目录
[2、Docker Hub](#2、Docker Hub)
[3、搭建简单的Docker register](#3、搭建简单的Docker register)
一、Docker镜像构建
下文内容镜像构建接着上文链接使用,详情可点击(内容包含docker的环境配置与搭建)
1、镜像获取方式
- 基本镜像通常由软件官方提供
- 企业镜像可以用官方镜像+Dockerfile来生成
- 系统关于镜像的获取动作有两种:
- docker pull 镜像地址
- docker load --i 本地镜像包
2、熟悉镜像构建时用到的参数
(1)FROM与COPY
FROM 指定base镜像
COPY 复制文件
cpp
# 建立构建目录
[root@docker-node1 ~]# mkdir docker
[root@docker-node1 ~]# cd docker/
[root@docker-node1 docker]# ls
# 编写构建规则文件
[root@docker-node1 docker]# vim Dockerfile
# FROM
FROM busybox:latest
# COPY
[root@docker-node1 docker]# echo timinglee > timinglee
[root@docker-node1 docker]# cat timinglee
timinglee
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
COPY timinglee /root
# 构建命令(-t:构建新的镜像命令)
[root@docker-node1 docker]# docker build -t timinglee:v1 .
[+] Building 0.5s (7/7) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 79B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 46B 0.0s
=> [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> [2/2] COPY timinglee /root 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:1f4d2ac352cfc4239979647c3697b09ef9621db1a49 0.0s
=> => exporting config sha256:de9a8d9edf654ce48b39a189610fed3faef7715b9cfaa 0.0s
=> => exporting attestation manifest sha256:2dcae331e8897a263b27b0c49707fd1 0.0s
=> => exporting manifest list sha256:415f1aa81cf1f1cdacb90d1885feeaf291ae10 0.0s
=> => naming to docker.io/library/timinglee:v1 0.0s
=> => unpacking to docker.io/library/timinglee:v1 0.0s
# 查看我们建立的镜像
[root@docker-node1 docker]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox-file:latest 174a4462dea4 6.71MB 2.21MB
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
nginx:1.26 41b194461e4b 279MB 75.2MB
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB U
timinglee:v1 415f1aa81cf1 6.71MB 2.21MB(2)LABEL
LABEL核心是为镜像 / 容器添加结构化元数据,用于标识、筛选、标准化
cpp
# LABEL KEY=VALUES
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
COPY timinglee /root
# 构建
[root@docker-node1 docker]# docker build -t lee:v1 .
[+] Building 0.4s (7/7) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 97B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 30B 0.0s
=> [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> CACHED [2/2] COPY timinglee /root 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => exporting manifest sha256:968df861d2c76deda1926b11f5eac1cdeed45d3d866 0.0s
=> => exporting config sha256:2b24456cab273d513cfab233d80c74492a227e0d3c40c 0.0s
=> => exporting attestation manifest sha256:c28fd0399efee5ac58536f614388480 0.0s
=> => exporting manifest list sha256:65799476aac57c6aa7d730f59e12f9215631f4 0.0s
=> => naming to docker.io/library/lee:v1 0.0s
=> => unpacking to docker.io/library/lee:v1 0.0s
# 查看
[root@docker-node1 docker]# docker history lee:v1
IMAGE CREATED CREATED BY SIZE COMMENT
65799476aac5 17 minutes ago COPY timinglee /root # buildkit 4.1kB buildkit.dockerfile.v0
<missing> 17 minutes ago LABEL Creater=lee 0B buildkit.dockerfile.v0
<missing> 17 months ago BusyBox 1.37.0 (glibc), Debian 13 4.49MB(3)ADD
功能和copy相似,指定压缩文件或url
bash
# ADD
[root@docker-node1 docker]# echo lee > lee
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
COPY timinglee /root
ADD lee /root
# 构建镜像,一定不要忘记加点
[root@docker-node1 docker]# docker build -t lee:v2 .
[+] Building 0.4s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 110B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/3] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 62B 0.0s
=> CACHED [2/3] COPY timinglee /root 0.0s
=> [3/3] ADD lee /root 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:75166224f7e442612f0aaf50de24816a021eee107f6 0.0s
=> => exporting config sha256:a75cbfd5743e3a3f1c5e6faed895d360f4f21ba00d6f4 0.0s
=> => exporting attestation manifest sha256:553fc06ea6da07b20458c389f882685 0.0s
=> => exporting manifest list sha256:3e2a1d68934b3ca279c8061bd478f10610f5ff 0.0s
=> => naming to docker.io/library/lee:v2 0.0s
=> => unpacking to docker.io/library/lee:v2 0.0s
[root@docker-node1 docker]# docker run -it --name test --rm lee:v2
/ # cat /root/*
lee
timinglee
/ # exit
# ADD可以解压缩,COPY不能
[root@docker-node1 docker]# tar zcf bin.tar.gz /bin
tar: 从成员名中删除开头的"/"
[root@docker-node1 docker]# ls
bin.tar.gz Dockerfile lee timinglee
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
COPY bin.tar.gz /root
ADD bin.tar.gz /mnt
# 再准备一个
[root@docker-node1 docker]# docker build -t lee:v3 .
[+] Building 0.1s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 118B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/3] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 147B 0.0s
=> [2/3] COPY bin.tar.gz /root 0.0s
=> [3/3] ADD bin.tar.gz /root 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:36baba4bf86f19cd5eae8a7f27a10837d6fa4309bf0 0.0s
=> => exporting config sha256:1d3659fd0579fa3352d6c6e10f320ac76dbe39adc498a 0.0s
=> => exporting attestation manifest sha256:028a07b279711232a71ed1d2c1e0f0b 0.0s
=> => exporting manifest list sha256:a01a3b3d949438f26db8bbce0c1d3095279f3e 0.0s
=> => naming to docker.io/library/lee:v3 0.0s
=> => unpacking to docker.io/library/lee:v3 0.0s
# 只有root下有bin,但是mnt下没有
[root@docker-node1 docker]# docker run -it --name test --rm lee:v3
/ # ls
bin etc lib proc sys usr
dev home lib64 root tmp var
/ # ls /root/
bin.tar.gz
/ # ls /mnt
bin(4)ENV
ENV:指定环境变量
cpp
# ENV
# 构建时,加[]最好,第一空指定shell,-c表示在这个shell启动"touch /root/$NAME"
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
ENV NAME=timinglee
RUN ["/bin/sh","-c", "touch /root/$NAME" ]
[root@docker-node1 docker]# docker build -t lee:v4 .
