1 基础镜像说明
1.1Alpine
Alpine 操作系统是一个面向安全的轻型 Linux 发行版,Alpine 采用了 musl libc 和 busybox 以减小系统的体积和运行时资源消,如果需要使用gnu libc ,不推荐使用Alpine作为基础镜像。
Alpine 官方镜像来自 docker-alpine 项目
https://hub.docker.com/_/alpine
alpine-glibc
docker pull frolvlad/alpine-glibc
https://github.com/Docker-Hub-frolvlad/docker-alpine-glibc
https://github.com/Docker-Hub-frolvlad/docker-alpine-bash
1.1.1 拉取DockerHub Alpine镜像
docker pull alpine:3.14
[root@rmaster01 ~]# docker pull alpine:3.143.14: Pulling from library/alpineDigest: sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0Status: Downloaded newer image for alpine:3.14docker.io/library/alpine:3.14[root@rmaster01 ~]#
1.1.2 定制Alpine容器镜像
https://github.com/moby/moby/blob/master/contrib/mkimage-alpine.sh
#!/bin/shset -e[ $(id -u) -eq 0 ] || {printf >&2 '%s requires root\n' "$0"exit 1}usage() {printf >&2 '%s: [-r release] [-m mirror] [-s] [-c additional repository] [-a arch]\n' "$0"exit 1}tmp() {TMP=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-XXXXXXXXXX)ROOTFS=$(mktemp -d ${TMPDIR:-/var/tmp}/alpine-docker-rootfs-XXXXXXXXXX)trap "rm -rf $TMP $ROOTFS" EXIT TERM INT}apkv() {curl -sSL $MAINREPO/$ARCH/APKINDEX.tar.gz | tar -Oxz \| grep --text '^P:apk-tools-static$' -A1 | tail -n1 | cut -d: -f2}getapk() {curl -sSL $MAINREPO/$ARCH/apk-tools-static-$(apkv).apk \| tar -xz -C $TMP sbin/apk.static}mkbase() {$TMP/sbin/apk.static --repository $MAINREPO --no-cache --allow-untrusted \--root $ROOTFS --initdb add alpine-base}conf() {printf '%s\n' $MAINREPO > $ROOTFS/etc/apk/repositoriesprintf '%s\n' $ADDITIONALREPO >> $ROOTFS/etc/apk/repositories}pack() {local idid=$(tar --numeric-owner -C $ROOTFS -c . | docker import - alpine:$REL)docker tag $id alpine:latestdocker run --rm alpine printf 'alpine:%s with id=%s created!\n' $REL $id}save() {[ $SAVE -eq 1 ] || return 0tar --numeric-owner -C $ROOTFS -c . | xz > rootfs.tar.xz}while getopts "hr:m:sc:a:" opt; docase $opt inr)REL=$OPTARG;;m)MIRROR=$OPTARG;;s)SAVE=1;;c)ADDITIONALREPO=$OPTARG;;a)ARCH=$OPTARG;;*)usage;;esacdoneREL=${REL:-edge}MIRROR=${MIRROR:-http://nl.alpinelinux.org/alpine}SAVE=${SAVE:-0}MAINREPO=$MIRROR/$REL/mainADDITIONALREPO=$MIRROR/$REL/${ADDITIONALREPO:-community}ARCH=${ARCH:-$(uname -m)}tmpgetapkmkbaseconfpacksave
[root@master image]# ./mkimage-alpine.sh alpine
tar: Ignoring unknown extended header keyword `APK-TOOLS.checksum.SHA1'
tar: Ignoring unknown extended header keyword `APK-TOOLS.checksum.SHA1'
fetch http://nl.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
(1/20) Installing musl (1.2.2-r2)
(2/20) Installing busybox (1.33.1-r1)
Executing busybox-1.33.1-r1.post-install
(3/20) Installing alpine-baselayout (3.2.0-r12)
Executing alpine-baselayout-3.2.0-r12.pre-install
Executing alpine-baselayout-3.2.0-r12.post-install
(4/20) Installing ifupdown-ng (0.11.2-r0)
(5/20) Installing openrc (0.43.3-r0)
Executing openrc-0.43.3-r0.post-install
(6/20) Installing alpine-conf (3.11.0-r2)
(7/20) Installing libcrypto1.1 (1.1.1k-r0)
(8/20) Installing libssl1.1 (1.1.1k-r0)
(9/20) Installing ca-certificates-bundle (20191127-r5)
(10/20) Installing libretls (3.3.2-r0)
(11/20) Installing ssl_client (1.33.1-r1)
(12/20) Installing zlib (1.2.11-r3)
(13/20) Installing apk-tools (2.12.5-r0)
(14/20) Installing busybox-suid (1.33.1-r1)
(15/20) Installing busybox-initscripts (3.2-r2)
Executing busybox-initscripts-3.2-r2.post-install
(16/20) Installing scanelf (1.2.9-r0)
(17/20) Installing musl-utils (1.2.2-r2)
(18/20) Installing libc-utils (0.7.2-r3)
(19/20) Installing alpine-keys (2.2-r0)
(20/20) Installing alpine-base (3.14.0_alpha20210212-r0)
Executing busybox-1.33.1-r1.trigger
OK: 9 MiB in 20 packages
alpine:edge with id=sha256:e80c06b9ef5ff10062ffb8cc0dfcc653cd2c3a0cc221e44f1d0b206a39522b12 created!
