1. Docker image layered design
docker image has a very important concept: layering. docker image is "tiered storage", and each instruction in Dockerfile will generate a layer of image. For example, all custom images need to execute "FROM centos", so this layer only needs to be downloaded for the first time and will not be downloaded later.
Layers, from top to bottom:
- Operating environment
- operating system
2. Make a mirror image of your own company
Create a new image based on the official image of centos and install common basic functions, such as WGet sudo git tree net tools.
2.1 create a reasonable directory to store different dockerfiles
cd /data/dockerfile/ mkdir system runtime app mynginx
The first three directories correspond to the operating system, operating environment and application software respectively. The fourth directory is used to store dockerfile. This paper takes the creation of Nginx docker image as an example, so it is named mynginx.
cd system/ mkdir centos cd centos/
2.2 editing Dockerfile
vim Dockerfile, as follows:
#Base Image specifies the Base Image FROM centos #Maintainer image maintainer information MAINTAINER lu email@example.com #What does RUN want the image to do #RUN is followed by the command that runs when making the container image #ADD is followed by two parameters, the host file and the file in the image. That is, copy a file from the host to the scene. "/ usr/share/nginx/html/index.html" given in this example is the default path for installing nginx in yum mode. #Export is the external port of the container #CMD is the command to be run by the container started with this image RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm #be based on RUN yum install -y wget sudo git tree net-tools && yum clean all
After installing the software in the image, be sure to execute yum clean all to delete the useless files left by the installation software and effectively save space.
2.3 execute Dockerfile
docker build -t system/centos:v1 .
When you execute the docker build command, don't forget the last point, which means reading the Dockerfile from the current directory.
The process of creating an image is as follows:
[root@k8s-master /data/dockerfile/system/centos]# docker build -t system/centos:v1 . Sending build context to Docker daemon 2.56kB Step 1/4 : FROM centos ---> 5182e96772bf Step 2/4 : MAINTAINER lu firstname.lastname@example.org ---> Using cache ---> 9af4bd99cdc6 Step 3/4 : RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm ---> Using cache ---> 91da60642226 Step 4/4 : RUN yum install -y wget sudo git tree net-tools && yum clean all ---> Using cache ---> d5ba564a6b85 Successfully built d5ba564a6b85 Successfully tagged system/centos:v1
Check the image. It has been made
Next, create the image system/centos:v2 (or system/centos:v1) based on the centos official website image, and install the ssh service in it (it is convenient for developers and maintainers who are used to virtual machines to use ssh connection container, which is not recommended).
2.4 edit the Dockerfile. Compared with the Dockerfile just now, there are more steps for SSH installation:
cd /data/dockerfile/system/ mkdir centos-ssh cd centos-ssh
vim Dockerfile. The configuration of Dockerfile is as follows:
#Base Image specifies the Base Image FROM centos #Maintainer image maintainer information MAINTAINER lu email@example.com #What does RUN want the image to do #RUN is followed by the command that runs when making the container image #ADD is followed by two parameters, the host file and the file in the image. That is, copy a file from the host to the scene. "/ usr/share/nginx/html/index.html" given in this example is the default path for installing nginx in yum mode. #Export is the external port of the container #CMD is the command to be run by the container started with this image RUN rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm RUN yum install -y wget sudo git tree net-tools openssh-clients openssh-server openssh-devel && yum clean all RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key RUN ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key #Set root password RUN echo "root:lusibo@123" | chpasswd
docker build -t system/centos:v2 .
After building the image, view the image
2.5 next, verify that the new image is used
Verification: whether the docker container started with the new image can run and use as expected.
Run a docker container using the image system/centos:v2:
docker run -d --name centos-ssh-demo -p 8022:22 system/centos:v2 /usr/sbin/sshd -D
- --Name CentOS SSH demo. The name of the container started is CentOS SSH demo;
- -p 8022:22, map the port 22 of the started container to the port 8022 of the host;
- /usr/sbin/sshd -D to make the sshd service run in the background.
Run docker ps to confirm whether the new container is created successfully and runs normally:
Connect the container by SSH and operate in the host machine:
ssh -p 8022 firstname.lastname@example.org:8022
If the connection is successful, the image is created successfully.
Looking at the process of the container, you can see that the process ID of the sshd service is 1. If the service hangs, the container will go down.
Containers are used to run software (Applications), not SSH. Generally speaking, the software is deployed in the container, and the PID of the process in which the software runs is 1. Then when the container is started or closed, the software will be started or closed. However, if PID process 1 is occupied by SSH, or in some cases, two or more software have to be run in the same container, how to manage the operation of these software?
It is impossible to log into each container to operate, which is unrealistic. So at this time, we can use the software supervisor to manage the processes in the container. I'll talk about it later.