版权声明:转载请著明出处 https://blog.csdn.net/weixin_40543283/article/details/88674274
网上有很多的docker镜像,但是有的时候我们需要定制自己想要的功能的镜像,那么我们如何做呢?
这是构建一个镜像的流程(dockfile)
环境:
docker1:rhel7.0(已经安装好了docker)
一、定制镜像,创建一个安装httpd服务的docker
1.创建docker目录
[root@docker1 ~]# mkdir /opt/docker
2.导入镜像
[root@docker1 images]# docker load -i rhel7.tar
e1f5733f050b: Loading layer 147.1MB/147.1MB
3.编写Dockerfile
[root@docker1 images]# cd /opt/docker/
[root@docker1 docker]# vim Dockerfile
FROM rhel7 ##源镜像是rhel7,最好将名为rhel7的镜像放在本地
ENV HOSTNAME docker1 ##定义hostname为server1
MAINTAINER [email protected] ##定义邮箱
EXPOSE 80 ##定义端口
COPY yum.repo /etc/yum.repos.d/yum.repo ##配置yum源
RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all ##执行命令安装httpd并清除yum缓存,rpmdb 命令用于初始化和重建rpm数据库,rebuilddb:从已安装的包头文件,反向重建RPM数据库
VOLUME ["/var/www/html"] ##数据卷所在的位置
CMD ["/usr/sbin/httpd","-D","FOREGROUND" ##打开apach服务,-D 是全局文件/etc/sysconfig/httpd中的打开参数
4.编写yum.repo
root@docker1 docker]# vim yum.repo
[rhel7.3]
name=rhel7.3
baseurl=http://172.25.1.254/rhel7.3 ##这里是网络yum源
gpgcheck=0
5.开始封装
[root@docker1 docker]# docker build -t rhel7:v1 .
[root@docker1 docker]# docker images rhel7
二、创建私有仓库
1.导入registry仓库
[root@docker1 images]# docker load -i registry.tar
[root@docker1 images]# docker load -i nginx.tar ##如果之前导入过就可以不用做了
2.运行registry仓库
[root@docker1 images]# docker run -d -p 5000:5000 -v /opt/registry:/var/lib/registry registry:2.3.1 ##在5000端口运行registry
[root@docker1 images]# cd /opt/registry/
[root@docker1 registry]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d23c8ce7c993 registry:2.3.1 "/bin/registry /etc/…" 4 minutes ago Up 4 minutes 0.0.0.0:5000->5000/tcp zen_austin
3.添加本地解析
[root@docker1 registry]# vim /etc/hosts
172.25.1.254 westos.org
4.重命名并上传本地镜像到仓库
[root@docker1 registry]# docker tag nginx localhost:5000/nginx ##重命名
[root@docker1 registry]# docker push localhost:5000/nginx
5.制作证书
首先拉取镜像
[root@docker1 registry]# docker pull localhost:5000/nginx
[root@docker1 registry]# docker tag localhost:5000/nginx nginx
删除之前定制镜像的文件,新建证书文件夹
[root@docker1 registry]# ls
docker
[root@docker1 registry]# rm -fr docker
[root@docker1 registry]# cd /opt/docker/
[root@docker1 docker]# mkdir certs
制作证书
[root@docker1 docker]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Generating a 4096 bit RSA private key
.......++
............................................................................................................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:westos.org
Email Address []:[email protected]
[root@docker1 docker]# ls
certs Dockerfile yum.repo
[root@docker1 docker]# cd certs/
[root@docker1 certs]# ls
domain.crt domain.key
启动注册表,指示它使用TLS证书,这个命令将/certs目录绑定到容器中/certs/,并设置环境变量来告诉容器去哪里找 到/certs/domain.crt 和/certs/domain.key下找 注册表在端口443(默认的HTTPS端口)上运行
[root@docker1 certs]# cd ..
[root@docker1 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2.3.1
删除5000端口
[root@docker1 docker]# docker rm -f d23c8ce7c993
[root@docker1 docker]# netstat -antlp |grep :443
tcp6 0 0 :::443 :::* LISTEN 5171/docker-proxy
复制证书
[root@docker1 docker]# pwd
/etc/docker
[root@docker1 docker]# mkdir certs.d/westos.org/
[root@docker1 docker]# cd certs.d/westos.org/
[root@docker1 westos.org]# cp /opt/docker/certs/domain.crt ./ca.crt
[root@docker1 westos.org]# ls
ca.crt
ok