最新內容更新於 Blog
Eric
: 現在對 docker 的基本操作,有一定的了解了。但這樣還不能滿足我們的需求。
吉米
: 是的,必需將我們的軟體轉成 docker image ,這樣才能利用 docker 所提供的服務。
Eric
: 沒錯,我接著來聊聊建立 docker image 的方法,以及 dockerfile 的設定。
Docker 在建立 image 時,是依據 dockerfile
的內容來進行建製的。
dockerfile
就是一個文字檔。記錄使用者在編譯 docker image 時,所有的 命令列 (Command-Line)。
筆者個人認為,dockerfile 最重要的 FORM
、COPY
、RUN
、CMD
正好對應 docker image 從建立到執行的四階段。
FROM
指定 docker image 建立時,使用的底層 (Base Image)。
FROM <image> [AS <name>]
(官方己經棄用,建議使用 MAINTAINER
維護者的相關資訊。LABLE
)
LABLE
The LABEL
instruction adds metadata to an image. A LABEL
is a key-value pair. To include spaces within a LABEL
value, use quotes and backslashes as you would in command-line parsing.
ENV
The ENV
instruction sets the environment variable <key>
to the value <value>
. This value will be in the environment for all subsequent instructions in the build stage and can be replaced inline in many as well.
程式的配置
COPY
複制檔案或資料夾到 container 的檔案系統內。
FROM <image> [AS <name>]
ADD
除了 copy
的功能外,額外支援 URL 的資料來源。
環境的配置
EXPECT
指定 container 在執行時,所開放使用 TCP 或 UDP 的 PORT。若沒有特別指定 TCP/UDP 的話,預設使用 TCP。
但是,EXPECT
實際上並非真的公開端口。它更像是 執行 container 時,與 Image 內部的溝通窗口。
所以,在執行 container 時,要使用公開端口,記得要加上 -p
的參數。
# 網路 port=80 對應到 container port=80
docker run -p 80:80/tcp
VOLUMN
The VOLUME
instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers.
RUN
builds your application with make
.
RUN指令將在當前圖像之上的新圖層中執行任何命令並提交結果。 生成的已提交映像將用於Dockerfile中的下一步。
分層RUN指令和生成提交符合Docker的核心概念,其中提交很便宜,並且可以從圖像歷史中的任何點創建容器,就像源代碼控制一樣。
# 1. shell
RUN <command>
# 2. exec
RUN ["executable", "param1", "param2"]
CMD
specifies what command to run within the container.
The CMD instruction has three forms:
# 1. exec form, this is the preferred form
CMD ["executable","param1","param2"]
# 2. as default parameters to ENTRYPOINT
CMD ["param1","param2"]
# 3. shell form
CMD command param1 param2
ENTRYPOINT
An ENTRYPOINT
allows you to configure a container that will run as an executable.
ENTRYPOINT has two forms:
ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)
ENTRYPOINT command param1 param2 (shell form)
When you run an image and generate a container, you add a new writable layer (the “container layer”) on top of the underlying layers. All changes made to the running container, such as writing new files, modifying existing files, and deleting files, are written to this thin writable container layer.
Before the docker CLI sends the context to the docker daemon, it looks for a file named .dockerignore
in the root directory of the context. If this file exists, the CLI modifies the context to exclude files and directories that match patterns in it. This helps to avoid unnecessarily sending large or sensitive files and directories to the daemon and potentially adding them to images using ADD
or COPY
.
The CLI interprets the .dockerignore
file as a newline-separated list of patterns similar to the file globs of Unix shells. For the purposes of matching, the root of the context is considered to be both the working and the root directory. For example, the patterns /foo/bar
and foo/bar
both exclude a file or directory named bar
in the foo
subdirectory of PATH
or in the root of the git repository located at URL
. Neither excludes anything else.
If a line in .dockerignore
file starts with #
in column 1, then this line is considered as a comment and is ignored before interpreted by the CLI.
# build image
docker build [OPTIONS] PATH | URL
Eric
: dockerfile 會隨著使用環境的複雜程度,而有所變動。好好的使用,就的達到想要的效果
吉米
: 嗯嗯,有點了解,現在我就來試試將手邊的程式作成 docker image 吧。
Eric
: OK!
<< 待續 >>