dockerfile引用自建dns服务

一、Dockerfile引用自建dns服务

一)指定DNS服务器

1、docker 启动容器dns会读取宿主机的配置
复制代码
]# cat /etc/resolv.conf
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
 
# docker images|grep centos
centos                                                   7                              eeb6ee3f44bd        2 weeks ago         204MB

基于centos7打了一个镜像,dockerfile如下:

复制代码
FROM centos:7
RUN echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`"
RUN echo "`sed 'p' -n /etc/resolv.conf`"
RUN yum install -y wget && yum clean all 
2、尝试使用RUN 直接修改resolv.conf文件失败,因为在容器启动时的操作,会被docker run指定的参数覆盖

这里指定了dns配置,然后再下面打印了一下,效果如下:

复制代码
# docker build -t test:dns .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : RUN echo "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in f3ec71d93b5f
search test.com
nameserver 8.8.8.8
Removing intermediate container f3ec71d93b5f
---> c2a5a9f9985f
Step 3/4 : RUN echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in 08d22ef982d6
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
Removing intermediate container 08d22ef982d6
---> 9c01241bad24
Step 4/4 : RUN yum install -y wget
---> Running in e831037cf89b
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.bupt.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed
--> Finished Dependency Resolution
 
 
Dependencies Resolved
 
 
================================================================================
Package        Arch             Version                   Repository      Size
================================================================================
Installing:
wget           x86_64           1.14-18.el7_6.1           base           547 k
 
 
Transaction Summary
================================================================================
Install  1 Package
 
 
Total download size: 547 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7_6.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for wget-1.14-18.el7_6.1.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package    : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wget-1.14-18.el7_6.1.x86_64                                  1/1
install-info: No such file or directory for /usr/share/info/wget.info.gz
  Verifying  : wget-1.14-18.el7_6.1.x86_64                                  1/1
 
 
Installed:
  wget.x86_64 0:1.14-18.el7_6.1                                                 
 
 
Complete!
Removing intermediate container e831037cf89b
---> 747d8f4768dd
Successfully built 747d8f4768dd
Successfully tagged test:dns
 
 
# docker run --rm -it --name testdns test:dns /bin/sh -c "cat /etc/resolv.conf"
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114

从这可以看到,在第二步设置dns,第三步打印出的结果还是读取的宿主机的配置。

**  这里分析了一下原因:由于以Dockerfile的形式构建镜像,其中每一个指令都是一层,它的过程是基于基础镜像运行一个容器,然后按指令执行,第一个指令完毕后,commit为一个新的镜像层,docker再运行一个基于新镜像的容器,执行下一步指令,直到结束。这样的好处是,假如共有四个指令,第三个失败了,那么可以基于第二个指令生成的镜像继续操作,不需要再从头操作一遍,节省资源。**

**  那么,由此可见,我在第二步设置完,docker提交一个镜像,docker接下来运行这个镜像的时候,会读取宿主机配置,所以我的设置也就不生效了。使用docker commit构建镜像也是一样的效果。**

**  如果想让它生效,需要在启动命令里指定。**

3、使用ENTRYPOINT在容器启动时的操作,而且不会被docker run指定的参数覆盖。
复制代码
]# cat Dockerfile
FROM centos:7
ENTRYPOINT echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`" && tail -f /dev/null
RUN echo "`sed 'p' -n /etc/resolv.conf`"
RUN yum install -y wget && yum clean all
 
 
使用entrypoint指令,这个指令的作用是在容器启动时的操作,而且不会被docker run指定的参数覆盖。(当然也可以覆盖,在启动的时候docker run --entrypoint=
可以这样指定临时的启动命令来覆盖dockerfile里的entrypoint)
# docker build -t test:dns .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM centos:7
---> eeb6ee3f44bd
Step 2/4 : ENTRYPOINT echo -e "search test.com\nnameserver 8.8.8.8">/etc/resolv.conf && echo "`sed 'p' -n /etc/resolv.conf`" && tail -f /dev/null
---> Running in 361ec0e4cf3b
Removing intermediate container 361ec0e4cf3b
---> e062358b2b4d
Step 3/4 : RUN echo "`sed 'p' -n /etc/resolv.conf`"
---> Running in 1272cc8f69cb
# Generated by NetworkManager
search test.com
nameserver 114.114.114.114
Removing intermediate container 1272cc8f69cb
---> 08b7026e183e
Step 4/4 : RUN yum install -y wget
---> Running in 5346d673e0b7
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
* base: mirrors.tuna.tsinghua.edu.cn
* extras: mirrors.bfsu.edu.cn
* updates: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be installed
--> Finished Dependency Resolution
 
 
Dependencies Resolved
 
 
================================================================================
Package        Arch             Version                   Repository      Size
================================================================================
Installing:
wget           x86_64           1.14-18.el7_6.1           base           547 k
 
 
Transaction Summary
================================================================================
Install  1 Package
 
 
Total download size: 547 k
Installed size: 2.0 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-18.el7_6.1.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for wget-1.14-18.el7_6.1.x86_64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package    : centos-release-7-9.2009.0.el7.centos.x86_64 (@CentOS)
From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wget-1.14-18.el7_6.1.x86_64                                  1/1
install-info: No such file or directory for /usr/share/info/wget.info.gz
  Verifying  : wget-1.14-18.el7_6.1.x86_64                                  1/1
 
 
Installed:
  wget.x86_64 0:1.14-18.el7_6.1                                                 
 
 
Complete!
Removing intermediate container 5346d673e0b7
---> e8c04c88aed2
Successfully built e8c04c88aed2
Successfully tagged test:dns
 
 
 
# docker run --rm -it --name testdns test:dns /bin/sh -c "cat /etc/resolv.conf"
search test.com
nameserver 8.8.8.8

可以看到,使用entrypoint之后,这个指定的配置便生效了。

相关推荐
陌北v14 分钟前
Docker Compose 配置指南
运维·docker·容器·docker-compose
catoop33 分钟前
K8s 无头服务(Headless Service)
云原生·容器·kubernetes
阿里嘎多学长1 小时前
docker怎么部署高斯数据库
运维·数据库·docker·容器
明 庭1 小时前
Ubuntu下通过Docker部署Caddy服务器
服务器·ubuntu·docker
G_whang2 小时前
windos 安装docker
运维·docker·容器
Mitch3113 小时前
【漏洞复现】CVE-2021-45788 SQL Injection
sql·web安全·docker·prometheus·metersphere
运维小文3 小时前
K8S中的PV、PVC介绍和使用
docker·云原生·容器·kubernetes·存储
CYX_cheng3 小时前
Docker挂载
docker
ζั͡山 ั͡有扶苏 ั͡✾3 小时前
Kubeadm+Containerd部署k8s(v1.28.2)集群(非高可用版)
云原生·容器·kubernetes
Hadoop_Liang3 小时前
Kubernetes ConfigMap的创建与使用
云原生·容器·kubernetes