[+] Building 0.8s (6/6) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 137B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> [2/2] RUN ["/bin/sh","-c", "touch /root/timinglee" ] 0.4s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:90f0160ac5c8b76f96f648e833c7ee7f1a7fb1e6f7f 0.0s
=> => exporting config sha256:38868460e4ce3ab8489cbe01843b2e635b6bbeadd3c0e 0.0s
=> => exporting attestation manifest sha256:6dcfa7d98f7e136ec6a7c260788bfbf 0.0s
=> => exporting manifest list sha256:04116c28de0213cf25a2c630348d63429f0d73 0.0s
=> => naming to docker.io/library/lee:v4 0.0s
=> => unpacking to docker.io/library/lee:v4 0.0s
[root@docker-node1 docker]# docker run -it --name test --rm lee:v4
/ # ls /root
timinglee(5)EXPOSE
EXPOSE:端口暴露
cpp
# EXPOSE:端口暴露
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
ENV NAME=timinglee
EXPOSE 8080
RUN ["/bin/sh","-c", "touch /root/$NAME" ]
# 构建
[root@docker-node1 docker]# docker build -t lee:v5 .
[+] Building 0.4s (6/6) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 149B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> CACHED [2/2] RUN ["/bin/sh","-c", "touch /root/timinglee" ] 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => exporting manifest sha256:9c318385c162ecec0541924d05dcb1af2b120af5d2b 0.0s
=> => exporting config sha256:b9ce6b0eb4ef3d1ef26408a84e7893aafb1eb569511fe 0.0s
=> => exporting attestation manifest sha256:437813d4dbf952f504c1a4f22db6a59 0.0s
=> => exporting manifest list sha256:8019dce3082c1b9c01def8844ea22318c4a0f3 0.0s
=> => naming to docker.io/library/lee:v5 0.0s
=> => unpacking to docker.io/library/lee:v5 0.0s
# 这里就可以查看到端口8080
[root@docker-node1 docker]# docker history lee:v5
IMAGE CREATED CREATED BY SIZE COMMENT
8019dce3082c 3 minutes ago RUN /bin/sh -c touch /root/$NAME # buildkit 0B buildkit.dockerfile.v0
<missing> 3 minutes ago EXPOSE [8080/tcp] 0B buildkit.dockerfile.v0
<missing> 3 minutes ago ENV NAME=timinglee 0B buildkit.dockerfile.v0
<missing> 3 minutes ago LABEL Creater=lee 0B buildkit.dockerfile.v0
<missing> 17 months ago BusyBox 1.37.0 (glibc), Debian 13 4.49MB(6)VOLUEM
VOLUEM:申明数据卷,通常指数据挂载点
cpp
# VOLUEM
# 首先我们先检测一下是否有挂载点(是否有mount,这里是没有的)
[root@docker-node1 docker]# docker inspect lee:v5
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
ENV NAME=timinglee
EXPOSE 8080
VOLUME "/mnt"
RUN ["/bin/sh","-c", "touch /root/$NAME" ]
# 构建
[root@docker-node1 docker]# docker build -t lee:v6 .
[+] Building 0.4s (6/6) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 163B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/2] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> CACHED [2/2] RUN ["/bin/sh","-c", "touch /root/timinglee" ] 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => exporting manifest sha256:5c632f08e795e339f9ef4259b89048d418c7205c2ad 0.0s
=> => exporting config sha256:851c84bc2afcadd66de32eb35d5485f9c0f17c037ab7b 0.0s
=> => exporting attestation manifest sha256:cc3e3397414d1104e9069aac762aa32 0.0s
=> => exporting manifest list sha256:e4b4a22952a7a900d76abeace35978ff6681d2 0.0s
=> => naming to docker.io/library/lee:v6 0.0s
=> => unpacking to docker.io/library/lee:v6 0.0s
# 一定要先运行,否则是查看不到挂载的
[root@docker-node1 docker]# docker run -it --name test --rm lee:v6
/ #
# 之后另开一台查看挂载,命令(查看容器详情)
[root@docker-node1 ~]# docker inspect test
"Mounts": [
{
"Type": "volume",
"Name": "8d3d80e8165c84adfa89fe55988cab64942c8ba07f715453bfbb4b7cc386ff05",
"Source": "/var/lib/docker/volumes/8d3d80e8165c84adfa89fe55988cab64942c8ba07f715453bfbb4b7cc386ff05/_data",
"Destination": "/mnt",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
# 之后我们找到mount下的Source,cd到里面去
[root@docker-node1 ~]# cd /var/lib/docker/volumes/8d3d80e8165c84adfa89fe55988cab64942c8ba07f715453bfbb4b7cc386ff05/_data
# 此时我们回到原先的主机中,里面的/mnt还是空的
[root@docker-node1 docker]# docker run -it --name test --rm lee:v6
/ # ls /mnt
# 之后到我们cd进去的目录进行操作
[root@docker-node1 _data]# touch lee{1..5}
# 之后去运行lee:v6的主机里就可以直接查看到
[root@docker-node1 docker]# docker run -it --name test --rm lee:v6
/ # ls /mnt
lee1 lee2 lee3 lee4 lee5(7)WORKDIR
WORKDIR:切换路径
cpp
# WORKDIR
[root@docker-node1 docker]# vim Dockerfile
FROM busybox:latest
LABEL Creater=lee
ENV NAME=timinglee
EXPOSE 8080
VOLUME "/mnt"
RUN ["/bin/sh","-c", "touch /root/$NAME" ]
WORKDIR "/mnt"
ENTRYPOINT ["/bin/sh","-c","echo $NAME"]
# 构建
[root@docker-node1 docker]# docker build -t lee:v7 .
[+] Building 0.4s (7/7) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 180B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/3] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> CACHED [2/3] RUN ["/bin/sh","-c", "touch /root/timinglee" ] 0.0s
=> [3/3] WORKDIR /mnt 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:322952c1516d20642064b3d1207c856fd4d2698ff90 0.0s
=> => exporting config sha256:00f9c5fc10026bbe7203a0c99b1b7660aa24c521cc1a6 0.0s
=> => exporting attestation manifest sha256:0cd46433bd9727249d5eb2476e414a2 0.0s
=> => exporting manifest list sha256:de8df3197b4f9d96bf0be375cd22f2be1a426b 0.0s
=> => naming to docker.io/library/lee:v7 0.0s
=> => unpacking to docker.io/library/lee:v7 0.0s
# 运行容器,此时直接进去的就是/mnt
[root@docker-node1 docker]# docker run -it --name test --rm lee:v7
/mnt #(8)CMD
CMD:在启动容器时自动运行动作可以被覆盖
cpp
# CMD:容器运行时用到的指令
# ENV CMD
[root@docker-node1 docker]# vim Dockerfile
FROM busybox
MAINTAINER lee@timinglee.org
ENV NAME lee
#CMD echo $NAME
#CMD ["/bin/echo", "$NAME"]
CMD ["/bin/sh", "-c", "/bin/echo $NAME"]
[root@docker-node1 docker]# docker build -t lee:v8 .
