Dockerfile镜像构建

1、部署harbor仓库

#部署docker
#解压harbor安装包
root@harbor:~# cd /app/harbor/
root@harbor:/app/harbor# ll
total 597560
drwxr-xr-x 3 root root       180 Jan 13 13:17 ./
drwxr-xr-x 4 root root        77 Jan 13 13:14 ../
drwxr-xr-x 3 root root        20 Jan 13 13:17 common/
-rw-r--r-- 1 root root      3639 Aug 15 17:53 common.sh
-rw-r--r-- 1 root root      5834 Jan 13 13:17 docker-compose.yml
-rw-r--r-- 1 root root 611834153 Aug 15 17:54 harbor.v2.8.4.tar.gz
-rw-r--r-- 1 root root     12499 Jan 13 13:15 harbor.yml
-rw-r--r-- 1 root root     12499 Aug 15 17:53 harbor.yml.tmpl
-rwxr-xr-x 1 root root      2725 Aug 15 17:53 install.sh*
-rw-r--r-- 1 root root     11347 Aug 15 17:53 LICENSE
-rwxr-xr-x 1 root root      1881 Aug 15 17:53 prepare*

#修改harbor.yml文件
root@harbor:/app/harbor# cp -a harbor.yml.tmpl harbor.yml
root@harbor:/app/harbor# vim harbor.yml
5 hostname: harbor.qiange.com  #harbor仓库的域名也可以是IP
  8 http:
  9   # port for http, default is 80. If https enabled, this port will redirect to https port
 10   port: 80
 11 
 12 # https related config
 13 #https:     #如果没有证书一下几行都可以注释
 14   # https port for harbor, default is 443
 15 #  port: 443
 16   # The path of cert and key files for nginx
 17 #  certificate: /your/certificate/path
 18 #  private_key: /your/private/key/path
34 harbor_admin_password: 123456 #harbor仓库的登录密码(用户名默认为admin)

#执行安装脚本
root@harbor:/app/harbor# chmod a+x install.sh
root@harbor:/app/harbor# ./install.sh

#开启服务
root@harbor:/app/harbor# docker-compose start

#创建harbor.service启动文件
root@harbor:~# cat /etc/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /app/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /app/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target

#注意:此时在服务器上docker login 登录harbor仓库会失败的
#解决方案:
root@harbor:~# cat /etc/docker/daemon.json
{
  "insecure-registries":["harbor.qiange.com"]
}

#验证
root@harbor:~# docker login harbor.qiange.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2、k8s集群节点拉取镜像

配置daemon.json文件

root@node1:~# cat /etc/docker/daemon.json 
{
  "data-root": "/var/lib/docker",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "https://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com"
  ], 
  "insecure-registries": ["harbor.qiange.com"],
  "max-concurrent-downloads": 10,
  "live-restore": true,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "50m",
    "max-file": "1"
    },
  "storage-driver": "overlay2"
}

注意:如果不配置insecure-registries选项,node节点是无法从harbor仓库拉取代码

3、容器化的优势

  1. 提高资源利用率,节约部署IT成本.
  2. 提高部署效率,基于kubernetes实现快速部署交付,秒级启动.
  3. 实现横向扩容,灰度部署,回滚等.
  4. 可根据业务负载进行弹性扩展.
  5. 容器将环境和代码打包在镜像内,保证了测试与生产环境一致性.

4、镜像分层结构

  1. docker pull 拉取基础镜像(centos,ubuntu,alpine)
  2. 自定义基础环境(vim,gcc等常用工具),上传harbor仓库.
  3. 基于自定义镜像安装JDK,Nginx,Tomcat等所需的中间件,打包上传harbor
  4. 基于tomcat,nginx的基础镜像加上业务数据,构建不同的业务镜像一般3-4层,不直接在基础镜像的基础上直接生成业务镜像

iStoreOS的docker只有配置_docker

5、构建镜像

5.1 构建系统基础镜像

root@harbor:~/dockerfile# ll
total 8
drwxrwxr-x  4 root root   31 Apr 14  2021 ./
drwx------ 12 root root 4096 Jan 19 17:35 ../
drwxrwxr-x  5 root root   48 Apr 14  2021 system/      #系统镜像
drwxrwxr-x  6 root root   59 Jan 19 13:08 web/         #业务镜像

