前言
在研究 k8s ingrss controller 时,偶然发现了一个参数格式感觉跟其他的不一样,查官网也没有这个参数。以为是bug,然后还给 ks 了一个 issue,最终发现并不是 bug,而是个启动参数
关于 ks 上的 issue
dumb-init 的功能
$ /usr/bin/dumb-init --help
dumb-init v1.2.2
Usage: /usr/bin/dumb-init [option] command [[arg] ...]
dumb-init is a simple process supervisor that forwards signals to children.
It is designed to run as PID1 in minimal container environments.
Optional arguments:
-c, --single-child Run in single-child mode.
In this mode, signals are only proxied to the
direct child and not any of its descendants.
-r, --rewrite s:r Rewrite received signal s to new signal r before proxying.
To ignore (not proxy) a signal, rewrite it to 0.
This option can be specified multiple times.
-v, --verbose Print debugging information to stderr.
-h, --help Print this help message and exit.
-V, --version Print the current version and exit.
Full help is available online at https://github.com/Yelp/dumb-init
可以看到它是个进程为 1 的进程,然后由这个进程来启动其他的命令,其他的进程是这个进程的子进程。
问题:如何做到它是能够启动多个进程的呢?
在 dockerfile 中这就涉及到了 cmd 与 entrypoint 的问题。
当它们两个组合使用的时候,会把 cmd entrypoint 的参数。
拓展,在查找这个问题时候需要看 docker image 的 dockerfile
查看 dockerfile的方法:
docker history无法看全,加参数 –no-trunc。
如果想直接看Layer层的每个命令或是想看dockerfile有两个方法:
- 这个比较简单,要求联网
docker pull chenzj/dfimage
alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm chenzj/dfimage"
echo 'alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm chenzj/dfimage"' >> ~/.bashrc
dfimage image_id
如上面的ImageId
root@ks-allinone:/root # dfimage 98675eb54d0e
FROM kubesphere/nginx-ingress-controller:0.24.1
ADD file:ddf1fb4850cd71028f11a7e226af4d38f16f39a211491703b909f17bfd9afd87 in /
CMD ["/bin/sh"]
COPY dir:88ffb8ce687ff734bddf9b5f65ce58c299f1280895baedb84a6b8009e334b07e in /
RUN /bin/sh -c clean-install bash
RUN /bin/sh -c /build.sh
RUN /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log
RUN /bin/sh -c ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 443 80
CMD ["nginx" "-g" "daemon off;"]
WORKDIR /etc/nginx
RUN /bin/sh -c clean-install diffutils libcap2-bin
COPY --chown=www-data:www-datadir:63647ba09ed2f73438321b62565cae4c919f3625ceea833fd3a750d769813e8f in /
RUN /bin/sh -c bash -eu -c ' writeDirs=( /etc/ingress-controller/ssl /etc/ingress-controller/auth /var/log /var/log/nginx /tmp ); for dir in "${writeDirs[@]}"; do mkdir -p ${dir}; chown -R www-data.www-data ${dir}; done'
RUN /bin/sh -c setcap cap_net_bind_service=+ep /nginx-ingress-controller \
&& setcap -v cap_net_bind_service=+ep /nginx-ingress-controller
RUN /bin/sh -c setcap cap_net_bind_service=+ep /usr/sbin/nginx \
&& setcap -v cap_net_bind_service=+ep /usr/sbin/nginx
RUN /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log
RUN /bin/sh -c ln -sf /dev/stderr /var/log/nginx/error.log
USER www-data
ENTRYPOINT ["/usr/bin/dumb-init" "--"]
CMD ["/nginx-ingress-controller"]
- google直接搜这个,就会出来这个镜像的layers,如
https://hub.docker.com/layers/istio/proxyv2/1.4.8-distroless/images/sha256-14710f63c1df6dffe8e091f8864956fc6daf66296bc3b4396dd744bcf24b2f36?context=exploreBd
关于 dumb-init 这个命令参考下面这个
https://www.infoq.cn/article/2016/01/dumb-init-Docker