[+] Building 0.4s (5/5) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 179B 0.0s
=> WARN: MaintainerDeprecated: Maintainer instruction is deprecated in favo 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/1] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => exporting manifest sha256:c44ca83f53da17cb5f0fd65a1f5efec3d2eba721769 0.0s
=> => exporting config sha256:7f9c040d6903f7a33f430c70429dc493a1c00d94fd338 0.0s
=> => exporting attestation manifest sha256:49654adbf17d1586d4cc6d0ae6ffbcf 0.0s
=> => exporting manifest list sha256:2bb431d6cc4113484ba915901ca5d0f55eea2c 0.0s
=> => naming to docker.io/library/lee:v8 0.0s
=> => unpacking to docker.io/library/lee:v8 0.0s
2 warnings found (use docker --debug to expand):
- MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 2)
- LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 3)
# 运行
[root@docker-node1 docker]# docker run -it --name test --rm lee:v8
lee
# CMD是会被覆盖掉的,直接显示我们自己输入的haha
[root@docker-node1 docker]# docker run -it --name test --rm lee:v8 echo haha
haha(9)ENTRYPOINT
ENTRYPOINT:和CMD功能和用法类似,但动作不会被覆盖带
cpp
# ENTRYPOINT:和CMD功能和用法类似,但动作不会被覆盖带
FROM busybox
MAINTAINER lee@timinglee.org
ENV NAME lee
ENTRYPOINT echo $NAME
[root@docker-node1 docker]# docker build -t lee:v9 .
[+] Building 0.1s (7/7) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 221B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/3] FROM docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> => resolve docker.io/library/busybox:latest@sha256:b3255e7dfbcd10cb367af 0.0s
=> CACHED [2/3] RUN ["/bin/sh","-c", "touch /root/timinglee" ] 0.0s
=> CACHED [3/3] WORKDIR /mnt 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => exporting manifest sha256:c3292c6bb45f2c634d1ccf3437fa0a1ba3c1e2d315a 0.0s
=> => exporting config sha256:da56565f51db2fe6287af2a85d9792161e140c6b7ffb3 0.0s
=> => exporting attestation manifest sha256:cd6e00ac5257e33d5060d00fa88f149 0.0s
=> => exporting manifest list sha256:475659bbdf084874ed4d0c3b2e14cd3f1c7cfe 0.0s
=> => naming to docker.io/library/lee:v9 0.0s
=> => unpacking to docker.io/library/lee:v9 0.0s
[root@docker-node1 docker]# docker run -it --name test --rm lee:v9
timinglee
# 这个是不会被覆盖掉
[root@docker-node1 docker]# docker run -it --name test --rm lee:v9 echo haha
timinglee3、构建centos可用仓库
cpp
[root@docker-node1 docker]# docker search centos
[root@docker-node1 docker]# docker pull centos:7
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Status: Downloaded newer image for centos:7
docker.io/library/centos:7
# 之后我们清空环境
[root@docker-node1 docker]# docker images | awk '/\<lee\>/{system("docker rmi "$1)}'
WARNING: This output is designed for human readability. For machine-readable output, please use --format.
Untagged: lee:v1
Deleted: sha256:65799476aac57c6aa7d730f59e12f9215631f4743efccf3ca3e0e615fb8c573d
Untagged: lee:v2
Deleted: sha256:3e2a1d68934b3ca279c8061bd478f10610f5fffce2215d136d8d183a46cec51a
Untagged: lee:v3
Deleted: sha256:a01a3b3d949438f26db8bbce0c1d3095279f3ecc0dbbf981456513fe8483af15
Untagged: lee:v4
Deleted: sha256:04116c28de0213cf25a2c630348d63429f0d73bcc34d1d006633ccaa80a5bb85
Untagged: lee:v5
Deleted: sha256:8019dce3082c1b9c01def8844ea22318c4a0f3de8a10efae43097d224c822d2d
Untagged: lee:v6
Deleted: sha256:e4b4a22952a7a900d76abeace35978ff6681d28a972fc4c02645f8e7ef75d47b
Untagged: lee:v7
Deleted: sha256:de8df3197b4f9d96bf0be375cd22f2be1a426b0db13c51e6ad10d972bb0beda7
Untagged: lee:v8
Deleted: sha256:2bb431d6cc4113484ba915901ca5d0f55eea2cda1709aaa50d6118068afe4a1a
Untagged: lee:v9
Deleted: sha256:475659bbdf084874ed4d0c3b2e14cd3f1c7cfea6e1ec4a4b84ab57aeb5aa37b5
# 构建镜像
[root@docker-node1 docker]# vim centos7.repo
[centos7]
name = centos7
baseurl = https://mirrors.aliyun.com/centos-vault/7.9.2009/os/x86_64/
gpgcheck = 0
[root@docker-node1 docker]# vim Dockerfile
FROM centos:7
LABEL Creater=lee
RUN ["/bin/bash","-c","rm -rf /etc/yum.repos.d/*"]
COPY centos7.repo /etc/yum.repos.d/centos7.repo
# build镜像
[root@docker-node1 docker]# docker build -t centos-7:repo .
[+] Building 0.6s (8/8) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 170B 0.0s
=> [internal] load metadata for docker.io/library/centos:7 0.4s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/3] FROM docker.io/library/centos:7@sha256:be65f488b7764ad3638f236b7b5 0.0s
=> => resolve docker.io/library/centos:7@sha256:be65f488b7764ad3638f236b7b5 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 33B 0.0s
=> CACHED [2/3] RUN ["/bin/bash","-c","rm -rf /etc/yum.repos.d/*"] 0.0s
=> [3/3] COPY centos7.repo /etc/yum.repos.d/centos7.repo 0.0s
=> exporting to image 0.1s
=> => exporting layers 0.0s
=> => exporting manifest sha256:b7cfb6ff4fc3418d268d81a3139c4952d15d3d6bd14 0.0s
=> => exporting config sha256:5c1439724753aaecf82517d6c2cba2c54aba578578fba 0.0s
=> => exporting attestation manifest sha256:73f978a4209b1e7cd0eb64daa0cc68b 0.0s
=> => exporting manifest list sha256:2b5c5f37e9743dcddbbe411b10d80fad976956 0.0s
=> => naming to docker.io/library/centos-7:repo 0.0s
=> => unpacking to docker.io/library/centos-7:repo 0.0s
# 运行查看镜像,下面就是成功的,如果出现其他镜像就是失败,无法执行yum install,会显示not found
[root@docker-node1 docker]# docker run -it --name centos centos-7:repo /bin/bash
[root@388ecdfec26b /]# ls /etc/yum.repos.d/
centos7.repo
# 查看Centos
[root@388ecdfec26b /]# cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
# 进行安装(yum install,就会成功)
[root@388ecdfec26b /]# yum install -y gcc
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
centos7 | 3.6 kB 00:00:00
(1/2): centos7/group_gz | 153 kB 00:00:00
(2/2): centos7/primary_db | 6.1 MB 00:00:01
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-44.el7 will be installed