[root@master image]#
[root@master image]# docker image ls |grep alpine
alpine edge e80c06b9ef5f 49 seconds ago 7.85MB
alpine latest e80c06b9ef5f 49 seconds ago 7.85MB
[root@master image]#
添加软件 二次构建
- curl
- net-tools:ifconfig、netstat、route 等命令
- iproute2:ip link、ip route、ss 等命令
- iptables
- iputils
- tcpdump
- busybox-extras:包含 telnet 命令
- iperf3
FROM alpine:3.14 RUN apk add --no-cache \ bash \ coreutils \ curl \ iproute2 \ iptables \ iputils \ net-tools \ tcpdump \ busybox-extras \ tzdata \ && rm -f /etc/localtime \ && ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && echo "Asia/Shanghai" > /etc/timezone \ && [ ! -e /etc/nsswitch.conf ] \ && echo "hosts: files dns" > /etc/nsswitch.conf
alpine-glibc_v3.15
[root@ur-test-docker alpine-glibc_v3.15]# ls -l
total 4
-rw-r--r-- 1 root root 2406 Mar 4 10:52 Dockerfile
[root@ur-test-docker alpine-glibc_v3.15]# cat Dockerfile
FROM alpine:3.15
ENV LANG=C.UTF-8
RUN echo -e 'https://mirrors.aliyun.com/alpine/v3.15/main/\nhttps://mirrors.aliyun.com/alpine/v3.15/community/' > /etc/apk/repositories \
&& apk update \
&& apk upgrade \
&& apk --no-cache add ttf-dejavu fontconfig && rm -rf /var/cache/apk/*
# Here we install GNU libc (aka glibc) and set C.UTF-8 locale as default.
RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \
ALPINE_GLIBC_PACKAGE_VERSION="2.34-r0" && \
ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \
echo \
"-----BEGIN PUBLIC KEY-----\
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m\
y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu\
tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp\
m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY\
KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc\
Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m\
1QIDAQAB\
-----END PUBLIC KEY-----" | sed 's/ */\n/g' > "/etc/apk/keys/sgerrand.rsa.pub" && \
wget \
"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
apk add --no-cache \
"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
\
rm "/etc/apk/keys/sgerrand.rsa.pub" && \
/usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \
echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \
\
apk del glibc-i18n && \
\
rm "/root/.wget-hsts" && \
apk del .build-dependencies && \
rm \
"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME"
[root@ur-test-docker alpine-glibc_v3.15]#
1.2Centos
如果项目需要使用gnu libc库时,请选择Cento作为基础镜像镜像打包
Docker Hub官方项目
https://hub.docker.com/_/centos
1.2.1拉取DockerHub Centos镜像
docker pull centos:7.9.2009
1.2.2 定制Centos容器镜像
https://github.com/moby/moby/blob/master/contrib/mkimage-yum.sh
#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.
set -e
usage() {
cat << EOOPTS
$(basename $0) [OPTIONS] <name>
OPTIONS:
-p "<packages>" The list of packages to install in the container.
