@JunQiu
2018-11-28T10:54:20.000000Z
字数 5517
阅读 1253
summary_2018/07
docker
## .docekrigore
在docker CLI将上下文发送到docker守护程序之前,它会查找.dockerignore在上下文的根目录中指定的文件。如果此文件存在,CLI将修改上下文以排除与其中的模式匹配的文件和目录。这有助于避免不必要地将大型或敏感文件和目录发送到守护程序.
匹配是使用Go的 filepath.Match规则完成的。
## Example
# Use an official Python runtime as a parent image
FROM python:2.7-slim
# Set the working directory to /app
WORKDIR /app
# Copy the current directory contents into the container at /app
ADD . /app
# Install any needed packages specified in requirements.txt
// requirements.txt python的依赖管理文件,类似于node package.json文件
RUN pip install --trusted-host pypi.python.org -r requirements.txt
# Make port 80 available to the world outside this container
EXPOSE 80/udp
EXPOSE 80/tcp
# Define environment variable
ENV NAME World
# Run app.py when the container launches
CMD ["python", "app.py"]
一些常见的指令,其余见原文
## WORKDIR
The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile(为dockerfile中的这些指令设置工作目录,b不设置在根目录在/)
For example:
WORKDIR /a
WORKDIR b
WORKDIR c
RUN pwd
The output of the final pwd command in this Dockerfile would be /a/b/c.
## FROM
FROM指令初始化新的构建阶段并为后续指令设置基本映像。
指令:
FROM <image> [AS <name>]
FROM <image>[:<tag>] [AS <name>]
FROM <image>[@<digest>] [AS <name>]
ARG:ARG指令定义了一个变量,用户可以docker build使用该--build-arg <varname>=<value> 标志在构建时将该变量传递给构建器。
ARG <name>[=<default value>]
//Docker有一组预定义ARG变量,您可以ARG在Dockerfile中使用相应的指令。
//tag或digest值是可选的。如果省略其中任何一个,则构建器默认采用latest标记。如果找不到tag值,构建器将返回错误
## ENV
The first form, ENV <key> <value>, will set a single variable to a value. The entire string after the first space will be treated as the <value> - including whitespace characters.
The second form, ENV <key>=<value> ..., allows for multiple variables to be set at one time.
Environment variables are notated in the Dockerfile either with $variable_name or ${variable_name}.
Environment variable substitution will use the same value for each variable throughout the entire instruction.
ENV abc=hello
ENV abc=bye def=$abc #def=hello,it is part of the same instruction that set abc to bye.
ENV ghi=$abc # ghi=bye ,it is not part of the same instruction that set abc to bye.
# abc=bye
## RUN:在构建image时运行
RUN has 2 forms:
RUN <command> (shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows)
RUN ["executable", "param1", "param2"] (execform)
//To use a different shell, other than ‘/bin/sh’, use the exec form passing in the desired shell.
For example, RUN ["/bin/bash", "-c", "echo hello"]
Tips:The exec form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).
## CMD:ENTRYPOINT和CMD在容器运行(run、start)时运行。
CMD ["executable","param1","param2"] (exec form, this is the preferred form)
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
CMD command param1 param2 (shell form)
ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)
ENTRYPOINT command param1 param2 (shell form)
## ADD(比COPY强大)
The ADD instruction copies new files, directories or remote file URLs from <src> and adds them to the filesystem of the image at the path <dest>.
ADD [--chown=<user>:<group>] <src>... <dest>
ADD [--chown=<user>:<group>] ["<src>",... "<dest>"]
ADD obeys the following rules:
如果<src>是URL并且<dest>不以尾部斜杠结尾,则从URL下载文件并将其复制到<dest>。
如果<src>是URL并且<dest>以尾部斜杠结尾,则从URL推断文件名并将文件下载到 <dest>/<filename>。
如果<src>是目录,则复制目录的全部内容,包括文件系统元数据。(不复制目录本身,和copy相同)
## COPY
COPY指令从中复制新文件或目录<src>,并将它们添加到路径中容器的文件系统中<dest>。
COPY [--chown=<user>:<group>] <src>... <dest>
COPY [--chown=<user>:<group>] ["<src>",... "<dest>"]
COPY obeys the following rules:
The <src> path must be inside the context of the build; you cannot COPY ../something /something, because the first step of a docker build is to send the context directory (and subdirectories) to the docker daemon.
If <src> is a directory, the entire contents of the directory are copied, including filesystem metadata.
## EXPOSE
The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.
EXPOSE <port> [<port>/<protocol>...]
//To expose on both TCP and UDP, include two lines:
EXPOSE 80/tcp
EXPOSE 80/udp
In this case, if you use -P with docker run, the port will be exposed once for TCP and once for UDP.
//Regardless of the EXPOSE settings, you can override them at runtime by using the -p flag. For example
docker run -p 80:80/tcp -p 80:80/udp ...
Tips:其实expose只有两个作用,一是让使用的镜像的人明白服务监听的端口,第二个在运行时使用随机端口映射,也就是 docker run -P 时,会自动随机映射 EXPOSE 的端口。但是端口一般都是抽离出来以环境变量的方式注入,没有很大的实际意义。
## 我只了解一些常见的字段
Example:
version: "3"
services:
redis:
image: redis:alpine # image:image URL
ports:
- "6379"
networks:
- frontend
deploy: # 指定与部署和运行服务相关的配置。
replicas: 2 # mode(mode: global):Either global (exactly one container per swarm node) or replicated (a specified number of containers). The default is replicated.
update_config:
parallelism: 2
delay: 10s
restart_policy: # 重启策略condition: One of none, on-failure or any (default: any).
condition: on-failure
delay: 5s # 间隔时间 (默认值:0)
max_attempts: 3 # 尝试次数(默认值:永不放弃)
window: 120s # 在决定重启是否成功之前等待多长时间(默认值:立即决定)
db:
image: postgres:9.4
volumes:
- db-data:/var/lib/postgresql/data
networks:
- backend
deploy:
resources: # 资源配置
limits: # cpu和内存限制
cpus: '0.50'
memory: 50M
reservations: # 保留20M了内存和0.25CPU时间(始终可用)
cpus: '0.25'
memory: 20M
placement:
constraints: [node.role == manager]
vote:
image: dockersamples/examplevotingapp_vote:before
ports:
- "5000:80" # 端口映射
networks:
- frontend
depends_on: # 依赖项,比如先启动依赖
- redis
deploy:
replicas: 2
update_config:
parallelism: 2
restart_policy:
condition: on-failure
networks:
frontend:
backend:
volumes:
db-data: