20210813 (목) dockerfile, 멀티 스테이지 빌드, 사설레지스트리

09:33 review

 

 

 도커 컨테이너 이미지 작성

   1) 도커 컨테이너로부터 이미지 작성 : 

   2) Dockerfile로부터 이미지 작성:

     CMD : shell 환경에서 명령어 작성 

          shell 실행없이 명령어 실행하면 리소스 절약

   Ecec, entrypoint

ADD	Defines files to copy from the Host file system onto the Container ADD ./local/config.file /etc/service/config.file
CMD	This is the command that will run when the Container starts CMD ["nginx", "-g", "daemon off;"]
ENTRYPOINT	Sets the default application used every time a Container is created from the Image. If used in conjunction with CMD, you can remove the application and just define the arguments there CMD Hello World! ENTRYPOINT echo
ENV	Set/modify the environment variables within Containers created from the Image. ENV VERSION 1.0
EXPOSE	Define which Container ports to expose EXPOSE 80
FROM	Select the base image to build the new image on top of FROM ubuntu:latest
LABEL	Optional field to let you identify yourself as the maintainer of this image. This is just a label (it used to be a dedicated Docker directive). LABEL maintainer=someone@xyz.xyz"
RUN	Specify commands to make changes to your Image and subsequently the Containers started from this Image. This includes updating packages, installing software, adding users, creating an initial database, setting up certificates, etc. These are the commands you would run at the command line to install and configure your application. This is one of the most important dockerfile directives. RUN apt-get update && apt-get upgrade -y && apt-get install -y nginx && rm -rf /var/lib/apt/lists/*
USER	Define the default User all commands will be run as within any Container created from your Image. It can be either a UID or username USER docker
VOLUME	Creates a mount point within the Container linking it back to file systems accessible by the Docker Host. New Volumes get populated with the pre-existing contents of the specified location in the image. It is specially relevant to mention is that defining Volumes in a Dockerfile can lead to issues. Volumes should be managed with docker-compose or “docker run” commands. Volumes are optional. If your application does not have any state (and most web applications work like this) then you don’t need to use volumes. VOLUME /var/log ("volume_path1", "volume_path2")
WORKDIR	Define the default working directory for the command defined in the “ENTRYPOINT” or “CMD” instructions WORKDIR /home
ONBUILD
STOPSIGNAL
HEALTHCHECK	--interval=n (seconds) healthcheck 주기 지정 (default : 30s) --timeout=n (seconds) healthcheck 타임 아웃 (default : 30s) --retries=n (count) healthcheck 재시도 횟수 (default : 3)
SHELL

     ※ dangling images : system에서 사용되지 않는 <none> 이미지  - dockerfile로 빌드하면서 생기게 됨

   

 

 

##### image commit을 통한 컨테이너 생성 #####
[user@docker-host0 work]$ docker container create -ti --name centos7-test1 centos:7
5d7cc3e6e0e35466b75269251ef001353c9aa08b9ce9ca2558b5332f915a63f3
[user@docker-host0 work]$ docker container start centos7-teest1
Error response from daemon: No such container: centos7-teest1
Error: failed to start containers: centos7-teest1
[user@docker-host0 work]$ docker container start centos7-test1
centos7-test1
[user@docker-host0 work]$ docker container ls
CONTAINER ID   IMAGE      COMMAND       CREATED          STATUS         PORTS     NAMES
5d7cc3e6e0e3   centos:7   "/bin/bash"   22 seconds ago   Up 4 seconds             centos7-test1
[user@docker-host0 work]$ docker container attach centos7-test1
[root@5d7cc3e6e0e3 /]# yum install -y httpd net-tools vim


[root@5d7cc3e6e0e3 /]# echo first web page >> /var/www/html/index.html
[root@5d7cc3e6e0e3 /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[root@5d7cc3e6e0e3 /]# curl http://localhost
first web page
[root@5d7cc3e6e0e3 /]# exit

