堆栈内存溢出
  简体   繁体   English

新的Docker如何运作

[英]How does the new Docker --squash work

 原文  2017-01-20 13:00:41       docker/ dockerfile/ squash

问题描述

In Docker 1.13 the new --squash parameter was added. Docker 1.13中添加了新的--squash参数。

I'm now hoping to reduce the size of my images as well as being able to "hide" secret files I have in my layers. 我现在希望减小图像的大小,以及能够“隐藏”我的图层中的秘密文件。

Below you can now see the difference from doing a build with and without the --squash parameter. 现在,您可以看到使用和不使用--squash参数进行构建的区别。

Without Squash 没有壁球

在此输入图像描述

With Squash 用壁球

在此输入图像描述

Now to my question. 现在问我的问题。

If I add a secret file in my first layer, then use the secret file in my second layer, and the finally remove my secret file in the third layer, and then build with the --squash flag. 如果我在第一层中添加一个秘密文件,那么在我的第二层中使用秘密文件,最后在第三层中删除我的秘密文件,然后使用--squash标志进行构建。

Will there be any way now to get the secret file? 现在有办法得到秘密文件吗?

1 个解决方案

解决方案1
 62 已采纳  2017-01-20 13:23:15

If I add a secret file in my first layer, then use the secret file in my second layer, and the finally remove my secret file in the third layer, and then build with the --squash flag. 如果我在第一层中添加一个秘密文件,那么在我的第二层中使用秘密文件,最后在第三层中删除我的秘密文件,然后使用--squash标志进行构建。

Will there be any way now to get the secret file? 现在有办法得到秘密文件吗?

Answer: Your image won't have the secret file. 答:您的图片没有秘密文件。

How --squash works: --squash如何工作:

Once the build is complete, Docker creates a new image loading the diffs from each layer into a single new layer and references all the parent's layers. 构建完成后,Docker会创建一个新图像,将每个图层的差异加载到一个新图层中,并引用所有父图层。

In other words: when squashing, Docker will take all the filesystem layers produced by a build and collapse them into a single new layer. 换句话说:当压缩时,Docker将获取构建生成的所有文件系统层,并将它们折叠为单个新层。

This can simplify the process of creating minimal container images, but may result in slightly higher overhead when images are moved around (because squashed layers can no longer be shared between images). 这可以简化创建最小容器图像的过程,但是当移动图像时可能导致稍高的开销(因为压缩的图层不能再在图像之间共享)。 Docker still caches individual layers to make subsequent builds fast. Docker仍然缓存单个层以快速进行后续构建。

Please note this feature squashes all the newly built layers into a single layer, it is not squashing to scratch. 请注意,此功能会将所有新构建的图层压缩成单个图层,而不会挤压到划痕。

Side notes: 附注:

Docker 1.13 also has support for compressing the build context that is sent from CLI to daemon using the --compress flag. Docker 1.13还支持使用--compress标志压缩从CLI发送到守护程序的构建上下文。 This will speed up builds done on remote daemons by reducing the amount of data sent. 这将通过减少发送的数据量来加速在远程守护程序上完成的构建。

Please note as of Docker 1.13 this feature is experimental. 请注意,从Docker 1.13开始,此功能是实验性的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Docker:这(不)如何工作? - Docker: How does this (not) work? 如何在Arch Linux中启用Docker的“ --squash”功能? - How to enable “--squash” feature of Docker in Arch Linux? docker 是否与新的 ubuntu 20.04 lts 一起使用 - Does docker work with new ubuntu 20.04 lts 复制到新的 docker 映像不起作用 - COPY into a new docker image does not work docker网络如何工作? - How does docker network work? docker的缺点--squash - Disadvantages of docker --squash Docker壁球行为 - Docker squash behavior 执行`docker load`时如何保留图层(无壁球) - how to keep layers when do `docker load` (no squash) 在新的EC2 Jenkins从站上首次执行Docker不起作用 - First execution of Docker on a new EC2 Jenkins Slave does not work Docker如何管理容器新文件? - How does docker manage container new files?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM