云野 Docker-镜像的优化
镜像的优化,可以参考以下的这些思路和方法
• 选择最精简的基础镜像
• 减少镜像的层数
• 清理镜像构建的中间产物
• 注意优化网络请求
• 尽量去用构建缓存
• 使用多阶段构建镜
实例分析
1. 先用Dockerfile的方式构建完整的镜像
[root@vm2 demo]# vim Dockerfile
FROM centos:7
ADD nginx-1.21.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.21.6
RUN yum install -y gcc
RUN yum install -y make
RUN yum install -y pcre-devel
RUN yum install -y openssl-devel
RUN ./configure --with-http_stub_status_module --with-http_ssl_module
RUN make
RUN make install
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
1.2 构建镜像
[root@vm2 demo]# docker build -t nginx:v1 .
Sending build context to Docker daemon 1.077MB
Step 1/12 : FROM centos:7
---> eeb6ee3f44bd
Step 2/12 : ADD nginx-1.21.6.tar.gz /mnt
---> Using cache
---> c2400bf7d847
Step 3/12 : WORKDIR /mnt/nginx-1.21.6
---> Using cache
---> 77fd90fc9682
......
1.3 查看原始镜像的大小
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v1 76f4a58cb1cd 24 seconds ago 1GB
1.4 试运行nginx看镜像是否构建成功
[root@vm2 demo]# docker run -d --name demo nginx:v1
8015488c833e32393afa80d99442c795495ca9b3c9ced4a09af9a03b4d527151
[root@vm2 demo]# docker inspect demo
......
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Adress": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
......
[root@vm2 demo]# curl 172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
2. 开始优化镜像
2.1 减少镜像层数
2.1.1 编辑Dockerfle文件
[root@vm2 demo]# cat Dockerfile
FROM centos:7
ADD nginx-1.21.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.21.6
RUN yum install -y gcc make pcre-devel openssl-devel
RUN ./configure --with-http_stub_status_module --with-http_ssl_module
RUN make && make install
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
2.1.2 构建镜像
[root@vm2 demo]# docker build -t nginx:v2 .
Sending build context to Docker daemon 1.077MB
Step 1/8 : FROM centos:7
---> eeb6ee3f44bd
Step 2/8 : ADD nginx-1.21.6.tar.gz /mnt
---> Using cache
---> c2400bf7d847
Step 3/8 : WORKDIR /mnt/nginx-1.21.6
---> Using cache
---> 77fd90fc9682
Step 4/8 : RUN yum install -y gcc make pcre-devel openssl-devel
---> Running in 56bc0dc1e0e0
......
2.1.3 查看优化后镜像大小,从1G优化到了489MB
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v2 88b6db3d846c 2 minutes ago 489MB
nginx v1 76f4a58cb1cd 30 minutes ago 1GB
2.2 清理镜像构建的中间产物
2.2.1 编辑Dockerfile文件
[root@vm2 demo]# vim Dockerfile
[root@vm2 demo]# cat Dockerfile
FROM centos:7
ADD nginx-1.21.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.21.6
RUN yum install -y gcc make pcre-devel openssl-devel && yum clean all
RUN ./configure --with-http_stub_status_module --with-http_ssl_module && make && make install && rm -rf nginx-1.21.6
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx","-g","daemon off;"]
2.2.2 构建镜像
[root@vm2 demo]# docker build -t nginx:v3 .
Sending build context to Docker daemon 1.077MB
Step 1/7 : FROM centos:7
---> eeb6ee3f44bd
Step 2/7 : ADD nginx-1.21.6.tar.gz /mnt
---> Using cache
---> c2400bf7d847
Step 3/7 : WORKDIR /mnt/nginx-1.21.6
---> Using cache
---> 77fd90fc9682
.......
2.2.3 查看优化后镜像大小,从优化489MB到了343MB
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v3 5f3ea7feb686 31 seconds ago 343MB
nginx v2 88b6db3d846c 14 minutes ago 489MB
nginx v1 76f4a58cb1cd 41 minutes ago 1GB
2.3 使用多阶段构建镜像
2.3.1 编辑Dockerfile文件
[root@vm2 demo]# cat Dockerfile
FROM centos:7 as build
ADD nginx-1.21.6.tar.gz /mnt
WORKDIR /mnt/nginx-1.21.6
RUN yum install -y gcc pcre-devel openssl-devel make && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --with-http_stub_status_module --with-http_ssl_module && make && make install && rm -fr /mnt/nginx-1.21.6 && yum remove -y gcc make && yum clean all
FROM ubuntu
COPY --from=build /usr/local/nginx /usr/local/nginx
EXPOSE 80
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
2.3.2 构建镜像
[root@vm2 demo]# docker build -t nginx:v4 .