The default is blank. Can use multiple times.
-g "<groups>" The groups of packages to install in the container.
The default is "Core". Can use multiple times.
-y <yumconf> The path to the yum config to install packages from. The
default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
-t <tag> Specify Tag information.
default is reffered at /etc/{redhat,system}-release
EOOPTS
exit 1
}
# option defaults
yum_config=/etc/yum.conf
if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
yum_config=/etc/dnf/dnf.conf
alias yum=dnf
fi
# for names with spaces, use double quotes (") as install_groups=('Core' '"Compute Node"')
install_groups=()
install_packages=()
version=
while getopts ":y:p:g:t:h" opt; do
case $opt in
y)
yum_config=$OPTARG
;;
h)
usage
;;
p)
install_packages+=("$OPTARG")
;;
g)
install_groups+=("$OPTARG")
;;
t)
version="$OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG"
usage
;;
esac
done
shift $((OPTIND - 1))
name=$1
if [[ -z $name ]]; then
usage
fi
# default to Core group if not specified otherwise
if [ ${#install_groups[*]} -eq 0 ]; then
install_groups=('Core')
fi
target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
set -x
mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5
# amazon linux yum will fail without vars set
if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 "$target"/etc/yum
cp -a /etc/yum/vars "$target"/etc/yum/
fi
if [[ -n "$install_groups" ]]; then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y groupinstall "${install_groups[@]}"
fi
if [[ -n "$install_packages" ]]; then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y install "${install_packages[@]}"
fi
yum -c "$yum_config" --installroot="$target" -y clean all
cat > "$target"/etc/sysconfig/network << EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target".
# locales
rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs and man pages
rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
# cracklib
rm -rf "$target"/usr/share/cracklib
# i18n
rm -rf "$target"/usr/share/i18n
# yum cache
rm -rf "$target"/var/cache/yum
mkdir -p --mode=0755 "$target"/var/cache/yum
# sln
rm -rf "$target"/sbin/sln
# ldconfig
rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
mkdir -p --mode=0755 "$target"/var/cache/ldconfig
if [ -z "$version" ]; then
for file in "$target"/etc/{redhat,system}-release; do
if [ -r "$file" ]; then
version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
break
fi
done
fi
if [ -z "$version" ]; then
echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
version=$name
fi
tar --numeric-owner -c -C "$target" . | docker import - $name:$version
docker run -i -t --rm $name:$version /bin/bash -c 'echo success'
rm -rf "$target"
宿主机添加yum源
[root@master ~]# ll /etc/yum.repos.d/
total 12
-rw-r--r--. 1 root root 2523 May 6 00:07 CentOS-Base.repo
-rw-r--r-- 1 root root 1946 Jun 16 2020 elrepo.repo
-rw-r--r--. 1 root root 664 Jan 11 2020 epel.repo
制作Centos镜像
[BEGIN] 2021-05-06 23:25:13
[root@master image]# ./mkimage-yum.sh -y /etc/yum.conf centos7
+ mkdir -m 755 /tmp/mkimage-yum.sh.u7pzDD/dev
+ mknod -m 600 /tmp/mkimage-yum.sh.u7pzDD/dev/console c 5 1
+ mknod -m 600 /tmp/mkimage-yum.sh.u7pzDD/dev/initctl p
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/full c 1 7
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/null c 1 3
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/ptmx c 5 2
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/random c 1 8
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/tty c 5 0
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/tty0 c 4 0
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/urandom c 1 9
+ mknod -m 666 /tmp/mkimage-yum.sh.u7pzDD/dev/zero c 1 5
+ '[' -d /etc/yum/vars ']'
+ mkdir -p -m 755 /tmp/mkimage-yum.sh.u7pzDD/etc/yum
+ cp -a /etc/yum/vars /tmp/mkimage-yum.sh.u7pzDD/etc/yum/
+ [[ -n Core ]]
+ yum -c /etc/yum.conf --installroot=/tmp/mkimage-yum.sh.u7pzDD --releasever=/ --setopt=tsflags=nodocs --setopt=group_package_types=mandatory -y groupinstall Core
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
base/7/x86_64/primary_db FAILED
http://mirrors.aliyuncs.com/centos/7/os/x86_64/repodata/6d0c3a488c282fe537794b5946b01e28c7f44db79097bb06826e1c0c88bad5ef-primary.sqlite.bz2: [Errno 14] curl#6 - "Could not resolve host: mirrors.aliyuncs.com; Unknown error"
Trying other mirror.
