频繁提交docker容器是一种好习惯吗? [英] Is it good practice to commit docker container frequently?
问题描述
我在里面使用WebSphere Liberty.由于WebSphere Liberty需要频繁进行xml编辑,而Dockerfile命令则不可能.我必须不时通过docker-commit这个容器,其他人才能使用我的图像.
I'm using WebSphere Liberty inside. As WebSphere Liberty requires frequent xml editing, which is impossible with Dockerfile commands. I have to docker-commit the container from time to time, for others to make use of my images.
命令类似于:
docker commit -m "updated sa1" -a "Song" $id company/wlp:v0.1
大学在做与镜像相似的事情,他们继续每天多次对docker提交容器.
Colleges are doing similar things to the image, they continue to docker commit the container several times every day.
有一天,我们将在生产环境中部署映像.
One day we're going to deploy the image on production.
Q1:是否建议进行频繁的docker-commiting操作?
Q1: Is the practice of frequent docker-committing advised?
Q2:是否会留下任何潜在的问题?
Q2: Does it leave any potential problem behind?
Q3:是否会创建一个额外的图层?我阅读了 docker-commit文档,该文档未提及创建另一层,我认为这意味着不.
Q3: Does it create an extra layer? I read the docker-commit document, which didn't mention if it creates another layer, I assume it means no.
推荐答案
我不会使用docker commit,
I wouldn't use docker commit,
这似乎是一个好主意,但是您无法像使用Dockerfile一样随意复制映像,并且一旦完成就无法更改基本映像,因此很难为示例基础os基本映像的安全补丁.
It seems like a really good idea but you can't reproduce the image at will like you can with a Dockerfile and you can't change the base image once this is done either, so makes it very hard to commit say for example a security patch to the underlying os base image.
如果您使用完整的Dockerfile方法,则可以重新运行docker build,您将再次获得相同的映像.并且您可以更改基本图像.
If you go the full Dockerfile approach you can re-run docker build and you'll get the same image again. And you are able to change the base image.
所以我的经验法则是,如果您正在创建临时工具,并且不关心重复使用或随意复制图像,那么使用提交就很方便.
So my rule of thumb is if you are creating a temporary tool and you don't care about reuse or reproducing the image at will then commit is convenient to use.
据我了解,Docker的每个容器映像都有两部分,这是一组只读层,构成了映像的大部分,然后是一小层,可在任何更改提交的情况下将其写入.
As I understand Docker every container image has two parts this is a group of read-only layers making up the bulk of the image and then a small layer which is writeable where any changes are committed.
当您运行commit docker并创建一个新映像时,这是基础映像以及您所做的更改(创建的映像是一个不同的映像),它将代码复制到薄的可写层.因此,不会创建一个新的只读层,它只会将您制作的增量存储到可写的薄层中.
When you run commit docker goes ahead and creates a new image this is the base image plus changes you made (the image created is a distinct image), it copies up the code to the thin writable layer. So a new read-only layer is not created it merely stores the deltas you make into the thin writeable layer.
Don't just take my word for it, take Redhats advice
为清楚起见,第5步中的文章说:
For clarity that article in step 5 says:
5)不要从正在运行的容器中创建图像-换句话说,不要使用"docker commit"创建映像.这种创建图像的方法是不可复制的,应完全避免.一律使用Dockerfile或任何其他完全完全的S2I(源到映像)方法可复制的,并且如果存储,您可以跟踪对Dockerfile的更改放在源代码控制存储库(git)中.
5) Don’t create images from running containers – In other terms, don’t use "docker commit" to create an image. This method to create an image is not reproducible and should be completely avoided. Always use a Dockerfile or any other S2I (source-to-image) approach that is totally reproducible, and you can track changes to the Dockerfile if you store it in a source control repository (git).
这篇关于频繁提交docker容器是一种好习惯吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
