Dockerfile镜像构建
1、部署harbor仓库
#部署docker
#解压harbor安装包
root@harbor:~# cd /app/harbor/
root@harbor:/app/harbor# ll
total 597560
drwxr-xr-x 3 root root 180 Jan 13 13:17 ./
drwxr-xr-x 4 root root 77 Jan 13 13:14 ../
drwxr-xr-x 3 root root 20 Jan 13 13:17 common/
-rw-r--r-- 1 root root 3639 Aug 15 17:53 common.sh
-rw-r--r-- 1 root root 5834 Jan 13 13:17 docker-compose.yml
-rw-r--r-- 1 root root 611834153 Aug 15 17:54 harbor.v2.8.4.tar.gz
-rw-r--r-- 1 root root 12499 Jan 13 13:15 harbor.yml
-rw-r--r-- 1 root root 12499 Aug 15 17:53 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2725 Aug 15 17:53 install.sh*
-rw-r--r-- 1 root root 11347 Aug 15 17:53 LICENSE
-rwxr-xr-x 1 root root 1881 Aug 15 17:53 prepare*
#修改harbor.yml文件
root@harbor:/app/harbor# cp -a harbor.yml.tmpl harbor.yml
root@harbor:/app/harbor# vim harbor.yml
5 hostname: harbor.qiange.com #harbor仓库的域名也可以是IP
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 80
11
12 # https related config
13 #https: #如果没有证书一下几行都可以注释
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 # private_key: /your/private/key/path
34 harbor_admin_password: 123456 #harbor仓库的登录密码(用户名默认为admin)
#执行安装脚本
root@harbor:/app/harbor# chmod a+x install.sh
root@harbor:/app/harbor# ./install.sh
#开启服务
root@harbor:/app/harbor# docker-compose start
#创建harbor.service启动文件
root@harbor:~# cat /etc/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /app/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /app/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
#注意:此时在服务器上docker login 登录harbor仓库会失败的
#解决方案:
root@harbor:~# cat /etc/docker/daemon.json
{
"insecure-registries":["harbor.qiange.com"]
}
#验证
root@harbor:~# docker login harbor.qiange.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
2、k8s集群节点拉取镜像
配置daemon.json文件
root@node1:~# cat /etc/docker/daemon.json
{
"data-root": "/var/lib/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
],
"insecure-registries": ["harbor.qiange.com"],
"max-concurrent-downloads": 10,
"live-restore": true,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "50m",
"max-file": "1"
},
"storage-driver": "overlay2"
}
注意:如果不配置insecure-registries选项,node节点是无法从harbor仓库拉取代码
3、容器化的优势
- 提高资源利用率,节约部署IT成本.
- 提高部署效率,基于kubernetes实现快速部署交付,秒级启动.
- 实现横向扩容,灰度部署,回滚等.
- 可根据业务负载进行弹性扩展.
- 容器将环境和代码打包在镜像内,保证了测试与生产环境一致性.
4、镜像分层结构
- docker pull 拉取基础镜像(centos,ubuntu,alpine)
- 自定义基础环境(vim,gcc等常用工具),上传harbor仓库.
