4.Docker Quick Start

This is the 9th day of my participation in the More text Challenge. For details, see more text Challenge

• 1.Docker Quick Start
• 2.Docker Quickstart 2
• 3.Docker Quickstart 3
• 4.Docker Quick Start

Best practices for establishing mirroring

Security scan,getting-startedThis is what you created locally; withsnykCooperate to provide vulnerability scanning services

docker scan getting-started
Copy the code

The scan uses a constantly updated vulnerability database, so when new vulnerabilities are found, you’ll see a different output, but it might look like this:

Those who qualify can go onto university. Those who qualify can go onto university. Those who qualify can go onto university. https://snyk.io/vuln/SNYK-ALPINE310-FREETYPE-1019641 Introduced through: Freetype /[email protected], gd/[email protected] Gd /[email protected] > freetype/[email protected] Fixed in: Those who qualify can qualify onto libxml2/libxml2 can qualify onto university. Those who qualify onto libxml2/libxml2 can qualify onto university. https://snyk.io/vuln/SNYK-ALPINE310-LIBXML2-674791 Introduced through: Libxml2 / [email protected], libxslt/[email protected], nginx - module - XSLT/[email protected] From: Libxml2 /[email protected] From: libxslt/[email protected] > libxml2/[email protected] From: Nginx-mod-xslt /[email protected] > libxml2/[email protected] Fixed in: 2.9.9-r4Copy the code

The output lists the type of vulnerability, the URL to know, and, importantly, which version of the relevant library fixes the vulnerability.

There are several other options that you can see in the Docker Scan document.

In addition to scanning newly created images on the command line, you can also configure Docker Hub to automatically scan all newly launched images, and then you can see the results in Both Docker Hub and Docker Desktop.

Mirror layered

Use the Docker image history command to view the layers (history) in the getting Started image created earlier in the tutorial

docker image history docker/getting-started IMAGE CREATED CREATED BY SIZE COMMENT 083d7564d904 12 days ago COPY / app/site/usr/share/nginx/HTML # build... 3.59 MB buildkit. Dockerfile. Where v0 < missing > 12 days line COPY/app. Zip/usr/share/nginx/HTML/assets/a... 1.76MB buildkit.dockerfile.v0 <missing> 4 weeks ago /bin/sh -c #(nop) CMD ["nginx" "-g" "daemon... 0B <missing> 4 weeks ago /bin/sh -c #(nop) STOPSIGNAL SIGQUIT 0B <missing> 4 weeks ago /bin/sh -c #(nop) EXPOSE 80 0B <missing> 4 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["/docker-entr... 0B <missing> 4 weeks ago /bin/sh -c #(nop) COPY file: 09a214A3e07c919a... 4.61kB < Missing > 4 Weeks ago /bin/sh -c #(nop) COPY file: 0FD5fca330DCD6a7... 1.04kB < Missing > 4 Weeks ago /bin/sh -c 4 weeks ago /bin/sh -c #(nop) COPY file:65504f71f5855ca0... 1.2KB <missing <missing> 4 weeks ago /bin/sh -c set -x && addgroup -g 101 -s... 17MB <missing> 4 weeks ago /bin/sh -c #(nop) ENV PKG_RELEASE=1 0B <missing> 4 Weeks ago /bin/sh -c #(nop) ENV NJS_VERSION=0.5.3 0B <missing> 4 Weeks ago /bin/sh -c #(noP) ENV NGINX_VERSION= 1.21.00b <missing> 2 months ago /bin/sh -c #(NOp) LABEL Maintainer =NGINX Do... 0B <missing> 2 Months ago /bin/sh -c #(nop) CMD ["/bin/sh"] 0B <missing> 2 months ago /bin/sh -c #(nop) ADD file:8ec69d882e7f29f06... 5.61 MBCopy the code

You will notice that several lines are truncated. If you add the –no-trunk flag, you get the full output

docker image history --no-trunc docker/getting-started
Copy the code

Layer the cache

Previous examples:

FROM node:12-alpine
WORKDIR /app
COPY.
RUN yarn install --production
CMD ["node"."src/index.js"]
Copy the code

Every build will be re-yarn, it takes too long, optimize

1. The first updateDockerfile

FROM node:12-alpine
WORKDIR /app
COPY package.json yarn.lock ./
RUN yarn install --production
COPY.
CMD ["node"."src/index.js"]
Copy the code

2. Create one named Dockerfile in the same folder as Dockerfile.dockerignore, which reads as follows:

node_modules
Copy the code

3. build

Docker build-t getting-started. Sending build context to docker Daemon 219.1kB Step 1/6: FROM node:12-alpine---> b0dc3a5e5e9e
Step 2/6 : WORKDIR /app
---> Using cache
---> 9577ae713121
Step 3/6 : COPY package.json yarn.lock ./
---> bd5306f49fc8
Step 4/6 : RUN yarn install --production
---> Running in d53a06c9e4c2Yarn install V1.17.3 [1/4] Resolving Packages... [2/4] Fetching packages... The info to [email protected]: The platform "Linux" is incompatible with this module. info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation. [3/4] Linking dependencies... [4/4] Building fresh packages... Done in 10.89s. Removing intermediate container D53A06C9E4C2---> 4e68fbc2d704
Step 5/6 : COPY . .
---> a239a11f68d8
Step 6/6 : CMD ["node", "src/index.js"]
---> Running in 49999f68df8f
Removing intermediate container 49999f68df8f
---> e709c03bc597
Successfully built e709c03bc597
Successfully tagged getting-started:latest
Copy the code

4. Modify thesrc/static/index.htmlTitle, then build, dependency will use cache

Docker build-t getting-started. Sending build context to docker Daemon 219.1kB Step 1/6: FROM node:12-alpine---> b0dc3a5e5e9e
Step 2/6 : WORKDIR /app
---> Using cache
---> 9577ae713121
Step 3/6 : COPY package.json yarn.lock ./
---> Using cache
---> bd5306f49fc8
Step 4/6 : RUN yarn install --production
---> Using cache
---> 4e68fbc2d704
Step 5/6 : COPY . .
---> cccde25a3d9a
Step 6/6 : CMD ["node", "src/index.js"]
---> Running in 2be75662c150
Removing intermediate container 2be75662c150
---> 458e5c6f080c
Successfully built 458e5c6f080c
Successfully tagged getting-started:latest
Copy the code

Multistage build

1. Java projects end up with.class files, so we can:

FROM maven AS build
WORKDIR /app
COPY.
RUN mvn package

FROM tomcat
COPY --from=build /app/target/file.war /usr/local/tomcat/webapps 
Copy the code

For the above two builds, the final image is just an image of the last stage of creation (which can be overridden with the –target flag).

2. React project, similar compiled code in ng:

FROM node:12 AS build
WORKDIR /app
COPY package* yarn.lock ./
RUN yarn install
COPY public ./public
COPY src ./src
RUN yarn run build

FROM nginx:alpine
COPY --from=build /app/build /usr/share/nginx/html
Copy the code

Docker run/ Docker-compose up simple to solve, such as health check, extension, circuit breaker and so on, need to give Kubernetes, Swarm similar tools to solve.