--> Processing Dependency: libgomp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: cpp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-44.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-317.el7 will be installed
--> Processing Dependency: glibc-headers = 2.17-317.el7 for package: glibc-devel-2.17-317.el7.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-317.el7.x86_64
---> Package libgomp.x86_64 0:4.8.5-44.el7 will be installed
---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed
---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed
--> Running transaction check
---> Package glibc-headers.x86_64 0:2.17-317.el7 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-317.el7.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-317.el7.x86_64
--> Running transaction check
---> Package kernel-headers.x86_64 0:3.10.0-1160.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================
Package Arch Version Repository Size
===================================================================================
Installing:
gcc x86_64 4.8.5-44.el7 centos7 16 M
Installing for dependencies:
cpp x86_64 4.8.5-44.el7 centos7 5.9 M
glibc-devel x86_64 2.17-317.el7 centos7 1.1 M
glibc-headers x86_64 2.17-317.el7 centos7 690 k
kernel-headers x86_64 3.10.0-1160.el7 centos7 9.0 M
libgomp x86_64 4.8.5-44.el7 centos7 159 k
libmpc x86_64 1.0.1-3.el7 centos7 51 k
mpfr x86_64 3.1.1-4.el7 centos7 203 k
Transaction Summary
===================================================================================
Install 1 Package (+7 Dependent packages)
Total download size: 33 M
Installed size: 60 M
Downloading packages:
(1/8): cpp-4.8.5-44.el7.x86_64.rpm | 5.9 MB 00:00:02
(2/8): glibc-devel-2.17-317.el7.x86_64.rpm | 1.1 MB 00:00:00
(3/8): glibc-headers-2.17-317.el7.x86_64.rpm | 690 kB 00:00:00
(4/8): gcc-4.8.5-44.el7.x86_64.rpm | 16 MB 00:00:03
(5/8): libgomp-4.8.5-44.el7.x86_64.rpm | 159 kB 00:00:00
(6/8): libmpc-1.0.1-3.el7.x86_64.rpm | 51 kB 00:00:00
(7/8): mpfr-3.1.1-4.el7.x86_64.rpm | 203 kB 00:00:00
(8/8): kernel-headers-3.10.0-1160.el7.x86_64.rpm | 9.0 MB 00:00:01
-----------------------------------------------------------------------------------
Total 8.5 MB/s | 33 MB 00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : mpfr-3.1.1-4.el7.x86_64 1/8
Installing : libmpc-1.0.1-3.el7.x86_64 2/8
Installing : cpp-4.8.5-44.el7.x86_64 3/8
Installing : libgomp-4.8.5-44.el7.x86_64 4/8
Installing : kernel-headers-3.10.0-1160.el7.x86_64 5/8
Installing : glibc-headers-2.17-317.el7.x86_64 6/8
Installing : glibc-devel-2.17-317.el7.x86_64 7/8
Installing : gcc-4.8.5-44.el7.x86_64 8/8
Verifying : kernel-headers-3.10.0-1160.el7.x86_64 1/8
Verifying : mpfr-3.1.1-4.el7.x86_64 2/8
Verifying : glibc-headers-2.17-317.el7.x86_64 3/8
Verifying : cpp-4.8.5-44.el7.x86_64 4/8
Verifying : glibc-devel-2.17-317.el7.x86_64 5/8
Verifying : gcc-4.8.5-44.el7.x86_64 6/8
Verifying : libmpc-1.0.1-3.el7.x86_64 7/8
Verifying : libgomp-4.8.5-44.el7.x86_64 8/8
Installed:
gcc.x86_64 0:4.8.5-44.el7
Dependency Installed:
cpp.x86_64 0:4.8.5-44.el7 glibc-devel.x86_64 0:2.17-317.el7
glibc-headers.x86_64 0:2.17-317.el7 kernel-headers.x86_64 0:3.10.0-1160.el7
libgomp.x86_64 0:4.8.5-44.el7 libmpc.x86_64 0:1.0.1-3.el7
mpfr.x86_64 0:3.1.1-4.el7
Complete!二、镜像优化
- 选择最精简的基础镜像
- 减少镜像的层数
- 清理镜像构建的中间产物
1、缩减镜像层
cpp
# 一开始的会有很多软件包残留
# 我们可以在官网下载一个版本的镜像
[root@docker-node1 docker]# ls
nginx-1.26.3.tar.gz
[root@docker-node1 docker]# vim Dockerfile
FROM centos-7:repo
LABEL Creater=lee
ADD nginx-1.26.3.tar.gz /root
RUN yum install gcc make pcre-devel openssl-devel -y
WORKDIR /root/nginx-1.26.3
RUN ./configure --with-http_ssl_module --with-http_stub_status_module
RUN make
RUN make install
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
# 构建webserver-v1查看一下
[root@docker-node1 docker]# docker build -t webserver:v1 .
[+] Building 32.0s (12/12) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 382B 0.0s
=> [internal] load metadata for docker.io/library/centos-7:repo 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 1.26MB 0.0s
=> [1/7] FROM docker.io/library/centos-7:repo@sha256:2b5c5f37e9743dcddbbe4 0.0s
=> => resolve docker.io/library/centos-7:repo@sha256:2b5c5f37e9743dcddbbe4 0.0s
=> [2/7] ADD nginx-1.26.3.tar.gz /root 0.2s
=> [3/7] RUN yum install gcc make pcre-devel openssl-devel -y 11.0s
=> [4/7] WORKDIR /root/nginx-1.26.3 0.0s
=> [5/7] RUN ./configure --with-http_ssl_module --with-http_stub_status_mo 3.3s
=> [6/7] RUN make 13.0s
=> [7/7] RUN make install 0.2s
=> exporting to image 4.2s
=> => exporting layers 3.3s
=> => exporting manifest sha256:8f2a3f837f0992ef64d0371d7b1df44438a7036dbe 0.0s
=> => exporting config sha256:5b1b496f44a2b09084f2f3899b4d9f1e709367995c05 0.0s
=> => exporting attestation manifest sha256:875989c059d7e40e4db4e457e4ee4b 0.0s
=> => exporting manifest list sha256:aa1a2503259b9c39255e98caf36ef15dba4da 0.0s
=> => naming to docker.io/library/webserver:v1 0.0s
=> => unpacking to docker.io/library/webserver:v1 0.8s
# 此时这里的webserver1有508MB,非常的大,所以我们需要进行以下优化
[root@docker-node1 docker]# docker images webserver
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
webserver:v1 aa1a2503259b 508MB 132MB
# 优化后的
[root@docker-node1 docker]# vim Dockerfile
FROM centos-7:repo
LABEL Creater=lee
ADD nginx-1.26.3.tar.gz /root
WORKDIR /root/nginx-1.26.3
RUN yum install -y gcc make pcre-devel openssl-devel -y && ./configure --with-http_ssl_module --with-http_stub_status_module && make && make install && rm -rf /root/nginx-1.26.3 && yum clean all
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
# 构建并查看
[root@docker-node1 docker]# docker build -t webserver:v2 .
