Dockerfile 常用指令
2023年4月24日
Comment #
- #开头的为注释
Parse Directive #
# directive=value1
- 不添加layer,影响Dockerfile 行的执行顺序
- 放在最开头
- # escape=` 用在windows环境下解决反斜杠是路径分隔符的问题
FROM #
From Imagename
FROM [--platform=<platform>] <image> [AS <name>]FROM [--platform=<platform>] <image>[:<tag>] [AS <name>]FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]- ARG 可以出现在FROM前
- FROM可以出现多次
ARG VERSION=latest # outside of build stage
FROM busybox:$VERSION
ARG VERSION # 要使用FROM前的ARG,需要再像此一样重新声明一次
RUN echo $VERSION > image_version
ENV #
-
ENV <key>=<value> -
使用环境变量 ${variable} 或者 $variable, ${variable}_name更通用
-
${variable:-word}, ${variable:+word}
ENV abc=hello ENV abc=bye def=$abc ENV ghi=$abcdef是hello, ghi是bye
-
在后续构建阶段都有效,可以被覆盖
-
docker run --env <key>=<value>运行时覆盖 -
会继承parent stage设置的ENV
.dockerignore #
- 排除 docker build时传给docker daemon的context
RUN #
RUN <command>RUN ["executable", "param1", "param2"], 更通用, 必须双引号, 反斜杠需转义- a new layer on the current image
CMD #
CMD ["executable","param1","param2"]更通用,CMD ["param1","param2"]as default parameters to ENTRYPOINT, 必须同时设置 ENTRYPOINT 指令CMD command param1 param2- Dockerfile只能有一个CMD,如果有多个最后一个生效
- shell form执行时 in
/bin/sh -c, json form without a shell, 需要指定executable的绝对路径 - build阶段不执行, RUN在build阶段执行
LABEL #
LABEL key=val key2=val2- 给image添加meta信息
docker image inspect --format='{{json .Config.Labels}}' myimage
EXPOSE #
EXPOSE <port>/[<port>/<protocol>]- EXPOSE并不实际开启端口,只是一个指示, 需要在
docker run -p 80:80/tcp -p 80:80/dup开启端口,或docker run -P开启host ephemeral high-ordered:EXPOSE映射的端口 - 容器间通讯不需要expose publish端口,而通过docker network设置
ADD #
ADD [--chown=<user>:<group>] [--chmod=<perms>] [--checksum=<checksum>] <src>... <dest>ADD [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]更通用- chown, chmod只对linux生效
- 文件含特殊字符需要使用golang的规则转义, e.g.
arr[0].txt转义为ADD arr[[]0].txt /mydir/ - 不能
ADD ../file - 压缩文件会解压为目录
- dest是目录时必须
/结尾,否则会重命名 - dest不存在会创建
COPY #
COPY [--chown=<user>:<group>] [--chmod=<perms>] <src>... <dest>COPY [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]更通用- ADD支持远程获取文件,COPY不支持
ENTRYPOINT #
ENTRYPOINT ["executable", "param1", "param2"]ENTRYPOINT command param1 param2- ENTRYPOINT should be defined when using the container as an executable
- CMD should be used as a way of defining default arguments for an ENTRYPOINT command or for executing an ad-hoc command in a container.
- CMD will be overridden when running the container with alternative arguments
- If CMD is defined from the base image, setting ENTRYPOINT will reset CMD to an empty value. In this scenario, CMD must be defined in the current image to have a value
-
No ENTRYPOINT ENTRYPOINT exec_entry p1_entry ENTRYPOINT [“exec_entry”, “p1_entry”] No CMD error, not allowed /bin/sh -c exec_entry p1_entry exec_entry p1_entry CMD [“exec_cmd”, “p1_cmd”] exec_cmd p1_cmd /bin/sh -c exec_entry p1_entry exec_entry p1_entry exec_cmd p1_cmd CMD exec_cmd p1_cmd /bin/sh -c exec_cmd p1_cmd /bin/sh -c exec_entry p1_entry exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd
VOLUME #
VOLUME ["/var/log/"]VOLUME /var/logVOLUME /var/log /var/db
USER #
USER <user>[:<group>]USER <UID>[:<GID>]- The specified user is used for RUN instructions and at runtime, runs the relevant ENTRYPOINT and CMD commands
WORKDIR #
WORKDIR /path/to/workdir- The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile
ARG #
ARG <name>[=<default value>]docker build --build-arg <varname>=<value>- build阶段没有传的话使用=右侧的默认值
- 在定义之前使用会是空值
- 生命周期:定义到current build stage
- ENV会覆盖ARG定义的同名变量
ONBUILD #
STOPSIGNAL #
STOPSIGNAL signal
HEALTHCHECK #
HEALTHCHECK [OPTIONS] CMD commandHEALTHCHECK NONEdisable any healthcheck inherited from the base imageHEALTHCHECK --interval=5m --timeout=3s CMD curl -f http://localhost/ || exit 1
SHELL #
SHELL ["executable", "parameters"]必须时json form- 在windows容器内切换powershell和cmd时比较方便