@JunQiu
2018-11-28T02:54:20.000000Z
字数 5517
阅读 1541
summary_2018/07 docker
## .docekrigore在docker CLI将上下文发送到docker守护程序之前,它会查找.dockerignore在上下文的根目录中指定的文件。如果此文件存在,CLI将修改上下文以排除与其中的模式匹配的文件和目录。这有助于避免不必要地将大型或敏感文件和目录发送到守护程序.匹配是使用Go的 filepath.Match规则完成的。## Example# Use an official Python runtime as a parent imageFROM python:2.7-slim# Set the working directory to /appWORKDIR /app# Copy the current directory contents into the container at /appADD . /app# Install any needed packages specified in requirements.txt// requirements.txt python的依赖管理文件,类似于node package.json文件RUN pip install --trusted-host pypi.python.org -r requirements.txt# Make port 80 available to the world outside this containerEXPOSE 80/udpEXPOSE 80/tcp# Define environment variableENV NAME World# Run app.py when the container launchesCMD ["python", "app.py"]一些常见的指令,其余见原文## WORKDIRThe WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile(为dockerfile中的这些指令设置工作目录,b不设置在根目录在/)For example:WORKDIR /aWORKDIR bWORKDIR cRUN pwdThe output of the final pwd command in this Dockerfile would be /a/b/c.## FROMFROM指令初始化新的构建阶段并为后续指令设置基本映像。指令:FROM <image> [AS <name>]FROM <image>[:<tag>] [AS <name>]FROM <image>[@<digest>] [AS <name>]ARG:ARG指令定义了一个变量,用户可以docker build使用该--build-arg <varname>=<value> 标志在构建时将该变量传递给构建器。ARG <name>[=<default value>]//Docker有一组预定义ARG变量,您可以ARG在Dockerfile中使用相应的指令。//tag或digest值是可选的。如果省略其中任何一个,则构建器默认采用latest标记。如果找不到tag值,构建器将返回错误## ENVThe first form, ENV <key> <value>, will set a single variable to a value. The entire string after the first space will be treated as the <value> - including whitespace characters.The second form, ENV <key>=<value> ..., allows for multiple variables to be set at one time.Environment variables are notated in the Dockerfile either with $variable_name or ${variable_name}.Environment variable substitution will use the same value for each variable throughout the entire instruction.ENV abc=helloENV abc=bye def=$abc #def=hello,it is part of the same instruction that set abc to bye.ENV ghi=$abc # ghi=bye ,it is not part of the same instruction that set abc to bye.# abc=bye## RUN:在构建image时运行RUN has 2 forms:RUN <command> (shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows)RUN ["executable", "param1", "param2"] (execform)//To use a different shell, other than ‘/bin/sh’, use the exec form passing in the desired shell.For example, RUN ["/bin/bash", "-c", "echo hello"]Tips:The exec form is parsed as a JSON array, which means that you must use double-quotes (“) around words not single-quotes (‘).## CMD:ENTRYPOINT和CMD在容器运行(run、start)时运行。CMD ["executable","param1","param2"] (exec form, this is the preferred form)CMD ["param1","param2"] (as default parameters to ENTRYPOINT)CMD command param1 param2 (shell form)ENTRYPOINT ["executable", "param1", "param2"] (exec form, preferred)ENTRYPOINT command param1 param2 (shell form)## ADD(比COPY强大)The ADD instruction copies new files, directories or remote file URLs from <src> and adds them to the filesystem of the image at the path <dest>.ADD [--chown=<user>:<group>] <src>... <dest>ADD [--chown=<user>:<group>] ["<src>",... "<dest>"]ADD obeys the following rules:如果<src>是URL并且<dest>不以尾部斜杠结尾,则从URL下载文件并将其复制到<dest>。如果<src>是URL并且<dest>以尾部斜杠结尾,则从URL推断文件名并将文件下载到 <dest>/<filename>。如果<src>是目录,则复制目录的全部内容,包括文件系统元数据。(不复制目录本身,和copy相同)## COPYCOPY指令从中复制新文件或目录<src>,并将它们添加到路径中容器的文件系统中<dest>。COPY [--chown=<user>:<group>] <src>... <dest>COPY [--chown=<user>:<group>] ["<src>",... "<dest>"]COPY obeys the following rules:The <src> path must be inside the context of the build; you cannot COPY ../something /something, because the first step of a docker build is to send the context directory (and subdirectories) to the docker daemon.If <src> is a directory, the entire contents of the directory are copied, including filesystem metadata.## EXPOSEThe EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified.EXPOSE <port> [<port>/<protocol>...]//To expose on both TCP and UDP, include two lines:EXPOSE 80/tcpEXPOSE 80/udpIn this case, if you use -P with docker run, the port will be exposed once for TCP and once for UDP.//Regardless of the EXPOSE settings, you can override them at runtime by using the -p flag. For exampledocker run -p 80:80/tcp -p 80:80/udp ...Tips:其实expose只有两个作用,一是让使用的镜像的人明白服务监听的端口,第二个在运行时使用随机端口映射,也就是 docker run -P 时,会自动随机映射 EXPOSE 的端口。但是端口一般都是抽离出来以环境变量的方式注入,没有很大的实际意义。
## 我只了解一些常见的字段Example:version: "3"services:redis:image: redis:alpine # image:image URLports:- "6379"networks:- frontenddeploy: # 指定与部署和运行服务相关的配置。replicas: 2 # mode(mode: global):Either global (exactly one container per swarm node) or replicated (a specified number of containers). The default is replicated.update_config:parallelism: 2delay: 10srestart_policy: # 重启策略condition: One of none, on-failure or any (default: any).condition: on-failuredelay: 5s # 间隔时间 (默认值:0)max_attempts: 3 # 尝试次数(默认值:永不放弃)window: 120s # 在决定重启是否成功之前等待多长时间(默认值:立即决定)db:image: postgres:9.4volumes:- db-data:/var/lib/postgresql/datanetworks:- backenddeploy:resources: # 资源配置limits: # cpu和内存限制cpus: '0.50'memory: 50Mreservations: # 保留20M了内存和0.25CPU时间(始终可用)cpus: '0.25'memory: 20Mplacement:constraints: [node.role == manager]vote:image: dockersamples/examplevotingapp_vote:beforeports:- "5000:80" # 端口映射networks:- frontenddepends_on: # 依赖项,比如先启动依赖- redisdeploy:replicas: 2update_config:parallelism: 2restart_policy:condition: on-failurenetworks:frontend:backend:volumes:db-data: