Shulou(Shulou.com)06/01 Report--

This article mainly shows you "what are the ways to simplify Docker images". The content is easy to understand and clear. I hope it can help you solve your doubts. Let me lead you to study and learn this article "what are the ways to streamline Docker images?"

The need to reduce the size of Docker images

Docker mirroring consists of many mirror layers (up to 127layers), which rely on a series of underlying technologies, such as file system (filesystems), write-time replication (copy-on-write), joint mount (union mounts), and so on. You can check the Docker community documentation to learn more about Docker storage drivers, so I won't go into the technical details here. In general, each instruction in Dockerfile creates a mirror layer, which in turn increases the overall mirror size.

Here are the benefits of reducing the size of Docker images:

1. Reduce build time

2. Reduce disk usage

3. Reduce download time

4. Because there are few files included, the attack surface is reduced, and the security is improved.

5. Speed up deployment

Five suggestions to reduce the size of Docker image

Optimize basic mirroring

The way to optimize the basic image is to select a smaller basic image. The commonly used Linux system images are Ubuntu, CentOs and Alpine, of which Alpine is recommended. The size comparison is as follows:

Lynzabo@ubuntu ~ / s > docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Ubuntu latest 74f8760a2a8b 8 days ago 82.4MB

Alpine latest 11cd0b38bc3c 2 weeks ago 4.41MB

Centos 7 49f7960eb7e4 7 weeks ago 200MB

Debian latest 3bbb526d2608 8 days ago 101MB

Lynzabo@ubuntu ~ / s >

Alpine is a lightweight Linux distribution that is highly compact and contains basic tools. The basic image is only 4.41m. Every development language and framework has a basic image based on Alpine. It is highly recommended.

Looking at the image size comparison above, you will find that the smallest image also has 4.41m, so is there any way to build a smaller image? The answer is yes, for example, the gcr.io/google_containers/pause-amd64:3.1 image has only 742KB. Why is this mirror so small? Before decrypting for you, two more basic images are recommended:

> scratch image

Scratch is an empty image and can only be used to build other images. For example, if you want to run a binary that contains all dependencies, such as the Golang program, you can directly use scratch as the base image. Now let's show you the Google pause image Dockerfile mentioned above:

FROM scratch

ARG ARCH

ADD bin/pause-$ {ARCH} / pause

ENTRYPOINT ["/ pause"]

The Google pause image uses scratch as the base image, which itself does not take up space, and the image built with it is almost as large as the binary file itself, so the image is very small. Of course, it will also be used in our Golang program. For some Golang/C programs, you may rely on some dynamic libraries. You can use automatic extraction dynamic libraries tools, such as ldd, linuxdeployqt, etc., to extract all dynamic libraries, and then package the binaries and dependent dynamic libraries into an image.

> busybox image

Scratch is an empty image. If you want to include some commonly used Linux tools in the image, busybox image is a good choice. The image itself is only 1.16m, which is very easy to build a small image.

Tandem Dockerfile instruction

When we define Dockerfile, if we use the RUN instruction too much, it will often cause the image to have too many layers, and the image will be very bloated, and we may even encounter problems that exceed the maximum number of layers (127layers). Following the Dockerfile best practice, we should combine multiple commands in series into a single RUN (implemented by the operators & & and /). Each RUN should be carefully designed to ensure that the installation is finally cleaned up. Only in this way can you reduce the mirror volume and maximize the use of the build cache.

Here is a pre-optimization Dockerfile:

FROM ubuntu

ENV VER 3.0.0

ENV TARBALL http://download.redis.io/releases/redis-$VER.tar.gz

# = > Install curl and helper tools...

RUN apt-get update

RUN apt-get install-y curl make gcc

# = > Download, compile, and install...

RUN curl-L $TARBALL | tar zxv

WORKDIR redis-$VER

RUN make

RUN make install

#...

# = > Clean up...

WORKDIR /

RUN apt-get remove-y-auto-remove curl make gcc

RUN apt-get clean

RUN rm-rf / var/lib/apt/lists/* / redis-$VER

#...

CMD ["redis-server"]

Build the image with the name test/test:0.1.

We optimize Dockerfile. After optimization, Dockerfile:

FROM ubuntu

ENV VER 3.0.0

ENV TARBALL http://download.redis.io/releases/redis-$VER.tar.gz

RUN echo "= > Install curl and helper tools..." & &\

Apt-get update & &\

Apt-get install-y curl make gcc & &\

Echo "= > Download, compile, and install..." & &\

Curl-L $TARBALL | tar zxv & &\

Cd redis-$VER & &\

Make & &\

Make install & &\

Echo "= > Clean up..." & &\

Apt-get remove-y-auto-remove curl make gcc & &\

Apt-get clean & &\

Rm-rf / var/lib/apt/lists/* / redis-$VER

#...

CMD ["redis-server"]

Build the image with the name test/test:0.2.

Compare the size of the two images:

Root@k8s-master:/tmp/iops# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

Test/test 0.2 58468c0222ed 2 minutes ago 98.1MB

Test/test 0.1 e496cf7243f2 6 minutes ago 307MB

Root@k8s-master:/tmp/iops#

As you can see, the size of the image built by concatenating multiple RUN commands is 1/3 of the size of each command's RUN.

Tip: in order to deal with the fact that there are too many mirror layers in the mirror, Docker version 1.13 provides a flattening mirror function, which compresses all the operations in Dockerfile into one layer. This feature is still in the experimental stage, and Docker is not enabled by default. If you want to enable it, you need to add the-experimental option when starting Docker and-- squash when Docker build builds the image. This approach is not recommended. Follow best practices when writing Dockerfile, and don't try to compress the image in this way.