- 基于自定义镜像安装JDK,Nginx,Tomcat等所需的中间件,打包上传harbor
- 基于tomcat,nginx的基础镜像加上业务数据,构建不同的业务镜像一般3-4层,不直接在基础镜像的基础上直接生成业务镜像
5、构建镜像
5.1 构建系统基础镜像
root@harbor:~/dockerfile# ll
total 8
drwxrwxr-x 4 root root 31 Apr 14 2021 ./
drwx------ 12 root root 4096 Jan 19 17:35 ../
drwxrwxr-x 5 root root 48 Apr 14 2021 system/ #系统镜像
drwxrwxr-x 6 root root 59 Jan 19 13:08 web/ #业务镜像
root@harbor:~/dockerfile/system# cd centos/
root@harbor:~/dockerfile/system/centos# ll
total 31856
drwxrwxr-x 2 root root 122 Jan 19 09:39 ./
drwxrwxr-x 5 root root 48 Apr 14 2021 ../
-rwxrwxr-x 1 root root 145 Jan 19 09:25 build-command.sh*
-rw-r--r-- 1 root root 2523 Jan 19 09:21 Centos-7.repo
-rw-rw-r-- 1 root root 530 Jan 19 09:39 Dockerfile
-rw-r--r-- 1 root root 664 Jan 19 09:21 epel-7.repo
-rw-r--r-- 1 root root 32600353 Jan 19 09:21 filebeat-7.12.1-x86_64.rpm
#基础系统镜像Dockerfile
root@harbor:~/dockerfile/system/centos# cat Dockerfile
FROM centos:7.9.2009
LABEL maintainer="wengshiqiang 2923035330@qq.com"
RUN rm -rf /etc/yum.repos.d/*
ADD Centos-7.repo /etc/yum.repos.d/
ADD epel-7.repo /etc/yum.repos.d
RUN yum clean all && yum makecache
ADD filebeat-7.12.1-x86_64.rpm /root
RUN yum install -y /root/filebeat-7.12.1-x86_64.rpm vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop && groupadd www -g 2022 && useradd www -u 2022 -g www && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#构建镜像的脚本
root@harbor:~/dockerfile/system/centos# cat build-command.sh
#!/bin/bash
TAG=$1
docker build -t harbor.qiange.com/baseimages/centos-base:${TAG} .
docker push harbor.qiange.com/baseimages/centos-base:${TAG}
# 验证
root@harbor:~/dockerfile/system/centos# docker run -it -d --rm harbor.qiange.com/baseimages/centos-base:v1
5.2 构建业务基础镜像
5.2.1 构建JDK镜像
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# ll
total 190456
drwxrwxr-x 2 root root 97 Jan 19 09:43 ./
drwxrwxr-x 3 root root 24 Apr 14 2021 ../
-rwxrwxr-x 1 root root 153 Jan 19 09:43 build-command.sh*
-rw-rw-r-- 1 root root 405 Jan 19 09:41 Dockerfile
-rw-rw-r-- 1 root root 195013152 Jul 17 2019 jdk-8u212-linux-x64.tar.gz
-rw-rw-r-- 1 root root 2041 Apr 14 2021 profile
#Dockerfile构建JDK
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# cat Dockerfile
FROM harbor.qiange.com/baseimages/centos-base:v1
ADD jdk-8u212-linux-x64.tar.gz /usr/local/src
RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk
ADD profile /etc/profile
ENV name wsq
ENV JAVA_HOME /usr/local/jdk
ENV JRE_HOME $JAVA_HOME/jre
ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/
ENV PATH $PATH:$JAVA_HOME/bin
#构建镜像脚本
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# cat build-command.sh
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/centos-jdk-base:8u212 .
docker push harbor.magedu.com/app-baseimages/centos-jdk-base:8u212
#验证
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# docker run -it -d --rm harbor.qiange.com/app-baseimages/centos-jdk-base:8u212 sh
02614dcf9766aa6073f3f41405c60ecc5c601f57a2a2cb950a0eab7bc1dd1a6b
root@harbor:~/dockerfile/web/jdk/jdk-8u-212# docker exec -it 02614dcf97 sh
sh-4.2# java -version
java version "1.8.0_212"
Java(TM) SE Runtime Environment (build 1.8.0_212-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.212-b10, mixed mode)
5.2.2 构建nginx基础镜像
root@harbor:~/dockerfile/web/nginx/nginx-1.25# ll
total 1196
drwxr-xr-x 2 root root 67 Jan 19 12:47 ./
drwxrwxr-x 5 root root 62 Jan 19 14:34 ../
-rwxr-xr-x 1 root root 142 Jan 19 12:40 build.sh*
-rw-r--r-- 1 root root 458 Jan 19 12:47 Dockerfile
-rw-r--r-- 1 root root 1213919 Jan 19 12:39 nginx-1.25.1.tar.gz
#Dockerfile构建nginx基础镜像
root@harbor:~/dockerfile/web/nginx/nginx-1.25# cat Dockerfile
#Nginx Base Image
FROM harbor.qiange.com/baseimages/centos-base:v1
RUN yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop
ADD nginx-1.25.1.tar.gz /usr/local/src/
RUN cd /usr/local/src/nginx-1.25.1 && ./configure && make && make install && ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx &&rm -rf /usr/local/src/nginx-1.25.1.tar.gz
CMD ["nginx", "-g", "daemon off;"]
#构建镜像脚本
root@harbor:~/dockerfile/web/nginx/nginx-1.25# cat build.sh
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/nginx-base:1.25 .