[+] Building 28.4s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 428B 0.0s
=> [internal] load metadata for docker.io/library/centos-7:repo 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 42B 0.0s
=> [1/4] FROM docker.io/library/centos-7:repo@sha256:2b5c5f37e9743dcddbbe4 0.0s
=> => resolve docker.io/library/centos-7:repo@sha256:2b5c5f37e9743dcddbbe4 0.0s
=> CACHED [2/4] ADD nginx-1.26.3.tar.gz /root 0.0s
=> [3/4] WORKDIR /root/nginx-1.26.3 0.0s
=> [4/4] RUN yum install -y gcc make pcre-devel openssl-devel -y && ./con 25.2s
=> exporting to image 2.8s
=> => exporting layers 2.3s
=> => exporting manifest sha256:f4647e77b55b982a36eb91b76331e33472fff1c60b 0.0s
=> => exporting config sha256:e8fa9e9b03cba34a5eaee75ae39bd33bd7eb61ff341d 0.0s
=> => exporting attestation manifest sha256:bed5dc52a3f6ba382b1696ad498152 0.0s
=> => exporting manifest list sha256:0606178af7461c4572381565eaa60a8892861 0.0s
=> => naming to docker.io/library/webserver:v2 0.0s
=> => unpacking to docker.io/library/webserver:v2 0.4s
# 这里可以明显的看到缩减镜像层的只有426MB,明显优化了镜像
[root@docker-node1 docker]# docker images webserver
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
webserver:v1 aa1a2503259b 508MB 132MB
webserver:v2 0606178af746 426MB 109MB
2、多阶段构建
cpp
[root@docker-node1 docker]# vim Dockerfile
FROM centos-7:repo AS lee
LABEL Creater=lee
ADD nginx-1.26.3.tar.gz /root
WORKDIR /root/nginx-1.26.3
RUN yum install -y gcc make pcre-devel openssl-devel -y && ./configure --with-http_ssl_module --with-http_stub_status_module && make && make install && rm -rf /root/nginx-1.26.3 && yum clean all
FROM centos-7:repo
COPY --from=lee /usr/local/nginx /usr/local/nginx
EXPOSE 80
VOLUME ["/usr/local/nginx/html"]
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
# 构建并查看webserver3镜像,这里其实就可以看出非常的快速
[root@docker-node1 docker]# docker build -t webserver:v3 .
[+] Building 0.7s (10/10) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 505B 0.0s
=> [internal] load metadata for docker.io/library/centos-7:repo 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 42B 0.0s
=> CACHED [lee 1/4] FROM docker.io/library/centos-7:repo@sha256:2b5c5f37e9 0.0s
=> => resolve docker.io/library/centos-7:repo@sha256:2b5c5f37e9743dcddbbe4 0.0s
=> CACHED [lee 2/4] ADD nginx-1.26.3.tar.gz /root 0.0s
=> CACHED [lee 3/4] WORKDIR /root/nginx-1.26.3 0.0s
=> CACHED [lee 4/4] RUN yum install -y gcc make pcre-devel openssl-devel - 0.0s
=> [stage-1 2/2] COPY --from=lee /usr/local/nginx /usr/local/nginx 0.0s
=> exporting to image 0.3s
=> => exporting layers 0.2s
=> => exporting manifest sha256:c78fe28df72023fd713269b2173f47fbb64a408d3f 0.0s
=> => exporting config sha256:395dfdfd06473e75816a3f49aa838f83170e48c42d06 0.0s
=> => exporting attestation manifest sha256:8427f2ee8430c5654326da943e6830 0.0s
=> => exporting manifest list sha256:25b4caacad9a54077800d13b6eea35bb2a720 0.0s
=> => naming to docker.io/library/webserver:v3 0.0s
=> => unpacking to docker.io/library/webserver:v3 0.0s
# 这里又更加的进一步的优化,只有308MB
[root@docker-node1 docker]# docker images webserver
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
webserver:v1 aa1a2503259b 508MB 132MB
webserver:v2 0606178af746 426MB 109MB
webserver:v3 25b4caacad9a 308MB 79MB
3、使用最精简的镜像
cpp
# 下载地址:https://github.com/GoogleContainerTools/distroless
# 下载nginx,并查看nginx调用的文件
[root@docker-node1 docker]# yum install nginx -y
[root@docker-node1 docker]# which nginx
/usr/sbin/nginx
[root@docker-node1 docker]# ldd /usr/sbin/nginx
linux-vdso.so.1 (0x00007fffd827f000)
libcrypt.so.2 => /lib64/libcrypt.so.2 (0x00007fdc5e020000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fdc5dfa8000)
libssl.so.3 => /lib64/libssl.so.3 (0x00007fdc5dec2000)
libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007fdc5d800000)
libz.so.1 => /lib64/libz.so.1 (0x00007fdc5dea8000)
libc.so.6 => /lib64/libc.so.6 (0x00007fdc5d400000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdc5e1c3000)
# 导入我们需要的镜像,官网可查,可导入
[root@docker-node1 ~]# ls
debian11.tar.gz nginx-1.26.tar
[root@docker-node1 ~]# docker load -i debian11.tar.gz
Loaded image: gcr.io/distroless/base-debian11:latest
[root@docker-node1 ~]# docker load -i nginx-1.23.tar.gz
Loaded image: nginx:1.23
[root@docker-node1 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox-file:latest 174a4462dea4 6.71MB 2.21MB
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
centos-7:repo 2b5c5f37e974 299MB 76.1MB U
gcr.io/distroless/base-debian11:latest
cac381e9184d 47.9MB 22.4MB
nginx:1.23 a087ed751769 301MB 147MB
nginx:1.26 41b194461e4b 279MB 75.2MB
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB
timinglee:v1 415f1aa81cf1 6.71MB 2.21MB
[root@docker-node1 docker]# vim Dockerfile
FROM nginx:1.23 AS lee
ARG TIME_ZONE
RUN mkdir -p /opt/var/cache/nginx && \
cp -a --parents /usr/lib/nginx /opt && \
cp -a --parents /usr/share/nginx /opt && \
cp -a --parents /var/log/nginx /opt && \
cp -aL --parents /var/run /opt && \
cp -a --parents /etc/nginx /opt && \
cp -a --parents /etc/passwd /opt && \
cp -a --parents /etc/group /opt && \
cp -a --parents /usr/sbin/nginx /opt && \
cp -a --parents /usr/sbin/nginx-debug /opt && \
cp -a --parents /lib/x86_64-linux-gnu/ld-* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libpcre* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libc* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libdl* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libpthread* /opt && \
cp -a --parents /lib/x86_64-linux-gnu/libcrypt* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt && \
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt && \
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian11
COPY --from=lee /opt /
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
# 构建并查看
[root@docker-node1 docker]# docker build -t webserver:v4 .
