Think Deep,Work Lean

关于 dumb-init-一个容器初始化系统

Posted on By zack

前言

在研究 k8s ingrss controller 时,偶然发现了一个参数格式感觉跟其他的不一样,查官网也没有这个参数。以为是bug,然后还给 ks 了一个 issue,最终发现并不是 bug,而是个启动参数

关于 ks 上的 issue

dumb-init 的功能

$ /usr/bin/dumb-init --help
dumb-init v1.2.2
Usage: /usr/bin/dumb-init [option] command [[arg] ...]

dumb-init is a simple process supervisor that forwards signals to children.
It is designed to run as PID1 in minimal container environments.

Optional arguments:
   -c, --single-child   Run in single-child mode.
                        In this mode, signals are only proxied to the
                        direct child and not any of its descendants.
   -r, --rewrite s:r    Rewrite received signal s to new signal r before proxying.
                        To ignore (not proxy) a signal, rewrite it to 0.
                        This option can be specified multiple times.
   -v, --verbose        Print debugging information to stderr.
   -h, --help           Print this help message and exit.
   -V, --version        Print the current version and exit.

Full help is available online at https://github.com/Yelp/dumb-init

可以看到它是个进程为 1 的进程,然后由这个进程来启动其他的命令,其他的进程是这个进程的子进程。

问题:如何做到它是能够启动多个进程的呢?

在 dockerfile 中这就涉及到了 cmd 与 entrypoint 的问题。

当它们两个组合使用的时候,会把 cmd entrypoint 的参数。

拓展,在查找这个问题时候需要看 docker image 的 dockerfile

查看 dockerfile的方法:

docker history无法看全,加参数 –no-trunc。

如果想直接看Layer层的每个命令或是想看dockerfile有两个方法:

  • 这个比较简单,要求联网
docker pull chenzj/dfimage
alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm chenzj/dfimage"

echo 'alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm chenzj/dfimage"' >> ~/.bashrc

dfimage image_id

如上面的ImageId

root@ks-allinone:/root # dfimage  98675eb54d0e
FROM kubesphere/nginx-ingress-controller:0.24.1
ADD file:ddf1fb4850cd71028f11a7e226af4d38f16f39a211491703b909f17bfd9afd87 in /
CMD ["/bin/sh"]
COPY dir:88ffb8ce687ff734bddf9b5f65ce58c299f1280895baedb84a6b8009e334b07e in /
RUN /bin/sh -c clean-install bash
RUN /bin/sh -c /build.sh
RUN /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log
RUN /bin/sh -c ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 443 80
CMD ["nginx" "-g" "daemon off;"]
WORKDIR /etc/nginx
RUN /bin/sh -c clean-install   diffutils   libcap2-bin
COPY --chown=www-data:www-datadir:63647ba09ed2f73438321b62565cae4c919f3625ceea833fd3a750d769813e8f in /
RUN /bin/sh -c bash -eu -c '   writeDirs=(     /etc/ingress-controller/ssl     /etc/ingress-controller/auth     /var/log     /var/log/nginx     /tmp   );   for dir in "${writeDirs[@]}"; do     mkdir -p ${dir};     chown -R www-data.www-data ${dir};   done'
RUN /bin/sh -c setcap    cap_net_bind_service=+ep /nginx-ingress-controller   \
    && setcap -v cap_net_bind_service=+ep /nginx-ingress-controller
RUN /bin/sh -c setcap    cap_net_bind_service=+ep /usr/sbin/nginx   \
    && setcap -v cap_net_bind_service=+ep /usr/sbin/nginx
RUN /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log
RUN /bin/sh -c ln -sf /dev/stderr /var/log/nginx/error.log
USER www-data
ENTRYPOINT ["/usr/bin/dumb-init" "--"]
CMD ["/nginx-ingress-controller"]
  • google直接搜这个,就会出来这个镜像的layers,如

https://hub.docker.com/layers/istio/proxyv2/1.4.8-distroless/images/sha256-14710f63c1df6dffe8e091f8864956fc6daf66296bc3b4396dd744bcf24b2f36?context=exploreBd

关于 dumb-init 这个命令参考下面这个

https://www.infoq.cn/article/2016/01/dumb-init-Docker