it_worker365

   ::  ::  ::  ::  :: 管理
日常环境构建2

需要调试网络,发现一般的镜像里很多命令不支持,调试十分不方便,所以需要一个命令完善的镜像供快速调试用

简单点, 在这位大佬的基础上完善指令,保存自己的调试工具

在原作上添加迭代 https://github.com/yobasystems/alpine-nginx

FROM yobasystems/alpine:3.16.2-amd64

ARG BUILD_DATE
ARG VCS_REF

LABEL maintainer="Dominic Taylor <dominic@yobasystems.co.uk>" \
    architecture="amd64/x86_64" \
    nginx-version="1.23.1" \
    alpine-version="3.16.2" \
    build="14-Oct-2022" \
    org.opencontainers.image.title="alpine-nginx" \
    org.opencontainers.image.description="Nginx Docker image running on Alpine Linux" \
    org.opencontainers.image.authors="Dominic Taylor <dominic@yobasystems.co.uk>" \
    org.opencontainers.image.vendor="Yoba Systems" \
    org.opencontainers.image.version="v1.23.1" \
    org.opencontainers.image.url="https://hub.docker.com/r/yobasystems/alpine-nginx/" \
    org.opencontainers.image.source="https://github.com/yobasystems/alpine-nginx" \
    org.opencontainers.image.revision=$VCS_REF \
    org.opencontainers.image.created=$BUILD_DATE

ENV REPO="https://yobasystems@bitbucket.org/yobasystems/default-index.git"
ENV NGINX_VERSION=1.23.1


RUN \
  build_pkgs="build-base linux-headers openssl-dev pcre-dev wget zlib-dev" && \
  runtime_pkgs="ca-certificates openssl pcre zlib tzdata git" && \
  apk --no-cache add ${build_pkgs} ${runtime_pkgs} && \
  cd /tmp && \
  wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
  tar xzf nginx-${NGINX_VERSION}.tar.gz && \
  cd /tmp/nginx-${NGINX_VERSION} && \
  ./configure \
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/var/run/nginx.pid \
    --lock-path=/var/run/nginx.lock \
    --http-client-body-temp-path=/var/cache/nginx/client_temp \
    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
    --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
    --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
    --user=nginx \
    --group=nginx \
    --with-http_ssl_module \
    --with-http_realip_module \
    --with-http_addition_module \
    --with-http_sub_module \
    --with-http_dav_module \
    --with-http_flv_module \
    --with-http_mp4_module \
    --with-http_gunzip_module \
    --with-http_gzip_static_module \
    --with-http_random_index_module \
    --with-http_secure_link_module \
    --with-http_stub_status_module \
    --with-http_auth_request_module \
    --with-mail \
    --with-mail_ssl_module \
    --with-file-aio \
    --with-threads \
    --with-stream \
    --with-stream_ssl_module \
    --with-stream_realip_module \
    --with-http_slice_module \
    --with-http_v2_module && \
  make && \
  make install && \
  sed -i -e 's/#access_log  logs\/access.log  main;/access_log \/dev\/stdout;/' -e 's/#error_log  logs\/error.log  notice;/error_log stderr notice;/' /etc/nginx/nginx.conf && \
  addgroup -S nginx && \
  adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx && \
  rm -rf /tmp/* && \
  apk del ${build_pkgs} && \
  rm -rf /var/cache/apk/* && \
  rm -rf /etc/nginx/html/*

COPY files/nginx.conf /etc/nginx/nginx.conf
COPY files/run.sh /run.sh

RUN chmod +x /run.sh && \
    apk --no-cache add openssh


RUN apk add --no-cache \
        ca-certificates \
        openssl \
        curl \
        bash \
        sed \
        wget \
        zip \
        unzip \
        bzip2 \
        p7zip \
        drill \
        ldns \
        openssh-client \
        rsync \
        git \
        gnupg \
        tzdata \
        iptables \
        ipset \
        stress-ng \
        iproute2

VOLUME ["/var/cache/nginx"]

EXPOSE 80 443

ENTRYPOINT /run.sh

构建部署

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tool
  labels:
    app: tool
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tool
  template:
    metadata:
      labels:
        app: tool
    spec:
      containers:
      - name: tool
        image: itworker365/tools:latest
        ports:
        - containerPort: 80
        resources:
          limits:
            cpu: "500m"
        securityContext:
          privileged: true

通过securityContext: privileged: true指定特权容器

进入后可以执行常见的网络命令,通过su root可以进入高权账号,进行iptables等操作,掌握集群网络

工具虽小,用处很大

JAVA基础镜像

# 设置基础镜像
FROM centos:7
MAINTAINER guokangjy@126.com
RUN yum install telnet nc wget curl unzip iproute net-tools -y && \
yum clean all && \
rm -rf /var/cache/yum/*

#解决时区问题
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone

#解决中文乱码问题
RUN yum install kde-l10n-Chinese -y
ENV LANG zh_CN.uft8
RUN localedef -c -f UTF-8 -i zh_CN zh_CN.UFT-8 \
&& echo 'LANG="zh_CN.uft8"' > /etc/locale.conf \
&& source /etc/locale.conf

COPY jdk-8u371-linux-x64.tar.gz /usr/local/
RUN tar -zxf /usr/local/jdk-8u371-linux-x64.tar.gz -C /usr/local/ \
&& rm -rf /usr/local/jdk-8u371-linux-x64.tar.gz

ENV JAVA_HOME=/usr/local/jdk1.8.0_371
ENV JRE_HOME=/usr/local/jdk1.8.0_371
ENV CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
ENV PATH $PATH:$JAVA_HOME/bin:$JRE_HOME/bin
#ADD jre-8u271-linux-x64.tar.gz /usr/java/jre
#ENV JAVA_HOME=/usr/java/jre/jre1.8.0_271
i#ENV PATH ${PATH}:{JAVA_HOME}/bin

 

posted on 2022-12-23 17:07  it_worker365  阅读(16)  评论(0编辑  收藏  举报