docker push harbor.qiange.com/app-baseimages/nginx-base:1.25
5.2.3 构建tomcat基础镜像
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# ll
total 10288
drwxrwxr-x 2 root root 83 Jan 19 09:46 ./
drwxrwxr-x 5 root root 70 Apr 14 2021 ../
-rw-rw-r-- 1 root root 10523269 Mar 30 2021 apache-tomcat-8.5.65.tar.gz
-rwxrwxr-x 1 root root 162 Jan 19 09:46 build-command.sh*
-rw-rw-r-- 1 root root 168 Jan 19 09:46 Dockerfile
#Dockerfile构建tomcat基础镜像
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# cat Dockerfile
#tomcat base image
FROM harbor.qiange.com/app-baseimages/centos-jdk-base:8u212
ADD apache-tomcat-8.5.65.tar.gz /apps
RUN ln -sv /apps/apache-tomcat-8.5.65 /apps/tomcat
#构建镜像脚本
root@harbor:~/dockerfile/web/tomcat/tomcat-base-8.5.65# cat build-command.sh
#!/bin/bash
docker build -t harbor.qiange.com/app-baseimages/tomcat-centos-base:v8.5.65 .
docker push harbor.qiange.com/app-baseimages/tomcat-centos-base:v8.5.65
5.2.4验证镜像是否可用犯得错
故障现象:镜像打好后,使用docker run -it $image sh进入容器后,发现dockerfile中指定的CMD命令没有生效,在容器里启动服务,服务是可以正常启动,一直误认为是自己打的镜像有问题。
故障原因:
1、docker run -it $image 没有执行shell时,容器运行后会运行dockerfile中指定的CMD命令
2、docker run -it $image sh 当你运行容器运行shell命令后,相当于重写默认的CMD指令,导致容器以shell命令为入口启动,把dockerfile中指定的CMD指令覆盖了
注意:两种运行容器的方式细微的差别,但是结果相差很大
解决方案:
docker run -it $image
docker exec -it $containerID sh
此时进入容器后,就会发现原先的CMD指定的服务启动指令生效
注意:有的服务需要指定驻守进程(如在容器启动时一直执行一个进程,tail -f /etc/hosts)
root@harbor:~# tree dockerfile
dockerfile
├── system
│ ├── centos
│ │ ├── build-command.sh
│ │ ├── Centos-7.repo
│ │ ├── Dockerfile
│ │ ├── epel-7.repo
│ │ └── filebeat-7.12.1-x86_64.rpm
│ ├── redhat
│ └── ubuntu
└── web
├── haproxy
│ ├── build-command.sh
│ ├── Dockerfile
│ ├── haproxy-2.2.11.tar.gz
│ ├── haproxy.cfg
│ └── run_haproxy.sh
├── jdk
│ └── jdk-8u-212
│ ├── build-command.sh
│ ├── Dockerfile
│ ├── jdk-8u212-linux-x64.tar.gz
│ └── profile
├── nginx
│ ├── nginx-1.25
│ │ ├── build.sh
│ │ ├── Dockerfile
│ │ └── nginx-1.25.1.tar.gz
│ ├── nginx-app
│ │ ├── build-command.sh
│ │ ├── Dockerfile
│ │ ├── index.html
│ │ ├── nginx.conf
│ │ └── webapp.tar.gz
│ └── nginx-upsream
│ ├── build-command.sh
│ ├── Dockerfile
│ ├── index.html
│ ├── nginx.conf
│ └── webapp.tar.gz
└── tomcat
├── tomcat-app1
│ ├── build-command.sh
│ ├── Dockerfile
│ ├── myapp
│ │ └── index.jsp
│ ├── myapp.tar.gz
│ ├── run_tomcat.sh
│ └── server.xml
├── tomcat-app2
│ ├── build-command.sh
│ ├── Dockerfile
│ ├── myapp
│ │ └── index.jsp
│ ├── myapp.tar.gz
│ ├── run_tomcat.sh
│ └── server.xml
└── tomcat-base-8.5.65
├── apache-tomcat-8.5.65.tar.gz
├── build-command.sh
└── Dockerfile
18 directories, 42 files