[+] Building 1.4s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.19kB 0.0s
=> [internal] load metadata for gcr.io/distroless/base-debian11:latest 0.3s
=> [internal] load metadata for docker.io/library/nginx:1.23 0.3s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [lee 1/2] FROM docker.io/library/nginx:1.23@sha256:a087ed751769b9281e79 0.0s
=> => resolve docker.io/library/nginx:1.23@sha256:a087ed751769b9281e79b298 0.0s
=> [stage-1 1/2] FROM gcr.io/distroless/base-debian11:latest@sha256:cac381 0.2s
=> => resolve gcr.io/distroless/base-debian11:latest@sha256:cac381e9184d64 0.0s
=> [lee 2/2] RUN mkdir -p /opt/var/cache/nginx && cp -a --parents /usr/lib 0.3s
=> [stage-1 2/2] COPY --from=lee /opt / 0.0s
=> exporting to image 0.6s
=> => exporting layers 0.5s
=> => exporting manifest sha256:57623ec58177baa0b7b26f723c5ef93a4da2710fe1 0.0s
=> => exporting config sha256:1d26d47da8c086d77d54510b6983a3425cd93310baf6 0.0s
=> => exporting attestation manifest sha256:739c3677ed7e3a5a4674f0d79ceb3f 0.0s
=> => exporting manifest list sha256:f3b94af317b4e7b58446af4cd3765a87c6077 0.0s
=> => naming to docker.io/library/webserver:v4 0.0s
=> => unpacking to docker.io/library/webserver:v4 0.1s
# 你就可以直接的发现,官网上下载的构建完成之后只需要67MB
[root@docker-node1 docker]# docker images webserver
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
webserver:v1 aa1a2503259b 508MB 132MB
webserver:v2 0606178af746 426MB 109MB
webserver:v3 25b4caacad9a 308MB 79MB
webserver:v4 f3b94af317b4 67.9MB 28.4MB
三、Docker镜像仓库的管理
Docker 仓库( Docker Registry ) 是用于存储和分发 Docker 镜像的集中式存储库。
- 它就像是一个大型的镜像仓库,开发者可以将自己创建的 Docker 镜像推送到仓库中,也可以从仓库中拉取所需的镜像。
1、准备第二台主机
第二台主机:172.25.254.20(配置好docker)
cpp
# 准备第二台主机172.25.254.20,需要配置好docker
[root@docker-node1 docker]# scp /etc/modules-load.d/docker_mod.conf root@172.25.254.20:/etc/modules-load.d/docker_mod.conf
docker_mod.conf 100% 13 0.5KB/s 00:00
[root@docker-node1 docker]# scp /etc/sysctl.d/docker.conf root@172.25.254.20:/etc/sysctl.d/docker.conf
docker.conf 100% 103 88.7KB/s 00:00
[root@docker-node1 docker]# scp /etc/yum.repos.d/docker.repo root@172.25.254.20:/etc/yum.repos.d/docker.repo
docker.repo 100% 113 183.0KB/s 00:00
# 在第二台主机中执行
[root@docker-node2 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@docker-node2 ~]# modprobe -a br_netfilter
# 验证是否成功
[root@docker-node2 ~]# sysctl -a | grep iptables
net.bridge.bridge-nf-call-iptables = 1
# 生效命令
[root@docker-node2 ~]# sysctl --system
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
[root@docker-node2 ~]# dnf install docker-ce.x86_64 -y
# 验证是否成功启动
[root@docker-node2 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA2、Docker Hub
Docker Hub 是 Docker 官方提供的一个公共的镜像仓库服务。
它是 Docker 生态系统中最知名和广泛使用的镜像仓库之一,拥有大量的官方和社区贡献的镜像。
以下是 Docker Hub 的一些关键特点和优势:
- 丰富的镜像资源:涵盖了各种常见的操作系统、编程语言运行时、数据库、Web 服务器等众多应用
的镜像。
例如,您可以轻松找到 Ubuntu、CentOS 等操作系统的镜像,以及 MySQL、Redis 等数据库
的镜像。
-
官方支持:提供了由 Docker 官方维护的一些重要镜像,确保其质量和安全性。
-
社区贡献:开发者们可以自由上传和分享他们创建的镜像,促进了知识和资源的共享。
-
版本管理:对于每个镜像,通常都有多个版本可供选择,方便用户根据需求获取特定版本。
-
便于搜索:用户可以通过关键词轻松搜索到所需的镜像。
3、搭建简单的Docker register
cpp
# 可去官网下载,只要不是最新或者最旧版本即可
[root@docker-node1 docker]# ls
registry.tar
[root@docker-node1 docker]# docker load -i registry.tar
Loaded image: registry:latest
[root@docker-node1 docker]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox-file:latest 174a4462dea4 6.71MB 2.21MB
busybox:latest b3255e7dfbcd 6.7MB 2.22MB
centos-7:repo 2b5c5f37e974 299MB 76.1MB U
gcr.io/distroless/base-debian11:latest
cac381e9184d 47.9MB 22.4MB
nginx:1.23 a087ed751769 301MB 147MB
nginx:1.26 41b194461e4b 279MB 75.2MB
registry:latest 6c5666b861f3 77.3MB 18.8MB
timinglee/game2048:latest 8a34fb9cb168 77.2MB 17.8MB
timinglee/mario:latest 7758988210df 298MB 73.7MB
timinglee:v1 415f1aa81cf1 6.71MB 2.21MB
webserver:v1 aa1a2503259b 508MB 132MB
webserver:v2 0606178af746 426MB 109MB
webserver:v3 25b4caacad9a 308MB 79MB
webserver:v4 f3b94af317b4 67.9MB 28.4MB
# 开启register
[root@docker-node1 docker]# docker run -d -p 5000:5000 --restart=always --name registery registry:latest
49d178b92f129b9ac9b89c59e39920b810b34281ef9d2575976a3ac06990ab14
[root@docker-node1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49d178b92f12 registry:latest "/entrypoint.sh /etc..." About a minute ago Up About a minute 0.0.0.0:5000->5000/tcp, [::]:5000->5000/tcp registery
# 查看
[root@docker-node1 docker]# docker inspect registery
"Mounts": [
{
"Type": "volume",
"Name": "aa600e7ed30afa714c4db655085c18bffdcb7eed987a249161a7ad1bbf6b1fdb",
"Source": "/var/lib/docker/volumes/aa600e7ed30afa714c4db655085c18bffdcb7eed987a249161a7ad1bbf6b1fdb/_data",
"Destination": "/var/lib/registry",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
](1)非加密仓库的构建
cpp
# 上传镜像到仓库中,给要上传的经镜像大标签
[root@docker-node1 docker]# docker tag webserver:v4 172.25.254.10:5000/webserver:v4
# docker在上传的过程中默认使用https,但是我们并没有建立https认证需要的认证文件所以会报错
[root@docker-node1 docker]# docker push 172.25.254.10:5000/webserver:v4
The push refers to repository [172.25.254.10:5000/webserver]
2da577f243cf: Waiting
failed to do request: Head "https://172.25.254.10:5000/v2/webserver/blobs/sha256:807667e028507357704971ac264cc685cc8e9c83193606d72108afe541a695c5": dial tcp 172.25.254.10:5000: connect: connection refused
# 所以我们需要配置非加密端口
[root@docker-node1 docker]# vim /etc/docker/daemon.json
{
"insecure-registries" : ["http://172.25.254.10:5000"]
}
[root@docker-node1 docker]# systemctl restart docker
# 重启之后容器会是自动关闭掉
# 所以需要执行这个,就会自动运行了
[root@docker-node1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49d178b92f12 registry:latest "/entrypoint.sh /etc..." 2 minutes ago Up 34 seconds 0.0.0.0:5000->5000/tcp, [::]:5000->5000/tcp registery