Sending build context to Docker daemon 1.077MB
Step 1/8 : FROM centos:7 as build
---> eeb6ee3f44bd
Step 2/8 : ADD nginx-1.21.6.tar.gz /mnt
---> Using cache
---> c2400bf7d847
Step 3/8 : WORKDIR /mnt/nginx-1.21.6
---> Using cache
---> 77fd90fc9682
......
2.2.3 查看优化后镜像大小,从优化343MB到了73.8MB
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 bebb7b749f15 42 seconds ago 73.8MB
nginx v3 5f3ea7feb686 56 minutes ago 343MB
nginx v2 88b6db3d846c About an hour ago 489MB
nginx v1 76f4a58cb1cd 2 hours ago 1GB
2.4 选择最精简的基础镜像
[root@vm2 docker]# docker load -i base-debian11.tar
5b1fa8e3e100: Loading layer 3.697MB/3.697MB
0b3d0512394d: Loading layer 18.28MB/18.28MB
Loaded image: gcr.io/distroless/base-debian11:latest
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v4 bebb7b749f15 9 minutes ago 73.8MB
nginx v3 5f3ea7feb686 About an hour ago 343MB
nginx v2 88b6db3d846c About an hour ago 489MB
nginx v1 76f4a58cb1cd 2 hours ago 1GB
gcr.io/distroless/base-debian11 latest 24787c1cd2e4 52 years ago 20.3MB
2.4.1 编辑Dockerfile文件
[root@vm2 demo]# cat Dockerfile
FROM nginx as base
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
ARG Asia/Shanghai
RUN mkdir -p /opt/var/cache/nginx &&
cp -a --parents /usr/lib/nginx /opt &&
cp -a --parents /usr/share/nginx /opt &&
cp -a --parents /var/log/nginx /opt &&
cp -aL --parents /var/run /opt &&
cp -a --parents /etc/nginx /opt &&
cp -a --parents /etc/passwd /opt &&
cp -a --parents /etc/group /opt &&
cp -a --parents /usr/sbin/nginx /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libpcre.so.* /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libz.so.* /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libc.so.* /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libdl.so.* /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libpthread.so.* /opt &&
cp -a --parents /lib/x86_64-linux-gnu/libcrypt.so.* /opt &&
cp -a --parents /usr/lib/x86_64-linux-gnu/libssl.so.* /opt &&
cp -a --parents /usr/lib/x86_64-linux-gnu/libcrypto.so.* /opt &&
cp /usr/share/zoneinfo/${TIME_ZONE:-ROC} /opt/etc/localtime
FROM gcr.io/distroless/base-debian11
COPY --from=base /opt /
EXPOSE 80 443
ENTRYPOINT ["nginx", "-g", "daemon off;"]
2.4.2 构建镜像
[root@vm2 demo]# docker build -t nginx:v5 .
Sending build context to Docker daemon 1.078MB
Step 1/7 : FROM nginx as base
---> 605c77e624dd
Step 2/7 : ARG Asia/Shanghai
---> Running in cfe1693ba0b5
Removing intermediate container cfe1693ba0b5
---> 85e91536c15f
Step 3/7 : RUN mkdir -p /opt/var/cache/nginx && cp -a --parents /usr/lib/nginx /opt
.......
2.4.3 查看优化后镜像大小,只有29.8MB
[root@vm2 demo]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx v5 343b2be8341c 36 seconds ago 29.8MB
nginx v4 bebb7b749f15 13 minutes ago 73.8MB
nginx v3 5f3ea7feb686 About an hour ago 343MB
nginx v2 88b6db3d846c About an hour ago 489MB
nginx v1 76f4a58cb1cd 2 hours ago 1GB
可以看到这个最后构建出来的最精简的基础镜像,大小只有29.8MB。但是镜像小,也就意味着我们的操作空间会变大,可以根据自己的需求来添加所需要的功能,这样就大大减少了镜像所占有的系统资源,做到了优化镜像的目的。
