同事新打的docker鏡像暴露了6002/tcp端口,實際環境用不到,需要屏蔽暴露的端口。
思路:基於要修改的鏡像起一個test容器->關閉docker服務systemctl stop docker->去除容器配置文件中暴露的端口->重啟docker服務。
1. 基於要修改的鏡像docker run一個測試容器
d6da175c1dc4 bri "/bin/bash" 24 minutes ago Up 2 seconds 6002/tcp test
2. 關閉docker服務
3. 進入容器目錄cd /var/lib/docker/containers/d6da175c1dc4,查看文件清單:
[root@localhost containers]# find *d6da175c1dc4*
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/checkpoints
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hostconfig.json
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/config.v2.json
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hosts
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/resolv.conf
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/resolv.conf.hash
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/hostname
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/mounts
d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b/d6da175c1dc4254890f72221a7652a5abaa4bbf1991ab39bc6a4fdb2dcb5cd8b-json.log
4. 將config.v2.json文件中的暴露的6002端口去除,保存文檔。
5. cat下確保修改成功,而后重啟docker服務。
6. 基於當前test容器,用docker commit命令提交一個新的鏡像(不再暴露6002端口)。
結束。