# Dockerfile介绍 ## 1.每条指令都是互相隔离的，可能创建新的层 例如 ``RUN cd /tmp`` 对下一条指令没有任何影响 ## 2.尽可能使用缓存加速build ``build-cache`` 会在控制台显示出来 `--cache-from`可以指定外部缓存源 ## 3.docker scan When you’re done with your build, you’re ready to look into [scanning your image with](https://docs.docker.com/engine/scan/)[ ](https://docs.docker.com/engine/scan/)[docker scan](https://docs.docker.com/engine/scan/), and [pushing your image to Docker Hub](https://docs.docker.com/docker-hub/repos/). # Best practices for writing Dockerfiles [Best practices for writing Dockerfiles | Docker Documentation](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache) ## 1.General guidelines and recommendations ### 1.1 Create ephemeral containers[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#create-ephemeral-containers) 容器尽越“短暂”越好 “短暂”是指容器可以被停止和销毁，然后重建并替换为绝对最小的设置和配置。 ### 1.2 Understand build context[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#understand-build-context) 默认dockerfile所在的路径就是 build context 可以用 -f 指定 防止不需要的文件被构建进去，导致不必要的资源消耗 实例： ```bash mkdir myproject && cd myproject $ echo "hello" > hello $ echo -e "FROM busybox\nCOPY /hello /\nRUN cat /hello" > Dockerfile $ docker build -t helloapp:v1 . ``` ```bash mkdir -p dockerfiles context $ mv Dockerfile dockerfiles && mv hello context $ docker build --no-cache -t helloapp:v2 -f dockerfiles/Dockerfile context ``` build的时候可以关注一下大小信息 ```bash Sending build context to Docker daemon 187.8MB ``` ### 1.3 Pipe Dockerfile through stdin[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#pipe-dockerfile-through-stdin) #### 1.3.1 Build an image using a Dockerfile from stdin, without sending build context 不需要Dockerfile文件，使用输入流构建，提高构建速度， 但是不能使用 `COPY` 或 `ADD` 指令 ```bash docker build -t myimage:latest -<<EOF FROM busybox RUN echo "hello world" EOF ``` #### 1.3.2 Build from a local build context, using a Dockerfile from stdin ```bash docker build [OPTIONS] -f- PATH ``` ```bash # create a directory to work in mkdir example cd example # create an example file touch somefile.txt # build an image using the current directory as context, and a Dockerfile passed through stdin docker build -t myimage:latest -f- . <<EOF FROM busybox COPY somefile.txt ./ RUN cat /somefile.txt EOF ``` #### 1.3.3 Build from a remote build context, using a Dockerfile from stdin ```bash docker build [OPTIONS] -f- PATH ``` ```bash docker build -t myimage:latest -f- https://github.com/docker-library/hello-world.git <<EOF FROM busybox COPY hello.c ./ EOF ``` ### 1.4 Exclude with `.dockerignore`[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#exclude-with-dockerignore) 类似于 `.gitignore` [Dockerfile reference | Docker Documentation](https://docs.docker.com/engine/reference/builder/#dockerignore-file) ### 1.5 Use multi-stage builds[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#use-multi-stage-builds) 可以极大减小最后打包生成的镜像 image最后一步生成，可以利用构建缓存 例如，如果您的构建包含多个层，您可以将它们从更改较不频繁（以确保构建缓存可重用）到更改较频繁的排序： * 安装构建应用程序所需的工具 * 安装或更新库依赖项 * 生成您的应用程序 A Dockerfile for a Go application could look like: ```bash # syntax=docker/dockerfile:1 FROM golang:1.16-alpine AS build # Install tools required for project # Run `docker build --no-cache .` to update dependencies RUN apk add --no-cache git RUN go get github.com/golang/dep/cmd/dep # List project dependencies with Gopkg.toml and Gopkg.lock # These layers are only re-built when Gopkg files are updated COPY Gopkg.lock Gopkg.toml /go/src/project/ WORKDIR /go/src/project/ # Install library dependencies RUN dep ensure -vendor-only # Copy the entire project and build it # This layer is rebuilt when a file changes in the project directory COPY . /go/src/project/ RUN go build -o /bin/project # This results in a single layer image FROM scratch COPY --from=build /bin/project /bin/project ENTRYPOINT ["/bin/project"] CMD ["--help"] ``` ### 1.6 Don't install unnecessary packages[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#dont-install-unnecessary-packages) ### 1.7 Decouple applications[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications) ### 1.8 Minimize the number of layers[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#minimize-the-number-of-layers) - 只有 `RUN` , `COPY` , `ADD `创建层，其他创建临时的中间镜像，不会增加size * 尽可能使用多阶段构建，只复制最终的image需要的文件 ### 1.9 Sort multi-line arguments[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#sort-multi-line-arguments) 按字母表顺序对参数排序，`\` 换行 ```bash RUN apt-get update && apt-get install -y \ bzr \ cvs \ git \ mercurial \ subversion \ && rm -rf /var/lib/apt/lists/* ``` ### 1.10 Leverage build cache[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache) 利用构建缓存 ## 2.Dockerfile instructions[?](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#dockerfile-instructions) # 相关链接 [Dockerfile reference | Docker Documentation](https://docs.docker.com/engine/reference/builder/) [Best practices for writing Dockerfiles | Docker Documentation](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)