base/7/x86_64/primary_db FAILED
http://mirrors.cloud.aliyuncs.com/centos/7/os/x86_64/repodata/6d0c3a488c282fe537794b5946b01e28c7f44db79097bb06826e1c0c88bad5ef-primary.sqlite.bz2: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"
Trying other mirror.
(1/4): extras/7/x86_64/primary_db | 236 kB 00:00:00
(2/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/4): updates/7/x86_64/primary_db | 8.0 MB 00:00:01
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:00:01
Resolving Dependencies
--> Running transaction check
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing for group install "Core":
audit x86_64 2.8.5-4.el7 base 256 k
basesystem noarch 10.0-7.el7.centos base 5.0 k
bash x86_64 4.2.46-34.el7 base 1.0 M
btrfs-progs x86_64 4.9.1-1.el7 base 678 k
coreutils x86_64 8.22-24.el7_9.2 updates 3.3 M
cronie x86_64 1.4.11-23.el7 base 92 k
curl x86_64 7.29.0-59.el7_9.1 updates 271 k
dhclient x86_64 12:4.2.5-82.el7.centos base 286 k
e2fsprogs x86_64 1.42.9-19.el7 base 701 k
filesystem x86_64 3.2-25.el7 base 1.0 M
firewalld noarch 0.6.3-13.el7_9 updates 449 k
glibc x86_64 2.17-324.el7_9 updates 3.6 M
hostname x86_64 3.13-3.el7_7.1 base 17 k
initscripts x86_64 9.49.53-1.el7_9.1 updates 440 k
iproute x86_64 4.11.0-30.el7 base 805 k
iprutils x86_64 2.4.17.1-3.el7_7 updates 243 k
iptables x86_64 1.4.21-35.el7 base 432 k
iputils x86_64 20160308-10.el7 base 148 k
irqbalance x86_64 3:1.0.7-12.el7 base 45 k
kbd x86_64 1.15.5-15.el7 base 348 k
kexec-tools x86_64 2.0.15-51.el7_9.2 updates 351 k
less x86_64 458-9.el7 base 120 k
man-db x86_64 2.6.3-11.el7 base 832 k
ncurses x86_64 5.9-14.20130511.el7_4 base 304 k
openssh-clients x86_64 7.4p1-21.el7 base 655 k
openssh-server x86_64 7.4p1-21.el7 base 459 k
parted x86_64 3.1-32.el7 base 609 k
passwd x86_64 0.79-6.el7 base 106 k
plymouth x86_64 0.8.9-0.34.20140113.el7.centos base 116 k
policycoreutils x86_64 2.5-34.el7 base 917 k
procps-ng x86_64 3.3.10-28.el7 base 291 k
rootfiles noarch 8.1-11.el7 base 7.3 k
rpm x86_64 4.11.3-45.el7 base 1.2 M
rsyslog x86_64 8.24.0-57.el7_9 updates 621 k
selinux-policy-targeted noarch 3.13.1-268.el7_9.2 updates 7.0 M
setup noarch 2.8.71-11.el7 base 166 k
shadow-utils x86_64 2:4.6-5.el7 base 1.2 M
sudo x86_64 1.8.23-10.el7_9.1 updates 843 k
systemd x86_64 219-78.el7_9.3 updates 5.1 M
tar x86_64 2:1.26-35.el7 base 846 k
tuned noarch 2.11.0-11.el7_9 updates 269 k
util-linux x86_64 2.23.2-65.el7_9.1 updates 2.0 M
vim-minimal x86_64 2:7.4.629-8.el7_9 updates 443 k
xfsprogs x86_64 4.5.0-22.el7 base 897 k
yum noarch 3.4.3-168.el7.centos base 1.2 M
Installing for dependencies:
acl x86_64 2.2.51-15.el7 base 81 k
audit-libs x86_64 2.8.5-4.el7 base 102 k
