牛逼!下一代 Docker 镜像构建神器
点击上方“码农突围”,马上关注
这里是码农充电第一站,回复“666”,获取一份专属大礼包
真爱,请设置“星标”或点个“在看
本文目标
减少构建时间; 缩小镜像尺寸; 获得可维护性; 获得可重复性; 了解多阶段Dockerfile; 了解BuildKit功能。
先决条件
Docker概念知识 已安装Docker(当前使用v19.03) 一个Java应用程序(在本文中,我使用了一个Jenkins Maven示例应用程序)
简单的Dockerfile示例
debian
COPY . /app RUN apt-get update RUN apt-get -y install openjdk-11-jdk ssh emacs CMD [“java”, “-jar”, “/app/target/my-app-1.0-SNAPSHOT.jar”] cd simple-java-maven-app-master
# create a Dockerfile vim Dockerfile
# write content, save and exit docker pull debian:latest
# pull the source image time docker build --no-cache -t docker-class .
# overwrite previous layers # notice the build time 0,
21s
user0,
23s system
0% cpu
1:
55,
17 total
启用BuildKit
time DOCKER_BUILDKIT=
1 docker build --no-cache -t docker-class
{
"features": {
"buildkit": true } }
DOCKER_BUILDKIT=
1 docker build --no-cache -t docker-class .
0,
54s
user0,
93s system
1% cpu
1:
43,
00 total
从最小到最频繁变化的顺序
debian
RUN apt-get update RUN apt-get -y install openjdk-11-jdk ssh emacs RUN COPY . /app CMD [“java”, “-jar”, “/app/target/my-app-1.0-SNAPSHOT.jar”] 避免使用“COPY .”
debian
RUN apt-get update RUN apt-get -y install openjdk-11-jdk ssh vim COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] apt-get update 和install命令一起使用
debian
RUN apt-get update && \ apt-get -y install openjdk-
11-jdk ssh vim
COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 删除不必要的依赖
debian
RUN apt-get update && \ apt-get -y install --no-install-recommends \
openjdk-
11-jdk
COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 删除程序包管理器缓存
debian
RUN apt-get update && \ apt-get -y install --no-install-recommends \
openjdk-
11-jdk && \
rm -rf /var/lib/apt/lists/*
COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 尽可能使用官方镜像
openjdk
COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 使用特定标签
openjdk:
8COPY target/my-app-1.0-SNAPSHOT.jar /app CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 寻找最小的镜像
REPOSITORY TAG标签 SIZE大小
openjdk
8634MB
openjdk
8-jre
443MB
openjdk
8-jre-slim
204MB
openjdk
8-jre-alpine
83MB
在一致的环境中从源构建
maven:
3.6-jdk-
8-alpine
WORKDIR /app COPY pom.xml . COPY src ./src RUN mvn -e -B package CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 在单独的步骤中获取依赖项
maven:
3.6-jdk-
8-alpine
WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD [“java”, “-jar”, “/app/my-app-1.0-SNAPSHOT.jar”] 多阶段构建:删除构建依赖项
将构建与运行时环境分开 DRY方式 具有开发,测试等环境的不同详细信息 线性化依赖关系 具有特定于平台的阶段
maven:
3.6-jdk-
8-alpine AS builder
WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package FROM openjdk:
8-jre-alpine
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar / CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] time DOCKER_BUILDKIT=
1 docker build --no-cache -t docker-class .
0,
41s
user0,
54s system
2% cpu
35,
656 total
多阶段构建:不同的镜像风格
maven:
3.6-jdk-
8-alpine AS builder
…
FROM openjdk:
8-jre-jessie AS release-jessie
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar / CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] FROM openjdk:
8-jre-alpine AS release-alpine
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar / CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] time docker build --no-cache --target release-jessie .
不同的镜像风格(DRY /全局ARG)
flavor=alpine
FROM maven:
3.6-jdk-
8-alpine AS builder
…
FROM openjdk:
8-jre-$flavor AS release
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar / CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] time docker build --no-cache --target release --build-
arg flavor=jessie .
并发
maven:
3.6-jdk-
8-alpine AS builder
…
FROM tiborvass/whalesay AS assets
RUN whalesay “Hello DockerCon!” > out/assets.html FROM openjdk:
8-jre-alpine AS release
COPY --from=builder /app/my-app-1.0-SNAPSHOT.jar / COPY --from=assets /out /assets CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] maven:
3.6-jdk-
8-alpine AS builder-base
…
FROM gcc:
8-alpine AS builder-someClib
…
RUN git clone … ./configure --prefix=/out && make && make install FROM g++:
8-alpine AS builder-some CPPlib
…
RUN git clone … && cmake … FROM builder-base AS builder
COPY --from=builder-someClib /out / COPY --from=builder-someCpplib /out / BuildKit应用程序缓存
apt /var/lib/apt/lists
go ~/.cache/go-build
go-modules $GOPATH/pkg/mod
npm ~/.npm
pip ~/.cache/pip
maven:
3.6-jdk-
8-alpine AS builder
WORKDIR /app RUN --mount=target=. --mount=type=cache,target /root/.m2 \ && mvn package -DoutputDirectory=/
FROM openjdk:
8-jre-alpine
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar / CMD [“java”, “-jar”, “/my-app-1.0-SNAPSHOT.jar”] BuildKit的安全功能
–mount=type=secret
隐藏了一些机密文件,例如~/.aws/credentials
。 <baseimage>
RUN … RUN --mount=type=secret,id=aws,target=/root/.aws/credentials,required \ ./fetch-assets-
from-s3.sh
RUN ./build-scripts.sh docker build --secret id=aws,src=~/.aws/credentials
COPY ./keys/private.pem /root .ssh/private.pem
之类的命令,我们可以使用BuildKit中的ssh解决此问题: alpine
RUN apk add --no-cache openssh-client RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts ARG REPO_REF=
19ba7bcd9976ef8a9bd086187df19ba7bcd997f2
RUN --mount=type=ssh,required git clone [email protected]:org/repo /work && cd /work && git checkout -b $REPO_REFeval $(ssh-agent)
ssh-
add ~/.ssh/id_rsa # this is the SSH key default location docker build --ssh=default .
结论
最新评论
推荐文章
作者最新文章
你可能感兴趣的文章
Copyright Disclaimer: The copyright of contents (including texts, images, videos and audios) posted above belong to the User who shared or the third-party website which the User shared from. If you found your copyright have been infringed, please send a DMCA takedown notice to [email protected]. For more detail of the source, please click on the button "Read Original Post" below. For other communications, please send to [email protected].
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。
版权声明:以上内容为用户推荐收藏至CareerEngine平台,其内容(含文字、图片、视频、音频等)及知识版权均属用户或用户转发自的第三方网站,如涉嫌侵权,请通知[email protected]进行信息删除。如需查看信息来源,请点击“查看原文”。如需洽谈其它事宜,请联系[email protected]。