最新內容更新於 Blog

Eric: 現在對 docker 的基本操作，有一定的了解了。但這樣還不能滿足我們的需求。

吉米: 是的，必需將我們的軟體轉成 docker image ，這樣才能利用 docker 所提供的服務。

Eric: 沒錯，我接著來聊聊建立 docker image 的方法，以及 dockerfile 的設定。

1. dockerfile

Docker 在建立 image 時，是依據 dockerfile 的內容來進行建製的。

dockerfile 就是一個文字檔。記錄使用者在編譯 docker image 時，所有的 命令列 (Command-Line)。

筆者個人認為，dockerfile 最重要的 FORM、COPY、RUN、CMD 正好對應 docker image 從建立到執行的四階段。

1.1 初始設定

• FROM 指定 docker image 建立時，使用的底層 (Base Image)。

  FROM <image> [AS <name>]
  

• MAINTAINER 維護者的相關資訊。 (官方己經棄用，建議使用 LABLE)

• LABLE

  The LABEL instruction adds metadata to an image. A LABEL is a key-value pair. To include spaces within a LABEL value, use quotes and backslashes as you would in command-line parsing.

• ENV

  The ENV instruction sets the environment variable <key> to the value <value>. This value will be in the environment for all subsequent instructions in the build stage and can be replaced inline in many as well.

1.2 配置

• 程式的配置

  • COPY 複制檔案或資料夾到 container 的檔案系統內。

    FROM <image> [AS <name>]
    

  • ADD 除了 copy 的功能外，額外支援 URL 的資料來源。

• 環境的配置

  • EXPECT

    指定 container 在執行時，所開放使用 TCP 或 UDP 的 PORT。若沒有特別指定 TCP/UDP 的話，預設使用 TCP。

    但是，EXPECT 實際上並非真的公開端口。它更像是 執行 container 時，與 Image 內部的溝通窗口。

    所以，在執行 container 時，要使用公開端口，記得要加上 -p 的參數。

    # 網路 port=80 對應到 container port=80
    docker run -p 80:80/tcp
    

  • VOLUMN

    The VOLUME instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers.

1.3 建立 image

• RUN builds your application with make.

  RUN指令將在當前圖像之上的新圖層中執行任何命令並提交結果。 生成的已提交映像將用於Dockerfile中的下一步。

  分層RUN指令和生成提交符合Docker的核心概念，其中提交很便宜，並且可以從圖像歷史中的任何點創建容器，就像源代碼控制一樣。

  # 1. shell
  RUN <command> 
  
  # 2. exec
  RUN ["executable", "param1", "param2"]
  

1.4 啟動 container

• CMD specifies what command to run within the container.

  The CMD instruction has three forms:
  
  # 1. exec form, this is the preferred form
  CMD ["executable","param1","param2"] 
  
  # 2. as default parameters to ENTRYPOINT
  CMD ["param1","param2"]
  
  # 3. shell form
  CMD command param1 param2
  

• ENTRYPOINT

  An ENTRYPOINT allows you to configure a container that will run as an executable.

  ENTRYPOINT has two forms:
  
  ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)
  ENTRYPOINT command param1 param2 (shell form)

When you run an image and generate a container, you add a new writable layer (the “container layer”) on top of the underlying layers. All changes made to the running container, such as writing new files, modifying existing files, and deleting files, are written to this thin writable container layer.

2. dockerfile 的建議寫法

2.1 官方建議

3. .dockerignore

Before the docker CLI sends the context to the docker daemon, it looks for a file named .dockerignore in the root directory of the context. If this file exists, the CLI modifies the context to exclude files and directories that match patterns in it. This helps to avoid unnecessarily sending large or sensitive files and directories to the daemon and potentially adding them to images using ADD or COPY.

The CLI interprets the .dockerignore file as a newline-separated list of patterns similar to the file globs of Unix shells. For the purposes of matching, the root of the context is considered to be both the working and the root directory. For example, the patterns /foo/bar and foo/bar both exclude a file or directory named bar in the foo subdirectory of PATH or in the root of the git repository located at URL. Neither excludes anything else.

If a line in .dockerignore file starts with # in column 1, then this line is considered as a comment and is ignored before interpreted by the CLI.

4. docker command

# build image
docker build [OPTIONS] PATH | URL

Eric: dockerfile 會隨著使用環境的複雜程度，而有所變動。好好的使用，就的達到想要的效果

吉米: 嗯嗯，有點了解，現在我就來試試將手邊的程式作成 docker image 吧。

Eric: OK！

<< 待續 >>

延伸閱讀

1. 正確撰寫Dockerfile　製作最好用容器映像檔
2. Docker Document, Dockerfile reference
3. Docker Document, Best practices for writing Dockerfiles
4. peihsinsu, Docker學習筆記