root@harbor:~/dockerfile/system# cd centos/
root@harbor:~/dockerfile/system/centos# ll
total 31856
drwxrwxr-x 2 root root      122 Jan 19 09:39 ./
drwxrwxr-x 5 root root       48 Apr 14  2021 ../
-rwxrwxr-x 1 root root      145 Jan 19 09:25 build-command.sh*
-rw-r--r-- 1 root root     2523 Jan 19 09:21 Centos-7.repo
-rw-rw-r-- 1 root root      530 Jan 19 09:39 Dockerfile
-rw-r--r-- 1 root root      664 Jan 19 09:21 epel-7.repo
-rw-r--r-- 1 root root 32600353 Jan 19 09:21 filebeat-7.12.1-x86_64.rpm

#基础系统镜像Dockerfile
root@harbor:~/dockerfile/system/centos# cat Dockerfile 
FROM centos:7.9.2009
LABEL maintainer="wengshiqiang 2923035330@qq.com"
RUN rm -rf /etc/yum.repos.d/*
ADD Centos-7.repo /etc/yum.repos.d/
ADD epel-7.repo /etc/yum.repos.d
RUN yum clean all && yum makecache
ADD filebeat-7.12.1-x86_64.rpm /root
RUN  yum install -y /root/filebeat-7.12.1-x86_64.rpm vim wget tree  lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop &&  groupadd www -g 2022 && useradd www -u 2022 -g www && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

#构建镜像的脚本
root@harbor:~/dockerfile/system/centos# cat build-command.sh 
#!/bin/bash
TAG=$1
docker build -t harbor.qiange.com/baseimages/centos-base:${TAG} .
docker push harbor.qiange.com/baseimages/centos-base:${TAG}

# 验证
root@harbor:~/dockerfile/system/centos# docker run -it -d  --rm harbor.qiange.com/baseimages/centos-base:v1

5.2 构建业务基础镜像

5.2.1 构建JDK镜像
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# ll
total 190456
drwxrwxr-x 2 root root        97 Jan 19 09:43 ./
drwxrwxr-x 3 root root        24 Apr 14  2021 ../
-rwxrwxr-x 1 root root       153 Jan 19 09:43 build-command.sh*
-rw-rw-r-- 1 root root       405 Jan 19 09:41 Dockerfile
-rw-rw-r-- 1 root root 195013152 Jul 17  2019 jdk-8u212-linux-x64.tar.gz
-rw-rw-r-- 1 root root      2041 Apr 14  2021 profile

#Dockerfile构建JDK
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# cat Dockerfile 
FROM harbor.qiange.com/baseimages/centos-base:v1
ADD jdk-8u212-linux-x64.tar.gz /usr/local/src
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
ADD profile /etc/profile
ENV name wsq
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin

#构建镜像脚本
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# cat build-command.sh 
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/centos-jdk-base:8u212 .
docker push  harbor.magedu.com/app-baseimages/centos-jdk-base:8u212

#验证 
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# docker run -it -d --rm harbor.qiange.com/app-baseimages/centos-jdk-base:8u212 sh
02614dcf9766aa6073f3f41405c60ecc5c601f57a2a2cb950a0eab7bc1dd1a6b
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# docker exec -it 02614dcf97 sh
sh-4.2# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)
5.2.2 构建nginx基础镜像
root@harbor:~/dockerfile/web/nginx/nginx-1.25# ll
total 1196
drwxr-xr-x 2 root root      67 Jan 19 12:47 ./
drwxrwxr-x 5 root root      62 Jan 19 14:34 ../
-rwxr-xr-x 1 root root     142 Jan 19 12:40 build.sh*
-rw-r--r-- 1 root root     458 Jan 19 12:47 Dockerfile
-rw-r--r-- 1 root root 1213919 Jan 19 12:39 nginx-1.25.1.tar.gz

#Dockerfile构建nginx基础镜像
root@harbor:~/dockerfile/web/nginx/nginx-1.25# cat Dockerfile 
#Nginx Base Image
FROM harbor.qiange.com/baseimages/centos-base:v1
RUN yum install -y vim wget tree  lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.25.1.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.25.1 && ./configure  && make && make install && ln -sv  /usr/local/nginx/sbin/nginx /usr/sbin/nginx  &&rm -rf /usr/local/src/nginx-1.25.1.tar.gz 
CMD ["nginx", "-g", "daemon off;"]

