Dockerfile 介绍

1.每条指令都是互相隔离的，可能创建新的层

例如

RUN cd /tmp

对下一条指令没有任何影响

2.尽可能使用缓存加速 build

build-cache

会在控制台显示出来

--cache-from 可以指定外部缓存源

3.docker scan

When you’re done with your build, you’re ready to look into scanning your image with docker scan, and pushing your image to Docker Hub.

Best practices for writing Dockerfiles

Best practices for writing Dockerfiles | Docker Documentation

1.General guidelines and recommendations

1.1 Create ephemeral containers?

容器尽越“短暂”越好

“短暂”是指容器可以被停止和销毁，然后重建并替换为绝对最小的设置和配置。

1.2 Understand build context?

默认 dockerfile 所在的路径就是 build context

可以用 -f 指定

防止不需要的文件被构建进去，导致不必要的资源消耗

实例：

mkdir myproject && cd myproject
$ echo "hello" > hello
$ echo -e "FROM busybox\nCOPY /hello /\nRUN cat /hello" > Dockerfile
$ docker build -t helloapp:v1 .
​

mkdir -p dockerfiles context
$ mv Dockerfile dockerfiles && mv hello context
$ docker build --no-cache -t helloapp:v2 -f dockerfiles/Dockerfile context
​

build 的时候可以关注一下大小信息

Sending build context to Docker daemon 187.8MB
​

1.3 Pipe Dockerfile through stdin?

1.3.1 Build an image using a Dockerfile from stdin, without sending build context

不需要 Dockerfile 文件，使用输入流构建，提高构建速度，

但是不能使用 COPY 或 ADD 指令

docker build -t myimage:latest -<<EOF
FROM busybox
RUN echo "hello world"
EOF
​

1.3.2 Build from a local build context, using a Dockerfile from stdin

docker build [OPTIONS] -f- PATH
​

# create a directory to work in
mkdir example
cd example


# create an example file
touch somefile.txt


# build an image using the current directory as context, and a Dockerfile passed through stdin
docker build -t myimage:latest -f- . <<EOF
FROM busybox
COPY somefile.txt ./
RUN cat /somefile.txt
EOF
​

1.3.3 Build from a remote build context, using a Dockerfile from stdin

docker build [OPTIONS] -f- PATH
​

docker build -t myimage:latest -f- https://github.com/docker-library/hello-world.git <<EOF
FROM busybox
COPY hello.c ./
EOF
​

1.4 Exclude with .dockerignore?

类似于 .gitignore

Dockerfile reference | Docker Documentation

1.5 Use multi-stage builds?

可以极大减小最后打包生成的镜像

image 最后一步生成，可以利用构建缓存

例如，如果您的构建包含多个层，您可以将它们从更改较不频繁（以确保构建缓存可重用）到更改较频繁的排序：

• 安装构建应用程序所需的工具
• 安装或更新库依赖项
• 生成您的应用程序

A Dockerfile for a Go application could look like:

# syntax=docker/dockerfile:1
FROM golang:1.16-alpine AS build


# Install tools required for project
# Run `docker build --no-cache .` to update dependencies
RUN apk add --no-cache git
RUN go get github.com/golang/dep/cmd/dep


# List project dependencies with Gopkg.toml and Gopkg.lock
# These layers are only re-built when Gopkg files are updated
COPY Gopkg.lock Gopkg.toml /go/src/project/
WORKDIR /go/src/project/
# Install library dependencies
RUN dep ensure -vendor-only


# Copy the entire project and build it
# This layer is rebuilt when a file changes in the project directory
COPY . /go/src/project/
RUN go build -o /bin/project


# This results in a single layer image
FROM scratch
COPY --from=build /bin/project /bin/project
ENTRYPOINT ["/bin/project"]
CMD ["--help"]
​

1.6 Don't install unnecessary packages?

1.7 Decouple applications?

1.8 Minimize the number of layers?

• 只有 RUN , COPY , ADD 创建层，其他创建临时的中间镜像，不会增加 size

• 尽可能使用多阶段构建，只复制最终的 image 需要的文件

1.9 Sort multi-line arguments?

按字母表顺序对参数排序，\ 换行

RUN apt-get update && apt-get install -y \
bzr \
cvs \
git \
mercurial \
subversion \
&& rm -rf /var/lib/apt/lists/*
​

1.10 Leverage build cache?

利用构建缓存

2.Dockerfile instructions?

相关链接

Dockerfile reference | Docker Documentation

Best practices for writing Dockerfiles | Docker Documentation