bc x86_64 1.06.95-13.el7 base 115 k
bind-export-libs x86_64 32:9.11.4-26.P2.el7_9.5 updates 1.1 M
binutils x86_64 2.27-44.base.el7 base 5.9 M
bzip2-libs x86_64 1.0.6-13.el7 base 40 k
ca-certificates noarch 2020.2.41-70.0.el7_8 base 382 k
centos-logos noarch 70.0.6-3.el7.centos base 21 M
centos-release x86_64 7-9.2009.1.el7.centos updates 27 k
chkconfig x86_64 1.7.6-1.el7 base 182 k
cpio x86_64 2.11-28.el7 base 211 k
cracklib x86_64 2.9.0-11.el7 base 80 k
cracklib-dicts x86_64 2.9.0-11.el7 base 3.6 M
cronie-anacron x86_64 1.4.11-23.el7 base 36 k
crontabs noarch 1.11-6.20121102git.el7 base 13 k
cryptsetup-libs x86_64 2.0.3-6.el7 base 339 k
cyrus-sasl-lib x86_64 2.1.26-23.el7 base 155 k
dbus x86_64 1:1.10.24-15.el7 base 245 k
dbus-glib x86_64 0.100-7.el7 base 102 k
dbus-libs x86_64 1:1.10.24-15.el7 base 169 k
dbus-python x86_64 1.1.1-9.el7 base 206 k
device-mapper x86_64 7:1.02.170-6.el7_9.5 updates 297 k
device-mapper-libs x86_64 7:1.02.170-6.el7_9.5 updates 325 k
dhcp-common x86_64 12:4.2.5-82.el7.centos base 176 k
dhcp-libs x86_64 12:4.2.5-82.el7.centos base 133 k
diffutils x86_64 3.3-5.el7 base 322 k
dmidecode x86_64 1:3.2-5.el7_9.1 updates 82 k
dracut x86_64 033-572.el7 base 329 k
dracut-network x86_64 033-572.el7 base 103 k
e2fsprogs-libs x86_64 1.42.9-19.el7 base 168 k
ebtables x86_64 2.0.10-16.el7 base 123 k
elfutils-default-yama-scope noarch 0.176-5.el7 base 33 k
elfutils-libelf x86_64 0.176-5.el7 base 195 k
elfutils-libs x86_64 0.176-5.el7 base 291 k
ethtool x86_64 2:4.8-10.el7 base 127 k
expat x86_64 2.1.0-12.el7 base 81 k
file-libs x86_64 5.11-37.el7 base 340 k
findutils x86_64 1:4.5.11-6.el7 base 559 k
fipscheck x86_64 1.4.1-6.el7 base 21 k
fipscheck-lib x86_64 1.4.1-6.el7 base 11 k
firewalld-filesystem noarch 0.6.3-13.el7_9 updates 51 k
gawk x86_64 4.0.2-4.el7_3.1 base 874 k
gdbm x86_64 1.10-8.el7 base 70 k
glib2 x86_64 2.56.1-8.el7 updates 2.5 M
glibc-common x86_64 2.17-324.el7_9 updates 12 M
gmp x86_64 1:6.0.0-15.el7 base 281 k
gnupg2 x86_64 2.0.22-5.el7_5 base 1.5 M
gobject-introspection x86_64 1.56.1-1.el7 base 241 k
gpgme x86_64 1.3.2-5.el7 base 146 k
grep x86_64 2.20-3.el7 base 344 k
groff-base x86_64 1.22.2-8.el7 base 942 k
gzip x86_64 1.5-10.el7 base 130 k
hardlink x86_64 1:1.0-19.el7 base 14 k
hwdata x86_64 0.252-9.7.el7 base 2.5 M
info x86_64 5.1-5.el7 base 233 k
ipset x86_64 7.1-1.el7 base 39 k
ipset-libs x86_64 7.1-1.el7 base 64 k
json-c x86_64 0.11-4.el7_0 base 31 k
kbd-legacy noarch 1.15.5-15.el7 base 466 k
kbd-misc noarch 1.15.5-15.el7 base 1.4 M
keyutils-libs x86_64 1.5.8-3.el7 base 25 k
kmod x86_64 20-28.el7 base 123 k
kmod-libs x86_64 20-28.el7 base 51 k
kpartx x86_64 0.4.9-134.el7_9 updates 81 k