[user@docker-host0 ~]$ docker container inspect -f "{{ .NetworkSettings.Networks.bridge.IPAddress }}" centos7-test1
172.17.0.2
[user@docker-host0 ~]$ curl http://172.17.0.2
first web page
[user@docker-host0 ~]$ docker container commit centos7-test1 webserver:centos7
sha256:03c52befecb798010e3dad0645bdfeef01d87e87270cf45103d78088f96de9c9
[user@docker-host0 ~]$ docker images
REPOSITORY        TAG       IMAGE ID       CREATED         SIZE
webserver         centos7   03c52befecb7   8 seconds ago   421MB
centos            7         8652b9f0cb4c   9 months ago    204MB

[user@docker-host0 ~]$ docker container run -dt --name centos7-web1 webserver:centos7
0a52a6e6062fd1e43a7d2349cb6d526ae159130c7500c770da87e7998401ecef
[user@docker-host0 ~]$ docker container start centos7-web1
centos7-web1
[user@docker-host0 ~]$ docker container exec -it centos7-web1 /bin/bash
[root@0a52a6e6062f /]# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 01:01 pts/0    00:00:00 /bin/bash
root        17     0  1 01:02 pts/1    00:00:00 /bin/bash
root        33    17  0 01:02 pts/1    00:00:00 ps -ef
[root@0a52a6e6062f /]# httpd -k start
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
[root@0a52a6e6062f /]# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 01:01 pts/0    00:00:00 /bin/bash
root        17     0  0 01:02 pts/1    00:00:00 /bin/bash
root        35     0  0 01:02 ?        00:00:00 httpd -k start
apache      36    35  0 01:02 ?        00:00:00 httpd -k start
apache      37    35  0 01:02 ?        00:00:00 httpd -k start
apache      38    35  0 01:02 ?        00:00:00 httpd -k start
apache      39    35  0 01:02 ?        00:00:00 httpd -k start
apache      40    35  0 01:02 ?        00:00:00 httpd -k start
root        41    17  0 01:02 pts/1    00:00:00 ps -ef
[root@0a52a6e6062f /]# read escape sequence
[user@docker-host0 ~]$ docker container ls
CONTAINER ID   IMAGE               COMMAND       CREATED          STATUS              PORTS     NAMES
0a52a6e6062f   webserver:centos7   "/bin/bash"   2 minutes ago    Up About a minute             centos7-web1

[user@docker-host0 ~]$ docker container inspect -f "{{ .NetworkSettings.Networks.bridge.IPAddress }}" centos7-web1
172.17.0.3
[user@docker-host0 ~]$ curl http://172.17.0.3
first web page

728x90

[user@docker-host0 basic2]$ cat Dockerfile FROM centos:7 ENV VAR1=test ENV VAR2="test 1234" ENV VAR3=test\ 1234 ENV VAR4 1234 ENV VAR5 "hello docker" CMD echo message $VAR1  $VAR2   $VAR3   $VAR4   $VAR5 [user@docker-host0 basic2]$ docker container run --rm basic2:1 message test test 1234 test 1234 1234 hello docker [user@docker-host0 basic2]$ docker container run --rm --env VAR1="NEW" basic2:1 → 명령어 env로 전달하면 미리 정의된 Dockerfile보다 우선함 message NEW test 1234 test 1234 1234 hello docker

 

 

 

 

argument username

docker_user권한으로 다음 결과 출력

 

Current User is docker_user

 

[user@docker-host0 exam1]$ cat Dockerfile FROM centos:7 ARG USER RUN useradd ${USER} USER ${USER} RUN whoami RUN id CMD echo Current User is `whoami` [user@docker-host0 exam1]$ docker image build --tag exam1:2 --build-arg USER=docker_user . [user@docker-host0 exam1]$ docker container run --rm exam1:2 Current User is docker_user

 

 

  멀티 스테이지 빌드

    애플리케이션의 빌드 환경 및 실행 환경을 지원하기 위해 컨테이너의 이미지의 사이즈가 지나치게 커지는 것을 피하기 위한 빌드 기법

     하나의 Dockerfile 파일에 여러 Dockerfile 내용을 포함한다.

     개발환경, 제품환경을 분리하여 제품 이미지를 최소화하고, 부하나 스토리지의 낭비를 줄여준다.