#构建镜像脚本
root@harbor:~/dockerfile/web/nginx/nginx-1.25# cat build.sh 
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/nginx-base:1.25  .
docker push harbor.qiange.com/app-baseimages/nginx-base:1.25
5.2.3 构建tomcat基础镜像
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# ll
total 10288
drwxrwxr-x 2 root root       83 Jan 19 09:46 ./
drwxrwxr-x 5 root root       70 Apr 14  2021 ../
-rw-rw-r-- 1 root root 10523269 Mar 30  2021 apache-tomcat-8.5.65.tar.gz
-rwxrwxr-x 1 root root      162 Jan 19 09:46 build-command.sh*
-rw-rw-r-- 1 root root      168 Jan 19 09:46 Dockerfile

#Dockerfile构建tomcat基础镜像
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# cat Dockerfile 
#tomcat base image
FROM harbor.qiange.com/app-baseimages/centos-jdk-base:8u212
ADD apache-tomcat-8.5.65.tar.gz /apps
RUN ln -sv /apps/apache-tomcat-8.5.65 /apps/tomcat

#构建镜像脚本
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# cat build-command.sh 
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/tomcat-centos-base:v8.5.65 .
docker push harbor.qiange.com/app-baseimages/tomcat-centos-base:v8.5.65
5.2.4验证镜像是否可用犯得错
故障现象:镜像打好后,使用docker run -it $image sh进入容器后,发现dockerfile中指定的CMD命令没有生效,在容器里启动服务,服务是可以正常启动,一直误认为是自己打的镜像有问题。

故障原因:
1、docker run -it $image 没有执行shell时,容器运行后会运行dockerfile中指定的CMD命令
2、docker run -it $image sh 当你运行容器运行shell命令后,相当于重写默认的CMD指令,导致容器以shell命令为入口启动,把dockerfile中指定的CMD指令覆盖了

注意:两种运行容器的方式细微的差别,但是结果相差很大

解决方案:
docker  run -it $image
docker exec -it $containerID sh  
此时进入容器后,就会发现原先的CMD指定的服务启动指令生效

注意:有的服务需要指定驻守进程(如在容器启动时一直执行一个进程,tail -f /etc/hosts)
root@harbor:~# tree dockerfile
dockerfile
├── system
│   ├── centos
│   │   ├── build-command.sh
│   │   ├── Centos-7.repo
│   │   ├── Dockerfile
│   │   ├── epel-7.repo
│   │   └── filebeat-7.12.1-x86_64.rpm
│   ├── redhat
│   └── ubuntu
└── web
    ├── haproxy
    │   ├── build-command.sh
    │   ├── Dockerfile
    │   ├── haproxy-2.2.11.tar.gz
    │   ├── haproxy.cfg
    │   └── run_haproxy.sh
    ├── jdk
    │   └── jdk-8u-212
    │       ├── build-command.sh
    │       ├── Dockerfile
    │       ├── jdk-8u212-linux-x64.tar.gz
    │       └── profile
    ├── nginx
    │   ├── nginx-1.25
    │   │   ├── build.sh
    │   │   ├── Dockerfile
    │   │   └── nginx-1.25.1.tar.gz
    │   ├── nginx-app
    │   │   ├── build-command.sh
    │   │   ├── Dockerfile
    │   │   ├── index.html
    │   │   ├── nginx.conf
    │   │   └── webapp.tar.gz
    │   └── nginx-upsream
    │       ├── build-command.sh
    │       ├── Dockerfile
    │       ├── index.html
    │       ├── nginx.conf
    │       └── webapp.tar.gz
    └── tomcat
        ├── tomcat-app1
        │   ├── build-command.sh
        │   ├── Dockerfile
        │   ├── myapp
        │   │   └── index.jsp
        │   ├── myapp.tar.gz
        │   ├── run_tomcat.sh
        │   └── server.xml
        ├── tomcat-app2
        │   ├── build-command.sh
        │   ├── Dockerfile
        │   ├── myapp
        │   │   └── index.jsp
        │   ├── myapp.tar.gz
        │   ├── run_tomcat.sh
        │   └── server.xml
        └── tomcat-base-8.5.65
            ├── apache-tomcat-8.5.65.tar.gz
            ├── build-command.sh
            └── Dockerfile

18 directories, 42 files

iStoreOS的docker只有配置_云原生_02