krb5-libs x86_64 1.15.1-50.el7 base 809 k
libacl x86_64 2.2.51-15.el7 base 27 k
libassuan x86_64 2.1.0-3.el7 base 63 k
libattr x86_64 2.4.46-13.el7 base 18 k
libblkid x86_64 2.23.2-65.el7_9.1 updates 183 k
libcap x86_64 2.22-11.el7 base 47 k
libcap-ng x86_64 0.7.5-4.el7 base 25 k
libcom_err x86_64 1.42.9-19.el7 base 42 k
libcurl x86_64 7.29.0-59.el7_9.1 updates 223 k
libdb x86_64 5.3.21-25.el7 base 720 k
libdb-utils x86_64 5.3.21-25.el7 base 132 k
libdrm x86_64 2.4.97-2.el7 base 151 k
libedit x86_64 3.0-12.20121213cvs.el7 base 92 k
libestr x86_64 0.1.9-2.el7 base 20 k
libfastjson x86_64 0.99.4-3.el7 base 27 k
libffi x86_64 3.0.13-19.el7 base 30 k
libgcc x86_64 4.8.5-44.el7 base 103 k
libgcrypt x86_64 1.5.3-14.el7 base 263 k
libgpg-error x86_64 1.12-3.el7 base 87 k
libidn x86_64 1.28-4.el7 base 209 k
libmnl x86_64 1.0.3-7.el7 base 23 k
libmount x86_64 2.23.2-65.el7_9.1 updates 185 k
libnetfilter_conntrack x86_64 1.0.6-1.el7_3 base 55 k
libnfnetlink x86_64 1.0.1-4.el7 base 26 k
libpciaccess x86_64 0.14-1.el7 base 26 k
libpipeline x86_64 1.2.3-3.el7 base 53 k
libpwquality x86_64 1.2.3-5.el7 base 85 k
libselinux x86_64 2.5-15.el7 base 162 k
libselinux-python x86_64 2.5-15.el7 base 236 k
libselinux-utils x86_64 2.5-15.el7 base 151 k
libsemanage x86_64 2.5-14.el7 base 151 k
libsepol x86_64 2.5-10.el7 base 297 k
libsmartcols x86_64 2.23.2-65.el7_9.1 updates 143 k
libss x86_64 1.42.9-19.el7 base 47 k
libssh2 x86_64 1.8.0-4.el7 base 88 k
libstdc++ x86_64 4.8.5-44.el7 base 306 k
libtasn1 x86_64 4.10-1.el7 base 320 k
libuser x86_64 0.60-9.el7 base 400 k
libutempter x86_64 1.1.6-4.el7 base 25 k
libuuid x86_64 2.23.2-65.el7_9.1 updates 84 k
libverto x86_64 0.2.5-4.el7 base 16 k
libxml2 x86_64 2.9.1-6.el7.5 base 668 k
logrotate x86_64 3.8.6-19.el7 base 70 k
lsscsi x86_64 0.27-6.el7 base 47 k
lua x86_64 5.1.4-15.el7 base 201 k
lz4 x86_64 1.8.3-1.el7 base 85 k
lzo x86_64 2.06-8.el7 base 59 k
mozjs17 x86_64 17.0.0-20.el7 base 1.4 M
ncurses-base noarch 5.9-14.20130511.el7_4 base 68 k
ncurses-libs x86_64 5.9-14.20130511.el7_4 base 316 k
nspr x86_64 4.25.0-2.el7_9 updates 127 k
nss x86_64 3.53.1-7.el7_9 updates 869 k
nss-pem x86_64 1.0.3-7.el7 base 74 k
nss-softokn x86_64 3.53.1-6.el7_9 updates 354 k
nss-softokn-freebl x86_64 3.53.1-6.el7_9 updates 322 k
nss-sysinit x86_64 3.53.1-7.el7_9 updates 66 k
nss-tools x86_64 3.53.1-7.el7_9 updates 535 k
nss-util x86_64 3.53.1-1.el7_9 updates 79 k
numactl-libs x86_64 2.0.12-5.el7 base 30 k
openldap x86_64 2.4.44-23.el7_9 updates 356 k
openssh x86_64 7.4p1-21.el7 base 510 k
openssl-libs x86_64 1:1.0.2k-21.el7_9 updates 1.2 M
p11-kit x86_64 0.23.5-3.el7 base 252 k
p11-kit-trust x86_64 0.23.5-3.el7 base 129 k
