Docerfile instruct

content.en/posts/20230423.md

@@ -0,0 +1,15 @@
+---
+title: wsl端口windows访问
+description: ""
+date: 2023-04-24
+tags:
+  - 202304
+  - wsl
+categories:
+  - 202304
+menu: main
+---
+
+## wsl端口在windows通过localhost访问
+
+    Now Microsoft will forward ports in linux by wslhost.exe when .wslconfig includes localhostForwarding=true (which is ture by default), see wsl-config. But, all those ports will only listen at local network on windows host, which means you can't access them from other devices in the same network. For now, wslpp will still open a same port listening at all interfaces, but if you don't need network access at this, you probably don't need wslpp at all, wslhost.exe is enough

content.en/posts/20230424.md

@@ -1,15 +1,168 @@
 ---
-title: wsl端口windows访问
+title: Dockerfile 常用指令
 description: ""
 date: 2023-04-24
 tags:
   - 202304
-  - wsl
+  - docker
 categories:
   - 202304
 menu: main
 ---
 
-## wsl端口在windows通过localhost访问
+## Comment
 
-    Now Microsoft will forward ports in linux by wslhost.exe when .wslconfig includes localhostForwarding=true (which is ture by default), see wsl-config. But, all those ports will only listen at local network on windows host, which means you can't access them from other devices in the same network. For now, wslpp will still open a same port listening at all interfaces, but if you don't need network access at this, you probably don't need wslpp at all, wslhost.exe is enough
+1. #开头的为注释
+
+## Parse Directive
+
+```docker
+# directive=value1
+```
+
+1. 不添加layer，影响Dockerfile 行的执行顺序
+2. 放在最开头
+3. *# escape=`* 用在windows环境下解决反斜杠是路径分隔符的问题
+
+## FROM
+
+```docker
+From Imagename
+```
+
+1. `FROM [--platform=<platform>] <image> [AS <name>]`
+2. `FROM [--platform=<platform>] <image>[:<tag>] [AS <name>]`
+3. `FROM [--platform=<platform>] <image>[@<digest>] [AS <name>]`
+4. ARG 可以出现在FROM前
+5. FROM可以出现多次
+
+```docker
+ARG VERSION=latest  # outside of build stage
+FROM busybox:$VERSION
+ARG VERSION # 要使用FROM前的ARG，需要再像此一样重新声明一次
+RUN echo $VERSION > image_version
+```
+
+## ENV
+
+1. `ENV <key>=<value>`
+2. 使用环境变量 ${variable} 或者 $variable, ${variable}_name更通用
+3. ${variable:-word}， ${variable:+word}
+
+    ```docker
+    ENV abc=hello
+    ENV abc=bye def=$abc
+    ENV ghi=$abc
+    ```
+
+    def是hello, ghi是bye
+
+4. 在后续构建阶段都有效，可以被覆盖
+5. `docker run --env <key>=<value>`运行时覆盖
+6. 会继承parent stage设置的ENV
+
+## .dockerignore
+
+1. 排除 docker build时传给docker daemon的context
+
+## RUN
+
+1. `RUN <command>`
+2. `RUN ["executable", "param1", "param2"]`, 更通用, 必须双引号, 反斜杠需转义
+3. *a new layer on the current image*
+
+## CMD
+
+1. `CMD ["executable","param1","param2"]` 更通用,
+2. `CMD ["param1","param2"]` as default parameters to ENTRYPOINT, 必须同时设置 ENTRYPOINT 指令
+3. `CMD command param1 param2`
+4. Dockerfile只能有一个CMD，如果有多个最后一个生效
+5. shell form执行时 in `/bin/sh -c`, json form without a shell, 需要指定executable的绝对路径
+6. *build阶段不执行, RUN在build阶段执行*
+
+## LABEL
+
+1. `LABEL key=val key2=val2`
+2. 给image添加meta信息
+3. `docker image inspect --format='{{json .Config.Labels}}' myimage`
+
+## EXPOSE
+
+1. `EXPOSE <port>/[<port>/<protocol>]`
+2. EXPOSE并不实际开启端口，只是一个指示, 需要在`docker run -p 80:80/tcp -p 80:80/dup`开启端口，或`docker run -P` 开启host ephemeral high-ordered:EXPOSE映射的端口
+3. 容器间通讯不需要expose publish端口，而通过docker network设置
+
+## ADD
+
+1. `ADD [--chown=<user>:<group>] [--chmod=<perms>] [--checksum=<checksum>] <src>... <dest>`
+2. `ADD [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]` 更通用
+3. chown, chmod只对linux生效
+4. 文件含特殊字符需要使用golang的规则转义, e.g. `arr[0].txt` 转义为 `ADD arr[[]0].txt /mydir/`
+5. 不能 `ADD ../file`
+6. 压缩文件会解压为目录
+7. dest是目录时必须`/`结尾，否则会重命名
+8. dest不存在会创建
+
+## COPY
+
+1. `COPY [--chown=<user>:<group>] [--chmod=<perms>] <src>... <dest>`
+2. `COPY [--chown=<user>:<group>] [--chmod=<perms>] ["<src>",... "<dest>"]` 更通用
+3. ADD支持远程获取文件，COPY不支持
+
+## ENTRYPOINT
+
+1. `ENTRYPOINT ["executable", "param1", "param2"]`
+2. `ENTRYPOINT command param1 param2`
+3. ENTRYPOINT should be defined when using the container as an executable
+4. CMD should be used as a way of defining default arguments for an ENTRYPOINT command or for executing an ad-hoc command in a container.
+5. CMD will be overridden when running the container with alternative arguments
+6. If CMD is defined from the base image, setting ENTRYPOINT will reset CMD to an empty value. In this scenario, CMD must be defined in the current image to have a value
+
+- |No ENTRYPOINT|ENTRYPOINT exec_entry p1_entry|ENTRYPOINT [“exec_entry”, “p1_entry”]
+--|--|--|--
+No CMD | error, not allowed | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry
+CMD [“exec_cmd”, “p1_cmd”] | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd
+CMD exec_cmd p1_cmd | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd
+
+## VOLUME
+
+1. `VOLUME ["/var/log/"]`
+2. `VOLUME /var/log`
+3. `VOLUME /var/log /var/db`
+
+## USER
+
+1. `USER <user>[:<group>]`
+2. `USER <UID>[:<GID>]`
+3. The specified user is used for RUN instructions and at runtime, runs the relevant ENTRYPOINT and CMD commands
+
+## WORKDIR
+
+1. `WORKDIR /path/to/workdir`
+2. The WORKDIR instruction sets the working directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that follow it in the Dockerfile
+
+## ARG
+
+1. `ARG <name>[=<default value>]`
+2. `docker build --build-arg <varname>=<value>`
+3. build阶段没有传的话使用=右侧的默认值
+4. 在定义之前使用会是空值
+5. 生命周期:定义到current build stage
+6. ENV会覆盖ARG定义的同名变量
+
+## ONBUILD
+
+## STOPSIGNAL
+
+1. `STOPSIGNAL signal`
+
+## HEALTHCHECK
+
+1. `HEALTHCHECK [OPTIONS] CMD command`
+2. `HEALTHCHECK NONE` disable any healthcheck inherited from the base image
+3. `HEALTHCHECK --interval=5m --timeout=3s CMD curl -f http://localhost/ || exit 1`
+
+## SHELL
+
+1. `SHELL ["executable", "parameters"]` 必须时json form
+2. 在windows容器内切换powershell和cmd时比较方便