# 上传镜像成功
[root@docker-node1 docker]# docker push 172.25.254.10:5000/webserver:v4
The push refers to repository [172.25.254.10:5000/webserver]
5b000a29a993: Pushed
577c8ee06f39: Pushed
9ed498e122b2: Pushed
1a73b54f556b: Pushed
8451c71f8c1e: Pushed
2da577f243cf: Pushed
5342a2647e87: Pushed
4d049f83d9cf: Pushed
2a92d6ac9e4f: Pushed
2388d21e8e2b: Pushed
24aacbf97031: Pushed
6835249f577a: Pushed
af5aa97ebe6c: Pushed
ac805962e479: Pushed
bbb6cacb8c82: Pushed
c048279a7d9f: Pushed
v4: digest: sha256:f3b94af317b4e7b58446af4cd3765a87c607770807aea5f684de31caa3b31098 size: 856
# 查看镜像上传
[root@docker-node1 docker]# curl 172.25.254.10:5000/v2/_catalog
{"repositories":["webserver"]}
[root@docker-node1 docker]# docker info
Insecure Registries:
172.25.254.10:5000
127.0.0.0/8
::1/128
Live Restore Enabled: false
Firewall Backend: iptables
# 客户端(172.25.254.20)查询
[root@docker-node2 ~]# docker pull 172.25.254.10:5000/webserver:v4
Error response from daemon: failed to resolve reference "172.25.254.10:5000/webserver:v4": failed to do request: Head "https://172.25.254.10:5000/v2/webserver/manifests/v4": http: server gave HTTP response to HTTPS client
# 这个是和10同样的问题
[root@docker-node2 ~]# vim /etc/docker/daemon.json
{
"insecure-registries" : ["http://172.25.254.10:5000"]
}
[root@docker-node2 ~]# systemctl restart docker
# 接受镜像(这里的速度是非常快的,因为是本地镜像)
[root@docker-node2 ~]# docker pull 172.25.254.10:5000/webserver:v4
v4: Pulling from webserver
5b000a29a993: Pull complete
5342a2647e87: Pull complete
577c8ee06f39: Pull complete
9ed498e122b2: Pull complete
4d049f83d9cf: Pull complete
af5aa97ebe6c: Pull complete
ac805962e479: Pull complete
bbb6cacb8c82: Pull complete
2a92d6ac9e4f: Pull complete[root@docker-node2 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
172.25.254.10:5000/webserver:v4 f3b94af317b4 67.9MB 28.4MBc048279a7d9f: Pull complete
2388d21e8e2b: Pull complete
8451c71f8c1e: Pull complete
24aacbf97031: Pull complete
6835249f577a: Pull complete
2da577f243cf: Download complete
Digest: sha256:f3b94af317b4e7b58446af4cd3765a87c607770807aea5f684de31caa3b31098
Status: Downloaded newer image for 172.25.254.10:5000/webserver:v4
172.25.254.10:5000/webserver:v4
# 查看(非加密的)
[root@docker-node2 ~]# docker images
i Info → U In Use
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
172.25.254.10:5000/webserver:v4 f3b94af317b4 67.9MB 28.4MB(2)加密仓库的构建
cpp
# 首先把直接操作的非加密操作清空,保持环境整洁(10,20都需要操作)
[root@docker-node1 docker]# docker rm -f registery
registery
[root@docker-node1 docker]# > /etc/docker/daemon.json
[root@docker-node2 ~]# > /etc/docker/daemon.json
# 建立目录,方便操作
[root@docker-node1 ~]# mkdir /etc/docker/certs
# 生成认证key和证书
[root@docker-node1 ~]# openssl req -newkey rsa:4096 \
> -nodes -sha256 -keyout /etc/docker/certs/timinglee.org.key \
> -addext "subjectAltName = DNS:reg.timinglee.org" \
> -x509 -days 365 -out
/etc/docker/certs/timinglee.org.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SHANXI
Locality Name (eg, city) [Default City]:XIAN
Organization Name (eg, company) [Default Company Ltd]:docker
Organizational Unit Name (eg, section) []:registery
Common Name (eg, your name or your server's hostname) []:reg.timinglee.org
Email Address []:admin@timinglee.org
# 查看证书信息
[root@docker-node1 ~]# openssl x509 -in /etc/docker/certs/timinglee.org.crt -noout -text
# 启动registry仓库
[root@docker-node1 ~]# docker run -d -p 443:443 --restart=always --name registry \
> -v /opt/registry:/var/lib/registry \
> -v /etc/docker/certs:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/timinglee.org.crt \
> -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/timinglee.org.key registry
b25add906bed7f6504257319a700fbd33640dca017229fd87324a33d8e6620e7
[root@docker-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b25add906bed registry "/entrypoint.sh /etc..." 9 seconds ago Restarting (1) Less than a second ago registry
# 把域名加入/etc/hosts
[root@docker-node1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.10 docker-node1
172.25.254.10 reg.timinglee.org
# 在172.25.254.20也需要同样配置
[root@docker-node2 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.20 docker-node2
172.25.254.10 reg.timinglee.org
# 之后再清空前面的记录,以防后面配置出现错误
[root@docker-node1 ~]# docker rmi 172.25.254.10:5000/webserver:v4
Untagged: 172.25.254.10:5000/webserver:v4
# 上传镜像,因为docker客户端没有key和证书,所以肯定会失败
[root@docker-node1 ~]# docker tag webserver:v4 reg.timinglee.org/webserver:v4
[root@docker-node1 ~]# docker push reg.timinglee.org/webserver:v4
The push refers to repository [reg.timinglee.org/webserver]
2da577f243cf: Waiting
failed to do request: Head "https://reg.timinglee.org/v2/webserver/blobs/sha256:2da577f243cf7d68dd0731e35970ff7398a7268ba6fd2891ec761ce02566636d": dial tcp 172.25.254.10:443: connect: connection refused
# 这里我们发现443端口好像并没有打开,并且查看状态显示registery一直在重启,我们就可以进入logs查看报错信息
[root@docker-node1 ~]# netstat -antlupe | grep 443
[root@docker-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b25add906bed registry "/entrypoint.sh /etc..." 11 minutes ago Restarting (1) 3 seconds ago registry
[root@docker-node1 ~]# docker logs registry
# 之后发现前面运行启动目录是在容器下,所以我们不需要额外加入/etc/docker
[root@docker-node1 docker]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key registry
3af1981016a6391821c6a0db90888dae653697ce766d601117f6e8c0f29c3d62
# 之后这里正确的状态是up
[root@docker-node1 docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3af1981016a6 registry "/entrypoint.sh /etc..." 18 seconds ago Up 18 seconds 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 5000/tcp registry