pam x86_64 1.1.8-23.el7 base 721 k
pcre x86_64 8.32-17.el7 base 422 k
pinentry x86_64 0.8.1-17.el7 base 73 k
pkgconfig x86_64 1:0.27.1-4.el7 base 54 k
plymouth-core-libs x86_64 0.8.9-0.34.20140113.el7.centos base 108 k
plymouth-scripts x86_64 0.8.9-0.34.20140113.el7.centos base 39 k
polkit x86_64 0.112-26.el7 base 170 k
polkit-pkla-compat x86_64 0.1-4.el7 base 39 k
popt x86_64 1.13-16.el7 base 42 k
pth x86_64 2.0.7-23.el7 base 89 k
pygpgme x86_64 0.3-9.el7 base 63 k
pyliblzma x86_64 0.5.3-11.el7 base 47 k
python x86_64 2.7.5-90.el7 updates 96 k
python-configobj noarch 4.7.2-7.el7 base 117 k
python-decorator noarch 3.4.0-3.el7 base 27 k
python-firewall noarch 0.6.3-13.el7_9 updates 355 k
python-gobject-base x86_64 3.22.0-1.el7_4.1 base 294 k
python-iniparse noarch 0.4-9.el7 base 39 k
python-libs x86_64 2.7.5-90.el7 updates 5.6 M
python-linux-procfs noarch 0.4.11-4.el7 base 33 k
python-perf x86_64 3.10.0-1160.25.1.el7 updates 8.1 M
python-pycurl x86_64 7.19.0-19.el7 base 80 k
python-pyudev noarch 0.15-9.el7 base 55 k
python-schedutils x86_64 0.4-6.el7 base 21 k
python-slip noarch 0.4.0-4.el7 base 31 k
python-slip-dbus noarch 0.4.0-4.el7 base 32 k
python-urlgrabber noarch 3.10-10.el7 base 108 k
pyxattr x86_64 0.5.1-5.el7 base 28 k
qrencode-libs x86_64 3.4.1-3.el7 base 50 k
readline x86_64 6.2-11.el7 base 193 k
rpm-build-libs x86_64 4.11.3-45.el7 base 107 k
rpm-libs x86_64 4.11.3-45.el7 base 278 k
rpm-python x86_64 4.11.3-45.el7 base 84 k
sed x86_64 4.2.2-7.el7 base 231 k
selinux-policy noarch 3.13.1-268.el7_9.2 updates 498 k
shared-mime-info x86_64 1.8-5.el7 base 312 k
snappy x86_64 1.1.0-3.el7 base 40 k
sqlite x86_64 3.7.17-8.el7_7.1 base 394 k
systemd-libs x86_64 219-78.el7_9.3 updates 418 k
systemd-sysv x86_64 219-78.el7_9.3 updates 97 k
sysvinit-tools x86_64 2.88-14.dsf.el7 base 63 k
tcp_wrappers-libs x86_64 7.6-77.el7 base 66 k
tzdata noarch 2021a-1.el7 updates 501 k
ustr x86_64 1.0.4-16.el7 base 92 k
virt-what x86_64 1.18-4.el7 base 29 k
which x86_64 2.20-7.el7 base 41 k
xz x86_64 5.2.2-1.el7 base 229 k
xz-libs x86_64 5.2.2-1.el7 base 103 k
yum-metadata-parser x86_64 1.1.4-10.el7 base 28 k
yum-plugin-fastestmirror noarch 1.1.31-54.el7_8 base 34 k
zlib x86_64 1.2.7-19.el7_9 updates 90 k
Transaction Summary
=================================================================================================================================================
Install 45 Packages (+179 Dependent packages)
Total download size: 136 M
Installed size: 559 M
Downloading packages:
| 8.1 MB 00:00:06
-------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.3 MB/s | 136 MB 00:00:21
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Complete!
