22
5fa7635068c7        centos:7            "/bin/bash"              4 minutes ago       Up 4 minutes                                              web11

[aaa@qq.com httpd]# docker exec -it b413c6cbf148 /bin/bash

[aaa@qq.com /]# ping web11
PING web11 (172.17.0.5) 56(84) bytes of data.
64 bytes from web11 (172.17.0.5): icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from web11 (172.17.0.5): icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from web11 (172.17.0.5): icmp_seq=3 ttl=64 time=0.060 ms
--- web11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.058/0.061/0.066/0.007 ms

安装net工具
[aaa@qq.com /]# yum -y install net-tools
[aaa@qq.com /]# ifconfig     #查询网址信息
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.6  netmask 255.255.0.0  broadcast 172.17.255.255     #第一个创建的容器地址是172.17.0.2，以此类推
        ether 02:42:ac:11:00:06  txqueuelen 0  (Ethernet)
        RX packets 7114  bytes 11320444 (10.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3999  bytes 219299 (214.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0