 

p164 테스트

[user@docker-host0 go-app]$ docker container run --rm greet:1
Hello world!

[user@docker-host0 go-app]$ docker container run -it --rm greet:1 --lang=es asa
Hola asa
[user@docker-host0 go-app]$ docker container run -it --rm greet:1 --lang=fr asa
Bonjour asa

 

 

 p204 사설 registry

[user@docker-host0 go-app]$ docker image pull registry Using default tag: latest [user@docker-host0 go-app]$ docker images REPOSITORY          TAG          IMAGE ID       CREATED             SIZE exam1solve2         1            ae6cb035f9f9   2 hours ago         204MB registry            latest       1fd8e1b0bb7e   4 months ago        26.2MB [user@docker-host0 go-app]$ docker image tag exam1solve2:1 localhost:5000/e1s2:1 [user@docker-host0 go-app]$ docker image push localhost:5000/e1s2:1 The push refers to repository [localhost:5000/e1s2] ad5641edb3ba: Pushed e2c778b3ef2a: Pushed 174f56854903: Pushed 1: digest: sha256:b5fa42870c6a738f4f396e4239cfbf2bbe4a822835d56b3f1c7d2fb8e193d291 size: 944 [user@docker-host0 go-app]$ curl -X GET http://localhost:5000/v2/_catalog {"repositories":["e1s2"]}  ##### 사설 registry로부터 삭제 및 이미지 다운로드 ##### docker image rm ORIGINAL_REPO:TAG docker image rm localhost:5000/REPO:TAG docker image pull  localhost:5000/REPO:TAG

 

 사설 registry : Harbor

  Docker-Compose

   Docker Host에 있는 복수의 Docker Container를 한번에 제어할 수 있는 Docker 도구

    

##### 도커 compose 설치 및 작동 확인 #####

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose

 

sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
sudo docker-compose --version
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

##### 하버 설치 #####

[user@docker-host0 work]$ sudo yum install -y git

[user@docker-host0 work]$ git clone https://github.com/goharbor/harbor

[user@docker-host0 work]$ cd harbor

[user@docker-host0 work]$ sudo ./install.sh

 

 

[user@docker-host0 ~]$ sudo yum install git -y
[sudo] password for user:
[user@docker-host0 ~]$ wget https://github.com/goharbor/harbor/releases/download/v2.3.1/harbor-offline-installer-v2.3.1.tgz

[user@docker-host0 ~]$ tar xvzf harbor-offline-installer-v2.3.1.tgz
harbor/harbor.v2.3.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[user@docker-host0 ~]$ cd harbor/
[user@docker-host0 harbor]$ cp harbor.yml.tmpl harbor.yml
[user@docker-host0 harbor]$ vim harbor.yml
[user@docker-host0 harbor]$ vim harbor.yml
[user@docker-host0 harbor]$ sudo ./install.sh

 

 

2. Harbor

Docker-Compose
  Docker Host에 있는 복수의 Docker Container를 한번에 제어할 수 있는 Docker Contianer 도구

=== <Docker Compose 설치> ===
sudo wget "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64" -O /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
sudo docker-compose --version
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

=======

sudo yum install git -y
wget https://github.com/goharbor/harbor/releases/download/v2.3.1/harbor-offline-installer-v2.3.1.tgz
tar xvzf harbor-offline-installer-v2.3.1.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml 
vim harbor.yml
===
hostname: 192.168.56.100

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
##https:
  # https port for harbor, default is 443
##  port: 443
  # The path of cert and key files for nginx
##  certificate: /your/certificate/path
##  private_key: /your/private/key/path

===

sudo ./install.sh

sudo vi /etc/docker/daemon.json
===
{
    "insecure-registries": ["192.168.56.100"]
}
==== 

sudo systemctl restart docker.service


docker login 192.168.56.100
username: admin
password: Harbor12345

docker images
docker image tag ORIGINAL_REPO:TAG  192.168.56.100/library/REPO:TAG
docker image push  192.168.56.100/library/REPO:TAG

docker image rm ORIGINAL_REPO:TAG
docker image rm 192.168.56.100/library/REPO:TAG

docker image pull  192.168.56.100/library/REPO:TAG