+ [[ -n '' ]]
+ yum -c /etc/yum.conf --installroot=/tmp/mkimage-yum.sh.qq2lHm -y clean all
Cleaning repos: base extras updates
Other repos take up 40 M of disk space (use --verbose for details)
+ cat
+ rm -rf /tmp/mkimage-yum.sh.u7pzDD/usr/lib/locale /tmp/mkimage-yum.sh.qq2lHm/usr/share/locale /tmp/mkimage-yum.sh.u7pzDD/usr/lib/gconv /tmp/mkimage-yum.sh.u7pzDD/usr/lib64/gconv /tmp/mkimage-yum.sh.u7pzDD/usr/bin/localedef /tmp/mkimage-yum.sh.u7pzDD/usr/sbin/build-locale-archive
+ rm -rf /tmp/mkimage-yum.sh.u7pzDD/usr/share/man /tmp/mkimage-yum.sh.qq2lHm/usr/share/doc /tmp/mkimage-yum.sh.u7pzDD/usr/share/info /tmp/mkimage-yum.sh.u7pzDD/usr/share/gnome/help
+ rm -rf /tmp/mkimage-yum.sh.u7pzDD/usr/share/cracklib
+ rm -rf /tmp/mkimage-yum.sh.u7pzDD/usr/share/i18n
+ rm -rf /tmp/mkimage-yum.sh.u7pzDD/var/cache/yum
+ mkdir -p --mode=0755 /tmp/mkimage-yum.sh.qq2lHm/var/cache/yum
+ rm -rf /tmp/mkimage-yum.sh.qq2lHm/sbin/sln
+ rm -rf /tmp/mkimage-yum.sh.qq2lHm/etc/ld.so.cache /tmp/mkimage-yum.sh.qq2lHm/var/cache/ldconfig
+ mkdir -p --mode=0755 /tmp/mkimage-yum.sh.qq2lHm/var/cache/ldconfig
+ '[' -z '' ']'
+ for file in '"$target"/etc/{redhat,system}-release'
+ '[' -r /tmp/mkimage-yum.sh.qq2lHm/etc/redhat-release ']'
++ sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' /tmp/mkimage-yum.sh.qq2lHm/etc/redhat-release
+ version=7.9.2009
+ break
+ '[' -z 7.9.2009 ']'
+ tar --numeric-owner -c -C /tmp/mkimage-yum.sh.qq2lHm .
+ docker import - centos7:7.9.2009
sha256:b7ab681100c3f13c0810f5fdf591a9391ac42d4e0add83522bb659741f7e84b1
+ docker run -i -t --rm centos7:7.9.2009 /bin/bash -c 'echo success'
success
+ rm -rf /tmp/mkimage-yum.sh.qq2lHm
invalid reference format: repository name must be lowercase
[root@master image]# docker image ls |grep centos
centos7 7.9.2009 b7ab681100c3 2 minutes ago 283MB
[root@master image]#
[END] 2021-05-06 23:26:28
添加软件
FROM centos:7
RUN yum install -y \
telnet \
traceroute \
iproute \
iptables \
net-tools \
tcpdump \
tzdata \
&& rm -f /etc/localtime \
&& ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone \
&& yum clean all
1.3 空镜像scratch
13.1拉取DockerHub容器镜像
docker pull scratch
Dockerhub地址:https://hub.docker.com/_/scratch,该镜像是一个空的镜像,镜像的构建是从零开始,不存在其他的镜像层,使用它来构建应用镜像,缩小应用镜像体积。
2 基础镜像安全
2.1 容器安全
2.2 漏洞扫描
3 容器镜像构建原则
3.1 构建上下文
3.2 Stdin的本地或远程构建上下文
3.3 Dockerignore排除文件
3.4 使用多阶段构建
3.5 解耦应用程序
3.6 最小化层数
3.7 多行参数进行排序
3.8 利用构建缓存
4 容器镜像Dockerfile
5 容器镜像命名规则
6 容器镜像推送
7 容器镜像仓库权限控制
若有收获,就点个赞吧
0 人点赞