Use multi-phase build

Each command in Dockerfile adds a mirror layer to the mirror, and you need to clean up unwanted components before moving to the next mirror layer. In fact, there is a Dockerfile for development (which contains everything you need to build the application) and a thin client for production, which contains only your application and what you need to run it. This is called the "builder mode". The Docker 17.05.0-ce version supports multi-phase builds later. With multi-phase builds, you can use multiple FROM statements in Dockerfile, and each FROM instruction can use a different underlying image, so that you can optionally COPY service components from one phase to another, leaving only what you need in the final image.

Here is a method that uses COPY-- from and FROM. AS... Dockerfile of:

# Compile

FROM golang:1.9.0 AS builder

WORKDIR / go/src/v9.git...com/.../k8s-monitor

COPY. .

WORKDIR / go/src/v9.git...com/.../k8s-monitor

RUN make build

RUN mv k8s-monitor / root

# Package

# Use scratch image

FROM scratch

WORKDIR / root/

COPY-from=builder / root.

EXPOSE 8080

CMD ["/ root/k8s-monitor"]

When you build an image, you will find that the generated image is only the content specified in the above COPY instruction, and the size of the image is only 2m. In the past, using two Dockerfile (one Dockerfile for development and one thin client for production) can now be done with a multi-phase build.

Skills of building business service image

When Docker is mirrored in build, if the content related to a command remains unchanged, the file layer of the last cache (cache) will be used. You can pay attention to the following two points when building a business image:

1. Larger dependent libraries that remain unchanged or change little are separated from frequently modified self-owned code

2. Because cache is cached on the local machine running the Docker build command, it is recommended to always use a certain machine for Docker build in order to take advantage of cache.

The following is an example of building a Spring Boot application image to illustrate how to layer. Other types of applications, such as Java WAR packages, Nodejs npm modules, etc., can take a similar approach.

1. In the directory where Dockerfile resides, extract the jar package generated by maven.

$unzip .jar-d app

2. Dockerfile We divide the content of the application into four parts and COPY it to the image: the first three are basically unchanged, and the fourth is your own code that changes frequently. The last line is how to start the spring boot application after decompression.

FROM openjdk:8-jre-alpine

LABEL maintainer "opl-xws@xiaomi.com"

COPY app/BOOT-INF/lib/ / app/BOOT-INF/lib/

COPY app/org / app/org

COPY app/META-INF / app/META-INF

COPY app/BOOT-INF/classes / app/BOOT-INF/classes

EXPOSE 8080

CMD ["/ usr/bin/java", "- cp", "/ app", "org.springframework.boot.loader.JarLauncher"]

This can greatly improve the build speed when building the mirror.

Other optimization methods

Of course, in addition to the above four types of methods, there are other optimization methods to simplify the mirror image.

1. Skills of executing apt, apk or yum tools in RUN command

If you execute apt, apk, or yum-like tools in the RUN command, you can use some tips provided by these tools to reduce the number of mirror layers and mirror size. To give a few examples:

(1) add the option-  no-install-recommends when executing apt-get install- y, so that you don't have to install recommended (optional) dependencies, or you can add the option-- no-cache when executing apk add to achieve the same effect.

(2) when executing yum install-y, you can install multiple tools at the same time, such as yum install-y gcc gcc-c++ make. All yum install tasks are performed on a single RUN command, reducing the number of mirror layers

(3) the installation and cleaning of components should be concatenated in one instruction, such as apk-- update add php7 & & rm-rf / var/cache/apk/*, because each instruction of Dockerfile produces a file layer, if apk add. And rm-rf... The command is separated, and cleanup cannot reduce the size of the file layer generated by the apk command. Ubuntu or Debian can use rm-rf / * * var**/lib/apt/lists/* to clean the cache files in the image; systems such as CentOS use the yum clean all command to clean up.

two。 Compress mirror image

Some commands that come with Docker can also help compress images, such as export and import

$docker run-d test/test:0.2

$docker export 747dc0e72d13 | docker import-test/test:0.3

In this way, the container needs to be run first, and some information about mirroring will be lost in the process, such as export port, environment variables, and default instructions.

Check the information of the two mirror history, as shown below, you can see that test/test:0.3 has lost all the mirror layer information:

Root@k8s-master:/tmp/iops# docker history test/test:0.3

IMAGE CREATED CREATED BY SIZE COMMENT

6fb3f00b7a72 15 seconds ago 84.7MB Imported from-

Root@k8s-master:/tmp/iops# docker history test/test:0.2

IMAGE CREATED CREATED BY SIZE COMMENT

58468c0222ed 2 hours ago / bin/sh-c # (nop) CMD ["redis-server"] 0B

1af7ffe3d163 2 hours ago / bin/sh-c echo "= > Install curl and helper … 15.7MB

8bac6e733d54 2 hours ago / bin/sh-c # (nop) ENV TARBALL= http://downlo … 0B

793282f3ef7a 2 hours ago / bin/sh-c # (nop) ENV VER=3.0.0 0B

74f8760a2a8b 8 days ago / bin/sh-c # (nop) CMD ["/ bin/bash"] 0B

8 days ago / bin/sh-c mkdir-p / run/systemd & & echo'do... 7B

8 days ago / bin/sh-c sed-I's / ^ #\ s *\ (deb.*universe\) $... 2.76kB

8 days ago / bin/sh-c rm-rf / var/lib/apt/lists/* 0B

8 days ago / bin/sh-c set-xe & & echo'#! / bin/sh' > / … 745B

8 days ago / bin/sh-c # (nop) ADD file:5fabb77ea8d61e02d... 82.4MB

Root@k8s-master:/tmp/iops# above is all the contents of this article entitled "what are the ways to streamline Docker mirroring?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.