Shulou(Shulou.com)06/01 Report--

Editor to share with you what are the notes of Dockerfile in docker. I hope you will get something after reading this article. Let's discuss it together.

Criterion

Try to keep the Dockerfile in an empty directory, and if there must be other files in the directory, use the .dockerkeeper file.

Avoid installing unnecessary packages.

Each container should focus on only one function point.

Minimize the number of layers of the mirror.

Should be classified when there are multiple lines of parameters. This is more straightforward, easy to read and review, and adds a space before each newline character\.

Have a clear understanding of building caches.

Instruction Note FROM

Dockerfile reference for the FROM instruction at all times, try to use the official mirror source as the base image for your mirror. We recommend using Debian Image because it is well managed and as a complete distribution package, but the size is kept to a minimum (currently insufficient 150MB).

1. FROM must be the first line except comments

two。 You can have multiple FROM statements to create multiple image

3.

LABEL

Dockerfile reference for the LABEL instruction

RUN

Dockerfile reference for the RUN instruction

There are two formats for RUN statements:

1. RUN (the command is run in a shell-/ bin/sh-c-shell form)

2. RUN ["executable", "param1", "param2"] (exec form)

Apt-get

Avoid using RUN apt-get upgrade or dist-upgrade as much as possible, because many core packages of the basic image will no longer be upgraded in unauthorized containers.

Use it together with RUN apt-get update and apt-get install under the same RUN statement. Such as:

RUN apt-get update & & apt-get install-y\ package-bar\ package-baz\ package-foo

If update and install are used separately, caching problems will occur when multiple Dockerfile are executed, causing subsequent install statements to fail.

In addition, after the execution of the apt-get statement, it is best to add the statement to delete the installation package to reduce the size of the image. Such as:

RUN apt-get update & & apt-get install-y\ aufs-tools\ automake\ build-essential\ & & rm-rf / var/lib/apt/lists/*

Note: official Debian and Ubuntu images automatically execute "RUN apt-get clean", so there is no need to explicitly delete the instruction.

Pipe use

Many RUN commands need to be piped, such as:

RUN wget-O-https://some.site | wc-l > / number

Docker uses the / bin/sh-c interpreter to execute these commands, which only evaluates the return value of the last operation of the pipe to determine whether the entire command was successful. In the above example, as long as the wc-l command succeeds, a new image is created even if the wget command fails. To avoid this, you can add set-o pipefail & & to the beginning of the statement. For example:

RUN set-o pipefail & & wget-O-https://some.site | wc-l > / number

Note: not all shell supports the-o pipefail option, such as shell:dash shell under Debian-based mirrors. In this case, we can use the RUN command in exec format to explicitly select shell to support the pipefail option. Such as:

RUN ["/ bin/bash", "- c", "set-o pipefail & & wget-O-https://some.site | wc-l > / number"] CMD

Dockerfile reference for the CMD instruction

Unlike RUN, the CMD statement runs when the build is mirrored, while the CMD statement runs after the end of the build. A Dockerfile clock can have multiple RUN statements, and although there can be multiple CMD statements, only the last CMD statement will be executed. The format of the CMD statement is:

CMD ["executable", "param1", "param2"...] EXPOSE

Dockerfile reference for the EXPOSE instruction

The EXPOSE directive indicates that the container will listen on the linked port. Therefore, it is best to use common, traditional application ports. For example, Apache web servers use EXPOSE 80 and so on.

In order to use external links, you need to use the docker run command to map container ports to host ports.

ENV

Dockerfile reference for the ENV instruction

Used to set the environment variable, once set, the following RUM instructions can use the previous environment variable. At the same time, you can also set environment variables when the container starts through docker run-- env key=value. Such as:

ENV PG_MAJOR 9.3ENV PG_VERSION 9.3.4RUN curl-SL http://example.com/postgres-$PG_VERSION.tar.xz | tar-xJC / usr/src/postgress & & … ENV PATH / usr/local/postgres-$PG_MAJOR/bin:$PATHADD and COPY

Dockerfile reference for the ADD instruction

Dockerfile reference for the COPY instruction

Although the functions of ADD and COPY are similar, in general, COPY is more recommended. Because COPY is more transparent than ADD, COPY only supports copying from local files to containers, but ADD has other obscure features (such as local tar package decompression and remote URL support). Therefore, the optimal use of ADD is that the local tar package is automatically extracted into the mirror. Such as: ADD rootfs.tar.xz /.

If there are multiple Dockerfile steps for working with different files, it is recommended that you COPY them separately instead of copying them at one time. This ensures that the build cache for each step is invalid only if the corresponding file changes. For example:

COPY requirements.txt / tmp/RUN pip install-requirement / tmp/requirements.txtCOPY. / tmp/

The size of the image is important, so using ADD to get the package from the remote URL is not encouraged; you can use curl or wget instead. In this way, you can delete files that are no longer needed, such as the unzipped tar package, so that you don't need to add additional layer to the image. For example, you should avoid using:

ADD http://example.com/big.tar.xz / usr/src/things/RUN tar-xJf / usr/src/things/big.tar.xz-C / usr/src/thingsRUN make-C / usr/src/things all

It should be like this:

RUN mkdir-p / usr/src/things\ & & curl-SL http://example.com/big.tar.xz\ | tar-xJC / usr/src/things\ & & make-C / usr/src/things all

You should always use COPY for files and directories that do not need to be automatically unzipped using the ADD command tar package.

ENTRYPOINT

Dockerfile reference for the ENTRYPOINT instruction

Use ENTRYPOINT to set the main command for the mirror, just as this is the command for the mirror runtime (and then use CMD as the default flag).

We use the s3cmd command as the master command for mirroring.

ENTRYPOINT ["s3cmd"] CMD ["--help"] VOLUME

Dockerfile reference for the VOLUME instruction

The VOLUME directive is generally used for the storage area of the database, configuration storage, or files and directories created by the docker container.

USER

Dockerfile reference for the USER instruction

If the service can run without privileges, you should use USER to switch users to non-root users. You can use the RUN command to create user groups and users such as:

RUN groupadd-r postgres & & useradd-r-g postgres postgres

You should avoid installing and using sudo, because it has unpredictable TTY and signaling features, which can cause a lot of problems. If you do want to use sudo-like features (such as initializing daemon under root and running it without root), you can use "gosu".

WORKDIR

[Dockerfile reference for the WORKDIR instruction] (https://docs.docker.com/engine/reference/builder / # workdir)

To make the Dockerfile content clearer and more reliable, it is always best to use an absolute path. Similarly, you should use WORKDIR instead of instructions like "cd … & & do-something", as that can make it difficult to read, find errors, and maintain.

After reading this article, I believe you have a certain understanding of "what are the points for attention in Dockerfile in docker". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.