# 最好确认一下443端口是否打开
[root@docker-node1 docker]# netstat -antlupe | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 535414 187694/docker-proxy
tcp6 0 0 :::443 :::* LISTEN 0 535415 187700/docker-proxy
# 再上传镜像(能连接但是上传不了),是因为docker没证书,所以我们需要建立证书
[root@docker-node1 docker]# docker push reg.timinglee.org/webserver:v4 The push refers to repository [reg.timinglee.org/webserver]
9ed498e122b2: Waiting
2a92d6ac9e4f: Waiting
2388d21e8e2b: Waiting
6835249f577a: Waiting
af5aa97ebe6c: Waiting
8451c71f8c1e: Waiting
2da577f243cf: Waiting
577c8ee06f39: Waiting
4d049f83d9cf: Waiting
ac805962e479: Waiting
1a73b54f556b: Waiting
24aacbf97031: Waiting
5b000a29a993: Waiting
5342a2647e87: Waiting
bbb6cacb8c82: Waiting
c048279a7d9f: Waiting
failed to do request: Head "https://reg.timinglee.org/v2/webserver/blobs/sha256:6835249f577a022181beee33e1f411f8368788ab8805b4c43aed61fbd7efcc9d": tls: failed to verify certificate: x509: certificate signed by unknown authority
# 所以我们需要为客户端建立证书
[root@docker-node1 docker]# mkdir /etc/docker/certs.d/reg.timinglee.org/ -p
[root@docker-node1 docker]# cp /etc/docker/certs/timinglee.org.crt /etc/docker/certs.d/reg.timinglee.org/ca.crt
[root@docker-node1 docker]# systemctl restart docker
[root@docker-node1 docker]# docker push reg.timinglee.org/webserver:v4 The push refers to repository [reg.timinglee.org/webserver]
1a73b54f556b: Pushed
8451c71f8c1e: Pushed
24aacbf97031: Pushed
9ed498e122b2: Pushed
2a92d6ac9e4f: Pushed
5342a2647e87: Pushed
bbb6cacb8c82: Pushed
6835249f577a: Pushed
2da577f243cf: Pushed
af5aa97ebe6c: Pushed
ac805962e479: Pushed
c048279a7d9f: Pushed
2388d21e8e2b: Pushed
5b000a29a993: Pushed
577c8ee06f39: Pushed
4d049f83d9cf: Pushed
v4: digest: sha256:f3b94af317b4e7b58446af4cd3765a87c607770807aea5f684de31caa3b31098 size: 856
# 上传镜像成功,我们就可以使用镜像
[root@docker-node1 docker]# curl -k https://172.25.254.10/v2/_catalog
{"repositories":["webserver"]}(3)为仓库建立登陆认证
cpp
# 添加认证,安装建立认证文件的工具包,之后最后需要输入用户和密码才能登录使用
[root@docker-node1 ~]# dnf install httpd-tools -y
# 建立认证文件(用户;lee,密码:lee)
# -B 强制使用最安全加密方式,默认用md5加密
[root@docker-node1 ~]# mkdir /etc/docker/auth
[root@docker-node1 ~]# htpasswd -Bc /etc/docker/auth/htpasswd lee
New password:
Re-type new password:
Adding password for user lee
# 添加认证到registry容器中,需要先删除原先的
[root@docker-node1 ~]# docker rm -f registry
registry
[root@docker-node1 ~]# docker run -d -p 443:443 --restart=always --name registry -v /opt/registry:/var/lib/registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/timinglee.org.crt -e REGISTRY_HTTP_TLS_KEY=/certs/timinglee.org.key -v /etc/docker/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
0ca660265f24c7b15ec271b4e5a7bf63b7e35bfb9ec74f0d99b2133c0dde0057
# 查看
[root@docker-node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0ca660265f24 registry "/entrypoint.sh /etc..." 25 seconds ago Up 25 seconds 0.0.0.0:443->443/tcp, [::]:443->443/tcp, 5000/tcp registry
# 再上传一下(提示原因:authorization,认证失败)
[root@docker-node1 ~]# docker push reg.timinglee.org/webserver:v4
The push refers to repository [reg.timinglee.org/webserver]
5b000a29a993: Waiting
577c8ee06f39: Waiting
2388d21e8e2b: Waiting
2da577f243cf: Waiting
bbb6cacb8c82: Waiting
2a92d6ac9e4f: Waiting
9ed498e122b2: Waiting
4d049f83d9cf: Waiting
ac805962e479: Waiting
1a73b54f556b: Waiting
c048279a7d9f: Waiting
5342a2647e87: Waiting
af5aa97ebe6c: Waiting
8451c71f8c1e: Waiting
24aacbf97031: Waiting
6835249f577a: Waiting
push access denied, repository does not exist or may require authorization: authorization failed: no basic auth credentials
# 所以我们需要登录刚刚建立的lee用户,登陆成功之后在上传就成功了
[root@docker-node1 ~]# docker login reg.timinglee.org -u lee
Password:
WARNING! Your credentials are stored unencrypted in '/root/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/
Login Succeeded
[root@docker-node1 ~]# docker push reg.timinglee.org/webserver:v4
The push refers to repository [reg.timinglee.org/webserver]
2da577f243cf: Already exists
5342a2647e87: Layer already exists
4d049f83d9cf: Layer already exists
ac805962e479: Layer already exists
2388d21e8e2b: Layer already exists
8451c71f8c1e: Layer already exists
9ed498e122b2: Layer already exists
bbb6cacb8c82: Layer already exists
1a73b54f556b: Layer already exists
c048279a7d9f: Layer already exists
24aacbf97031: Layer already exists
577c8ee06f39: Layer already exists
6835249f577a: Layer already exists
5b000a29a993: Layer already exists
af5aa97ebe6c: Layer already exists
2a92d6ac9e4f: Layer already exists
v4: digest: sha256:f3b94af317b4e7b58446af4cd3765a87c607770807aea5f684de31caa3b31098 size: 856
# 测试:在客户端使用
[root@docker-node2 ~]# docker pull reg.timinglee.org/webserver:v4
Error response from daemon: failed to resolve reference "reg.timinglee.org/webserver:v4": failed to do request: Head "https://reg.timinglee.org/v2/webserver/manifests/v4": tls: failed to verify certificate: x509: certificate signed by unknown authority
# 为什么下周再失败,是因为未登陆情况下也不能下载
# 拷贝认证文件
[root@docker-node1 ~]# scp /etc/docker/certs.d/ root@172.25.254.20:/etc/docker/certs.d/
[root@docker-node1 ~]# scp -r /etc/docker/certs.d/ root@172.25.254.20:/etc/docker/certs.d/
ca.crt 100% 2191 4.6MB/s 00:00
[root@docker-node1 ~]# docker login reg.timinglee.org -u lee Password:
Login Succeeded
# 之后就能下载成功
[root@docker-node1 ~]# docker pull reg.timinglee.org/webserver:v4
v4: Pulling from webserver
Digest: sha256:f3b94af317b4e7b58446af4cd3765a87c607770807aea5f684de31caa3b31098
Status: Image is up to date for reg.timinglee.org/webserver:v4
reg.timinglee.org/webserver:v4